Solved Possible infection?

Iohannes

Posts: 28   +0
Hello,
I would like to receive feedback on the following episode.

I recently googled for a guide of some videogame with the words "Kerillian weapon guide". I opened the first Google results, the fourth of which was a PDF loaded to a Weebly subsite. The PDF had a weird "chapta" on page 1 and I, being very sleepy clicked on it. Initially nothing strange came up. The 2nd page contained a poorly formatted text, which I later found to be taken off a Reddit comment.

I now think that pdf was not a guide at all but some attempt at installing malware, especially after Windows Defender came up 30 minutes later saying it had quarantined a PDF Phishing Trojan found in my browser's cache.

Later next morning I turned on my pc and a black screen with cursor showed up after logging in. I have tried workarounds and they solve the issue but sometimes it comes back. Maybe it's due to a program I'm trying to uninstall since it's conflicting with Kaspersky now. (Which I installed the night prior to getting this issue, after the WD found the aforementioned viruses)

My questions are:
Since WD quarantined the trojans, should I fear anything? Note that I have installed Kaspersky and scanned my computer fully several times.
I do not have other issues except this problem with intermittent issue with the black screen.

Does anyone feel like telling me what this virus really was? I attach a picture of the bad website as shown on Google (last one marked in red). The green one is the legit reddit comment. The other red ones are I suppose imitations of the one adware PDF I stumbled upon.
Knowing what kind of malware this really is would calm my troubled spirit.

I thank any user in advance for the help.
 

Broni

Posts: 55,827   +503
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

Iohannes

Posts: 28   +0
Hello, logs incoming.
Some lines I see, are intensive with actual text and being my system in Italian, you'll have to tell me whether this is an issue.

Also, you'll probably see something about the software I'll uninstall tomorrow (could not now). Kaspersky sees some parts of it as virus and deletes them but it keeps coming. It's a monitoring software for employees I installed myself for web filtering purposes, Activtrak by Birchgrove or whatever.
 

Iohannes

Posts: 28   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2021
Ran by * (administrator) on DESKTOP-MG (27-06-2021 19:02:52)
Running from C:\Users\*\Desktop
Loaded Profiles: *
Platform: Windows 10 Pro Version 21H1 19043.1052 (X64) Language: Italiano (Italia)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\NWSoftware\Smart Photo Import 1.0\SI_drivesense.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Birch Grove Software, Inc. -> ) C:\Windows\SysWOW64\syschk.exe
(Birch Grove Software, Inc. -> Birch Grove Software, Inc.) C:\Windows\SysWOW64\svctcom.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\*\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel Corporation) [File not signed] C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) Online Connect -> Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Safe Kids 1.0.5\safekids.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Safe Kids 1.0.5\safekidsui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b2801df14ec7de03\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\*\AppData\Roaming\Telegram Desktop\Telegram.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-09] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268680 2019-02-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3989200 2021-06-24] (Opera Software AS -> Opera Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [f.lux] => C:\Users\*\AppData\Local\FluxSoftware\Flux\flux.exe [1511824 2021-02-04] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [Discord] => C:\Users\*\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [Smart Photo Import] => C:\Program Files (x86)\NWSoftware\Smart Photo Import 1.0\SI_drivesense.exe [331776 2012-09-23] () [File not signed]
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [Spotify] => C:\Users\*\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-04] (Spotify AB -> Spotify Ltd) <==== ATTENTION
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735088 2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [Medal] => C:\Users\*\AppData\Local\Medal\update.exe [1845072 2020-09-03] (Ferox Games B.V. -> )
HKLM\Software\...\AppCompatFlags\Custom\Battlegrounds.exe: [{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb] -> STAR WARS - Galactic Battlegrounds Saga
HKLM\Software\...\AppCompatFlags\Custom\battlegrounds_x1.exe: [{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb] -> STAR WARS - Galactic Battlegrounds Saga
HKLM\Software\...\AppCompatFlags\Custom\player.exe: [{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb] -> STAR WARS - Galactic Battlegrounds Saga
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f3d9623-1935-43fa-9756-e90f3134f675}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb [2019-06-29]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-06-26] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {027256DF-F44F-4509-B5B7-BBBFBAD823D8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {03B1D690-5D22-4C06-A4DB-AC5E9E30FA46} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0A58B213-E2DB-4A0F-9F79-F4E192056DDF} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C0D281E-0F83-4FC3-AF3A-E65C3DAB6D80} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {2CF2B6B6-EF0C-47C8-B758-4FB28E9F17F7} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {3005F1A8-1754-4EB5-8F4C-2CBBA8EA3BE7} - System32\Tasks\SS3Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe [1234432 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {3212D90F-FFE4-4EC3-8377-7B18C85B218E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {3FC121E4-5DB8-4BE4-A38B-6BD0D9258042} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {40CFC116-6E75-485A-8713-428AC15ED0D5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {472D0513-DE02-48E6-A7CC-4C49A19923BC} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {4902E8D2-AFB9-433C-9958-8CB246A65DCE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {60EA1950-3764-492B-9CAF-A5A26F296A38} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {70F2CADD-61C4-48C5-A6F7-AF11DD512CA5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {78C5D28F-6B6B-40C0-BB05-1C2FF2E867C7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1551520 2015-05-14] (ASUSTeK Computer Inc. -> ) [File not signed]
Task: {78FAD4B2-0661-4354-AB1C-33E30BBE6BCD} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {80E34C8B-2986-4406-9335-039569C2C179} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-12-29] (Google Inc -> Google Inc.)
Task: {8B10A8D8-EA45-4849-9EF9-954E5CBEC6C3} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe [613096 2021-06-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {9584F8B5-ABDA-43D9-9726-297F08F9FA0C} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9BA9BAD4-DDF3-4F82-8341-1E0B25BEDCC3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9F8A5C9B-7F11-4BB9-A615-E9BFBF1DAE8E} - System32\Tasks\Opera scheduled Autoupdate 1514935286 => C:\Program Files\Opera\launcher.exe [2264784 2021-06-17] (Opera Software AS -> Opera Software)
Task: {A4360A3E-2B16-4E31-B7AF-896D0A612D78} - System32\Tasks\Opera GX scheduled Autoupdate 1581077425 => C:\Users\crist\AppData\Local\Programs\Opera GX\launcher.exe [1473048 2020-02-20] (Opera Software AS -> Opera Software)
Task: {B29C4B24-9C21-46A7-A4CC-030E5A0CFC0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-12-29] (Google Inc -> Google Inc.)
Task: {B920D2FE-A1E1-46F0-AE4F-C038BEA41CC3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C64F0694-5D4B-4838-A50D-A9DFEDC70D29} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1774472352-47920936-928243050-1002 => C:\Users\*\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {CA30B8EF-1FFD-421B-93C1-8BCDCB2CE859} - System32\Tasks\Opera scheduled assistant Autoupdate 1582753193 => C:\Program Files\Opera\launcher.exe [2264784 2021-06-17] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0)
Task: {CA98361E-3ECF-4A78-B66F-D0F88CA26FDA} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CC65F10B-42C2-430B-A81E-4B2DF33FFBE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D461E9A2-5739-4856-BF42-18B9CBE3C9CD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {E930236F-5073-461B-8665-61B51D6FCDB0} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3614f9c6-f38a-41f2-af91-0e1ec412f891}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3c4239a3-0aca-4e9c-aa79-2aa4b7b98393}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge Profile: C:\Users\*\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-27] Edge HKU\S-1-5-21-1774472352-47920936-928243050-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] Edge HKU\S-1-5-21-1774472352-47920936-928243050-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-26] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-26] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
Chrome: ======= CHR Profile: C:\Users\*\AppData\Local\Google\Chrome\User Data\Default [2021-06-26] CHR StartupUrls: Default -> "hxxps://www.google.it/" CHR Session Restore: Default -> is enabled. CHR Extension: (Presentazioni) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29] CHR Extension: (Documenti) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29] CHR Extension: (Google Drive) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-02] CHR Extension: (YouTube) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-29] CHR Extension: (BlockSite - Website Blocker per Chrome™) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2020-03-27] CHR Extension: (Avast SafePrice | Confronto, offerte, coupon) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-11-02] CHR Extension: (Fogli) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29] CHR Extension: (Documenti Google offline) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-02] CHR Extension: (Avast Online Security) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-11-02] CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-22] CHR Extension: (Gmail) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-02] CHR Extension: (Chrome Media Router) - C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-02] CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR Profile: C:\Users\*\AppData\Roaming\Opera Software\Opera Stable [2021-06-26] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (BlockSite - Rimani concentrato e controlla il tuo tempo) - C:\Users\*\AppData\Roaming\Opera Software\Opera Stable\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2021-06-18] OPR Extension: (Rich Hints Agent) - C:\Users\*\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-06-26] OPR Extension: (Anti-Porn PoliceWEB.net) - C:\Users\*\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjpfeaedoichmjfaaeghijjenilnibdl [2020-03-18] OPR Extension: (Install Chrome Extensions) - C:\Users\*\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2020-03-27] OPR Extension: (Adblock Plus - ad-blocker gratuito) - C:\Users\*\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2021-05-20] StartMenuInternet: (HKU\S-1-5-21-1774472352-47920936-928243050-1002) Opera GXStable - "C:\Users\crist\AppData\Local\Programs\Opera GX\Launcher.exe" ==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc. -> Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [382424 2019-02-18] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] (ASUSTeK Computer Inc. -> ) [File not signed] R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [184768 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8413472 2020-03-30] (BattlEye Innovations e.K. -> ) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4133232 2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2021-05-08] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) U3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25312 2016-11-01] (Intel(R) Online Connect -> Intel Corporation) S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [34528 2016-11-01] (Intel(R) Online Connect -> Intel Corporation) S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation) R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [506368 2017-10-26] (Intel Corporation) [File not signed] R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-17] (Intel(R) Online Connect Access -> Intel(R) Corporation) R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-17] (Intel(R) Online Connect Access -> Intel(R) Corporation) S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [368360 2021-06-08] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-26] (Malwarebytes Inc -> Malwarebytes) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75064 2020-12-13] (Even Balance, Inc. -> ) R2 SafeKids1.0.5; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Safe Kids 1.0.5\safekids.exe [607536 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation) R2 svctcom; C:\WINDOWS\SysWOW64\svctcom.exe [3795520 2021-05-19] (Birch Grove Software, Inc. -> Birch Grove Software, Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b2801df14ec7de03\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b2801df14ec7de03\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-11-18] (ASUSTeK Computer Inc. -> ) R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-02-16] (ASUSTeK Computer Inc. -> ) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd) R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab) R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klfltks; C:\WINDOWS\system32\DRIVERS\klfltks.sys [527112 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [657696 2021-05-08] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1439456 2021-05-08] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [253736 2021-06-26] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klifks; C:\WINDOWS\System32\DRIVERS\klifks.sys [985352 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab) R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [263888 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [309104 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab) R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [115744 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [224880 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
 
Last edited by a moderator:

Iohannes

Posts: 28   +0
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klwtpks; C:\WINDOWS\system32\DRIVERS\klwtpks.sys [249624 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-26] (Malwarebytes Inc -> Malwarebytes) R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel(R) Technology Access -> Intel Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2021-06-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425184 2021-06-14] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-14] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-06-27 19:02 - 2021-06-27 19:03 - 000032320 _____ C:\Users\*\Desktop\FRST.txt 2021-06-27 18:59 - 2021-06-27 19:03 - 000000000 ____D C:\FRST 2021-06-27 18:58 - 2021-06-27 18:58 - 002300416 _____ (Farbar) C:\Users\*\Desktop\FRST64.exe 2021-06-26 19:09 - 2021-06-26 19:09 - 000411216 _____ C:\Users\*\Desktop\cc_20210626_190917.reg 2021-06-26 18:11 - 2021-06-26 18:11 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-06-26 18:11 - 2021-06-26 18:11 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-06-26 18:11 - 2021-06-26 18:11 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-06-26 18:11 - 2021-06-26 18:11 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-06-26 18:11 - 2021-06-26 18:11 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-06-26 18:10 - 2021-06-26 18:10 - 000000000 ____D C:\Program Files\Malwarebytes 2021-06-26 16:41 - 2021-06-26 16:41 - 000000000 ____D C:\Users\*\AppData\Local\Kaspersky Lab 2021-06-26 16:20 - 2021-06-26 16:20 - 000309104 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys 2021-06-26 16:19 - 2021-06-26 16:19 - 000003192 _____ C:\WINDOWS\system32\Tasks\kpm_tray.exe 2021-06-26 16:19 - 2021-06-26 16:19 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab 2021-06-26 16:19 - 2021-06-26 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager 2021-06-26 16:18 - 2021-06-26 16:18 - 000263888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys 2021-06-26 16:18 - 2021-06-26 16:18 - 000224880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys 2021-06-26 16:18 - 2021-06-26 16:18 - 000115744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys 2021-06-26 16:18 - 2021-06-26 16:18 - 000003392 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2021-06-26 16:18 - 2021-06-26 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud 2021-06-26 16:18 - 2021-06-26 16:18 - 000000000 ____D C:\Program Files\Common Files\AV 2021-06-26 16:18 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll 2021-06-26 16:18 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-06-26 16:18 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys 2021-06-24 19:24 - 2021-06-26 16:19 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2021-06-24 19:24 - 2021-06-26 16:19 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2021-06-24 19:24 - 2021-06-24 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Safe Kids 2021-06-24 19:24 - 2021-05-14 16:32 - 000985352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klifks.sys 2021-06-24 19:24 - 2021-05-14 16:32 - 000527112 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klfltks.sys 2021-06-23 23:09 - 2021-06-23 23:09 - 000000064 _____ C:\Users\*\Desktop\Do All Religions Share Faith in One God- - OrthoChristian.Com.url 2021-06-14 23:16 - 2021-06-14 23:16 - 000021992 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_42301891746903.dll 2021-06-10 23:03 - 2021-06-09 05:58 - 000037664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll 2021-06-10 22:51 - 2021-06-09 16:18 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2021-06-10 22:51 - 2021-06-09 16:18 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo.exe 2021-06-10 22:51 - 2021-06-09 16:18 - 001453328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2021-06-10 22:51 - 2021-06-09 16:18 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2021-06-10 22:51 - 2021-06-09 16:18 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2021-06-10 22:51 - 2021-06-09 16:18 - 001192720 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2021-06-10 22:51 - 2021-06-09 16:18 - 001094864 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2021-06-10 22:51 - 2021-06-09 16:18 - 001094864 _____ C:\WINDOWS\system32\vulkan-1.dll 2021-06-10 22:51 - 2021-06-09 16:18 - 000948936 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2021-06-10 22:51 - 2021-06-09 16:18 - 000948936 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2021-06-10 22:51 - 2021-06-09 16:14 - 000715552 _____ C:\WINDOWS\system32\nvofapi64.dll 2021-06-10 22:51 - 2021-06-09 16:14 - 000626976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll 2021-06-10 22:51 - 2021-06-09 16:14 - 000575776 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2021-06-10 22:51 - 2021-06-09 16:13 - 002106128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2021-06-10 22:51 - 2021-06-09 16:13 - 001590544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2021-06-10 22:51 - 2021-06-09 16:13 - 001514768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2021-06-10 22:51 - 2021-06-09 16:13 - 001166096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2021-06-10 22:51 - 2021-06-09 16:13 - 000811792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2021-06-10 22:51 - 2021-06-09 16:13 - 000689936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe 2021-06-10 22:51 - 2021-06-09 16:13 - 000675088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2021-06-10 22:51 - 2021-06-09 16:13 - 000656160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2021-06-10 22:51 - 2021-06-09 16:13 - 000563984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2021-06-10 22:51 - 2021-06-09 16:12 - 008317232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2021-06-10 22:51 - 2021-06-09 16:12 - 007434016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2021-06-10 22:51 - 2021-06-09 16:12 - 004795184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2021-06-10 22:51 - 2021-06-09 16:12 - 002823472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2021-06-10 22:51 - 2021-06-09 16:12 - 000445744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe 2021-06-10 22:51 - 2021-06-09 16:11 - 000848672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe 2021-06-10 22:51 - 2021-06-09 16:10 - 006159144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2021-06-10 22:51 - 2021-06-09 05:58 - 000087164 _____ C:\WINDOWS\system32\nvinfo.pb
2021-06-09 21:06 - 2021-06-09 21:06 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-06-09 21:06 - 2021-06-09 21:06 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-06-09 21:06 - 2021-06-09 21:06 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-06-09 21:06 - 2021-06-09 21:06 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-06-09 21:05 - 2021-06-09 21:05 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-06-09 21:05 - 2021-06-09 21:05 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-06-09 21:05 - 2021-06-09 21:05 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-06-09 21:05 - 2021-06-09 21:05 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-06-09 21:05 - 2021-06-09 21:05 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-06-09 21:05 - 2021-06-09 21:05 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-06-09 21:05 - 2021-06-09 21:05 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-06-09 21:05 - 2021-06-09 21:05 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-06-09 21:05 - 2021-06-09 21:05 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-06-09 21:05 - 2021-06-09 21:05 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-06-09 21:05 - 2021-06-09 21:05 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-06-09 21:05 - 2021-06-09 21:05 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-06-09 21:05 - 2021-06-09 21:05 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-06-09 21:05 - 2021-06-09 21:05 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-06-06 00:01 - 2021-06-06 01:42 - 000000000 ____D C:\Users\*\AppData\Roaming\EasyAntiCheat 2021-06-03 20:52 - 2021-05-31 18:09 - 005678880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-06-10 03:04 - 2020-05-09 19:50 - 000000000 ____D C:\Users\*I\Desktop\sticker freki 2021-06-09 20:55 - 2017-12-29 19:13 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-06-09 20:54 - 2018-01-02 21:00 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-06-09 20:52 - 2018-01-02 21:00 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-06-09 16:10 - 2020-08-30 00:23 - 007212216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2021-06-09 05:58 - 2020-08-30 00:23 - 000136472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2021-06-06 02:02 - 2019-12-04 23:50 - 000000000 ____D C:\Users\*\AppData\LocalLow\MCC 2021-06-05 20:48 - 2017-12-29 19:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2021-06-04 17:46 - 2020-10-02 00:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-06-03 21:04 - 2018-12-23 15:06 - 000000000 ____D C:\ProgramData\Packages 2021-06-03 21:04 - 2018-01-08 19:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2021-06-03 21:04 - 2017-12-29 17:59 - 000000000 ____D C:\Users\*\AppData\Local\Packages 2021-06-03 21:02 - 2017-12-29 19:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2021-05-30 13:46 - 2020-03-14 08:11 - 000000000 ____D C:\Users\*I\Desktop\L'Offerta del Mattino ==================== Files in the root of some directories ========
2020-01-20 23:50 - 2020-01-20 23:50 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_1 2020-02-01 12:34 - 2020-02-01 12:34 - 000000000 _____ () C:\Users\Milo *I\AppData\Roaming\scthost_10 2020-02-02 13:08 - 2020-02-02 13:08 - 000000000 _____ () C:\Users\*tti\AppData\Roaming\scthost_11 2020-02-02 23:28 - 2020-02-02 23:28 - 000000000 _____ () C:\Users\*ti\AppData\Roaming\scthost_12 2020-02-04 23:08 - 2020-02-04 23:08 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_13 2020-02-05 23:05 - 2020-02-05 23:05 - 000000000 _____ () C:\Users\M*ti\AppData\Roaming\scthost_14 2020-02-07 14:01 - 2020-02-07 14:01 - 000000000 _____ () C:\Users\M*ti\AppData\Roaming\scthost_15 2020-02-29 13:51 - 2020-02-29 13:51 - 000000000 _____ () C:\Users\M*I\AppData\Roaming\scthost_16 2020-03-01 10:54 - 2020-03-01 10:54 - 000000000 _____ () C:\Users\*ti\AppData\Roaming\scthost_17 2020-02-13 13:01 - 2020-02-13 13:01 - 000000000 _____ () C:\Users\*tti\AppData\Roaming\scthost_18 2020-03-03 22:59 - 2020-03-03 22:59 - 000000000 _____ () C:\Users\M*ti\AppData\Roaming\scthost_19 2020-01-22 00:51 - 2020-01-22 00:51 - 000000000 _____ () C:\Users\*tti\AppData\Roaming\scthost_2 2020-03-04 23:56 - 2020-03-04 23:56 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_20 2020-03-05 21:35 - 2020-03-05 21:35 - 000000000 _____ () C:\Users\Milo *I\AppData\Roaming\scthost_21 2020-03-06 19:38 - 2020-03-06 19:38 - 000000000 _____ () C:\Users\*ti\AppData\Roaming\scthost_22 2020-03-07 11:26 - 2020-03-07 11:26 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_23 2020-03-08 19:52 - 2020-03-08 19:52 - 000000000 _____ () C:\Users\M*ti\AppData\Roaming\scthost_24 2020-03-09 19:48 - 2020-03-09 19:48 - 000000000 _____ () C:\Users\M*I\AppData\Roaming\scthost_25 2020-03-09 21:30 - 2020-03-09 21:30 - 000000000 _____ () C:\Users\*tti\AppData\Roaming\scthost_26 2020-03-10 23:02 - 2020-03-10 23:02 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_27 2020-03-31 02:43 - 2020-03-31 02:43 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_28 2020-03-31 14:25 - 2020-03-31 14:25 - 000000000 _____ () C:\Users\M*ti\AppData\Roaming\scthost_29 2020-01-23 16:47 - 2020-01-23 16:47 - 000000000 _____ () C:\Users\*ti\AppData\Roaming\scthost_3 2020-04-01 15:33 - 2020-04-01 15:33 - 000000000 _____ () C:\Users\Mi*tti\AppData\Roaming\scthost_30 2020-04-02 14:14 - 2020-04-02 14:14 - 000000000 _____ () C:\Users\*tti\AppData\Roaming\scthost_31 2020-04-03 17:46 - 2020-04-03 17:46 - 000000000 _____ () C:\Users\Milo *ti\AppData\Roaming\scthost_32 2020-04-04 13:12 - 2020-04-04 13:12 - 000000000 _____ () C:\Users\*\AppData\Roaming\scthost_33 2020-04-05 09:51 - 2020-04-05 09:51 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_34 2020-04-07 23:01 - 2020-04-07 23:01 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_35 2020-04-09 22:49 - 2020-04-09 22:49 - 000000000 _____ () C:\Users\M*ti\AppData\Roaming\scthost_36 2020-04-10 00:33 - 2020-04-10 00:33 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_37 2020-04-10 00:37 - 2020-04-10 00:37 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_38 2020-01-27 20:06 - 2020-01-27 20:06 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_4 2020-01-28 22:23 - 2020-01-28 22:23 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_5 2020-01-29 22:40 - 2020-01-29 22:40 - 000000000 _____ () C:\Users\M*ti\AppData\Roaming\scthost_6 2020-01-30 20:31 - 2020-01-30 20:31 - 000000000 _____ () C:\Users\M*ti\AppData\Roaming\scthost_7 2020-01-31 15:03 - 2020-01-31 15:03 - 000000000 _____ () C:\Users\*tti\AppData\Roaming\scthost_8 2020-01-31 23:00 - 2020-01-31 23:00 - 000000000 _____ () C:\Users\M*tti\AppData\Roaming\scthost_9
2021-06-27 19:02 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-06-27 18:59 - 2019-12-23 19:11 - 000000000 ____D C:\WINDOWS\SysWOW64\aamdata 2021-06-27 18:59 - 2018-01-02 19:43 - 000000000 ____D C:\Program Files (x86)\Steam 2021-06-27 18:58 - 2018-01-16 01:09 - 000000000 ____D C:\Users\Milo *\Downloads\Telegram Desktop 2021-06-27 18:58 - 2018-01-05 20:39 - 000000000 ____D C:\Users\*ti\AppData\Roaming\Telegram Desktop 2021-06-27 18:55 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-06-27 18:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-06-27 18:53 - 2018-01-03 20:01 - 000000000 ____D C:\Program Files\CCleaner 2021-06-27 18:53 - 2017-12-29 19:02 - 000000000 ____D C:\ProgramData\NVIDIA 2021-06-27 18:51 - 2020-07-03 20:48 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-06-26 20:18 - 2020-10-06 05:32 - 001785598 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-06-26 20:18 - 2019-12-07 17:09 - 000789842 _____ C:\WINDOWS\system32\perfh010.dat 2021-06-26 20:18 - 2019-12-07 17:09 - 000151104 _____ C:\WINDOWS\system32\perfc010.dat 2021-06-26 20:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-06-26 20:11 - 2020-10-05 03:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-06-26 20:11 - 2020-10-05 03:30 - 000008192 ___SH C:\DumpStack.log.tmp 2021-06-26 20:11 - 2020-01-20 23:50 - 000009589 _____ C:\WINDOWS\SysWOW64\hosttmp1 2021-06-26 20:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-06-26 20:10 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-06-26 20:06 - 2020-10-05 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-06-26 19:13 - 2018-01-03 19:57 - 000000000 ____D C:\Users\*tti\AppData\Local\NVIDIA 2021-06-26 19:12 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-06-26 19:10 - 2019-01-01 16:50 - 000191776 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2021-06-26 19:10 - 2019-01-01 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2021-06-26 19:10 - 2019-01-01 16:49 - 000000000 ____D C:\Program Files\Java 2021-06-26 19:07 - 2020-10-05 03:35 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-06-26 18:11 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-06-26 17:57 - 2021-02-19 21:09 - 000096008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpnpflt.sys 2021-06-26 17:30 - 2018-01-03 16:00 - 000000000 ____D C:\WINDOWS\AutoKMS 2021-06-26 16:25 - 2021-02-17 00:07 - 000000000 ____D C:\Users\M*ti\Desktop\importazione 2021-06-26 16:18 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-06-26 16:14 - 2017-12-29 19:01 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-06-26 15:30 - 2018-01-03 01:20 - 000000000 ____D C:\Program Files\Opera 2021-06-26 05:51 - 2020-10-04 20:19 - 000000000 ___DC C:\WINDOWS\Panther 2021-06-26 05:51 - 2018-01-08 22:47 - 000000000 ____D C:\Users\M*ti\AppData\Local\CrashDumps 2021-06-24 19:27 - 2020-10-05 03:35 - 000004160 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1582753193 2021-06-21 20:11 - 2020-10-05 03:35 - 000003954 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1514935286 2021-06-21 20:11 - 2018-01-03 01:21 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Opera.lnk 2021-06-20 13:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-06-15 02:08 - 2020-10-04 23:00 - 000000000 ____D C:\Users\*ti 2021-06-14 23:50 - 2018-03-01 19:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-06-10 22:48 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-06-10 22:45 - 2020-10-05 03:30 - 000438648 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-06-10 03:08 - 2019-12-07 17:12 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-11-14 21:39 - 2019-11-14 21:39 - 000000000 _____ () C:\Users\*tti\AppData\Local\D2154C.tmp 2019-11-14 21:36 - 2019-11-14 21:36 - 000000000 _____ () C:\Users\Milo *I\AppData\Local\D246E9.tmp 2019-11-14 21:33 - 2019-11-14 21:33 - 000000000 _____ () C:\Users\*tti\AppData\Local\D25B3B.tmp 2019-11-14 21:35 - 2019-11-14 21:35 - 000000000 _____ () C:\Users\M*\AppData\Local\D26285.tmp 2019-11-23 23:51 - 2019-11-23 23:51 - 000000000 _____ () C:\Users\*tti\AppData\Local\D269C8.tmp 2019-11-16 17:45 - 2019-11-16 17:45 - 000000000 _____ () C:\Users\M*tti\AppData\Local\D28508.tmp 2019-11-18 21:37 - 2019-11-18 21:37 - 000000000 _____ () C:\Users\*ti\AppData\Local\D286EB.tmp 2019-11-12 21:50 - 2019-11-12 21:50 - 000000000 _____ () C:\Users\*tti\AppData\Local\D2A7B6.tmp 2019-11-11 22:46 - 2019-11-11 22:46 - 000000000 _____ () C:\Users\M*tti\AppData\Local\D2AF99.tmp 2020-03-25 02:00 - 2017-03-07 15:33 - 000000036 _____ () C:\Users\M*I\AppData\Local\installLang.ini ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================
 
Last edited by a moderator:

Iohannes

Posts: 28   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2021
Ran by *ti (27-06-2021 19:03:57)
Running from C:\Users\*ti\Desktop
Windows 10 Pro Version 21H1 19043.1052 (X64) (2020-10-05 01:35:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1774472352-47920936-928243050-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1774472352-47920936-928243050-1005 - Limited - Enabled)
crist (S-1-5-21-1774472352-47920936-928243050-1002 - Limited - Enabled) => C:\Users\crist
DefaultAccount (S-1-5-21-1774472352-47920936-928243050-503 - Limited - Disabled)
Guest (S-1-5-21-1774472352-47920936-928243050-501 - Limited - Disabled)
*ti (S-1-5-21-1774472352-47920936-928243050-1001 - Administrator - Enabled) => C:\Users\*I
WDAGUtilityAccount (S-1-5-21-1774472352-47920936-928243050-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Security Cloud (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: - )
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus Sonic Radar 3 (HKLM-x32\...\{379946d7-d0d7-4395-87e8-8097ca734c8a}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC)
Asus Sonic Studio 3 (HKLM-x32\...\{13df6180-9a6f-4b9b-bfb8-3741c3af4e01}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC)
Asus SonicRadar3Setup (HKLM\...\{B938DE12-4F3D-4068-9649-E5A9E3CB464C}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
Asus SonicStudio3Setup (HKLM\...\{4F5EDE91-E41F-428B-BE5D-EB185BE9007A}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
CPUID CPU-Z 1.81 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.81 - ) <==== ATTENTION
CPUID HWMonitor 1.34 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.34 - )
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.10.0.0756 - Disc Soft Ltd)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
f.lux (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Flux) (Version: - f.lux Software LLC)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Floris Evolved (HKLM-x32\...\Floris Evolved) (Version: - )
Floris Mod Pack 2.54 (HKLM-x32\...\Floris Mod Pack_is1) (Version: - )
GameInput Redistributable (HKLM-x32\...\{5FAD63E8-8F1C-6687-0325-3BBF64B4FD89}) (Version: 10.1.19041.3918 - Microsoft Corporation)

MGF, [27/06/2021, 19:09]
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hamster ZIP Archiver 4.0.0.59 (HKLM-x32\...\Hamster ZIP Archiver_is1) (Version: 4.0.0.59 - HamsterSoft)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel(R) Network Connections 22.9.16.0 (HKLM\...\PROSetDX) (Version: 22.9.16.0 - Intel)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Safe Kids (HKLM-x32\...\{2B7C9313-351F-4372-B4C6-921AED218652}) (Version: 1.0.5.1360 - Kaspersky) Hidden
Kaspersky Safe Kids (HKLM-x32\...\InstallWIX_{2B7C9313-351F-4372-B4C6-921AED218652}) (Version: 1.0.5.1360 - Kaspersky)
Kaspersky Security Cloud (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
LibreOffice 6.0.2.1 (HKLM\...\{673086D4-1E80-4ED2-A68E-2F6AF26F9760}) (Version: 6.0.2.1 - The Document Foundation)
LOTRO Plugin Compendium (HKLM-x32\...\{3BF7818D-2482-4676-A237-915A11A97847}) (Version: 1.0.3 - Lunarwater)
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Medal (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Medal) (Version: 4.625.0 - Medal B.V.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.59 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.59 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1774472352-47920936-928243050-1002\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

MGF, [27/06/2021, 19:09]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minion (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\{Minion}}_is1) (Version: 3.0 - Good Game Mods LLC)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.2.1 - Mozilla)
NVIDIA Driver audio HD 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Driver grafico 466.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.77 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.22.0.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 24.0.3 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.6 (HKLM-x32\...\{18083369-1FFE-462B-8181-122298F6B96F}) (Version: 4.16.9790 - Apache Software Foundation)
Opera GX Stable 66.0.3515.111 (HKU\S-1-5-21-1774472352-47920936-928243050-1002\...\Opera GX 66.0.3515.111) (Version: 66.0.3515.111 - Opera Software)
Opera Stable 77.0.4054.90 (HKLM-x32\...\Opera 77.0.4054.90) (Version: 77.0.4054.90 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
PhotoSync (HKLM\...\{023A64D9-661F-47B9-AF60-E90F2CDF20C6}) (Version: 3.2.1 - touchbyte GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8382 - Realtek Semiconductor Corp.)

MGF, [27/06/2021, 19:09]
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Smart Photo Import 1.9.8.3 (HKLM-x32\...\{B346FFF5-59C7-4EF9-B9HG-7GD061Y89RTF}_is1) (Version: - NWS Centurybyte)
Software per periferiche con chipset Intel® (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spotify (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB)
STAR WARS - Galactic Battlegrounds Saga (HKLM\...\{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb) (Version: - )
Star Wars Galactic Battlegrounds All-In-One Patch (HKLM-x32\...\{9A2E0F8A-8388-419F-880E-AB300284BF2E}_is1) (Version: 2.4 - Carborunda)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteaScree (HKLM-x32\...\SteaScree 1.5.4) (Version: 1.5.4 - Foyl)
Strix Software (HKLM-x32\...\{7F7C61C6-8C21-4DF5-8D6C-B49CA3C8BBAB}}_is1) (Version: 1.09.08 - )
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Telegram Desktop version 2.8.1 (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.8.1 - Telegram FZ-LLC)
Third Age - Total War 3.0 (Part 1of2) (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Third Age - Total War 3.0 (Part 1of2)) (Version: - )
Third Age - Total War 3.0 (Part 2of2) (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Third Age - Total War 3.0 (Part 2of2)) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warcraft III Beta (HKLM-x32\...\Warcraft III Beta) (Version: - Blizzard Entertainment)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Componente aggiuntivo Foto -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Componente aggiuntivo motore dei supporti Foto -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-18] (Microsoft Corporation)
DVD Player - FREE -> C:\Program Files\WindowsApps\21336V3TApps.DVDPlayer-FREE_1.1.0.0_x86__bzg06mxvgh4fa [2021-06-19] (V3TApps)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-03] (NVIDIA Corp.)
Xbox Insider Hub -> C:\Program Files\WindowsApps\Microsoft.FlightDashboard_477.2102.26001.0_x64__8wekyb3d8bbwe [2021-03-05] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

MGF, [27/06/2021, 19:09]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [HamsterFreeMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\HamsterContextMenu64.dll [2017-03-07] (HamsterSoft) [File not signed]
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [HamsterFreeMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\HamsterContextMenu64.dll [2017-03-07] (HamsterSoft) [File not signed]
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [HamsterFreeMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\HamsterContextMenu64.dll [2017-03-07] (HamsterSoft) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b2801df14ec7de03\nvshext.dll [2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [HamsterFreeMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\HamsterContextMenu64.dll [2017-03-07] (HamsterSoft) [File not signed]

MGF, [27/06/2021, 19:11]
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-02-18 20:24 - 2021-06-26 20:11 - 000035624 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll
2020-03-25 02:00 - 2017-03-07 15:33 - 000243712 _____ (HamsterSoft) [File not signed] C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\HamsterContextMenu64.dll
2017-10-18 15:23 - 2017-10-18 15:23 - 000349696 _____ (Intel(R) Corporation) [File not signed] C:\WINDOWS\system32\NCS2Setp.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-06-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-26] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2021-06-26 20:12 - 000000147 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

MGF, [27/06/2021, 19:11]
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1774472352-47920936-928243050-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\M*tti\Desktop\Varie\94149084_10214196978993391_3133111151315910656_n.jpg
HKU\S-1-5-21-1774472352-47920936-928243050-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\crist\Downloads\jakub-rozalski-saxony-ih-16012016b.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)
Wi-Fi: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Sonic Studio 3"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Smart Photo Import"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\StartupApproved\Run: => "Medal"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

MGF, [27/06/2021, 19:11]
FirewallRules: [{4BF2C29E-A66A-4273-B7BC-4E7A6332A58B}] => (Allow) F:\SteamLibrary\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{DB1EDE62-A9C4-4F1E-966C-94DCD3BAC927}] => (Allow) F:\SteamLibrary\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{91B85BED-C0DC-4CC8-B455-C4C6FA9CFA00}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3y.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9CCBAFA-76A8-49B9-B2A0-D1BFBF713128}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3y.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4E63002-BDAB-452B-B653-FEA0A6C9DFD1}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3x.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{F129CCFE-4ADB-4799-9645-A90B981FD728}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3x.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{6B201997-644E-4C83-A623-AD800D9B0D79}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{DC5A3F4F-69D5-4867-A431-961C422ED3C4}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [UDP Query User{A9B931EA-9472-4AD4-9C87-79DB5E7EEFB3}F:\program files\overwatch\_retail_\overwatch.exe] => (Allow) F:\program files\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{EF860267-E677-48C1-8943-9268817B0447}F:\program files\overwatch\_retail_\overwatch.exe] => (Allow) F:\program files\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{6FCA43D5-1825-499E-A982-429B9D837ABB}] => (Allow) F:\SteamLibrary\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{8D4C4DA6-2FF3-42FD-AB3D-39114857810B}] => (Allow) F:\SteamLibrary\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [UDP Query User{C248F489-2255-40B4-8293-8C88117AF4B7}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_cc.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_cc.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [TCP Query User{210E4C50-9145-45AC-B5F4-6441B3A0352D}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_cc.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_cc.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [{DE1B8BD9-733B-4CC9-9685-77A0767F3AD7}] => (Allow) F:\SteamLibrary\steamapps\common\Aseprite\Aseprite.exe (David Capello -> )
FirewallRules: [{A93687A5-EF29-42A7-8467-56FE378A2490}] => (Allow) F:\SteamLibrary\steamapps\common\Aseprite\Aseprite.exe (David Capello -> )
FirewallRules: [{BD809A42-ED82-4092-BFC5-F3BDB26F50C2}] => (Allow) F:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{14D36253-EBAD-43CA-8B82-805702ECBA4B}] => (Allow) F:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{86EAC293-3076-4279-B90B-F62AB30E40FE}] => (Allow) F:\SteamLibrary\steamapps\common\AoE2DE\BattleServer\BattleServer.exe (Microsoft Corporation -> )
FirewallRules: [{3494AF2A-389B-4293-B83A-22952FC7CBFF}] => (Allow) F:\SteamLibrary\steamapps\common\AoE2DE\BattleServer\BattleServer.exe (Microsoft Corporation -> )
FirewallRules: [{DC98C02E-8078-4190-8BBB-77E403AD4C54}] => (Allow) F:\SteamLibrary\steamapps\common\AoE2DE\AoE2DE_s.exe (Microsoft Corporation -> Microsoft Corporation)

MGF, [27/06/2021, 19:11]
FirewallRules: [{3F7CE6A3-B767-483B-9D4A-54519BE65F01}] => (Allow) F:\SteamLibrary\steamapps\common\AoE2DE\AoE2DE_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7D872FB3-C0F6-425F-924A-082361ABB59B}] => (Allow) F:\SteamLibrary\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe (The build server will stamp this field) [File not signed]
FirewallRules: [{25E782B0-C0E7-44CF-80D3-793D72A371DA}] => (Allow) F:\SteamLibrary\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe (The build server will stamp this field) [File not signed]
FirewallRules: [{D60028E4-061F-4D9D-8F79-470095D7BBC8}] => (Allow) F:\SteamLibrary\steamapps\common\Halo The Master Chief Collection\MCC\Binaries\Win64\MCC-Win64-Shipping.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)
FirewallRules: [{31223CEA-348C-45BC-824F-6E8F7591561C}] => (Allow) F:\SteamLibrary\steamapps\common\Halo The Master Chief Collection\MCC\Binaries\Win64\MCC-Win64-Shipping.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)
FirewallRules: [{41894C96-F8C6-4BBF-A485-ABC82B2CF216}] => (Allow) F:\SteamLibrary\steamapps\common\Halo The Master Chief Collection\mcclauncher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{EA19FE27-8566-4B95-BF5A-696279C6D166}] => (Allow) F:\SteamLibrary\steamapps\common\Halo The Master Chief Collection\mcclauncher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [UDP Query User{40A53716-CBA2-4E5F-8561-20A539630413}F:\program files\diablo ii\game.exe] => (Allow) F:\program files\diablo ii\game.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8BF94E4A-7F6E-4A46-BAED-F132473AE721}F:\program files\diablo ii\game.exe] => (Allow) F:\program files\diablo ii\game.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{06515500-B798-4280-9489-D64BC955A65E}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3_Debug.exe () [File not signed]
FirewallRules: [{72CE3DC8-47EE-45F1-9B0D-1FEA2CA29D30}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3_Debug.exe () [File not signed]
FirewallRules: [{0A67F131-6801-4A87-877B-06C06FE5BF01}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3.exe () [File not signed]
FirewallRules: [{FBF26068-4ACD-42D5-B231-5B4636657578}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3.exe () [File not signed]
FirewallRules: [{A1DE4185-CBF9-4265-A920-402A7D3BFBEB}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3Launcher.exe () [File not signed]
FirewallRules: [{FE1054A9-2262-43AE-AC0F-FCF10C980778}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3Launcher.exe () [File not signed]
FirewallRules: [UDP Query User{EF353460-DE2E-48E2-96AB-F51F3D74A2B0}C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe () [File not signed]
FirewallRules: [TCP Query User{3B288AFF-4BF9-4D67-9B86-5F566CCC9558}C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe () [File not signed]
FirewallRules: [{84B55B86-DE22-4F4E-BFAA-C3270536DE4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F90FDB8-D43B-414C-B7D3-CA7C4B83A8CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5E6910D3-793E-4E82-A0CF-3DB32145CB9E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9E28504E-0073-4EA5-952A-3435029B5ED1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D4F67EC-DDC0-4A0B-A912-164944685928}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
 
Last edited by a moderator:

Iohannes

Posts: 28   +0
FirewallRules: [{4546CFAC-8E8F-4FD4-9780-050A8825F44B}] => (Allow) F:\SteamLibrary\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{B3BC87C4-6CB7-49C4-8E51-033128CB9F86}] => (Allow) F:\SteamLibrary\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{89A44182-4C0F-4318-9AA1-0787FDEC4C08}] => (Allow) F:\SteamLibrary\steamapps\common\MountBlade Warband\mb_warband.exe ( Taleworlds Entertainment) [File not signed]
FirewallRules: [{6BAF5E9D-3002-4A63-A8C0-69E953591F21}] => (Allow) F:\SteamLibrary\steamapps\common\MountBlade Warband\mb_warband.exe ( Taleworlds Entertainment) [File not signed]
FirewallRules: [{A01EA512-79B0-4BCC-A39C-15C587005150}] => (Allow) LPort=35722
FirewallRules: [{D3B620BC-1349-45B4-9233-8FC8ABF29BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe () [File not signed]
FirewallRules: [{C999A584-8828-48C0-9F4D-C8243E3987A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe () [File not signed]
FirewallRules: [{EEE0E4AD-8FCA-4949-88A1-797A7D042EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{7D17FC2E-AC9C-4143-BCB7-6CFEB7ADD948}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{5F531101-229D-402E-8760-235E7712BCE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E461402D-C4F6-4D23-8E8B-74E08AC85029}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E4F3640A-A70F-4C7E-A772-45BC6B4B9A5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D0A8C507-558B-4D88-A872-016D0F0C73B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C71240A1-D237-4D20-B732-635837D7EED0}] => (Allow) D:\Games\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{6CE93BE9-1099-4DF5-867A-AB9F2542FF1D}] => (Allow) D:\Games\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{332FA1CA-6C8F-4CE3-A651-53AAB2EA8684}] => (Allow) D:\Games\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{480AD70A-8253-46E9-B4FF-0B3FF735E097}] => (Allow) D:\Games\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{EB732AB6-6A6C-4494-AD6A-D2EFFDD0675B}] => (Allow) D:\Games\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{738FF297-CB54-4DD0-A763-B1A298E594CE}] => (Allow) D:\Games\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{9EE76169-A041-4DCA-B093-30CD45FB47C8}] => (Allow) D:\Games\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{E0BA6642-AA79-4527-B766-E98AEB978056}] => (Allow) D:\Games\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{C36FD347-8D80-47A3-A62D-2A9D80B35568}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{9AB0B396-AED2-4565-8C7E-47822D400693}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{B7C90865-C4CB-4987-A7EF-40838BC9FDBE}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{8B463FA0-1599-4CA5-92A1-5E9C00105E65}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{12D8C88C-CFC3-4915-91A7-DCFD4F6C8FC1}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe => No File

MGF, [27/06/2021, 19:11]
FirewallRules: [{30EA94B2-A94B-49E2-8377-C3E3FD77D0F2}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{AEBCE3AB-ECEC-4523-8B85-9CDD9F71B895}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{2A584B31-80A5-41A0-B6A8-314D5E741F38}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{8C36C2E0-A64F-4974-B30A-09D4C1CB7969}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{CBB871DE-38F1-497C-9EC0-AD2ECC7A7DA4}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{670CF1CF-2320-402B-8B9E-9A987F6C490E}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{6B323D56-6B86-4A5F-8F8D-7A2F4EC4B058}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{AB146833-4A6A-47B7-A9F4-4CA50EE11E98}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{AD264557-BD61-41C6-8101-F827ACEF2D64}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{E5635A44-F2D3-4B2F-AB3D-8317D4DC1ECE}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{32F97002-538F-409E-BEA4-0E3428C74601}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{767428BD-D380-4F28-A160-0257BBE4A139}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{B56A8C95-5F72-4E43-9093-229B6CDD949A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [TCP Query User{A2CB1830-3B84-42CE-AD88-010490B27BD5}C:\users\m*ti\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\m*ti\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9887BC2E-2D95-45DE-8E7F-0706FCCDD5B3}C:\users\*tti\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*tti\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1430FA83-153A-485C-823C-4FE83CA8973E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{232A13FA-4B9D-49D4-98D3-474FECF7FFB0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{42A5FD78-DA8C-4848-9F59-DD0A5CDAFA69}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{0C51142F-EF53-4AC3-BCF6-0647CCED2224}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{5C09B79E-790E-4304-8AF9-C38FD2758F44}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{BB988F3E-23A5-4F03-9B76-25EC61FF00F6}] => (Allow) F:\SteamLibrary\steamapps\common\Wyrmsun\launcher.exe (Wyrmsun) [File not signed]
FirewallRules: [{28F1F9C2-9ECF-4EEC-95E3-130EA755CDF8}] => (Allow) F:\SteamLibrary\steamapps\common\Wyrmsun\launcher.exe (Wyrmsun) [File not signed]
FirewallRules: [TCP Query User{F07ADF1D-72B2-448D-8965-E526DF947357}F:\steamlibrary\steamapps\common\wyrmsun\wyrmsun.exe] => (Allow) F:\steamlibrary\steamapps\common\wyrmsun\wyrmsun.exe () [File not signed]
FirewallRules: [UDP Query User{C32AC7BD-8634-4751-8FEE-304F846A0D68}F:\steamlibrary\steamapps\common\wyrmsun\wyrmsun.exe] => (Allow) F:\steamlibrary\steamapps\common\wyrmsun\wyrmsun.exe () [File not signed]

MGF, [27/06/2021, 19:11]
FirewallRules: [{878410D6-BA41-4412-AE19-B177F2B3FD1B}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Take-Two Interactive Software, Inc. -> Gearbox Software) [File not signed]
FirewallRules: [{6756A090-E8E5-440B-9D5B-28D41527837F}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Take-Two Interactive Software, Inc. -> Gearbox Software) [File not signed]
FirewallRules: [{6849F6DA-6ECD-45FB-B160-EE9A9C0D777F}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{930D8880-739D-47E2-957E-B9128AEC739D}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{D095F67D-1799-4EF1-9DF3-CD742E0E3B33}] => (Allow) F:\SteamLibrary\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [{6F8F7534-72AE-481F-99D5-6C414DBB70D1}] => (Allow) F:\SteamLibrary\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [TCP Query User{2A8192C5-21EB-433A-8125-349CFDE26953}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [UDP Query User{1B7143A7-6073-418E-9626-EC3F6E884B59}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [TCP Query User{A494C5CF-1BA0-4A0D-A678-08499D33B73E}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{2601DB8B-9330-4F5D-8FC2-9848664D00B2}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{71F9E85F-8F62-4F7F-9C65-F57A6C5F7B1E}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [UDP Query User{E993C946-C97C-4298-AC21-46E3879B91D8}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [{B9C99E6E-BCA8-455D-AEF6-6DC09EC07A07}] => (Allow) F:\SteamLibrary\steamapps\common\AoE3DE\AoE3DE_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{79B18BC5-85BB-42BA-8BCE-5CF715DFE474}] => (Allow) F:\SteamLibrary\steamapps\common\AoE3DE\AoE3DE_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{22007AEC-860F-4ABA-B932-F49E033DA4EC}] => (Allow) F:\SteamLibrary\steamapps\common\AoE3DE\BattleServer.exe (Microsoft Corporation -> )
FirewallRules: [{7C51E125-EB28-4F3E-88D1-D7D42D16F428}] => (Allow) F:\SteamLibrary\steamapps\common\AoE3DE\BattleServer.exe (Microsoft Corporation -> )
FirewallRules: [{68A7B81B-4088-4BC3-A121-95B52627B5DC}] => (Allow) F:\SteamLibrary\steamapps\common\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{F5587152-87B4-49E6-B605-8D564CEE0DBA}] => (Allow) F:\SteamLibrary\steamapps\common\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)

MGF, [27/06/2021, 19:12]
FirewallRules: [{16D11C84-56E3-45D1-8185-5A6C6D3F4BD1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{5000ACC7-0253-43CB-80BE-4C77CF6D8C3C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{4994A29D-8E5D-44BE-8847-36BAA2F28232}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{71D87D70-6F80-49CA-93AA-8BA7C82D90B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{3A0DA4B0-4284-46B8-8EE4-A80E19B8401E}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\cossacks.exe (GSC Game World) [File not signed]
FirewallRules: [{01ACA632-2819-46D5-94B5-48A209DAD973}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\cossacks.exe (GSC Game World) [File not signed]
FirewallRules: [{D8BD53F0-25AA-440B-AB94-8374466EB42D}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\config.exe (GSC Game World) [File not signed]
FirewallRules: [{DA989A5E-25FC-40CD-8548-694C9C919D1F}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\config.exe (GSC Game World) [File not signed]
FirewallRules: [{D0165041-5CBD-4D8E-BDA1-DA1E7F3A4C07}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\editor.exe (GSC Game World) [File not signed]
FirewallRules: [{7C2E5DBF-67B1-4946-803B-6D021FCDD3BA}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\editor.exe (GSC Game World) [File not signed]
FirewallRules: [{F5373E1A-F63C-45FF-9540-D3B4EB86A976}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\modman.exe (GSC Game World) [File not signed]
FirewallRules: [{3C3D2FC8-DA57-4538-8C63-D4CFA5EA3096}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\modman.exe (GSC Game World) [File not signed]
FirewallRules: [{CB4FE8F7-8255-4A19-BDA5-311D5DD8F9F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{520318AF-AED2-40C7-842C-37DE2C550CA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7826D627-85AD-4324-A10D-965ED87C613B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{162B5C28-B9D3-4FC5-905D-0C77D9459D89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{74D76A3B-F93A-4180-826C-45AC4035200B}] => (Allow) F:\SteamLibrary\steamapps\common\HaloWarsDE\xgameFinal.exe (343 Industries) [File not signed]
FirewallRules: [{D083D713-406F-432B-A0A7-6DE93828F3D1}] => (Allow) F:\SteamLibrary\steamapps\common\HaloWarsDE\xgameFinal.exe (343 Industries) [File not signed]
FirewallRules: [{BD5474D1-5AFE-47EE-AF09-2303E8826E61}] => (Allow) F:\SteamLibrary\steamapps\common\Pit People\pitpeople.exe () [File not signed]
FirewallRules: [{DB88565C-F5CD-4A51-871D-8BB889BA5D77}] => (Allow) F:\SteamLibrary\steamapps\common\Pit People\pitpeople.exe () [File not signed]
FirewallRules: [{7771DC31-B917-406E-9DD3-F5727EC2F234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{8FFA07B4-6E3B-4D27-89FD-32DC8BFD0A2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{C7A25A52-3F40-42AC-B36C-6CB80D61F74F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe ( Taleworlds Entertainment) [File not signed]
FirewallRules: [{21B2DA97-4186-4111-9015-573BCFD6E22E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe ( Taleworlds Entertainment) [File not signed]
FirewallRules: [{E35FA988-AAF2-40D9-8454-5F44553804B9}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)

MGF, [27/06/2021, 19:12]
FirewallRules: [{39ADCF29-DD7E-4B0C-9117-475D2F1F5FD7}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [TCP Query User{C5A5ACC0-A512-496B-A51A-75B5E3247FAD}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{B696F207-15F0-49FE-84E1-853DAE2D237F}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{E291C484-DEAD-4600-9DA2-ED6577EAA6D1}] => (Allow) C:\WINDOWS\SysWOW64\svctcom.exe (Birch Grove Software, Inc. -> Birch Grove Software, Inc.)
FirewallRules: [{549FD8DC-2864-4FC8-A965-0931F3FE83CA}] => (Allow) C:\Program Files\Opera\76.0.4017.177\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B4D9C91D-D9AB-4D62-ABE5-E49993DB4E94}] => (Allow) C:\Program Files\Opera\77.0.4054.90\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{788A9EF1-23D6-4E0C-92A9-81DBAC1A184C}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{E1AD5405-3E87-46D1-94CC-8E4C45CDE2AB}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{F2675415-14B3-4BD4-9998-E860B397219A}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed]
FirewallRules: [{1EDC2AFF-B145-48C7-BEC8-5280DB7AAABD}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed]
FirewallRules: [{9767E695-79BA-4198-A6BF-DBFAA309C8CF}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed]
FirewallRules: [{4A42A562-7E96-4287-A837-233CFBA07787}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed]
FirewallRules: [{3059B37C-EA9E-4015-B546-9F7AB35B3667}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{30ED5EFA-34EC-4002-B8CE-47CCCA83491F}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{1A0D1146-DDDD-48FC-982B-BD604031B112}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E6F42833-64F3-4112-8C49-CFAC246D4CAC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.59\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CF4F87FA-E087-4DC3-9B08-CFDC42682865}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{5EABEDCC-4DC8-40FC-9841-415934BFD875}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{30F2A9B4-2BBC-4E15-A135-BAD6F38E5EE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{041FFA14-8B52-4655-B63D-510F60597DE2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E6609DE-8D46-42F3-96A6-8D4E6188B67D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

MGF, [27/06/2021, 19:12]
FirewallRules: [{FF21F4D8-60D5-41C6-8A43-8ACDE73B808D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

26-06-2021 16:04:04 Programma di installazione dei moduli di Windows
26-06-2021 19:12:09 Programma di installazione dei moduli di Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/26/2021 08:11:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: LogonUI.exe, versione: 10.0.19041.1, timestamp: 0xc08a5452
Nome del modulo che ha generato l'errore: NetworkIcon.dll, versione: 10.0.19041.1, timestamp: 0xfbd09f35
Codice eccezione: 0xc0000005
Offset errore 0x0000000000012e32
ID processo che ha generato l'errore: 0x5a4
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d76ab6a401fce7
Percorso dell'applicazione che ha generato l'errore: C:\WINDOWS\system32\LogonUI.exe
Percorso del modulo che ha generato l'errore: C:\Windows\System32\NetworkIcon.dll
ID segnalazione: 99bb19d8-e98b-4461-b1ad-db353b4eab06
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (06/26/2021 08:10:31 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informazioni del servizio Copia Shadow del volume: impossibile avviare il server COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} denominato CEventSystem. [0x8007045b, È in corso l'arresto del sistema.
]

Error: (06/26/2021 06:42:31 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Il motore di ottimizzazione archiviazione non ha potuto completare riottimizzazione in Dati (F:) per il motivo seguente: L'operazione richiesta non è supportata dall'hardware di supporto del volume. (0x8900002A)

Error: (06/24/2021 07:13:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 4.0.0.1006, timestamp: 0x60a67357
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.19041.1023, timestamp: 0x7977b9de
Codice eccezione: 0xc0000374
Offset errore 0x00000000000ff199
ID processo che ha generato l'errore: 0x1210
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d7691c4b60be94
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: 808a1975-b19c-4c66-9f74-0c92de58af01
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:

Error: (06/19/2021 04:00:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Il motore di ottimizzazione archiviazione non ha potuto completare riottimizzazione in Dati (F:) per il motivo seguente: L'operazione richiesta non è supportata dall'hardware di supporto del volume. (0x8900002A)

Error: (06/10/2021 11:12:16 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Il motore di ottimizzazione archiviazione non ha potuto completare riottimizzazione in Dati (F:) per il motivo seguente: L'operazione richiesta non è supportata dall'hardware di supporto del volume. (0x8900002A)

Error: (06/10/2021 03:08:19 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informazioni del servizio Copia Shadow del volume: impossibile avviare il server COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} denominato CEventSystem. [0x8007045b, È in corso l'arresto del sistema.
]

MGF, [27/06/2021, 19:12]
Error: (06/05/2021 08:57:40 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Il motore di ottimizzazione archiviazione non ha potuto completare riottimizzazione in Dati (F:) per il motivo seguente: L'operazione richiesta non è supportata dall'hardware di supporto del volume. (0x8900002A)


System errors:
=============
Error: (06/26/2021 08:11:24 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.

Error: (06/26/2021 07:09:48 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-MG)
Description: Impossibile avviare un server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. L'errore
"%%2147942767 = La creazione del processo è stata bloccata."
si è verificato durante l'avvio del comando
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/26/2021 07:06:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Sincronizza host_16603ad.

Error: (06/26/2021 05:59:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.

Error: (06/26/2021 04:38:44 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-MG)
Description: Impossibile avviare un server DCOM {45BA127D-10A8-46EA-8AB7-56EA9078943C} come Non disponibile/Non disponibile. L'errore
"%%2147942405 = Accesso negato."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\system32\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}

Error: (06/26/2021 04:38:36 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-MG)
Description: Impossibile avviare un server DCOM {45BA127D-10A8-46EA-8AB7-56EA9078943C} come Non disponibile/Non disponibile. L'errore
"%%2147942405 = Accesso negato."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\system32\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}

Error: (06/26/2021 04:38:30 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-MG)
Description: Impossibile avviare un server DCOM {45BA127D-10A8-46EA-8AB7-56EA9078943C} come Non disponibile/Non disponibile. L'errore
"%%2147942405 = Accesso negato."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\system32\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}

Error: (06/26/2021 04:18:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: La chiamata ScRegSetValueExW per Start non è riuscita con l'errore
Accesso negato.
.


Windows Defender:
================
Date: 2021-06-26 06:40:17
Description:
Microsoft Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {35756D73-CAC6-481C-BEC4-40371C097351}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2021-06-26 06:39:35
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
Nome: PUA:Win32/DisplayDriverUninstaller
Gravità: Basso
Categoria: Software potenzialmente indesiderato
Percorso: file:_F:\Old PC backup\random maymay late 17\[Guru3D.com]-DDU\DDU v17.0.8.0.exe; file:_F:\Old PC backup\random maymay late 17\[Guru3D.com]-DDU\Display Driver Uninstaller.exe
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Utente
Utente: DESKTOP-MG\*
Nome processo: Unknown
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4

MGF, [27/06/2021, 19:12]
Date: 2021-06-26 05:17:27
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
Nome: Trojan:pDF/Phish.SS!MTB
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Users\M*ti\AppData\Roaming\Opera Software\Opera Stable\Sessions\Tabs_13269148284871767
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Protezione in tempo reale
Utente: DESKTOP-MG\*
Nome processo: C:\Program Files\Opera\77.0.4054.90\opera.exe
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-26 04:39:24
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
Nome: Trojan:pDF/Phish.SS!MTB
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Windows\SysWOW64\aamdata\aamfetch-journal
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Protezione in tempo reale
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Windows\SysWOW64\svctcom.exe
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-26 04:38:58
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
Nome: Trojan:pDF/Phish.RA!MTB
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Users\*tti\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ad
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Protezione in tempo reale
Utente: DESKTOP-MG\*
Nome processo: C:\Program Files\Opera\77.0.4054.90\opera.exe
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-05 16:55:16
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 1.341.54.0
Versione intelligence sulla sicurezza precedente: 1.339.1962.0
Origine aggiornamento: Utente
Tipo intelligence sulla sicurezza: Antispyware
Tipo aggiornamento: Delta
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente: 1.1.18200.4
Versione motore precedente: 1.1.18100.6
Codice errore: 0x80070666
Descrizione errore: È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

Date: 2021-06-05 16:55:16
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 1.341.54.0
Versione intelligence sulla sicurezza precedente: 1.339.1962.0
Origine aggiornamento: Utente
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Delta
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente: 1.1.18200.4
Versione motore precedente: 1.1.18100.6
Codice errore: 0x80070666
Descrizione errore: È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

MGF, [27/06/2021, 19:12]
Date: 2021-06-05 16:55:16
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare il motore.
Nuova versione motore: 1.1.18200.4
Versione motore precedente: 1.1.18100.6
Utente: NT AUTHORITY\SYSTEM
Codice errore: 0x80070666
Descrizione errore: È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

Date: 2021-06-04 17:46:28
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 1.341.54.0
Versione intelligence sulla sicurezza precedente: 1.339.1962.0
Origine aggiornamento: Utente
Tipo intelligence sulla sicurezza: Antispyware
Tipo aggiornamento: Delta
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente: 1.1.18200.4
Versione motore precedente: 1.1.18100.6
Codice errore: 0x80070666
Descrizione errore: È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

Date: 2021-06-04 17:46:28
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 1.341.54.0
Versione intelligence sulla sicurezza precedente: 1.339.1962.0
Origine aggiornamento: Utente
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Delta
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente: 1.1.18200.4
Versione motore precedente: 1.1.18100.6
Codice errore: 0x80070666
Descrizione errore: È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.

CodeIntegrity:
===============
Date: 2021-06-27 18:51:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2021-06-26 20:13:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 0809 07/07/2017
Motherboard: ASUSTeK COMPUTER INC. STRIX B250H GAMING
Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 30%
Total physical RAM: 16318.25 MB
Available physical RAM: 11376.68 MB
Total Virtual: 18750.25 MB
Available Virtual: 12413.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.29 GB) (Free:32.71 GB) NTFS
Drive f: (Dati) (Fixed) (Total:931.39 GB) (Free:211.82 GB) NTFS

\\?\Volume{939e7d52-4ffb-4f2a-bbe7-7499d3823bc7}\ (Ripristino) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{51a51eeb-c555-41a5-8b2a-80ac63ee6ff2}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 
Last edited by a moderator:

Iohannes

Posts: 28   +0
Please, ignore also any lines with "MGF," and a timestamp. It's from a messaging program I used to move the log from my pc to my phone. If needed I can manually remove them.
 

Broni

Posts: 55,827   +503
"It's from a messaging program I used to move the log from my pc to my phone"
Because formatting of your logs is very hard to read when we run FRST one more time later, you'll have to provide FRST logs, which look better than this.

Now, uninstall following unwanted program:

CPUID CPU-Z 1.81

Then...

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Iohannes

Posts: 28   +0
Thank you and sorry about the poor format. Could not do otherwise for now and I didn't think the messages were so messed up.

I will get back to you in about 24 hours as I have to fix that annoying monitoring software first.
For now can you spare any comment perhaps? Does it look good, if you can say?
Know that I did already a MalwareBytes scan twice and found no threat. The rest I will do tomorrow and update you.
 

Iohannes

Posts: 28   +0
I took notice that my full name is seen there in the logs but I cannot edit nor delete my messages for some reason. Can you do this for me? (I assume you have moderation abilities)
I'll change my device's name before sharing any log and report tomorrow.
Thanks.
 

Iohannes

Posts: 28   +0
Hello again.

here's RogueKiller's log... seems short but I cannot find anything else?

the removal:

RogueKiller Anti-Malware V15.0.4.0 (x64) [Jun 28 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64-bit
Started in : Normal mode
User : user [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210628_083644, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/06/28 19:26:56 (Duration : 00:04:10)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] AutoKMS -- %SystemRoot%\AutoKMS -> Deleted


and the scan:

RogueKiller Anti-Malware V15.0.4.0 (x64) [Jun 28 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64-bit
Started in : Normal mode
User : user [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210628_083644, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/06/28 19:21:46 (Duration : 00:04:10)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] (folder) AutoKMS -- C:\Windows\AutoKMS -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


note: I've been trying to remove this KMS thing for a while now. I won't lie that many years ago I made use of it, until problems arose and I got my own W10 license. Sadly it seems to keep coming back.
 

Iohannes

Posts: 28   +0
MalwareBytes scan log here
No threats found. I won't touch anything in order not to mess with the formatting, if you need it translated or something let me know...

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 28/06/21
Ora scansione: 19:35
File di log: 4cd98354-d837-11eb-800f-107b44f17317.json

-Informazioni software-
Versione: 4.4.0.117
Versione componenti: 1.0.1344
Aggiorna versione pacchetto: 1.0.42381
Licenza: Free

-Informazioni sistema-
SO: Windows 10 (Build 19043.1052)
CPU: x64
File system: NTFS
Utente: DESKTOP-MG\user

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 356066
Minacce rilevate: 0
Minacce messe in quarantena: 0
Tempo impiegato: 2 min, 13 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM (modifica potenzialmente indesiderata): Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)


(end)
 

Iohannes

Posts: 28   +0
Finally, AdwCleaner's log... No threat found...

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-28-2021
# Duration: 00:00:04
# OS: Windows 10 Pro
# Scanned: 31972
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSProductRegistration Folder C:\Program Files (x86)\ASUS\APRP
Preinstalled.ASUSProductRegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}


AdwCleaner[S00].txt - [1616 octets] - [28/06/2021 19:42:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 

Iohannes

Posts: 28   +0
Finally, I'd like to mention something about a recurrent "threat" coming up since I installed Kaspersky 2 days ago. I think it is related to the Activtrak agent installed on my pc. I do not think it is a virus at all, as no threat was found so far that relates to the modified hosts file in question.

First off, the Installer fails prematurely both at repairing and uninstalling... I think Kaspersky and some other cleaners "broke" the agent and now the uninstaller fails at removing it altogether. The doubt is whether the following relates to the agent: Kaspersky keeps coming up once a day or so saying it has found the following infection: (I translated it quickly myself)

Application name: chrome.exe
Application path: C:\Program Files (x86)\Google\Chrome\Application
Type: Trojan
Name: Trojan.Win32.Hosts2.gen
Precision: High
Object Type: File
Object name: hosts
Object path: C:\Windows\System32\drivers\etc
MD5: 5BE4E4D6C11A820E03F8D7D0F3A79EF0

While 2 days ago, when I installed Kaskpersky, the first time the threat was found, it said the related application was not chrome.exe but svchost.exe, and every of the 4 times this detection came up it was always that hosts file at C:\Windows\System32\drivers\etc.

I am quite sure that Activtrak's agent is doing this, otherwise we would have found some other threat? To make it clear, I found this "trojan" before making this post, after installing Kaspersky, but there was no other threat reported by Kaspersky, except that KMS tool thing found again today by RogueKiller.

Of course, the first three threats found, before I installed Kaspersky and before I found this "hosts threat", were the ones reported in my FRST Logs posted above. I doubt they are related?
note: I am quite sure "aamfetch" folder in SysWOW64 belongs to Activtrak.

Date: 2021-06-26 05:17:27
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?li...Phish.SS!MTB&threatid=2147755031&enterprise=0
Nome: Trojan:pDF/Phish.SS!MTB
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Users\M*ti\AppData\Roaming\Opera Software\Opera Stable\Sessions\Tabs_13269148284871767
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Protezione in tempo reale
Utente: DESKTOP-MG\*
Nome processo: C:\Program Files\Opera\77.0.4054.90\opera.exe
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-26 04:39:24
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?li...Phish.SS!MTB&threatid=2147755031&enterprise=0
Nome: Trojan:pDF/Phish.SS!MTB
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Windows\SysWOW64\aamdata\aamfetch-journal
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Protezione in tempo reale
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Windows\SysWOW64\svctcom.exe
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-26 04:38:58
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
https://go.microsoft.com/fwlink/?li...Phish.RA!MTB&threatid=2147765554&enterprise=0
Nome: Trojan:pDF/Phish.RA!MTB
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Users\*tti\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ad
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Protezione in tempo reale
Utente: DESKTOP-MG\*
Nome processo: C:\Program Files\Opera\77.0.4054.90\opera.exe
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4
 

Iohannes

Posts: 28   +0
Update: sorry for spamming a bit, but I DID manage to uninstall Activtrak eventually. I could not believe it. I guess we can wait to see if the hosts problem keeps coming up, if not, it was Activtrak all the time.
 

Broni

Posts: 55,827   +503
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Iohannes

Posts: 28   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2021
Ran by user (administrator) on DESKTOP-MG (28-06-2021 20:56:10)
Running from C:\Users\user\Desktop
Loaded Profiles: user
Platform: Windows 10 Pro Version 21H1 19043.1052 (X64) Language: Italiano (Italia)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\NWSoftware\Smart Photo Import 1.0\SI_drivesense.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Intel Corporation) [File not signed] C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) Online Connect -> Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(Intel(R) Online Connect Access -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Safe Kids 1.0.5\safekids.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Safe Kids 1.0.5\safekidsui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\plugins_nms.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b2801df14ec7de03\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-09] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268680 2019-02-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3989200 2021-06-24] (Opera Software AS -> Opera Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [f.lux] => C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe [1511824 2021-02-04] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [Smart Photo Import] => C:\Program Files (x86)\NWSoftware\Smart Photo Import 1.0\SI_drivesense.exe [331776 2012-09-23] () [File not signed]
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-04] (Spotify AB -> Spotify Ltd) <==== ATTENTION
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735088 2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Run: [Medal] => C:\Users\user\AppData\Local\Medal\update.exe [1845072 2020-09-03] (Ferox Games B.V. -> )
HKLM\Software\...\AppCompatFlags\Custom\Battlegrounds.exe: [{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb] -> STAR WARS - Galactic Battlegrounds Saga
HKLM\Software\...\AppCompatFlags\Custom\battlegrounds_x1.exe: [{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb] -> STAR WARS - Galactic Battlegrounds Saga
HKLM\Software\...\AppCompatFlags\Custom\player.exe: [{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb] -> STAR WARS - Galactic Battlegrounds Saga
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f3d9623-1935-43fa-9756-e90f3134f675}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb [2019-06-29]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-06-26] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {027256DF-F44F-4509-B5B7-BBBFBAD823D8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {03B1D690-5D22-4C06-A4DB-AC5E9E30FA46} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0A58B213-E2DB-4A0F-9F79-F4E192056DDF} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C0D281E-0F83-4FC3-AF3A-E65C3DAB6D80} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {2CF2B6B6-EF0C-47C8-B758-4FB28E9F17F7} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {3005F1A8-1754-4EB5-8F4C-2CBBA8EA3BE7} - System32\Tasks\SS3Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe [1234432 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {3212D90F-FFE4-4EC3-8377-7B18C85B218E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {3FC121E4-5DB8-4BE4-A38B-6BD0D9258042} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {40CFC116-6E75-485A-8713-428AC15ED0D5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {472D0513-DE02-48E6-A7CC-4C49A19923BC} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {4902E8D2-AFB9-433C-9958-8CB246A65DCE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {60EA1950-3764-492B-9CAF-A5A26F296A38} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {70F2CADD-61C4-48C5-A6F7-AF11DD512CA5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {78C5D28F-6B6B-40C0-BB05-1C2FF2E867C7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1551520 2015-05-14] (ASUSTeK Computer Inc. -> ) [File not signed]
Task: {78FAD4B2-0661-4354-AB1C-33E30BBE6BCD} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {80E34C8B-2986-4406-9335-039569C2C179} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-12-29] (Google Inc -> Google Inc.)
Task: {8B10A8D8-EA45-4849-9EF9-954E5CBEC6C3} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe [613096 2021-06-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {9584F8B5-ABDA-43D9-9726-297F08F9FA0C} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9BA9BAD4-DDF3-4F82-8341-1E0B25BEDCC3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9F8A5C9B-7F11-4BB9-A615-E9BFBF1DAE8E} - System32\Tasks\Opera scheduled Autoupdate 1514935286 => C:\Program Files\Opera\launcher.exe [2264784 2021-06-17] (Opera Software AS -> Opera Software)
Task: {A4360A3E-2B16-4E31-B7AF-896D0A612D78} - System32\Tasks\Opera GX scheduled Autoupdate 1581077425 => C:\Users\crist\AppData\Local\Programs\Opera GX\launcher.exe [1473048 2020-02-20] (Opera Software AS -> Opera Software)
Task: {B29C4B24-9C21-46A7-A4CC-030E5A0CFC0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-12-29] (Google Inc -> Google Inc.)
Task: {B920D2FE-A1E1-46F0-AE4F-C038BEA41CC3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C64F0694-5D4B-4838-A50D-A9DFEDC70D29} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1774472352-47920936-928243050-1002 => C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {CA30B8EF-1FFD-421B-93C1-8BCDCB2CE859} - System32\Tasks\Opera scheduled assistant Autoupdate 1582753193 => C:\Program Files\Opera\launcher.exe [2264784 2021-06-17] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0)
Task: {CA98361E-3ECF-4A78-B66F-D0F88CA26FDA} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CC65F10B-42C2-430B-A81E-4B2DF33FFBE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D461E9A2-5739-4856-BF42-18B9CBE3C9CD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {E930236F-5073-461B-8665-61B51D6FCDB0} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3614f9c6-f38a-41f2-af91-0e1ec412f891}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3c4239a3-0aca-4e9c-aa79-2aa4b7b98393}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-28]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-28]
Edge HKU\S-1-5-21-1774472352-47920936-928243050-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKU\S-1-5-21-1774472352-47920936-928243050-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-06-28]
CHR StartupUrls: Default -> "hxxps://www.google.it/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Presentazioni) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29]
CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-06-28]
CHR Extension: (Documenti) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-02]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-29]
CHR Extension: (BlockSite - Website Blocker per Chrome™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2020-03-27]
CHR Extension: (Avast SafePrice | Confronto, offerte, coupon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-06-28]
CHR Extension: (Fogli) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29]
CHR Extension: (Documenti Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-02]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-06-28]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-28]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-28]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-28]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable [2021-06-26]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (BlockSite - Rimani concentrato e controlla il tuo tempo) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2021-06-18]
OPR Extension: (Rich Hints Agent) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-06-26]
OPR Extension: (Anti-Porn PoliceWEB.net) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjpfeaedoichmjfaaeghijjenilnibdl [2020-03-18]
OPR Extension: (Install Chrome Extensions) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2020-03-27]
OPR Extension: (Adblock Plus - ad-blocker gratuito) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2021-05-20]
StartMenuInternet: (HKU\S-1-5-21-1774472352-47920936-928243050-1002) Opera GXStable - "C:\Users\crist\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc. -> Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [382424 2019-02-18] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [184768 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8413472 2020-03-30] (BattlEye Innovations e.K. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4133232 2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2021-05-08] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
U3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25312 2016-11-01] (Intel(R) Online Connect -> Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [34528 2016-11-01] (Intel(R) Online Connect -> Intel Corporation)
S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-14] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [506368 2017-10-26] (Intel Corporation) [File not signed]
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-17] (Intel(R) Online Connect Access -> Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-17] (Intel(R) Online Connect Access -> Intel(R) Corporation)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [368360 2021-06-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-26] (Malwarebytes Inc -> Malwarebytes)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75064 2020-12-13] (Even Balance, Inc. -> )
R3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13921616 2021-06-28] (Adlice -> )
R2 SafeKids1.0.5; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Safe Kids 1.0.5\safekids.exe [607536 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b2801df14ec7de03\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b2801df14ec7de03\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-11-18] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-02-16] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klfltks; C:\WINDOWS\system32\DRIVERS\klfltks.sys [527112 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [657696 2021-05-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1439456 2021-05-08] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [253736 2021-06-26] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klifks; C:\WINDOWS\System32\DRIVERS\klifks.sys [985352 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [263888 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [309104 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [115744 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [224880 2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtpks; C:\WINDOWS\system32\DRIVERS\klwtpks.sys [249624 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-26] (Malwarebytes Inc -> Malwarebytes)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel(R) Technology Access -> Intel Corporation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-06-28] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2021-06-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425184 2021-06-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-28 20:56 - 2021-06-28 20:56 - 000032950 _____ C:\Users\user\Desktop\FRST.txt
2021-06-28 19:42 - 2021-06-28 19:42 - 000000000 ____D C:\AdwCleaner
2021-06-28 19:19 - 2021-06-28 20:34 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-06-28 19:19 - 2021-06-28 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-06-28 19:19 - 2021-06-28 19:25 - 000000000 ____D C:\ProgramData\RogueKiller
2021-06-28 19:19 - 2021-06-28 19:19 - 000000917 _____ C:\Users\user\Desktop\RogueKiller.lnk
2021-06-28 19:19 - 2021-06-28 19:19 - 000000000 ____D C:\Program Files\RogueKiller
2021-06-28 19:13 - 2021-06-28 19:06 - 008534696 _____ (Malwarebytes) C:\Users\user\Desktop\AdwCleaner.exe
2021-06-28 19:06 - 2021-06-28 19:07 - 041847456 _____ (Adlice Software ) C:\Users\user\Downloads\RogueKiller_setup.exe
2021-06-28 19:06 - 2021-06-28 19:06 - 008534696 _____ (Malwarebytes) C:\Users\user\Downloads\AdwCleaner.exe
2021-06-27 18:59 - 2021-06-28 20:56 - 000000000 ____D C:\FRST
2021-06-27 18:58 - 2021-06-27 18:58 - 002300416 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2021-06-26 19:09 - 2021-06-26 19:09 - 000411216 _____ C:\Users\user\Desktop\cc_20210626_190917.reg
2021-06-26 18:11 - 2021-06-26 18:11 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-06-26 18:11 - 2021-06-26 18:11 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-06-26 18:11 - 2021-06-26 18:11 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-06-26 18:11 - 2021-06-26 18:11 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-06-26 18:11 - 2021-06-26 18:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-26 18:10 - 2021-06-26 18:10 - 000000000 ____D C:\Program Files\Malwarebytes
2021-06-26 16:41 - 2021-06-26 16:41 - 000000000 ____D C:\Users\user\AppData\Local\Kaspersky Lab
2021-06-26 16:20 - 2021-06-26 16:20 - 000309104 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-06-26 16:19 - 2021-06-26 16:19 - 000003192 _____ C:\WINDOWS\system32\Tasks\kpm_tray.exe
2021-06-26 16:19 - 2021-06-26 16:19 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab
2021-06-26 16:19 - 2021-06-26 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2021-06-26 16:18 - 2021-06-26 16:18 - 000263888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-06-26 16:18 - 2021-06-26 16:18 - 000224880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-06-26 16:18 - 2021-06-26 16:18 - 000115744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-06-26 16:18 - 2021-06-26 16:18 - 000003392 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2021-06-26 16:18 - 2021-06-26 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud
2021-06-26 16:18 - 2021-06-26 16:18 - 000000000 ____D C:\Program Files\Common Files\AV
2021-06-26 16:18 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2021-06-26 16:18 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-06-26 16:18 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-06-24 19:24 - 2021-06-26 16:19 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-06-24 19:24 - 2021-06-26 16:19 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-06-24 19:24 - 2021-06-24 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Safe Kids
2021-06-24 19:24 - 2021-05-14 16:32 - 000985352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klifks.sys
2021-06-24 19:24 - 2021-05-14 16:32 - 000527112 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klfltks.sys
2021-06-23 23:09 - 2021-06-23 23:09 - 000000064 _____ C:\Users\user\Desktop\Do All Religions Share Faith in One God- - OrthoChristian.Com.url
2021-06-14 23:16 - 2021-06-14 23:16 - 000021992 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_42301891746903.dll
2021-06-10 23:03 - 2021-06-09 05:58 - 000037664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-06-10 22:51 - 2021-06-09 16:18 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-06-10 22:51 - 2021-06-09 16:18 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-06-10 22:51 - 2021-06-09 16:18 - 001453328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-06-10 22:51 - 2021-06-09 16:18 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-06-10 22:51 - 2021-06-09 16:18 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-06-10 22:51 - 2021-06-09 16:18 - 001192720 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-06-10 22:51 - 2021-06-09 16:18 - 001094864 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-06-10 22:51 - 2021-06-09 16:18 - 001094864 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-06-10 22:51 - 2021-06-09 16:18 - 000948936 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-06-10 22:51 - 2021-06-09 16:18 - 000948936 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-06-10 22:51 - 2021-06-09 16:14 - 000715552 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-06-10 22:51 - 2021-06-09 16:14 - 000626976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-06-10 22:51 - 2021-06-09 16:14 - 000575776 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-06-10 22:51 - 2021-06-09 16:13 - 002106128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-06-10 22:51 - 2021-06-09 16:13 - 001590544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-06-10 22:51 - 2021-06-09 16:13 - 001514768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-06-10 22:51 - 2021-06-09 16:13 - 001166096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-06-10 22:51 - 2021-06-09 16:13 - 000811792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-06-10 22:51 - 2021-06-09 16:13 - 000689936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-06-10 22:51 - 2021-06-09 16:13 - 000675088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-06-10 22:51 - 2021-06-09 16:13 - 000656160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-06-10 22:51 - 2021-06-09 16:13 - 000563984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-06-10 22:51 - 2021-06-09 16:12 - 008317232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-06-10 22:51 - 2021-06-09 16:12 - 007434016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-06-10 22:51 - 2021-06-09 16:12 - 004795184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-06-10 22:51 - 2021-06-09 16:12 - 002823472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-06-10 22:51 - 2021-06-09 16:12 - 000445744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-06-10 22:51 - 2021-06-09 16:11 - 000848672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-06-10 22:51 - 2021-06-09 16:10 - 006159144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-06-10 22:51 - 2021-06-09 05:58 - 000087164 _____ C:\WINDOWS\system32\nvinfo.pb
2021-06-09 21:06 - 2021-06-09 21:06 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-09 21:06 - 2021-06-09 21:06 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-09 21:06 - 2021-06-09 21:06 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-09 21:06 - 2021-06-09 21:06 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-09 21:05 - 2021-06-09 21:05 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-09 21:05 - 2021-06-09 21:05 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-09 21:05 - 2021-06-09 21:05 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-09 21:05 - 2021-06-09 21:05 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-09 21:05 - 2021-06-09 21:05 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-09 21:05 - 2021-06-09 21:05 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-09 21:05 - 2021-06-09 21:05 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-09 21:05 - 2021-06-09 21:05 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-09 21:05 - 2021-06-09 21:05 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-09 21:05 - 2021-06-09 21:05 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-09 21:05 - 2021-06-09 21:05 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-09 21:05 - 2021-06-09 21:05 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-09 21:05 - 2021-06-09 21:05 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-09 21:05 - 2021-06-09 21:05 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-06 00:01 - 2021-06-06 01:42 - 000000000 ____D C:\Users\user\AppData\Roaming\EasyAntiCheat
2021-06-03 20:52 - 2021-05-31 18:09 - 005678880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-28 20:54 - 2018-01-02 19:43 - 000000000 ____D C:\Program Files (x86)\Steam
2021-06-28 20:37 - 2020-10-06 05:32 - 001785598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-28 20:37 - 2019-12-07 17:09 - 000789842 _____ C:\WINDOWS\system32\perfh010.dat
2021-06-28 20:37 - 2019-12-07 17:09 - 000151104 _____ C:\WINDOWS\system32\perfc010.dat
2021-06-28 20:37 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-28 20:33 - 2018-01-03 20:01 - 000000000 ____D C:\Program Files\CCleaner
2021-06-28 20:32 - 2017-12-29 19:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-06-28 20:31 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-28 20:30 - 2020-10-05 03:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-28 20:30 - 2020-10-05 03:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-28 20:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-28 20:30 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-06-28 20:28 - 2020-01-20 23:50 - 000009589 _____ C:\WINDOWS\SysWOW64\hosttmp1
2021-06-28 19:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-28 18:54 - 2020-10-05 03:35 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-06-28 18:35 - 2017-12-29 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-06-28 18:35 - 2017-12-29 19:04 - 000000000 ____D C:\Program Files\CPUID
2021-06-27 19:05 - 2018-01-05 20:39 - 000000000 ____D C:\Users\user\AppData\Roaming\Telegram Desktop
2021-06-27 18:58 - 2018-01-16 01:09 - 000000000 ____D C:\Users\user\Downloads\Telegram Desktop
2021-06-27 18:55 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-27 18:51 - 2020-07-03 20:48 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-26 20:06 - 2020-10-05 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-26 19:13 - 2018-01-03 19:57 - 000000000 ____D C:\Users\user\AppData\Local\NVIDIA
2021-06-26 19:12 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-26 19:10 - 2019-01-01 16:50 - 000191776 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2021-06-26 19:10 - 2019-01-01 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-06-26 19:10 - 2019-01-01 16:49 - 000000000 ____D C:\Program Files\Java
2021-06-26 18:11 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-06-26 17:57 - 2021-02-19 21:09 - 000096008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpnpflt.sys
2021-06-26 16:25 - 2021-02-17 00:07 - 000000000 ____D C:\Users\user\Desktop\importazione
2021-06-26 16:18 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-06-26 16:14 - 2017-12-29 19:01 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-26 15:30 - 2018-01-03 01:20 - 000000000 ____D C:\Program Files\Opera
2021-06-26 05:51 - 2020-10-04 20:19 - 000000000 ___DC C:\WINDOWS\Panther
2021-06-26 05:51 - 2018-01-08 22:47 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2021-06-24 19:27 - 2020-10-05 03:35 - 000004160 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1582753193
2021-06-21 20:11 - 2020-10-05 03:35 - 000003954 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1514935286
2021-06-21 20:11 - 2018-01-03 01:21 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Opera.lnk
2021-06-20 13:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-15 02:08 - 2020-10-04 23:00 - 000000000 ____D C:\Users\user
2021-06-14 23:50 - 2018-03-01 19:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-10 22:48 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-10 22:45 - 2020-10-05 03:30 - 000438648 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-10 03:08 - 2019-12-07 17:12 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-10 03:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-10 03:04 - 2020-05-09 19:50 - 000000000 ____D C:\Users\user\Desktop\sticker freki
2021-06-09 20:55 - 2017-12-29 19:13 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-09 20:54 - 2018-01-02 21:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 20:52 - 2018-01-02 21:00 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-09 16:10 - 2020-08-30 00:23 - 007212216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-06-09 05:58 - 2020-08-30 00:23 - 000136472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-06-06 02:02 - 2019-12-04 23:50 - 000000000 ____D C:\Users\user\AppData\LocalLow\MCC
2021-06-05 20:48 - 2017-12-29 19:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-06-04 17:46 - 2020-10-02 00:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-03 21:04 - 2018-12-23 15:06 - 000000000 ____D C:\ProgramData\Packages
2021-06-03 21:04 - 2018-01-08 19:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-06-03 21:04 - 2017-12-29 17:59 - 000000000 ____D C:\Users\user\AppData\Local\Packages
2021-06-03 21:02 - 2017-12-29 19:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-05-30 13:46 - 2020-03-14 08:11 - 000000000 ____D C:\Users\user\Desktop\L'Offerta del Mattino
 

Iohannes

Posts: 28   +0
==================== Files in the root of some directories ========

2020-01-20 23:50 - 2020-01-20 23:50 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_1
2020-02-01 12:34 - 2020-02-01 12:34 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_10
2020-02-02 13:08 - 2020-02-02 13:08 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_11
2020-02-02 23:28 - 2020-02-02 23:28 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_12
2020-02-04 23:08 - 2020-02-04 23:08 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_13
2020-02-05 23:05 - 2020-02-05 23:05 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_14
2020-02-07 14:01 - 2020-02-07 14:01 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_15
2020-02-29 13:51 - 2020-02-29 13:51 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_16
2020-03-01 10:54 - 2020-03-01 10:54 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_17
2020-02-13 13:01 - 2020-02-13 13:01 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_18
2020-03-03 22:59 - 2020-03-03 22:59 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_19
2020-01-22 00:51 - 2020-01-22 00:51 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_2
2020-03-04 23:56 - 2020-03-04 23:56 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_20
2020-03-05 21:35 - 2020-03-05 21:35 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_21
2020-03-06 19:38 - 2020-03-06 19:38 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_22
2020-03-07 11:26 - 2020-03-07 11:26 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_23
2020-03-08 19:52 - 2020-03-08 19:52 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_24
2020-03-09 19:48 - 2020-03-09 19:48 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_25
2020-03-09 21:30 - 2020-03-09 21:30 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_26
2020-03-10 23:02 - 2020-03-10 23:02 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_27
2020-03-31 02:43 - 2020-03-31 02:43 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_28
2020-03-31 14:25 - 2020-03-31 14:25 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_29
2020-01-23 16:47 - 2020-01-23 16:47 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_3
2020-04-01 15:33 - 2020-04-01 15:33 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_30
2020-04-02 14:14 - 2020-04-02 14:14 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_31
2020-04-03 17:46 - 2020-04-03 17:46 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_32
2020-04-04 13:12 - 2020-04-04 13:12 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_33
2020-04-05 09:51 - 2020-04-05 09:51 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_34
2020-04-07 23:01 - 2020-04-07 23:01 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_35
2020-04-09 22:49 - 2020-04-09 22:49 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_36
2020-04-10 00:33 - 2020-04-10 00:33 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_37
2020-04-10 00:37 - 2020-04-10 00:37 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_38
2020-01-27 20:06 - 2020-01-27 20:06 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_4
2020-01-28 22:23 - 2020-01-28 22:23 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_5
2020-01-29 22:40 - 2020-01-29 22:40 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_6
2020-01-30 20:31 - 2020-01-30 20:31 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_7
2020-01-31 15:03 - 2020-01-31 15:03 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_8
2020-01-31 23:00 - 2020-01-31 23:00 - 000000000 _____ () C:\Users\user\AppData\Roaming\scthost_9
2019-11-14 21:39 - 2019-11-14 21:39 - 000000000 _____ () C:\Users\user\AppData\Local\D2154C.tmp
2019-11-14 21:36 - 2019-11-14 21:36 - 000000000 _____ () C:\Users\user\AppData\Local\D246E9.tmp
2019-11-14 21:33 - 2019-11-14 21:33 - 000000000 _____ () C:\Users\user\AppData\Local\D25B3B.tmp
2019-11-14 21:35 - 2019-11-14 21:35 - 000000000 _____ () C:\Users\user\AppData\Local\D26285.tmp
2019-11-23 23:51 - 2019-11-23 23:51 - 000000000 _____ () C:\Users\user\AppData\Local\D269C8.tmp
2019-11-16 17:45 - 2019-11-16 17:45 - 000000000 _____ () C:\Users\user\AppData\Local\D28508.tmp
2019-11-18 21:37 - 2019-11-18 21:37 - 000000000 _____ () C:\Users\user\AppData\Local\D286EB.tmp
2019-11-12 21:50 - 2019-11-12 21:50 - 000000000 _____ () C:\Users\user\AppData\Local\D2A7B6.tmp
2019-11-11 22:46 - 2019-11-11 22:46 - 000000000 _____ () C:\Users\user\AppData\Local\D2AF99.tmp
2020-03-25 02:00 - 2017-03-07 15:33 - 000000036 _____ () C:\Users\user\AppData\Local\installLang.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Iohannes

Posts: 28   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2021
Ran by user (28-06-2021 20:57:08)
Running from C:\Users\user\Desktop
Windows 10 Pro Version 21H1 19043.1052 (X64) (2020-10-05 01:35:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1774472352-47920936-928243050-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1774472352-47920936-928243050-1005 - Limited - Enabled)
crist (S-1-5-21-1774472352-47920936-928243050-1002 - Limited - Enabled) => C:\Users\crist
DefaultAccount (S-1-5-21-1774472352-47920936-928243050-503 - Limited - Disabled)
Guest (S-1-5-21-1774472352-47920936-928243050-501 - Limited - Disabled)
user (S-1-5-21-1774472352-47920936-928243050-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-1774472352-47920936-928243050-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Security Cloud (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: - )
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus Sonic Radar 3 (HKLM-x32\...\{379946d7-d0d7-4395-87e8-8097ca734c8a}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC)
Asus Sonic Studio 3 (HKLM-x32\...\{13df6180-9a6f-4b9b-bfb8-3741c3af4e01}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC)
Asus SonicRadar3Setup (HKLM\...\{B938DE12-4F3D-4068-9649-E5A9E3CB464C}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
Asus SonicStudio3Setup (HKLM\...\{4F5EDE91-E41F-428B-BE5D-EB185BE9007A}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
CPUID HWMonitor 1.34 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.34 - )
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.10.0.0756 - Disc Soft Ltd)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
f.lux (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Flux) (Version: - f.lux Software LLC)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Floris Evolved (HKLM-x32\...\Floris Evolved) (Version: - )
Floris Mod Pack 2.54 (HKLM-x32\...\Floris Mod Pack_is1) (Version: - )
GameInput Redistributable (HKLM-x32\...\{5FAD63E8-8F1C-6687-0325-3BBF64B4FD89}) (Version: 10.1.19041.3918 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hamster ZIP Archiver 4.0.0.59 (HKLM-x32\...\Hamster ZIP Archiver_is1) (Version: 4.0.0.59 - HamsterSoft)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel(R) Network Connections 22.9.16.0 (HKLM\...\PROSetDX) (Version: 22.9.16.0 - Intel)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Safe Kids (HKLM-x32\...\{2B7C9313-351F-4372-B4C6-921AED218652}) (Version: 1.0.5.1360 - Kaspersky) Hidden
Kaspersky Safe Kids (HKLM-x32\...\InstallWIX_{2B7C9313-351F-4372-B4C6-921AED218652}) (Version: 1.0.5.1360 - Kaspersky)
Kaspersky Security Cloud (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
LibreOffice 6.0.2.1 (HKLM\...\{673086D4-1E80-4ED2-A68E-2F6AF26F9760}) (Version: 6.0.2.1 - The Document Foundation)
LOTRO Plugin Compendium (HKLM-x32\...\{3BF7818D-2482-4676-A237-915A11A97847}) (Version: 1.0.3 - Lunarwater)
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Medal (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Medal) (Version: 4.625.0 - Medal B.V.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.59 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.59 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1774472352-47920936-928243050-1002\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minion (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\{Minion}}_is1) (Version: 3.0 - Good Game Mods LLC)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.2.1 - Mozilla)
NVIDIA Driver audio HD 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Driver grafico 466.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.77 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.22.0.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 24.0.3 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.6 (HKLM-x32\...\{18083369-1FFE-462B-8181-122298F6B96F}) (Version: 4.16.9790 - Apache Software Foundation)
Opera GX Stable 66.0.3515.111 (HKU\S-1-5-21-1774472352-47920936-928243050-1002\...\Opera GX 66.0.3515.111) (Version: 66.0.3515.111 - Opera Software)
Opera Stable 77.0.4054.90 (HKLM-x32\...\Opera 77.0.4054.90) (Version: 77.0.4054.90 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
PhotoSync (HKLM\...\{023A64D9-661F-47B9-AF60-E90F2CDF20C6}) (Version: 3.2.1 - touchbyte GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8382 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
RogueKiller version 15.0.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.4.0 - Adlice Software)
Smart Photo Import 1.9.8.3 (HKLM-x32\...\{B346FFF5-59C7-4EF9-B9HG-7GD061Y89RTF}_is1) (Version: - NWS Centurybyte)
Software per periferiche con chipset Intel® (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spotify (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB)
STAR WARS - Galactic Battlegrounds Saga (HKLM\...\{9f3d9623-1935-43fa-9756-e90f3134f675}.sdb) (Version: - )
Star Wars Galactic Battlegrounds All-In-One Patch (HKLM-x32\...\{9A2E0F8A-8388-419F-880E-AB300284BF2E}_is1) (Version: 2.4 - Carborunda)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteaScree (HKLM-x32\...\SteaScree 1.5.4) (Version: 1.5.4 - Foyl)
Strix Software (HKLM-x32\...\{7F7C61C6-8C21-4DF5-8D6C-B49CA3C8BBAB}}_is1) (Version: 1.09.08 - )
Supporto applicazioni Apple (32 bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Supporto applicazioni Apple (64 bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Telegram Desktop version 2.8.1 (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.8.1 - Telegram FZ-LLC)
Third Age - Total War 3.0 (Part 1of2) (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Third Age - Total War 3.0 (Part 1of2)) (Version: - )
Third Age - Total War 3.0 (Part 2of2) (HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\Third Age - Total War 3.0 (Part 2of2)) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warcraft III Beta (HKLM-x32\...\Warcraft III Beta) (Version: - Blizzard Entertainment)
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Componente aggiuntivo Foto -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Componente aggiuntivo motore dei supporti Foto -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-18] (Microsoft Corporation)
DVD Player - FREE -> C:\Program Files\WindowsApps\21336V3TApps.DVDPlayer-FREE_1.1.0.0_x86__bzg06mxvgh4fa [2021-06-19] (V3TApps)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-06-03] (NVIDIA Corp.)
Xbox Insider Hub -> C:\Program Files\WindowsApps\Microsoft.FlightDashboard_477.2102.26001.0_x64__8wekyb3d8bbwe [2021-03-05] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [HamsterFreeMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\HamsterContextMenu64.dll [2017-03-07] (HamsterSoft) [File not signed]
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [HamsterFreeMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\HamsterContextMenu64.dll [2017-03-07] (HamsterSoft) [File not signed]
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-02-18] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [HamsterFreeMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\HamsterContextMenu64.dll [2017-03-07] (HamsterSoft) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b2801df14ec7de03\nvshext.dll [2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [HamsterFreeMenu] -> {2DEDD2C9-928E-4442-9417-769C969973B6} => C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\HamsterContextMenu64.dll [2017-03-07] (HamsterSoft) [File not signed]
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-26] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-02-18 20:24 - 2021-06-28 20:31 - 000035624 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll
2020-03-25 02:00 - 2017-03-07 15:33 - 000243712 _____ (HamsterSoft) [File not signed] C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\HamsterContextMenu64.dll
2017-10-18 15:23 - 2017-10-18 15:23 - 000349696 _____ (Intel(R) Corporation) [File not signed] C:\WINDOWS\system32\NCS2Setp.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-06-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-26] (Oracle America, Inc. -> Oracle Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 15:46 - 2021-06-28 20:28 - 000000147 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1774472352-47920936-928243050-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Desktop\Varie\94149084_10214196978993391_3133111151315910656_n.jpg
HKU\S-1-5-21-1774472352-47920936-928243050-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\crist\Downloads\jakub-rozalski-saxony-ih-16012016b.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)
Wi-Fi: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "Sonic Studio 3"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Smart Photo Import"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1774472352-47920936-928243050-1001\...\StartupApproved\Run: => "Medal"
 

Iohannes

Posts: 28   +0
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4BF2C29E-A66A-4273-B7BC-4E7A6332A58B}] => (Allow) F:\SteamLibrary\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{DB1EDE62-A9C4-4F1E-966C-94DCD3BAC927}] => (Allow) F:\SteamLibrary\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{91B85BED-C0DC-4CC8-B455-C4C6FA9CFA00}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3y.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9CCBAFA-76A8-49B9-B2A0-D1BFBF713128}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3y.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4E63002-BDAB-452B-B653-FEA0A6C9DFD1}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3x.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{F129CCFE-4ADB-4799-9645-A90B981FD728}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3x.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{6B201997-644E-4C83-A623-AD800D9B0D79}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{DC5A3F4F-69D5-4867-A431-961C422ED3C4}] => (Allow) F:\SteamLibrary\steamapps\common\Age Of Empires 3\bin\age3.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [UDP Query User{A9B931EA-9472-4AD4-9C87-79DB5E7EEFB3}F:\program files\overwatch\_retail_\overwatch.exe] => (Allow) F:\program files\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{EF860267-E677-48C1-8943-9268817B0447}F:\program files\overwatch\_retail_\overwatch.exe] => (Allow) F:\program files\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{6FCA43D5-1825-499E-A982-429B9D837ABB}] => (Allow) F:\SteamLibrary\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{8D4C4DA6-2FF3-42FD-AB3D-39114857810B}] => (Allow) F:\SteamLibrary\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [UDP Query User{C248F489-2255-40B4-8293-8C88117AF4B7}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_cc.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_cc.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [TCP Query User{210E4C50-9145-45AC-B5F4-6441B3A0352D}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_cc.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_cc.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [{DE1B8BD9-733B-4CC9-9685-77A0767F3AD7}] => (Allow) F:\SteamLibrary\steamapps\common\Aseprite\Aseprite.exe (David Capello -> )
FirewallRules: [{A93687A5-EF29-42A7-8467-56FE378A2490}] => (Allow) F:\SteamLibrary\steamapps\common\Aseprite\Aseprite.exe (David Capello -> )
FirewallRules: [{BD809A42-ED82-4092-BFC5-F3BDB26F50C2}] => (Allow) F:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{14D36253-EBAD-43CA-8B82-805702ECBA4B}] => (Allow) F:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{86EAC293-3076-4279-B90B-F62AB30E40FE}] => (Allow) F:\SteamLibrary\steamapps\common\AoE2DE\BattleServer\BattleServer.exe (Microsoft Corporation -> )
FirewallRules: [{3494AF2A-389B-4293-B83A-22952FC7CBFF}] => (Allow) F:\SteamLibrary\steamapps\common\AoE2DE\BattleServer\BattleServer.exe (Microsoft Corporation -> )
FirewallRules: [{DC98C02E-8078-4190-8BBB-77E403AD4C54}] => (Allow) F:\SteamLibrary\steamapps\common\AoE2DE\AoE2DE_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F7CE6A3-B767-483B-9D4A-54519BE65F01}] => (Allow) F:\SteamLibrary\steamapps\common\AoE2DE\AoE2DE_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7D872FB3-C0F6-425F-924A-082361ABB59B}] => (Allow) F:\SteamLibrary\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe (The build server will stamp this field) [File not signed]
FirewallRules: [{25E782B0-C0E7-44CF-80D3-793D72A371DA}] => (Allow) F:\SteamLibrary\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe (The build server will stamp this field) [File not signed]
FirewallRules: [{D60028E4-061F-4D9D-8F79-470095D7BBC8}] => (Allow) F:\SteamLibrary\steamapps\common\Halo The Master Chief Collection\MCC\Binaries\Win64\MCC-Win64-Shipping.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)
FirewallRules: [{31223CEA-348C-45BC-824F-6E8F7591561C}] => (Allow) F:\SteamLibrary\steamapps\common\Halo The Master Chief Collection\MCC\Binaries\Win64\MCC-Win64-Shipping.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)
FirewallRules: [{41894C96-F8C6-4BBF-A485-ABC82B2CF216}] => (Allow) F:\SteamLibrary\steamapps\common\Halo The Master Chief Collection\mcclauncher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{EA19FE27-8566-4B95-BF5A-696279C6D166}] => (Allow) F:\SteamLibrary\steamapps\common\Halo The Master Chief Collection\mcclauncher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [UDP Query User{40A53716-CBA2-4E5F-8561-20A539630413}F:\program files\diablo ii\game.exe] => (Allow) F:\program files\diablo ii\game.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8BF94E4A-7F6E-4A46-BAED-F132473AE721}F:\program files\diablo ii\game.exe] => (Allow) F:\program files\diablo ii\game.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{06515500-B798-4280-9489-D64BC955A65E}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3_Debug.exe () [File not signed]
FirewallRules: [{72CE3DC8-47EE-45F1-9B0D-1FEA2CA29D30}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3_Debug.exe () [File not signed]
FirewallRules: [{0A67F131-6801-4A87-877B-06C06FE5BF01}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3.exe () [File not signed]
FirewallRules: [{FBF26068-4ACD-42D5-B231-5B4636657578}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3.exe () [File not signed]
FirewallRules: [{A1DE4185-CBF9-4265-A920-402A7D3BFBEB}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3Launcher.exe () [File not signed]
FirewallRules: [{FE1054A9-2262-43AE-AC0F-FCF10C980778}] => (Allow) F:\SteamLibrary\steamapps\common\AoW3\AoW3Launcher.exe () [File not signed]
FirewallRules: [UDP Query User{EF353460-DE2E-48E2-96AB-F51F3D74A2B0}C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe () [File not signed]
FirewallRules: [TCP Query User{3B288AFF-4BF9-4D67-9B86-5F566CCC9558}C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\heroes of might & magic iii - hd edition\homm3 2.0.exe () [File not signed]
FirewallRules: [{84B55B86-DE22-4F4E-BFAA-C3270536DE4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F90FDB8-D43B-414C-B7D3-CA7C4B83A8CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5E6910D3-793E-4E82-A0CF-3DB32145CB9E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9E28504E-0073-4EA5-952A-3435029B5ED1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D4F67EC-DDC0-4A0B-A912-164944685928}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4546CFAC-8E8F-4FD4-9780-050A8825F44B}] => (Allow) F:\SteamLibrary\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{B3BC87C4-6CB7-49C4-8E51-033128CB9F86}] => (Allow) F:\SteamLibrary\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{89A44182-4C0F-4318-9AA1-0787FDEC4C08}] => (Allow) F:\SteamLibrary\steamapps\common\MountBlade Warband\mb_warband.exe ( Taleworlds Entertainment) [File not signed]
FirewallRules: [{6BAF5E9D-3002-4A63-A8C0-69E953591F21}] => (Allow) F:\SteamLibrary\steamapps\common\MountBlade Warband\mb_warband.exe ( Taleworlds Entertainment) [File not signed]
FirewallRules: [{A01EA512-79B0-4BCC-A39C-15C587005150}] => (Allow) LPort=35722
FirewallRules: [{D3B620BC-1349-45B4-9233-8FC8ABF29BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe () [File not signed]
FirewallRules: [{C999A584-8828-48C0-9F4D-C8243E3987A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe () [File not signed]
FirewallRules: [{EEE0E4AD-8FCA-4949-88A1-797A7D042EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{7D17FC2E-AC9C-4143-BCB7-6CFEB7ADD948}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{5F531101-229D-402E-8760-235E7712BCE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E461402D-C4F6-4D23-8E8B-74E08AC85029}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E4F3640A-A70F-4C7E-A772-45BC6B4B9A5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D0A8C507-558B-4D88-A872-016D0F0C73B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C71240A1-D237-4D20-B732-635837D7EED0}] => (Allow) D:\Games\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{6CE93BE9-1099-4DF5-867A-AB9F2542FF1D}] => (Allow) D:\Games\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{332FA1CA-6C8F-4CE3-A651-53AAB2EA8684}] => (Allow) D:\Games\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{480AD70A-8253-46E9-B4FF-0B3FF735E097}] => (Allow) D:\Games\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{EB732AB6-6A6C-4494-AD6A-D2EFFDD0675B}] => (Allow) D:\Games\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{738FF297-CB54-4DD0-A763-B1A298E594CE}] => (Allow) D:\Games\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{9EE76169-A041-4DCA-B093-30CD45FB47C8}] => (Allow) D:\Games\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{E0BA6642-AA79-4527-B766-E98AEB978056}] => (Allow) D:\Games\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{C36FD347-8D80-47A3-A62D-2A9D80B35568}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{9AB0B396-AED2-4565-8C7E-47822D400693}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{B7C90865-C4CB-4987-A7EF-40838BC9FDBE}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{8B463FA0-1599-4CA5-92A1-5E9C00105E65}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{12D8C88C-CFC3-4915-91A7-DCFD4F6C8FC1}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{30EA94B2-A94B-49E2-8377-C3E3FD77D0F2}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{AEBCE3AB-ECEC-4523-8B85-9CDD9F71B895}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{2A584B31-80A5-41A0-B6A8-314D5E741F38}] => (Allow) J:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{8C36C2E0-A64F-4974-B30A-09D4C1CB7969}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{CBB871DE-38F1-497C-9EC0-AD2ECC7A7DA4}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{670CF1CF-2320-402B-8B9E-9A987F6C490E}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{6B323D56-6B86-4A5F-8F8D-7A2F4EC4B058}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{AB146833-4A6A-47B7-A9F4-4CA50EE11E98}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{AD264557-BD61-41C6-8101-F827ACEF2D64}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{E5635A44-F2D3-4B2F-AB3D-8317D4DC1ECE}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{32F97002-538F-409E-BEA4-0E3428C74601}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{767428BD-D380-4F28-A160-0257BBE4A139}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{B56A8C95-5F72-4E43-9093-229B6CDD949A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [TCP Query User{A2CB1830-3B84-42CE-AD88-010490B27BD5}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9887BC2E-2D95-45DE-8E7F-0706FCCDD5B3}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1430FA83-153A-485C-823C-4FE83CA8973E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{232A13FA-4B9D-49D4-98D3-474FECF7FFB0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{42A5FD78-DA8C-4848-9F59-DD0A5CDAFA69}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{0C51142F-EF53-4AC3-BCF6-0647CCED2224}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{5C09B79E-790E-4304-8AF9-C38FD2758F44}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{BB988F3E-23A5-4F03-9B76-25EC61FF00F6}] => (Allow) F:\SteamLibrary\steamapps\common\Wyrmsun\launcher.exe (Wyrmsun) [File not signed]
FirewallRules: [{28F1F9C2-9ECF-4EEC-95E3-130EA755CDF8}] => (Allow) F:\SteamLibrary\steamapps\common\Wyrmsun\launcher.exe (Wyrmsun) [File not signed]
FirewallRules: [TCP Query User{F07ADF1D-72B2-448D-8965-E526DF947357}F:\steamlibrary\steamapps\common\wyrmsun\wyrmsun.exe] => (Allow) F:\steamlibrary\steamapps\common\wyrmsun\wyrmsun.exe () [File not signed]
FirewallRules: [UDP Query User{C32AC7BD-8634-4751-8FEE-304F846A0D68}F:\steamlibrary\steamapps\common\wyrmsun\wyrmsun.exe] => (Allow) F:\steamlibrary\steamapps\common\wyrmsun\wyrmsun.exe () [File not signed]
FirewallRules: [{878410D6-BA41-4412-AE19-B177F2B3FD1B}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Take-Two Interactive Software, Inc. -> Gearbox Software) [File not signed]
FirewallRules: [{6756A090-E8E5-440B-9D5B-28D41527837F}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Take-Two Interactive Software, Inc. -> Gearbox Software) [File not signed]
FirewallRules: [{6849F6DA-6ECD-45FB-B160-EE9A9C0D777F}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{930D8880-739D-47E2-957E-B9128AEC739D}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [{D095F67D-1799-4EF1-9DF3-CD742E0E3B33}] => (Allow) F:\SteamLibrary\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [{6F8F7534-72AE-481F-99D5-6C414DBB70D1}] => (Allow) F:\SteamLibrary\steamapps\common\STAR WARS - Galactic Battlegrounds Saga\Game\player.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [TCP Query User{2A8192C5-21EB-433A-8125-349CFDE26953}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [UDP Query User{1B7143A7-6073-418E-9626-EC3F6E884B59}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds_x1.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [TCP Query User{A494C5CF-1BA0-4A0D-A678-08499D33B73E}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{2601DB8B-9330-4F5D-8FC2-9848664D00B2}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{71F9E85F-8F62-4F7F-9C65-F57A6C5F7B1E}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [UDP Query User{E993C946-C97C-4298-AC21-46E3879B91D8}F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars - galactic battlegrounds saga\game\battlegrounds.exe (LucasArts Entertainment Company LLC) [File not signed]
FirewallRules: [{B9C99E6E-BCA8-455D-AEF6-6DC09EC07A07}] => (Allow) F:\SteamLibrary\steamapps\common\AoE3DE\AoE3DE_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{79B18BC5-85BB-42BA-8BCE-5CF715DFE474}] => (Allow) F:\SteamLibrary\steamapps\common\AoE3DE\AoE3DE_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{22007AEC-860F-4ABA-B932-F49E033DA4EC}] => (Allow) F:\SteamLibrary\steamapps\common\AoE3DE\BattleServer.exe (Microsoft Corporation -> )
FirewallRules: [{7C51E125-EB28-4F3E-88D1-D7D42D16F428}] => (Allow) F:\SteamLibrary\steamapps\common\AoE3DE\BattleServer.exe (Microsoft Corporation -> )
FirewallRules: [{68A7B81B-4088-4BC3-A121-95B52627B5DC}] => (Allow) F:\SteamLibrary\steamapps\common\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{F5587152-87B4-49E6-B605-8D564CEE0DBA}] => (Allow) F:\SteamLibrary\steamapps\common\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{16D11C84-56E3-45D1-8185-5A6C6D3F4BD1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{5000ACC7-0253-43CB-80BE-4C77CF6D8C3C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{4994A29D-8E5D-44BE-8847-36BAA2F28232}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{71D87D70-6F80-49CA-93AA-8BA7C82D90B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{3A0DA4B0-4284-46B8-8EE4-A80E19B8401E}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\cossacks.exe (GSC Game World) [File not signed]
FirewallRules: [{01ACA632-2819-46D5-94B5-48A209DAD973}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\cossacks.exe (GSC Game World) [File not signed]
FirewallRules: [{D8BD53F0-25AA-440B-AB94-8374466EB42D}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\config.exe (GSC Game World) [File not signed]
FirewallRules: [{DA989A5E-25FC-40CD-8548-694C9C919D1F}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\config.exe (GSC Game World) [File not signed]
FirewallRules: [{D0165041-5CBD-4D8E-BDA1-DA1E7F3A4C07}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\editor.exe (GSC Game World) [File not signed]
FirewallRules: [{7C2E5DBF-67B1-4946-803B-6D021FCDD3BA}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\editor.exe (GSC Game World) [File not signed]
FirewallRules: [{F5373E1A-F63C-45FF-9540-D3B4EB86A976}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\modman.exe (GSC Game World) [File not signed]
FirewallRules: [{3C3D2FC8-DA57-4538-8C63-D4CFA5EA3096}] => (Allow) F:\SteamLibrary\steamapps\common\Cossacks 3\modman.exe (GSC Game World) [File not signed]
FirewallRules: [{CB4FE8F7-8255-4A19-BDA5-311D5DD8F9F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{520318AF-AED2-40C7-842C-37DE2C550CA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7826D627-85AD-4324-A10D-965ED87C613B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{162B5C28-B9D3-4FC5-905D-0C77D9459D89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{74D76A3B-F93A-4180-826C-45AC4035200B}] => (Allow) F:\SteamLibrary\steamapps\common\HaloWarsDE\xgameFinal.exe (343 Industries) [File not signed]
FirewallRules: [{D083D713-406F-432B-A0A7-6DE93828F3D1}] => (Allow) F:\SteamLibrary\steamapps\common\HaloWarsDE\xgameFinal.exe (343 Industries) [File not signed]
FirewallRules: [{BD5474D1-5AFE-47EE-AF09-2303E8826E61}] => (Allow) F:\SteamLibrary\steamapps\common\Pit People\pitpeople.exe () [File not signed]
FirewallRules: [{DB88565C-F5CD-4A51-871D-8BB889BA5D77}] => (Allow) F:\SteamLibrary\steamapps\common\Pit People\pitpeople.exe () [File not signed]
FirewallRules: [{7771DC31-B917-406E-9DD3-F5727EC2F234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{8FFA07B4-6E3B-4D27-89FD-32DC8BFD0A2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{C7A25A52-3F40-42AC-B36C-6CB80D61F74F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe ( Taleworlds Entertainment) [File not signed]
FirewallRules: [{21B2DA97-4186-4111-9015-573BCFD6E22E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe ( Taleworlds Entertainment) [File not signed]
FirewallRules: [{E35FA988-AAF2-40D9-8454-5F44553804B9}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{39ADCF29-DD7E-4B0C-9117-475D2F1F5FD7}] => (Allow) F:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [TCP Query User{C5A5ACC0-A512-496B-A51A-75B5E3247FAD}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{B696F207-15F0-49FE-84E1-853DAE2D237F}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{549FD8DC-2864-4FC8-A965-0931F3FE83CA}] => (Allow) C:\Program Files\Opera\76.0.4017.177\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B4D9C91D-D9AB-4D62-ABE5-E49993DB4E94}] => (Allow) C:\Program Files\Opera\77.0.4054.90\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{1A0D1146-DDDD-48FC-982B-BD604031B112}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E6F42833-64F3-4112-8C49-CFAC246D4CAC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.59\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CF4F87FA-E087-4DC3-9B08-CFDC42682865}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{5EABEDCC-4DC8-40FC-9841-415934BFD875}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{30F2A9B4-2BBC-4E15-A135-BAD6F38E5EE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{041FFA14-8B52-4655-B63D-510F60597DE2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E6609DE-8D46-42F3-96A6-8D4E6188B67D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FF21F4D8-60D5-41C6-8A43-8ACDE73B808D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EDFEBE52-2DB9-4DC0-AADC-735C13C673D4}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{776988B4-C0DA-411B-B84B-82FDB06BBA80}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{E1496282-A275-4027-8C9E-A71EA301D78B}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed]
FirewallRules: [{A48A5393-FC76-4B57-A034-5AF6DE938BFC}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe () [File not signed]
FirewallRules: [{23A3B86E-59EE-47A7-A9F7-6ED8D3178A73}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed]
FirewallRules: [{8271FC8B-18BF-4EAF-ADE0-45C2617858D1}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe () [File not signed]
FirewallRules: [{18626414-4DEE-4CDA-BCC9-64B72EEE8477}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{CF4B0FB4-6770-4CF9-B2D7-309FBD3C4348}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [File not signed]
FirewallRules: [{1921522A-92AF-43E1-8DF8-F43705034DB9}] => (Allow) C:\WINDOWS\SysWOW64\svctcom.exe => No File
==================== Restore Points =========================
26-06-2021 16:04:04 Programma di installazione dei moduli di Windows
26-06-2021 19:12:09 Programma di installazione dei moduli di Windows
28-06-2021 20:27:15 Removed ActivTrak Agent 8.1.19.0
28-06-2021 20:28:05 Installed ActivTrak Agent 8.1.19.0
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/26/2021 08:11:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: LogonUI.exe, versione: 10.0.19041.1, timestamp: 0xc08a5452
Nome del modulo che ha generato l'errore: NetworkIcon.dll, versione: 10.0.19041.1, timestamp: 0xfbd09f35
Codice eccezione: 0xc0000005
Offset errore 0x0000000000012e32
ID processo che ha generato l'errore: 0x5a4
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d76ab6a401fce7
Percorso dell'applicazione che ha generato l'errore: C:\WINDOWS\system32\LogonUI.exe
Percorso del modulo che ha generato l'errore: C:\Windows\System32\NetworkIcon.dll
ID segnalazione: 99bb19d8-e98b-4461-b1ad-db353b4eab06
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:
Error: (06/26/2021 08:10:31 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informazioni del servizio Copia Shadow del volume: impossibile avviare il server COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} denominato CEventSystem. [0x8007045b, È in corso l'arresto del sistema.
]
Error: (06/26/2021 06:42:31 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Il motore di ottimizzazione archiviazione non ha potuto completare riottimizzazione in Dati (F:) per il motivo seguente: L'operazione richiesta non è supportata dall'hardware di supporto del volume. (0x8900002A)
Error: (06/24/2021 07:13:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mbam.exe, versione: 4.0.0.1006, timestamp: 0x60a67357
Nome del modulo che ha generato l'errore: ntdll.dll, versione: 10.0.19041.1023, timestamp: 0x7977b9de
Codice eccezione: 0xc0000374
Offset errore 0x00000000000ff199
ID processo che ha generato l'errore: 0x1210
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d7691c4b60be94
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\ntdll.dll
ID segnalazione: 808a1975-b19c-4c66-9f74-0c92de58af01
Nome completo pacchetto che ha generato l'errore:
ID applicazione relativo al pacchetto che ha generato l'errore:
Error: (06/19/2021 04:00:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Il motore di ottimizzazione archiviazione non ha potuto completare riottimizzazione in Dati (F:) per il motivo seguente: L'operazione richiesta non è supportata dall'hardware di supporto del volume. (0x8900002A)
Error: (06/10/2021 11:12:16 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Il motore di ottimizzazione archiviazione non ha potuto completare riottimizzazione in Dati (F:) per il motivo seguente: L'operazione richiesta non è supportata dall'hardware di supporto del volume. (0x8900002A)
Error: (06/10/2021 03:08:19 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informazioni del servizio Copia Shadow del volume: impossibile avviare il server COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} denominato CEventSystem. [0x8007045b, È in corso l'arresto del sistema.
]
Error: (06/05/2021 08:57:40 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Il motore di ottimizzazione archiviazione non ha potuto completare riottimizzazione in Dati (F:) per il motivo seguente: L'operazione richiesta non è supportata dall'hardware di supporto del volume. (0x8900002A)
System errors:
=============
Error: (06/28/2021 07:10:39 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.
Error: (06/26/2021 08:11:24 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.
Error: (06/26/2021 07:09:48 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-MG)
Description: Impossibile avviare un server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. L'errore
"%%2147942767 = La creazione del processo è stata bloccata."
si è verificato durante l'avvio del comando
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (06/26/2021 07:06:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Sincronizza host_16603ad.
Error: (06/26/2021 05:59:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Errore durante il tentativo di lettura del file degli host locali.
Error: (06/26/2021 04:38:44 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-MG)
Description: Impossibile avviare un server DCOM {45BA127D-10A8-46EA-8AB7-56EA9078943C} come Non disponibile/Non disponibile. L'errore
"%%2147942405 = Accesso negato."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\system32\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}
Error: (06/26/2021 04:38:36 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-MG)
Description: Impossibile avviare un server DCOM {45BA127D-10A8-46EA-8AB7-56EA9078943C} come Non disponibile/Non disponibile. L'errore
"%%2147942405 = Accesso negato."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\system32\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}
Error: (06/26/2021 04:38:30 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-MG)
Description: Impossibile avviare un server DCOM {45BA127D-10A8-46EA-8AB7-56EA9078943C} come Non disponibile/Non disponibile. L'errore
"%%2147942405 = Accesso negato."
si è verificato durante l'esecuzione del comando
C:\WINDOWS\system32\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}
Windows Defender:
================
Date: 2021-06-26 06:40:17
Description:
Microsoft Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {35756D73-CAC6-481C-BEC4-40371C097351}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM
Date: 2021-06-26 06:39:35
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
Nome: PUA:Win32/DisplayDriverUninstaller
Gravità: Basso
Categoria: Software potenzialmente indesiderato
Percorso: file:_F:\Old PC backup\random maymay late 17\[Guru3D.com]-DDU\DDU v17.0.8.0.exe; file:_F:\Old PC backup\random maymay late 17\[Guru3D.com]-DDU\Display Driver Uninstaller.exe
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Utente
Utente: DESKTOP-MG\user
Nome processo: Unknown
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-26 05:17:27
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
Nome: Trojan:pDF/Phish.SS!MTB
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Sessions\Tabs_13269148284871767
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Protezione in tempo reale
Utente: DESKTOP-MG\user
Nome processo: C:\Program Files\Opera\77.0.4054.90\opera.exe
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-26 04:39:24
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
Nome: Trojan:pDF/Phish.SS!MTB
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Windows\SysWOW64\aamdata\aamfetch-journal
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Protezione in tempo reale
Utente: NT AUTHORITY\SYSTEM
Nome processo: C:\Windows\SysWOW64\svctcom.exe
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-26 04:38:58
Description:
Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato.
Ulteriori informazioni sono riportate di seguito:
Nome: Trojan:pDF/Phish.RA!MTB
Gravità: Grave
Categoria: Trojan
Percorso: file:_C:\Users\user\AppData\Local\Opera Software\Opera Stable\Cache\f_0012ad
Origine rilevamento: Computer locale
Tipo rilevamento: Concreta
Origine rilevamento: Protezione in tempo reale
Utente: DESKTOP-MG\user
Nome processo: C:\Program Files\Opera\77.0.4054.90\opera.exe
Versione intelligence sulla sicurezza: AV: 1.341.1448.0, AS: 1.341.1448.0, NIS: 1.341.1448.0
Versione motore: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-05 16:55:16
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 1.341.54.0
Versione intelligence sulla sicurezza precedente: 1.339.1962.0
Origine aggiornamento: Utente
Tipo intelligence sulla sicurezza: Antispyware
Tipo aggiornamento: Delta
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente: 1.1.18200.4
Versione motore precedente: 1.1.18100.6
Codice errore: 0x80070666
Descrizione errore: È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.
Date: 2021-06-05 16:55:16
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 1.341.54.0
Versione intelligence sulla sicurezza precedente: 1.339.1962.0
Origine aggiornamento: Utente
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Delta
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente: 1.1.18200.4
Versione motore precedente: 1.1.18100.6
Codice errore: 0x80070666
Descrizione errore: È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.
Date: 2021-06-05 16:55:16
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare il motore.
Nuova versione motore: 1.1.18200.4
Versione motore precedente: 1.1.18100.6
Utente: NT AUTHORITY\SYSTEM
Codice errore: 0x80070666
Descrizione errore: È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.
Date: 2021-06-04 17:46:28
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 1.341.54.0
Versione intelligence sulla sicurezza precedente: 1.339.1962.0
Origine aggiornamento: Utente
Tipo intelligence sulla sicurezza: Antispyware
Tipo aggiornamento: Delta
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente: 1.1.18200.4
Versione motore precedente: 1.1.18100.6
Codice errore: 0x80070666
Descrizione errore: È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.
Date: 2021-06-04 17:46:28
Description:
Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 1.341.54.0
Versione intelligence sulla sicurezza precedente: 1.339.1962.0
Origine aggiornamento: Utente
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Delta
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente: 1.1.18200.4
Versione motore precedente: 1.1.18100.6
Codice errore: 0x80070666
Descrizione errore: È già installata un'altra versione del prodotto. Impossibile continuare l'installazione di questa versione. Per configurare o rimuovere la versione esistente del prodotto, utilizzare Installazione applicazioni nel Pannello di controllo.
CodeIntegrity:
===============
Date: 2021-06-28 20:36:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-06-28 20:33:04
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 0809 07/07/2017
Motherboard: ASUSTeK COMPUTER INC. STRIX B250H GAMING
Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 30%
Total physical RAM: 16318.25 MB
Available physical RAM: 11363.59 MB
Total Virtual: 18750.25 MB
Available Virtual: 12251.21 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.29 GB) (Free:30.12 GB) NTFS
Drive f: (Dati) (Fixed) (Total:931.39 GB) (Free:211.82 GB) NTFS
\\?\Volume{939e7d52-4ffb-4f2a-bbe7-7499d3823bc7}\ (Ripristino) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{51a51eeb-c555-41a5-8b2a-80ac63ee6ff2}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================


I hope this is alright. I just straight copy-pasted from the txt logs into here.
Please, let me know your review of this whole "ordeal", if there really ever was an infection or not (as the programs we used seem to imply).