OTL Extras logfile created on: 12.07.2022 22:45:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\druk1\Desktop\OTL 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.25151.0) Locale: 00000415 | Country: | Language: PLK | Date Format: dd.MM.yyyy 31,75 Gb Total Physical Memory | 20,32 Gb Available Physical Memory | 64,01% Memory free 33,75 Gb Paging File | 20,65 Gb Available in Paging File | 61,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 248,58 Gb Total Space | 106,24 Gb Free Space | 42,74% Space Free | Partition Type: NTFS Drive D: | 1612,01 Gb Total Space | 852,53 Gb Free Space | 52,89% Space Free | Partition Type: NTFS Drive E: | 1863,02 Gb Total Space | 1292,46 Gb Free Space | 69,37% Space Free | Partition Type: NTFS Computer Name: DESKTOP-5MSF9TO | User Name: druk1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm[@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\WINDOWS\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation) .txt[@ = txtfilelegacy] -- Reg Error: Key error. File not found .vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .ini [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- C:\WINDOWS\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfilelegacy] -- Reg Error: Key error. File not found .vbe [@ = VBEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Value error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- Reg Error: Key error. inffile [open] -- Reg Error: Key error. inffile [print] -- Reg Error: Key error. inifile [open] -- Reg Error: Key error. inifile [print] -- Reg Error: Key error. InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- Reg Error: Key error. txtfile [print] -- Reg Error: Key error. txtfile [printto] -- Reg Error: Key error. vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [mplayerc64.enqueue] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" /add "%1" (MPC-HC Team) Directory [mplayerc64.play] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" "%1" (MPC-HC Team) Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation) Directory [UpdateEncryptionSettings] -- Reg Error: Key error. Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Value error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- Reg Error: Key error. inffile [open] -- Reg Error: Key error. inffile [print] -- Reg Error: Key error. inifile [open] -- Reg Error: Key error. inifile [print] -- Reg Error: Key error. InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- Reg Error: Key error. txtfile [print] -- Reg Error: Key error. txtfile [printto] -- Reg Error: Key error. vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [mplayerc64.enqueue] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" /add "%1" (MPC-HC Team) Directory [mplayerc64.play] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" "%1" (MPC-HC Team) Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation) Directory [UpdateEncryptionSettings] -- Reg Error: Key error. Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av] "DataMigrated" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{23007AD3-69FE-687C-2629-D584AFFAF72B}] "GUID" = {23007AD3-69FE-687C-2629-D584AFFAF72B} "DISPLAYNAME" = Malwarebytes "STATE" = 393232 "PRODUCTEXE" = C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe "REPORTINGEXE" = C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}] "GUID" = {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} "DISPLAYNAME" = Program antywirusowy Microsoft Defender "STATE" = 397568 "PRODUCTEXE" = windowsdefender:// "REPORTINGEXE" = %ProgramFiles%\Windows Defender\MsMpeng.exe -- (Microsoft Corporation) [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP\42cee7d6-0ba7-4b1a-be56-220fd4e36393] "GUID" = 42cee7d6-0ba7-4b1a-be56-220fd4e36393 "CALLINGBINARY" = C:\Program Files\Microsoft OneDrive\OneDrive.exe -- (Microsoft Corporation) "NAMESPACE" = C:\Users\druk1\OneDrive -- [2022.07.11 15:54:03 | 000,000,000 | R--D | M] "DISPLAYNAME" = OneDrive - Osobiste "EXEPATH" = C:\Program Files\Microsoft OneDrive\OneDrive.exe -- (Microsoft Corporation) "ACCOUNTNAME" = kawkaajjjjjj@gmail.com "USERSID" = S-1-5-21-3597893999-3021572309-735165860-1001 "TYPE" = 0 "SIGNED" = 1 "FLAGS" = 0 "STATE" = 0 "RESTOREURL" = https://onedrive.live.com?v=restore&suggestedRestoreDate=2022-07-08T18:48:17Z [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw] "DataMigrated" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{2AC72D2D-8CAC-8F46-FB61-84DDBF361321}] "GUID" = {2AC72D2D-8CAC-8F46-FB61-84DDBF361321} "DISPLAYNAME" = K7TotalSecurity "STATE" = 266240 "PRODUCTEXE" = C:\Program Files (x86)\K7 Computing\K7TSecurity\K7WscShl.exe "REPORTINGEXE" = C:\Program Files (x86)\K7 Computing\K7TSecurity\k7wscshl.exe [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration\WicaUpgradableAVs] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = F8 55 74 FE EB 8B D8 01 [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Throttle] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Throttle\AMPPL] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ProvidersMigration] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{37858B89-D4BD-44D7-B490-5E37F7CE520C}" = lport=1688 | protocol=6 | dir=in | name=aact_in_port_kms | "{7D3831F0-9B55-426B-8F76-13024CB6DC21}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\root\office16\outlook.exe | "{AFF05C5E-EEAD-4FF7-8606-663B1E44E8A2}" = lport=1688 | protocol=6 | dir=out | name=aact_out_port_kms | "{E4159529-9484-4897-962A-EC03EC0A4158}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.49\msedgewebview2.exe | "{F1250229-02B7-4558-89BB-F33B1A5722B3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{F76B77D3-9DED-4F15-96A7-E672031C3C58}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft\edge\application\msedge.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00BFA4A1-B95C-429F-91CB-0D7295AB8082}" = dir=in | name=@{microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{010F826A-D5A4-42EA-8C96-99F40D1BDF0B}" = dir=in | name=@{microsoft.windowsalarms_11.2205.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsalarms/resources/appstorename} | "{017B084A-041F-4C96-B21A-CBB3F3425A01}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{039A03A5-A28D-4F4B-A24C-B7D15CF0DEF0}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.25151.1000_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} | "{05FA4470-37D4-46B3-9551-9FF3B4154477}" = dir=out | name=@{microsoft.lockapp_10.0.25151.1000_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{0D37550A-F0C1-4A10-9FD8-926221EEE6AE}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.25145.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{0F8583DB-53C0-4220-B3B7-ED1889C92CF0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\root\office16\lync.exe | "{10228FE2-F2A2-4013-86D4-39187959CA5F}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.25151.1000_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{15450065-0AD8-4614-9870-45F4EF62917C}" = dir=out | name=clipchamp | "{1839D423-E713-49E5-8D20-DFE3D33BC86F}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{1B2D2C2A-DD10-4A0A-83C9-8ACBEE165CF9}" = dir=out | name=@{microsoft.windowscalculator_11.2205.9.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscalculator/resources/appstorename} | "{1E92B563-8083-445C-BB52-052982A86FB3}" = dir=in | name=@{microsoftwindows.client.core_1000.25151.1010.0_x64__cw5n1h2txyewy?ms-resource://microsoftwindows.client.core/resources/productpkgdisplayname} | "{20AEFFA9-5D25-4391-AFF2-FDB163B49A3B}" = dir=in | name=@{microsoft.sechealthui_1000.25151.1000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.sechealthui/resources/packagedisplayname} | "{238F1CE2-0F7E-4BCD-AD1B-0026DE9CEC59}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.25145.1000_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{27D7325E-E6BE-4FF3-8C82-532DA8898F0A}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{2A2A557E-2394-4793-98D2-6099CCBE0BB4}" = dir=out | name=@{microsoft.windows.photos_2022.31060.30005.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{2B749CDC-AD30-4F86-8F79-0E9132DB09B2}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.25145.1000_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{38BB1981-A707-4200-9151-132518B09018}" = dir=out | name=@{microsoft.windowscamera_2022.2205.8.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscamera/lenssdk/resources/appstorename} | "{3DAE3DA6-C9FF-494B-8079-B637938D0513}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{3E05C31C-9A1E-4E85-92C9-91A79B264ECC}" = dir=out | name=microsoft solitaire collection | "{3EA37D6A-9CB1-4EED-A2A5-F9CB9F8D3DF9}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.25151.1000_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{49723E19-8833-42C7-8A7C-D52523598AA5}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{49C91E78-A941-4016-9C4A-F73D018AF519}" = dir=out | name=@{microsoft.accountscontrol_10.0.25151.1000_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{4BE4DC69-A0B8-498C-B14D-C210A35A654B}" = protocol=6 | dir=in | app=c:\program files\windowsapps\microsoftteams_22168.200.1405.7434_x64__8wekyb3d8bbwe\msteams.exe | "{56FD517C-7B46-4195-8B48-A9C34AFB4546}" = dir=in | name=@{microsoft.windows.photos_2022.31060.30005.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{5B420D4B-CB61-4981-B489-68C40920370C}" = dir=out | name=@{microsoft.storepurchaseapp_12205.44.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.storepurchaseapp/resources/displaytitle} | "{5BDE372F-B0A3-4D62-9C3B-09533C11E435}" = protocol=17 | dir=in | app=c:\program files\windowsapps\microsoftteams_22168.200.1405.7434_x64__8wekyb3d8bbwe\msteams.exe | "{5F885FD7-F85F-4130-ABE4-3012D0A6C906}" = dir=out | name=cortana | "{60B5BE6B-2098-425B-84D6-C7FF93E60D69}" = dir=out | name=@{microsoft.gethelp_10.2204.1222.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.gethelp/resources/appdisplayname} | "{613194FB-A6F4-4F95-BCBD-FD69DF262E2F}" = dir=out | name=@{microsoftwindows.client.core_1000.25151.1010.0_x64__cw5n1h2txyewy?ms-resource://microsoftwindows.client.core/resources/productpkgdisplayname} | "{63C04DCB-8133-4F76-A286-D03BEC73A3D0}" = dir=in | name=@{microsoft.windows.search_1.16.0.22000_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{6A70ED31-7415-42EE-8248-059F03505D9D}" = dir=in | name=microsoft solitaire collection | "{6F25B110-E001-4E34-AD5D-42D736CE0174}" = dir=out | name=ncsiuwpapp | "{6F4F3080-9359-40F9-A8DB-670A07565C40}" = dir=out | name=@{microsoft.windowsalarms_11.2205.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsalarms/resources/appstorename} | "{741EF5EF-4A89-4FC6-9A51-3DEC7DCF2F99}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{753AA491-EE42-43BF-A191-2A92A2635D27}" = dir=in | name=@{microsoftwindows.client.cbs_1000.25151.1010.0_x64__cw5n1h2txyewy?ms-resource://microsoftwindows.client.cbs/resources/productpkgdisplayname} | "{76D3E7F1-17D9-4608-ACC4-C3C941379B1E}" = dir=in | name=@{microsoft.windows.startmenuexperiencehost_10.0.25151.1000_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{7799F89F-6ED5-42AF-ACB6-F7C151E3B00C}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{82019EA7-9EAD-41F6-95F9-9BBC9DBE3ABE}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.25145.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{85B18F1E-2F89-4B4B-856A-12BD74E96001}" = protocol=17 | dir=in | app=c:\program files\microsoft office\root\office16\lync.exe | "{85EDEEA4-5010-4286-BF13-2526D72753D2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\root\office16\ucmapi.exe | "{8F89B46F-3324-44D4-A070-72E84EC61166}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{91960218-FE80-4D5B-AFFA-899A49539830}" = dir=out | name=@{microsoft.windows.startmenuexperiencehost_10.0.25151.1000_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{96FC0486-7279-458E-86A1-D8A44E207AEA}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{9F6CFA76-E7AC-4AF7-B90E-FAD5450831FE}" = dir=in | app=c:\program files (x86)\adguard\adguardsvc.exe | "{A226D0A8-A636-4EF2-AB49-89FFB1468AB5}" = dir=out | name=dts sound unbound | "{A6EAB94A-49FA-4247-9E6D-96F2E625C71E}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{A7DDC986-6337-47C6-9D1E-D25C0291576E}" = dir=out | name=@{appup.intelgraphicsexperience_1.100.3408.0_x64__8j3eq9eme6ctt?ms-resource://appup.intelgraphicsexperience/resources/system_item_title_intelgraphicscontrolpanel} | "{A878ADDB-E435-4545-81D6-6298C532C97D}" = dir=in | name=microsoft store | "{AC64C50F-B561-41B5-B1FC-DA9E19C858A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\root\office16\ucmapi.exe | "{ACC188F8-42ED-4130-A262-7470E2E60E9A}" = dir=in | name=@{microsoft.desktopappinstaller_1.18.1391.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} | "{ADF1EB8F-ECF3-4CEC-AADC-34211B2692EA}" = dir=in | name=cortana | "{B6F82FE5-CBC7-4493-A61E-6D26BC6C09D2}" = dir=out | name=@{microsoft.win32webviewhost_10.0.25151.1000_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{C2D22864-FB1C-4F9E-A50C-3BE234F4DBD8}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.21302.1000_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} | "{C52E052F-7D1B-4F31-86CD-471E5DE7EE5B}" = dir=out | name=@{microsoftwindows.client.cbs_1000.25151.1010.0_x64__cw5n1h2txyewy?ms-resource://microsoftwindows.client.cbs/resources/productpkgdisplayname} | "{C564E224-DE3D-4C88-96D2-5A12B8452432}" = dir=in | name=@{microsoftwindows.client.core_1000.25151.1000.0_x64__cw5n1h2txyewy?ms-resource://microsoftwindows.client.core/resources/productpkgdisplayname} | "{C5986EBD-1148-490F-A78B-7309DAAA6821}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{C63FB45F-67A8-430F-8AF4-DFC6FE803963}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{C9A2968E-9E1B-4F9D-ACB2-08ECF0FDC4D7}" = dir=out | name=@{microsoft.windows.search_1.16.0.22000_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{CAE3C760-43D2-4EF1-A582-91FC4D51C4A5}" = dir=out | name=@{microsoft.sechealthui_1000.25151.1000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.sechealthui/resources/packagedisplayname} | "{CE25BEC3-104B-4D86-AAD9-60A102F0BB7E}" = dir=out | name=@{microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{D072275D-5D33-4FB5-94CB-1F8D659C3A67}" = dir=out | name=@{microsoft.desktopappinstaller_1.18.1391.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} | "{D1908B50-44E5-45E9-8B58-2481287AA398}" = dir=out | name=windows_ie_ac_001 | "{D5C68F2E-B0AB-418E-9971-4A14D83EA0A4}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.25145.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{D6889695-9158-43DC-9FE4-33CF2CE0A35F}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.25151.1000_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{D718A14C-9CEB-4680-B7E3-377BD0055EEC}" = dir=out | name=@{microsoft.yourphone_1.22062.153.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} | "{D88E4AB1-8A4A-461F-8E38-731C386B0772}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.21302.1000_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} | "{DB31424D-0F49-4D91-9243-CAC74ED9B3A1}" = dir=out | name=microsoft edge | "{E82922DD-3143-4BD1-9647-AB758383465E}" = dir=in | name=@{microsoft.win32webviewhost_10.0.25151.1000_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{E91580D8-97F9-4B89-B662-559ECA147512}" = dir=out | name=microsoft store | "{EBB3FD53-BFA8-4B6B-B222-71AFDEE2A150}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{EF9DD3A1-8234-4C3C-A9E6-672BB9480C1D}" = dir=in | name=@{microsoft.yourphone_1.22062.153.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} | "{F033A7E4-058C-4C72-AEE7-6BF246314564}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.25151.1000_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} | "{F0E4DF97-82E3-43CB-8681-965174AE979A}" = dir=in | name=microsoft edge | "{F3B809F3-CC89-4165-B887-F47875B2D72E}" = dir=out | name=windows web experience pack | "{F46486CD-A288-443A-A257-876A1A97EDCD}" = dir=out | name=@{appup.intelgraphicsexperience_1.100.3408.0_x64__8j3eq9eme6ctt?ms-resource://appup.intelgraphicsexperience/resources/system_item_title_intelgraphicscontrolpanel} | "{FA55FE29-078E-4D7E-AF82-71D0635A86B6}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{FAD7948D-AB65-4D99-AD13-21E71CF8846B}" = dir=out | name=@{microsoft.windowsterminal_1.14.1862.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsterminal/resources/appstorename} | "{FCAB47FB-0944-44D1-9A10-45AC464A5684}" = dir=out | name=@{microsoftwindows.client.core_1000.25151.1000.0_x64__cw5n1h2txyewy?ms-resource://microsoftwindows.client.core/resources/productpkgdisplayname} | "TCP Query User{5CD39F64-1096-4366-B7C5-12495B7473B5}C:\program files (x86)\superseedtorrent\superseedtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\superseedtorrent\superseedtorrent.exe | "TCP Query User{99A7011F-DE6B-403D-B166-24528C8BC3D8}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "TCP Query User{AFBD0111-CBA6-4B85-A259-5F3AD56C1B76}C:\users\druk1\appdata\local\microsoft\teams\current\teams.exe" = protocol=6 | dir=in | app=c:\users\druk1\appdata\local\microsoft\teams\current\teams.exe | "TCP Query User{CDCA7F92-1BFB-4174-8EB6-94460B752539}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{34CF0910-43C5-4E03-A46A-9006A25D2CE4}C:\program files (x86)\superseedtorrent\superseedtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\superseedtorrent\superseedtorrent.exe | "UDP Query User{427A590B-F364-4289-9A1F-CD223B2E7A61}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "UDP Query User{70E3DE2E-E6C2-4C7B-ABD0-E8E71509576F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{E9CB2189-5DEA-44E7-BBE2-D5C1BD85FB7C}C:\users\druk1\appdata\local\microsoft\teams\current\teams.exe" = protocol=17 | dir=in | app=c:\users\druk1\appdata\local\microsoft\teams\current\teams.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{010792BA-551A-3AC0-A7EF-0FAB4156C382}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 "{089A177D-98AE-4195-A115-D3C45613B875}" = Microsoft .NET Runtime - 6.0.5 (x64) "{0955E6EB-6F3A-4A99-80B9-1982B25FC2B1}" = Windows 11 Manager "{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2A810962-B8B5-4838-8D65-246E0B25ED8E}" = FxSound "{3407B900-37F5-4CC2-B612-5CD5D580A163}" = Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 "{3E6CCD41-6B96-47BD-8E1E-D7B593CEE976}" = Microsoft .NET Host FX Resolver - 6.0.5 (x64) "{474858A8-E29E-4F40-A6E0-2EEDBBE6FEBC}" = Intel(R) LMS "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{53CF6934-A98D-3D84-9146-FC4EDF3D5641}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A2A8076-135F-4F55-BB02-DED67C8C6934}" = Microsoft Update Health Tools "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90160000-007E-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Licensing Component "{90160000-008C-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component "{90160000-008C-0415-1000-0000000FF1CE}" = Office 16 Click-to-Run Localization Component "{9F520472-2286-4C42-B547-B0AEDA17040C}" = Dynamic Application Loader Host Interface Service "{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}" = Intel(R) Serial IO "{A3C473CF-0D9B-45D5-9015-E9384E2B6E79}" = Intel(R) Management Engine Components "{A5530342-3F3E-4C02-9ECA-20DC35944BFD}" = Intel(R) Serial IO "{A608CB76-C881-4B13-B69F-9F085D4142F8}" = Intel(R) Management Engine Driver "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0EBE334-CC9C-43BA-8053-973C86A9E73F}" = Intel(R) LMS "{B2F94B3E-055E-3E7A-B2C3-3C63FC1B1C90}" = Google Chrome "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 472.39 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 39.3.0.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.21.0713 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk" = NVIDIA FrameView SDK 1.2.7321.30900954 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVPCF" = NVIDIA Platform Controllers and Framework "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{C680D1E1-BB68-43E0-998F-C9560340A0CC}" = Intel(R) Extreme Tuning Utility "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 "{D1259A1F-3E93-452F-8F61-9F63F41C91D8}" = Documentation Manager "{DE578B32-084A-49E7-8E55-6F58A37578C0}" = Microsoft Windows Desktop Runtime - 6.0.5 (x64) "{EFE4A88A-FF8B-4D0E-8354-E0B7C3ED9E50}" = Intel(R) Computing Improvement Program "{F3B3A61B-DC16-429A-A260-DBAFE66741A9}" = Microsoft .NET Host - 6.0.5 (x64) "{F4499EE3-A166-496C-81BB-51D1BCDC70A9}" = Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 "7-Zip" = 7-Zip 21.07 (x64) "Control Center" = Control Center 21.08.19.01 "FxSound 1.1.15.0" = FxSound "Mozilla Firefox 102.0.1 (x64 pl)" = Mozilla Firefox (x64 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "OneDriveSetup.exe" = Microsoft OneDrive "PotPlayer64" = PotPlayer-64 bit "ProPlus2019Retail - pl-pl" = Microsoft Office Professional Plus 2019 - pl-pl "WinRAR archiver" = WinRAR 5.91 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000120-0220-1045-84C8-B8D95FA3C8C3}" = Intel(R) Wireless Bluetooth(R) "{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 "{0703311b-31d5-4c17-9668-c48dee4b7749}" = Intel(R) Graphics Driver Software "{0f711ee3-eb88-456d-acb4-c2ee31add211}" = Microsoft Windows Desktop Runtime - 6.0.5 (x64) "{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}" = BrLogRx "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20645d8e-11cd-4c42-b936-87f07a6f18be}" = Microsoft .NET Runtime - 6.0.5 (x64) "{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{32F47565-84B1-42CC-B09A-4CDDD9A32F94}" = BrSupportTools "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{34989299-2d34-4a1b-baa2-4de4fafbb4d0}" = Intel(R) Graphics Driver Software "{36580EEB-4EDF-4880-BBD4-097E2C645ECD}" = HowToGuide "{3746f21b-c990-4045-bb33-1cf98cff7a68}" = Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 "{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}" = BrLauncher "{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}" = ScannerUtilityInstaller "{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{624AB804-EE0E-4AD5-AB8F-15BB29C54065}" = StatusMonitor "{685F6AB3-7C61-42D1-AE5B-3864E48D1035}" = AdGuard "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71149886-0AA3-4F31-81F9-CC90EA0D55EF}_is1" = SSDFresh 2022 "{7e58df71-ff1c-43fd-a618-5511b76c0dd9}" = Intel(R) Graphics Driver Software "{80ec5470-ac51-4956-b2dc-87dc2cdaa04b}" = Intel(R) Chipset Device Software "{8122DAB1-ED4D-3676-BB0A-CA368196543E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 "{85cb0eee-e264-4335-ac48-f589f2d69657}" = Intel® Software Installer "{86E68F57-FAFE-4052-BDD4-3B90C38236AE}" = NetworkRepairTool "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8972AC25-452E-4FFE-945A-EB9E28C20322}" = Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 "{8eef6796-8382-40a7-9da7-1ec99bf3bfb5}" = Intel(R) Extreme Tuning Utility "{901bcbf9-3fc2-492d-8f11-e8ca2175adf6}" = Intel(R) Chipset Device Software "{975595A4-33B3-40A7-9D08-27777A4C54DC}" = Intel Driver && Support Assistant "{97BCFAD0-8BC5-480B-ADA2-F54809F48267}" = DeviceDetect "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 "{a98dc6ff-d360-4878-9f0a-915eba86eaf3}" = Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 "{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}" = Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{BED980F2-7737-4D47-B444-D6BC66A2E36C}_is1" = AULA Reaper "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 "{CAFE5834-5440-41B8-8C56-4DD946A1A5E1}" = ControlCenter4 "{cc2553fe-0c12-40bb-8d08-969eacd8c686}" = Intel® Software Installer "{CF28049E-08A3-4C40-934E-B8495596FE91}" = Brother Printer Driver "{D401961D-3A20-3AC7-943B-6139D5BD490A}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 "{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh "{ee77e23b-6afb-4277-9298-9576093d573f}" = Intel® Driver & Support Assistant "{F05DC581-D08E-423E-B98F-5BD91C9BF371}" = Brother Scanner Driver "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek Audio Driver "{F8762A81-32B5-4144-9F3C-9274F515A651}" = UsbRepairTool "{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}" = ControlCenter4 CSDK "AllDup_is1" = AllDup 4.4.34 "Driver Booster_is1" = Driver Booster 9 "Internet Download Manager" = Internet Download Manager "KLiteCodecPack_is1" = K-Lite Codec Pack 16.3.5 Full "Microsoft Edge" = Microsoft Edge "Microsoft Edge Update" = Microsoft Edge Update "Microsoft EdgeWebView" = Środowisko uruchomieniowe Microsoft Edge WebView2 "MozBackup" = MozBackup 1.5.1 "OpenAL" = OpenAL "SuperSeedTorrent" = SuperSeedTorrent 4.3.7 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3597893999-3021572309-735165860-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Teams" = Microsoft Teams "Windows 11 Manager 1.0.2" = Windows 11 Manager [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 08.07.2022 19:03:04 | Computer Name = DESKTOP-5MSF9TO | Source = Application Hang | ID = 1002 Description = Program ShellExperienceHost.exe w wersji 10.0.25151.1000 przestał korzystać z systemu Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji o problemie, sprawdź historię problemów w panelu sterowania Zabezpieczenia i konserwacja. Error - 08.07.2022 19:03:14 | Computer Name = DESKTOP-5MSF9TO | Source = Application Hang | ID = 1002 Description = Program svchost.exe w wersji 10.0.25151.1000 przestał korzystać z systemu Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji o problemie, sprawdź historię problemów w panelu sterowania Zabezpieczenia i konserwacja. Error - 08.07.2022 19:03:14 | Computer Name = DESKTOP-5MSF9TO | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: FxSound.exe, wersja: 1.1.15.0, sygnatura czasowa: 0x621f55bf Nazwa modułu powodującego błąd: FxSound.exe, wersja: 1.1.15.0, sygnatura czasowa: 0x621f55bf Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000000c04c1 Identyfikator procesu powodującego błąd: 0x0x4a48 Godzina uruchomienia aplikacji powodującej błąd: 0x0x1d8931d1fc5fab4 Ścieżka aplikacji powodującej błąd: C:\Program Files\FxSound LLC\FxSound\FxSound.exe Ścieżka modułu powodującego błąd: C:\Program Files\FxSound LLC\FxSound\FxSound.exe Identyfikator raportu: 31e92cca-2819-4a0e-8664-c4b9fe4ee5f5 Pełna nazwa pakietu powodującego błąd: ? Identyfikator aplikacji względem pakietu powodującego błąd: ? Error - 09.07.2022 07:48:56 | Computer Name = DESKTOP-5MSF9TO | Source = ESENT | ID = 452 Description = DllHost (3396,R,98) WebPlatStorage: Baza danych C:\Users\druk1\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb wymaga plików dziennika 4-5, aby pomyślnie ukończyć odzyskiwanie. Podczas odzyskiwania odnaleziono tylko pliki dziennika począwszy od pliku 5. Error - 09.07.2022 07:48:56 | Computer Name = DESKTOP-5MSF9TO | Source = ESENT | ID = 454 Description = DllHost (3396,R,98) WebPlatStorage: Odzyskiwanie/przywracanie bazy danych nie powiodło się z powodu nieoczekiwanego błędu: -543. Error - 09.07.2022 07:48:58 | Computer Name = DESKTOP-5MSF9TO | Source = ESENT | ID = 455 Description = DllHost (3396,R,98) Internet_NOEDP_LEGACY_IDB: Wystąpił błąd -1811 (0xfffff8ed) podczas otwierania pliku dziennika C:\Users\druk1\AppData\Local\Microsoft\Internet Explorer\Indexed DB\edb00001.log. Error - 09.07.2022 09:27:17 | Computer Name = DESKTOP-5MSF9TO | Source = .NET Runtime | ID = 1026 Description = Error - 09.07.2022 09:27:17 | Computer Name = DESKTOP-5MSF9TO | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: ControlCenter.exe, wersja: 20.6.22.1, sygnatura czasowa: 0x611e0484 Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 10.0.25151.1000, sygnatura czasowa: 0x92e58192 Kod wyjątku: 0xe0434352 Przesunięcie błędu: 0x000000000003941c Identyfikator procesu powodującego błąd: 0x0x3298 Godzina uruchomienia aplikacji powodującej błąd: 0x0x1d89389e7e5da74 Ścieżka aplikacji powodującej błąd: C:\Program Files\ControlCenter\ControlCenter.exe Ścieżka modułu powodującego błąd: C:\WINDOWS\System32\KERNELBASE.dll Identyfikator raportu: dec7ddb9-b8bb-4a8e-b14b-06f0724c43b2 Pełna nazwa pakietu powodującego błąd: ? Identyfikator aplikacji względem pakietu powodującego błąd: ? Error - 09.07.2022 14:28:06 | Computer Name = DESKTOP-5MSF9TO | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: SDXHelper.exe, wersja: 16.0.15225.20288, sygnatura czasowa: 0x62a3d6f9 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 10.0.25151.1000, sygnatura czasowa: 0x0a246179 Kod wyjątku: 0xc0000374 Przesunięcie błędu: 0x000000000010fa29 Identyfikator procesu powodującego błąd: 0x0x3dec Godzina uruchomienia aplikacji powodującej błąd: 0x0x1d8938bf6410add Ścieżka aplikacji powodującej błąd: C:\Program Files\Microsoft Office\Root\Office16\SDXHelper.exe Ścieżka modułu powodującego błąd: C:\WINDOWS\SYSTEM32\ntdll.dll Identyfikator raportu: eec25aba-3eb0-4715-ab39-e86ff239a4e9 Pełna nazwa pakietu powodującego błąd: ? Identyfikator aplikacji względem pakietu powodującego błąd: ? Error - 12.07.2022 13:35:22 | Computer Name = DESKTOP-5MSF9TO | Source = Application Hang | ID = 1002 Description = Program mpc-hc64.exe w wersji 1.9.14.18 przestał korzystać z systemu Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji o problemie, sprawdź historię problemów w panelu sterowania Zabezpieczenia i konserwacja. [ Microsoft-Windows-Diagnostics-Performance/Operational Events ] Error - 08.07.2022 14:59:43 | Computer Name = DESKTOP-5MSF9TO | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100 Description = Error - 08.07.2022 14:59:43 | Computer Name = DESKTOP-5MSF9TO | Source = Microsoft-Windows-Diagnostics-Performance | ID = 101 Description = Error - 08.07.2022 16:17:00 | Computer Name = DESKTOP-5MSF9TO | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100 Description = Error - 08.07.2022 16:17:00 | Computer Name = DESKTOP-5MSF9TO | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100 Description = Error - 08.07.2022 16:58:18 | Computer Name = DESKTOP-5MSF9TO | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100 Description = Error - 08.07.2022 16:58:18 | Computer Name = DESKTOP-5MSF9TO | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100 Description = Error - 08.07.2022 17:43:19 | Computer Name = DESKTOP-5MSF9TO | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100 Description = Error - 08.07.2022 17:43:19 | Computer Name = DESKTOP-5MSF9TO | Source = Microsoft-Windows-Diagnostics-Performance | ID = 100 Description = Error - 08.07.2022 19:13:29 | Computer Name = DESKTOP-5MSF9TO | Source = Microsoft-Windows-Diagnostics-Performance | ID = 101 Description = Error - 08.07.2022 19:13:29 | Computer Name = DESKTOP-5MSF9TO | Source = Microsoft-Windows-Diagnostics-Performance | ID = 101 Description = [ Parameters Events ] OTL encountered an error while reading this event log. It may be corrupt. [ State Events ] OTL encountered an error while reading this event log. It may be corrupt. Error - 08.07.2022 17:58:05 | Computer Name = DESKTOP-5MSF9TO | Source = DCOM | ID = 10010 Description = Error - 08.07.2022 17:58:05 | Computer Name = DESKTOP-5MSF9TO | Source = DCOM | ID = 10010 Description = Error - 08.07.2022 18:11:18 | Computer Name = DESKTOP-5MSF9TO | Source = DCOM | ID = 10010 Description = Error - 08.07.2022 18:11:19 | Computer Name = DESKTOP-5MSF9TO | Source = DCOM | ID = 10010 Description = Error - 08.07.2022 18:11:19 | Computer Name = DESKTOP-5MSF9TO | Source = DCOM | ID = 10010 Description = Error - 08.07.2022 18:11:19 | Computer Name = DESKTOP-5MSF9TO | Source = DCOM | ID = 10010 Description = Error - 08.07.2022 18:11:19 | Computer Name = DESKTOP-5MSF9TO | Source = DCOM | ID = 10010 Description = Error - 08.07.2022 18:11:19 | Computer Name = DESKTOP-5MSF9TO | Source = DCOM | ID = 10010 Description = Error - 08.07.2022 18:11:19 | Computer Name = DESKTOP-5MSF9TO | Source = DCOM | ID = 10010 Description = Error - 08.07.2022 19:03:14 | Computer Name = DESKTOP-5MSF9TO | Source = Service Control Manager | ID = 7031 Description = Usługa Windows Audio niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. < End of report >