ÿþOTL Extras logfile created on: 11/03/2023 20:59:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\UEFM LFS Hyper UEFM\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.19041.0) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,57 Gb Total Physical Memory | 0,36 Gb Available Physical Memory | 10,06% Memory free 8,54 Gb Paging File | 2,15 Gb Available in Paging File | 25,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 151,02 Gb Total Space | 65,43 Gb Free Space | 43,32% Space Free | Partition Type: NTFS Drive D: | 64,23 Gb Total Space | 57,39 Gb Free Space | 89,34% Space Free | Partition Type: NTFS Drive E: | 1,39 Mb Total Space | 0,48 Mb Free Space | 34,63% Space Free | Partition Type: FAT Drive F: | 3,01 Mb Total Space | 0,27 Mb Free Space | 8,89% Space Free | Partition Type: NTFS Drive G: | 39,62 Gb Total Space | 39,52 Gb Free Space | 99,74% Space Free | Partition Type: NTFS Drive J: | 49,56 Gb Total Space | 40,07 Gb Free Space | 80,84% Space Free | Partition Type: NTFS Drive K: | 130,10 Gb Total Space | 103,26 Gb Free Space | 79,37% Space Free | Partition Type: NTFS Drive M: | 0,98 Mb Total Space | 0,97 Mb Free Space | 99,70% Space Free | Partition Type: FAT Drive N: | 511,98 Mb Total Space | 511,96 Mb Free Space | 99,99% Space Free | Partition Type: FAT32 Drive Q: | 29,27 Gb Total Space | 13,33 Gb Free Space | 45,55% Space Free | Partition Type: FAT32 Drive R: | 4,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive S: | 366,76 Gb Total Space | 49,82 Gb Free Space | 13,58% Space Free | Partition Type: exFAT Drive T: | 30,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Drive U: | 112,53 Mb Total Space | 57,37 Mb Free Space | 50,98% Space Free | Partition Type: NTFS Drive V: | 573,92 Mb Total Space | 1,67 Mb Free Space | 0,29% Space Free | Partition Type: FAT32 Drive W: | 6,83 Gb Total Space | 0,01 Gb Free Space | 0,14% Space Free | Partition Type: NTFS Drive X: | 7,49 Gb Total Space | 5,69 Gb Free Space | 76,08% Space Free | Partition Type: FAT32 Drive Y: | 29,26 Gb Total Space | 16,75 Gb Free Space | 57,25% Space Free | Partition Type: exFAT Drive Z: | 31,74 Mb Total Space | 4,82 Mb Free Space | 15,18% Space Free | Partition Type: FAT Computer Name: DESKTOP-DO2EQCB | User Name: UEFM LFS Hyper UEFM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm[@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\WINDOWS\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .inf [@ = inffile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\WINDOWS\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-158993690-1269080673-3091534466-1000\SOFTWARE\Classes\<extension>] .html [@ = UCHTML] -- Reg Error: Value error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- Reg Error: Key error. inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation) Directory [UpdateEncryptionSettings] -- Reg Error: Key error. Folder [open] -- C:\WINDOWS\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- Reg Error: Key error. inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation) Directory [UpdateEncryptionSettings] -- Reg Error: Key error. Folder [open] -- C:\WINDOWS\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av] "DataMigrated" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}] "GUID" = {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} "DISPLAYNAME" = Antivirus Microsoft Defender "STATE" = 401664 "PRODUCTEXE" = windowsdefender:// "REPORTINGEXE" = %ProgramFiles%\Windows Defender\MsMpeng.exe -- (Microsoft Corporation) [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw] "DataMigrated" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration\WicaUpgradableAVs] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = E2 27 A8 57 03 BE D6 01 [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02BDA7CB-6307-4695-9A64-66ABF21E055A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft\edge\application\msedge.exe | "{1DF8A990-096B-4892-B470-9B1F13F635F1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft\edgewebview\application\110.0.1587.63\msedgewebview2.exe | "{54B5B7B8-5067-4EB8-ABF6-1F1806D18455}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\ucbrowser\application\ucbrowser.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0037C325-5706-474E-9C3D-79AFC670447F}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{05EE273F-27AB-4B66-8BC1-4F201596322F}" = protocol=6 | dir=out | app=c:\program files\windowsapps\microsoft.skypeapp_15.94.3428.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{06A1D029-CEE2-49E9-AF06-BAEAFDEF1C74}" = dir=in | name=onenote for windows 10 | "{071CAF28-00BA-439D-8095-A6FCC9F47AEA}" = dir=in | name=@{microsoft.xboxapp_48.89.25001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxapp/xboxapp.resource/resources/app_title} | "{072AD84E-EC61-4D9F-9495-D682798FC91D}" = protocol=6 | dir=in | app=c:\program files\firefox nightly\firefox.exe | "{10480053-54DA-4F09-90DE-1C9977A8C630}" = dir=out | name=@{microsoft.win32webviewhost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{1238A15F-B6AA-4914-A5A3-F5677F303F17}" = dir=in | name=@{microsoft.windows.search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{14515C3E-6073-4A82-9129-816D56866839}" = dir=out | name=@{microsoft.microsoftedge_44.19041.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{161E4AEC-680A-48AD-A4F2-DCDFAC75BB85}" = dir=out | name=ncsiuwpapp | "{1846420C-667F-4F29-AB29-0D28607E49A7}" = dir=in | name=@{microsoft.windowsalarms_11.2212.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsalarms/resources/appstorename} | "{19741296-F8CB-4672-98C5-8CB93F31C1B8}" = dir=out | name=@{microsoft.accountscontrol_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{19A3375C-9C97-4287-98D8-77F4EDCC2271}" = dir=in | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{200FA666-069B-4433-856B-6414CABD2AD5}" = dir=out | name=@{microsoft.microsoft3dviewer_7.2211.24012.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoft3dviewer/common.view.uwp/resources/storeappname} | "{24148FF0-8DB3-4722-8AD5-0BBF253B25E0}" = protocol=6 | dir=in | app=c:\program files\windowsapps\microsoft.skypeapp_15.94.3428.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{264EBDF8-5286-4E8B-A060-8235218055F6}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{29B2EC8A-893C-4E0B-9CD0-B1FE428F52A7}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{2CB62381-AC77-495D-9C92-7D5D1082E076}" = dir=in | name=@{microsoft.microsoftstickynotes_4.5.9.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftstickynotes/resources/stickynotesstoreappname} | "{2DF81D5E-4B03-46E1-9970-E4D677146E8F}" = dir=out | name=@{microsoft.accountscontrol_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{2E61234E-C0E4-4C40-8B03-1C9729510C48}" = dir=in | name=cortana | "{2F79488B-88D3-4866-8C32-A41EACD09558}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{32407943-4F0A-4D52-BA78-74E9AD697C37}" = dir=out | name=onenote for windows 10 | "{3E4767F5-DBB3-473D-97A0-5F1C7D7A693E}" = dir=out | name=@{microsoft.xboxidentityprovider_12.95.3001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} | "{4203D6B5-1C9B-484E-9D1E-6DFFCF1C74FA}" = dir=out | name=skype | "{46C86936-713F-49B5-A1C7-DABEE25325CF}" = dir=out | name=@{microsoft.windows.search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{471C77C1-B347-4675-B5F7-605C98345B79}" = dir=out | name=@{microsoft.mixedreality.portal_2000.21051.1282.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mixedreality.portal/resources/pkgdisplayname} | "{495CC16C-FF6C-4285-A16D-09477C11EFAD}" = dir=in | name=@{microsoft.desktopappinstaller_1.19.10173.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} | "{49F112A5-DF2E-4467-B86D-D2AC83F1A972}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.2203.761.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{4C7720BA-6894-4E82-9520-1678A2CFA716}" = dir=in | name=@{microsoft.bingweather_4.53.43112.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{4D4345FE-651C-4162-93BC-327E0184F389}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.19041.1949_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{4D559366-2AFB-4B1C-903A-B52C232C1C1D}" = dir=out | name=@{microsoft.windowscamera_2021.105.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscamera/lenssdk/resources/appstorename} | "{4E188D1C-44FF-4B7B-B436-C58BA193E8A6}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{4EF3ACD2-1CC1-4259-A82D-E53B52E0AAE2}" = dir=out | name=@{microsoft.zunevideo_10.22091.10031.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{4F2BBF20-AE52-4393-92F4-0871A1A308F6}" = dir=out | name=@{microsoft.windows.photos_2022.30120.12007.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{5003A988-4764-42A0-B855-D32B08CDECB8}" = protocol=17 | dir=out | app=c:\program files\windowsapps\microsoft.skypeapp_15.94.3428.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{51AA7D1F-48E6-4C23-BCB1-CC8B2D5547AE}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.19041.1865_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} | "{5238D7FB-217E-4801-80F0-24EADA5DC4FB}" = dir=out | name=@{microsoft.lockapp_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{536CBA33-FDFE-4AEC-B53F-6A3CCA4E4BBF}" = dir=in | name=@{microsoft.win32webviewhost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{541C4FBD-8152-443E-8621-988B10177012}" = dir=out | name=xbox game bar | "{545E2C4A-AAEA-41A6-AD34-A3425FD46999}" = dir=in | name=@{microsoft.messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} | "{54D3C67B-7CCB-4452-BD9D-6FD0186FECE2}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{565A4835-41FC-4607-833C-73CC9953A530}" = dir=in | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{56DFC038-60DE-43AE-8C65-1C3A6733B974}" = dir=out | name=@{microsoft.gethelp_10.2301.10372.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.gethelp/resources/appdisplayname} | "{57A450F0-2701-4DD0-A174-1D0F6789F0BB}" = dir=out | name=@{microsoft.windows.search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{6024D94F-CB5F-4FD5-AD39-6133B993E775}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} | "{625A04FF-E1E3-411A-BE0C-FECABC1BA131}" = dir=in | name=@{microsoft.zunevideo_10.22091.10031.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{66F81E29-ED50-4074-ABA6-67322085102F}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{685F4900-7E5D-4A0C-A297-0DDE19C402DF}" = dir=out | name=microsoft store | "{6E170B06-D29F-486A-B593-0514CBD8078B}" = dir=out | name=@{microsoft.storepurchaseapp_12207.44.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.storepurchaseapp/resources/displaytitle} | "{7186AF81-C054-469F-B621-8647E0852360}" = dir=out | name=@{microsoft.bingweather_4.53.43112.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{73D01528-F4CF-4F00-BBB5-F1D529188805}" = dir=out | name=@{microsoft.xboxapp_48.89.25001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxapp/xboxapp.resource/resources/app_title} | "{7481E167-EDBE-40E4-810B-3A6E988905CB}" = dir=in | name=solitaire & casual games | "{7587B84D-C0B5-4737-B6D8-6369D2934280}" = dir=out | name=@{microsoft.desktopappinstaller_1.19.10173.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} | "{7A69D3CE-18BE-41D7-B8C4-B8513DE93AA4}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{7E4BE603-AF83-4D78-BCED-F40353A02E0F}" = dir=out | name=xbox tcui | "{812F1E76-F2FA-4D53-AD4B-8F14CE3F0FF3}" = dir=in | name=xbox game bar | "{8209FFCB-382D-4473-94DF-A8A5ACB16E46}" = dir=out | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{820E63FD-0A49-46C3-9FD3-8FE91DBACF42}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{84AEB2D2-817B-4B61-B51F-1E544CB7E493}" = dir=out | name=microsoft pay | "{86804663-2EB5-4E38-9F1B-8FCD380C6A6D}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} | "{89A54EAC-C628-415C-8702-FD58AD14CD60}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{8DA4C163-B2E1-43AC-8FD9-495502E06806}" = dir=in | name=@{microsoft.oneconnect_5.2204.1031.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnectstrings/oneconnect/appstorename} | "{9310E8C5-DC4F-48D9-8918-8F5EDA70F04D}" = dir=out | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{931A1956-D9FF-4E66-9A59-911B83F9F186}" = dir=in | name=@{microsoft.windowscommunicationsapps_16005.14326.21358.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{94715F4C-C27F-4476-89CC-C8952D41A955}" = dir=out | name=@{microsoft.mspaint_6.2203.1037.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mspaint/resources/appname} | "{96191E5A-D8F2-49E7-8786-781E04791D28}" = dir=in | name=microsoft store | "{996B060D-3418-4590-AD68-4E112726EA07}" = dir=out | name=@{microsoft.win32webviewhost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{99778D2E-4013-4FE9-B9D5-BEB76364D773}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{9B9A180F-2F37-4BA4-95B6-A430BFA03832}" = dir=out | name=@{microsoft.microsoftedge_38.14393.2068.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{9E47FC04-167A-498B-B091-0D6493A9E4C6}" = dir=out | name=@{microsoft.windowsmaps_11.2210.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | "{9ED44389-DCE7-460F-9DFB-CE460F603651}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.19041.1023_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} | "{9FD8623E-0EE9-4026-BB4F-6B12022E4A43}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.19041.1023_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} | "{A1960E88-9515-4CD9-B844-E7796BD0F587}" = dir=out | name=@{microsoft.microsoftstickynotes_4.5.9.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftstickynotes/resources/stickynotesstoreappname} | "{A43E8465-97C1-4FBF-8BCB-309E215E3B0A}" = dir=in | name=skype | "{A5DDAA2B-0DA8-425E-82DF-F8F7C2B50F7D}" = dir=in | name=@{microsoft.zunemusic_11.2212.31.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/appstorename} | "{A8BD5BB3-5CA3-43E6-A68C-FE26BBBCF99C}" = dir=in | name=3d builder | "{AB80F22F-2B23-4956-8209-F9F43BD3C1BF}" = dir=out | name=xbox game bar plugin | "{AD6DFEA9-464C-45F5-9506-D182080C7DE8}" = dir=in | name=@{microsoft.windows.sechealthui_10.0.19041.1865_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} | "{ADF39128-9D37-4305-99B0-51E806011FF4}" = protocol=17 | dir=in | app=c:\program files\firefox nightly\firefox.exe | "{B04578E1-E707-4206-9817-264933DA9A07}" = dir=out | name=windows_ie_ac_001 | "{B1615839-76DF-4557-AF77-54D8697F61F4}" = dir=out | name=cortana | "{B2750863-C35F-4BF9-B43D-184608B22B77}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{B3ED13CA-294C-47E6-99C4-D3F1750126F1}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.19041.1_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} | "{B511749B-91D3-4F72-BA55-710DB572A3E1}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{B62621BB-8202-489A-8CAE-4364DBDF83BF}" = dir=in | name=@{microsoft.windows.search_1.14.8.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{B6FCD3F7-AC99-4D1A-9092-43054EF10553}" = dir=out | name=@{microsoft.windowsalarms_11.2212.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsalarms/resources/appstorename} | "{BC3CF8BF-FD64-458D-9BDA-D96D9DAEFD22}" = dir=out | name=@{microsoft.windowscommunicationsapps_16005.14326.21358.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{BD5B1307-B1F8-4E99-BB89-186D033F6521}" = dir=out | name=microsoft edge | "{BEFFF164-F940-423F-A7FC-4B3621300B76}" = dir=out | name=microsoft 365 (office) | "{BF1BA332-7711-4D16-ACB7-4A2B6F15F89B}" = dir=out | name=ncsiuwpapp | "{BFA4F019-1DE2-45A3-B5D4-B94F2EC68CEB}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{C27852AA-BB0D-453B-943C-89BACC46168A}" = dir=out | name=solitaire & casual games | "{C319EC77-5897-4E1C-A441-0B8D1C4C98F7}" = dir=out | name=@{microsoft.lockapp_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{C4D3D780-564A-4593-8515-0FD5ADEFF3A3}" = dir=in | name=@{microsoft.microsoftedge_38.14393.2068.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{C940C2E2-D430-4446-B595-F59D697A7B82}" = dir=in | name=@{microsoft.win32webviewhost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{CDB007EC-D5E2-4757-8FBB-23CC68F0F1BE}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19041.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{CFA57AD4-4F45-45BE-A9BE-91C76B56D20F}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} | "{D1E82C93-A57B-4AC1-9BB8-A18FEA826D08}" = dir=out | name=@{microsoft.windowscalculator_11.2210.0.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscalculator/resources/appstorename} | "{D34D5581-543F-4E1A-B7A2-C3A109E49E11}" = dir=out | name=@{microsoft.people_10.2105.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | "{D5EA0133-089E-4932-A147-113E152A1483}" = dir=out | name=3d builder | "{D839B8A0-C5D9-44D3-A1EE-D8B62291A84F}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{D96CBB77-11B2-47E2-82E0-5BAE4226A0A9}" = dir=out | name=@{microsoft.messaging_4.1901.10241.1000_x64__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} | "{DBDA09AB-5092-4A5C-90C9-AA892A63C288}" = dir=out | name=@{microsoft.getstarted_10.2210.3.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | "{DEFBD3A6-1738-4ADD-B449-0BA0885F5434}" = dir=in | name=@{microsoft.windows.photos_2022.30120.12007.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{E0DC0330-8AB4-416F-8BB6-6DEDDCAD2AB2}" = protocol=17 | dir=in | app=c:\program files\windowsapps\microsoft.skypeapp_15.94.3428.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{E1E71162-A467-417C-96C2-A6B68BCD2F8E}" = dir=in | name=@{microsoft.microsoftedge_44.19041.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{E3611C34-67BD-4CCD-984F-75F9F5022FCE}" = dir=out | name=@{microsoftwindows.client.cbs_120.2212.4190.0_x64__cw5n1h2txyewy?ms-resource://microsoftwindows.client.cbs/resources/productpkgdisplayname} | "{E4ED133E-1E69-4BB1-A367-57B0161592A6}" = dir=in | app=c:\program files (x86)\ucbrowser\application\downloader\download\minithunderplatform.exe | "{E6A33EA3-BC63-4B04-9CE7-33BD8900A7F7}" = dir=out | name=@{microsoft.zunemusic_11.2212.31.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/appstorename} | "{E7679062-3CED-438C-BFBE-FA1579428C44}" = dir=out | name=ux.client.st | "{E954D559-9411-4F8D-949C-E31358E0F08E}" = dir=in | name=microsoft edge | "{EB16B521-DBB3-45A3-87DA-CF307AA2619F}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{F1EE14F7-5BA5-4826-850C-DDF1B44DE5DE}" = dir=out | name=@{microsoft.oneconnect_5.2204.1031.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnectstrings/oneconnect/appstorename} | "{F45E722A-A356-406B-9732-343615D88573}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.19041.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} | "{F7C1600D-757D-4EC4-AD2D-92F9CF4D0EA0}" = dir=out | name=windows_ie_ac_001 | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{063E67F0-C298-8A2A-0FA6-84C15322A4E0}" = ccc-utility64 "{0A11EA01-7CAC-87D7-5641-D61A11726754}_is1" = Ashampoo Snap 15 "{55F4EDBA-7615-480C-823C-7EF528F4BB02}" = WebCompanion VPN "{76A22428-2400-4521-96AF-7AC4A6174CA5}" = UpdateAssistant "{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}" = Microsoft Update Health Tools "{90C6971F-ABF1-4FBF-BD98-24F14C5F5AB4}" = Contrôle d intégrité du PC Windows "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{E7366CA8-7179-77AE-E712-BA18D70A0A07}" = AMD Fuel "10DBD048-433A-4BC3-951F-055296F077B3_is1" = Diag version 2.8.1.0 "HitmanPro.Alert" = HitmanPro.Alert 3 "MozillaMaintenanceService" = Mozilla Maintenance Service "Nightly 112.0a1 (x64 fr)" = Nightly (x64 fr) "WinZip Driver Updater" = WinZip Driver Updater "WinZip Registry Optimizer" = WinZip Registry Optimizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07326A3E-02B3-1078-25D7-B8666BA8FE15}" = CCC Help Korean "{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}" = CCC Help Finnish "{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 "{1AD99E77-37CC-744E-39CA-67F6FD34565A}" = Catalyst Control Center Localization All "{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}" = CCC Help English "{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}" = CCC Help French "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{23658c02-145e-483d-ba6b-1eb82c580529}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 "{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}" = CCC Help Russian "{2D07E15C-A9A4-D8D6-D371-92EC8779E587}" = CCC Help Hungarian "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}" = CCC Help Spanish "{35A71DED-DA81-1313-352A-EC8A0B27DF3B}" = CCC Help Chinese Standard "{64D5A142-BD50-726E-ED9E-D2508D2A17E2}" = Catalyst Control Center InstallProxy "{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}" = CCC Help German "{79D22166-78C1-2AD4-04E7-BD22BD58FD46}" = CCC Help Chinese Traditional "{82CA1714-13EA-F419-91FE-12834424745E}" = CCC Help Italian "{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}" = CCC Help Turkish "{8FD71E98-EE44-3844-9DAD-9CB0BBBC603C}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24210 "{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}" = CCC Help Swedish "{A5A6A4D0-2005-2A05-2E21-495808CF95ED}" = CCC Help Norwegian "{A760847A-C4D9-E7EF-716F-07C6CBF6B147}" = CCC Help Thai "{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}" = AMD Catalyst Control Center "{AmazingPartitionManager}_is1" = Amazing Partition Manager Professional version 5.1.1.8 "{B839153C-D4D2-F89C-5033-0A160C62706B}" = CCC Help Portuguese "{C1EA3764-1138-AE27-AD63-549BAD99BA15}" = CCC Help Japanese "{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}" = CCC Help Czech "{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}" = CCC Help Dutch "{D8C8656B-0BD8-39C3-B741-F889B7C144E5}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24210 "{E817E580-6318-AFC8-2102-322C73117EC4}" = CCC Help Polish "{e8f510b9-bc6f-44bc-9937-b3b21ed7bb4b}" = Web Companion "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 "{F77474EE-EB6C-C87B-88AF-3310C848E068}" = CCC Help Greek "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{F8DDBE95-DCBE-03B5-5359-DE3601146E21}" = CCC Help Danish "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector "AvantBrowser" = Avant Browser (remove only) "Microsoft Edge" = Microsoft Edge "Microsoft Edge Update" = Microsoft Edge Update "Microsoft EdgeWebView" = Microsoft Edge WebView2 Runtime "Onesafe PC Cleaner_is1" = Onesafe PC Cleaner v9.1.0.0 "SEAF" = SEAF By C_XX "UCBrowser" = UC Browser "WinThruster_is1" = WinThruster v8.0.0.0 "WUCCCApp" = AMD Catalyst Control Center [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-158993690-1269080673-3091534466-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b" = balenaEtcher 1.14.3 "Microsoft EdgeWebView" = Microsoft Edge WebView2 Runtime "OneDriveSetup.exe" = Microsoft OneDrive [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 11/03/2023 17:24:17 | Computer Name = DESKTOP-DO2EQCB | Source = ESENT | ID = 455 Description = svchost (7920,R,98) TILEREPOSITORYS-1-5-18: L erreur -1023 (0xfffffc01) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error - 11/03/2023 17:41:25 | Computer Name = DESKTOP-DO2EQCB | Source = ESENT | ID = 455 Description = svchost (6980,R,98) TILEREPOSITORYS-1-5-18: L erreur -1023 (0xfffffc01) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error - 11/03/2023 17:54:16 | Computer Name = DESKTOP-DO2EQCB | Source = ESENT | ID = 455 Description = svchost (7492,R,98) TILEREPOSITORYS-1-5-18: L erreur -1023 (0xfffffc01) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error - 11/03/2023 18:09:17 | Computer Name = DESKTOP-DO2EQCB | Source = ESENT | ID = 455 Description = svchost (4556,R,98) TILEREPOSITORYS-1-5-18: L erreur -1023 (0xfffffc01) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error - 11/03/2023 18:24:17 | Computer Name = DESKTOP-DO2EQCB | Source = ESENT | ID = 455 Description = svchost (5756,R,98) TILEREPOSITORYS-1-5-18: L erreur -1023 (0xfffffc01) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error - 11/03/2023 18:39:17 | Computer Name = DESKTOP-DO2EQCB | Source = ESENT | ID = 455 Description = svchost (8168,R,98) TILEREPOSITORYS-1-5-18: L erreur -1023 (0xfffffc01) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error - 11/03/2023 18:47:53 | Computer Name = DESKTOP-DO2EQCB | Source = ESENT | ID = 455 Description = svchost (2212,R,98) TILEREPOSITORYS-1-5-18: L erreur -1023 (0xfffffc01) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error - 11/03/2023 18:54:20 | Computer Name = DESKTOP-DO2EQCB | Source = ESENT | ID = 455 Description = svchost (5504,R,98) TILEREPOSITORYS-1-5-18: L erreur -1023 (0xfffffc01) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error - 11/03/2023 19:09:18 | Computer Name = DESKTOP-DO2EQCB | Source = ESENT | ID = 455 Description = svchost (6888,R,98) TILEREPOSITORYS-1-5-18: L erreur -1023 (0xfffffc01) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error - 11/03/2023 19:24:19 | Computer Name = DESKTOP-DO2EQCB | Source = ESENT | ID = 455 Description = svchost (9048,R,98) TILEREPOSITORYS-1-5-18: L erreur -1023 (0xfffffc01) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. [ Parameters Events ] OTL encountered an error while reading this event log. It may be corrupt. [ State Events ] OTL encountered an error while reading this event log. It may be corrupt. Error - 11/03/2023 13:46:55 | Computer Name = DESKTOP-DO2EQCB | Source = Service Control Manager | ID = 7011 Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de l attente de la réponse transactionnelle du service WSearch. Error - 11/03/2023 13:47:25 | Computer Name = DESKTOP-DO2EQCB | Source = Service Control Manager | ID = 7011 Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de l attente de la réponse transactionnelle du service WSearch. Error - 11/03/2023 13:47:55 | Computer Name = DESKTOP-DO2EQCB | Source = Service Control Manager | ID = 7011 Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de l attente de la réponse transactionnelle du service WSearch. Error - 11/03/2023 13:48:25 | Computer Name = DESKTOP-DO2EQCB | Source = Service Control Manager | ID = 7011 Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de l attente de la réponse transactionnelle du service WSearch. Error - 11/03/2023 13:48:55 | Computer Name = DESKTOP-DO2EQCB | Source = Service Control Manager | ID = 7011 Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de l attente de la réponse transactionnelle du service WSearch. Error - 11/03/2023 13:49:25 | Computer Name = DESKTOP-DO2EQCB | Source = Service Control Manager | ID = 7011 Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de l attente de la réponse transactionnelle du service WSearch. Error - 11/03/2023 13:49:55 | Computer Name = DESKTOP-DO2EQCB | Source = Service Control Manager | ID = 7011 Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de l attente de la réponse transactionnelle du service WSearch. Error - 11/03/2023 13:50:25 | Computer Name = DESKTOP-DO2EQCB | Source = Service Control Manager | ID = 7046 Description = Le service suivant a cessé de répondre de façon répétée aux demandes de contrôle de service : Windows Search Contactez le fournisseur du service ou l administrateur système pour savoir s il convient de désactiver le service jusqu à ce que le problème ait été identifié. Vous serez peut-être amené à redémarrer l ordinateur en mode sans échec pour pouvoir désactiver le service. Error - 11/03/2023 13:53:38 | Computer Name = DESKTOP-DO2EQCB | Source = Service Control Manager | ID = 7011 Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de l attente de la réponse transactionnelle du service WSearch. Error - 11/03/2023 14:00:15 | Computer Name = DESKTOP-DO2EQCB | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620 Description = Vérification du volume chiffré : impossible de lire les informations de volume sur \\?\Volume{59b1ca09-bfe7-11ed-bf53-4c72b9f956a2}. < End of report >