احتمالاً رایانه شخصی آلوده است – ویروس ، Trojan ، Spyware و Help Removal Malware

نتیجه اسکن ابزار اسکن بازیابی Farbar (FRST) (x64) نسخه: 11-04-2020
اجرای توسط هونگ (مدیر) در HUNG (شرکت بین المللی میکرو استار ، با مسئولیت محدود MS-7B86) (11-04-2020 04:30:13)
در حال اجرا از C: کاربران Hung AppData محلی بسته ها Microsoft.MicrosoftEdge_8wekyb3d8bbwe TempState بارگیری ها
نمایه های بارگیری شده: آویزان (پروفایل های موجود: آویزان)
بستر های نرم افزاری: ویندوز 10 نسخه نسخه 1903 18362.720 (X64) زبان: انگلیسی (ایالات متحده آمریکا)
مرورگر پیش فرض: Edge
حالت چکمه: عادی
آموزش ابزار اسکن بازیابی Farbar: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ociation19659009ociation====== ================ پردازش (لیست سفید) ==================

(اگر یک مطلب در لیست حل اضافه شده است ، مراحل بسته می شود. پرونده منتقل نمی شود.)

(Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc.) C: برنامه های فایلها AMD CNext CNext amdow.exe
( Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc.) C: File Files AMD CNext CNext AMDRSServ.exe
(Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc.) : File Files AMD CNext CNext RadeonSettings.exe
(Advanced Micro Devices، Inc. -> AMD) C: Windows System32 DriverStore FileRepository c0346729.inf_amd64_a4e838010b04088c B346681/ atiecl.exe ] (Advanced Micro Devices، Inc. -> AMD) C: Windows System32 DriverStore FileRepository c0346729.inf_amd64_a4e838010b04088c B346681 atiesrxx.exe
(AMD) [File not signed] C: File Files AMD Client Profile Profile AUEPLauncher.exe
(AMD) [File not signed] C: Files Programs AMD Profile Profile Client AUEPMaster.exe
(Apple Inc. -> Apple Inc .) C: File Files Bonjour mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C: برنامه های برنامه پرونده های معمول اپل پشتیبانی دستگاه تلفن همراه AppleMobileDeviceService.exe
(CobianSoft، لوئیس کوبین) [File not signed] C: File Files (x86) Cobian Backup 11 cbVSCService11.exe
(ESET، spol. s r.o. -> ESET) C: File Files ESET ESET Security eguiProxy.exe
(ESET، spol. s ro -> ESET) C: Files Programs ESET ESET Security ekrn.exe
( لوئیس کوبیان ، CobianSoft) [File not signed] C: File Files (x86) Cobian Backup 11 cbInterface.exe
(Luis Cobian، CobianSoft) [File not signed] C: File Files (x86) Cobian Backup 11 Cobian .exe
(Mega Limited -> Mega Limited) C: کاربران Hung AppData Local MEGAsync MEGAsync.exe
(شرکت مایکروسافت -> شرکت مایکروسافت) C: Windows SystemApps Microsoft.MicrosoftEdge_8wekyb3d8bbwe MicrosoftEdge.exe
(Microsoft Corporation) C: File Files WindowsApps Microsoft.GamingService_1.39.6001.0_x64__8wekyb3d8bbwe GamingService.exe
(Microsoft Corporation) C: Files Programs WindowsApps Microsoft.00.1 .0_x64__8wekyb3d8bbwe GamingServiceNet.exe
(Microsoft Corporation) C: File Files WindowsApps Microsoft.XboxGamingOverlay_5.120.4062.0_x64__8wekyb3d8bbwe GameBar.exe
ndows -> Microsoft Corporation) C: Windows ImmersiveControlPanel SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdg eCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation ) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeDevTools.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 SndVol.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 spaceman.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 Taskmgr.exe
(Microsoft Windows -> Microsoft Corporate ation) C: Windows WinSxS amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.710_none_5f52d84058d0677f/ TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) برنامه: Windows Microsoft Windows 8/ program 0 MsMpEng.exe
(انتشار دهنده Microsoft Windows -> Microsoft Corporation) C: ProgramData Microsoft Windows Defender Platform 4.18.2003.8-0 NisSrv.exe
(Spotify AB -> Spotify Ltd) C : کاربران Hung AppData رومینگ Spotify Spotify.exe
(Spotify AB -> Spotify Ltd) C: کاربران آویزان AppData رومینگ Spotify Spotify.exe
(Spotify AB -> Spotify Ltd) C: Users Hung AppData Roaming Spotify Spotify.exe
(Spotify AB -> Spotify Ltd) C: Users Hung AppData Roaming Spotify Spotify.exe
( Spotify AB -> Spotify Ltd) C: Users Hung AppData Roaming Spotify Spotify.exe
(Surfshark Ltd. -> Iain Patterson) C: Files Program (x86) Surfshark Resources x64 nssm.exe
(Surfshark Ltd. -> Surfshark) C: Program Fil es (x86) Surfshark Surfshark.exe
(Surfshark Ltd. -> Surfshark) C: File برنامه (x86) Surfshark Surfshark.Service.exe

========== =========== رجیستری (لیست سفید) ====================

(اگر یک ورودی در لیست ثابت موجود باشد ، آیتم رجیستری به صورت پیش فرض بازیابی یا حذف شود. پرونده منتقل نمی شود.)

HKLM … Run: [egui] => C: File Files ESET ESET Security ecmdS.exe [183088 2019-12-13] (ESET، spol. s ro -> ESET)
HKU S-1-5-21-3414523710-2269299248-687328276-1001 … Run: [Discord] => C: Users Hung AppData Local Discord app-0.0 .306 Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc)
HKU S-1-5-21-3414523710-2269299248-687328276-1001 … Run: [Spotify] = > C: کاربران Hung AppData رومینگ Spotify Spotify.exe [22932200 2020-04-09] (Spotify AB -> Spotify Ltd)
HKU S-1-5-21-3414523710-2269299248-687328276-1001 . .. Run: [Surfshark] => C: File Files (X86) Surfshark Surfshark.exe [3765200 2020-03-18] (Surfshark Ltd. -> Surfshark)
HKU S-1-5-18 .. . Run: [] => [X]
Startup: C: Users Hung AppData رومینگ مایکروسافت ویندوز منوی شروع برنامه ها راه اندازی MEGAsync.lnk [2020-03-08]
میانبر هدف: MEGAsync.lnk -> C : کاربران Hung AppData محلی MEGAsync MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: محدودیت؟ <==== توجه:

===================== وظایف برنامه ریزی شده (لیست سفید) =============

( اگر یک ورودی در لیست ثابت وجود داشته باشد ، از رجیستری حذف می شود. پرونده منتقل نمی شود مگر اینکه به طور جداگانه ذکر شده باشد.)

کار: {01F75594-AA24-4B27-A847-9DB629A00746} – System32 Tasks Adobe Flash Player Updater => C: WINDOWS SysWOW64 Macromed Flash FlashPlayerUpdateService.exe
کار: {07D225C4-AAA8-4AD9-A3D8-4C14A68220B8} – System32 Tasks Microsoft Windows Defender Scan => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 MpCmdRun.exe [480272 2020-03-25] (انتشار دهنده Microsoft Windows -> Microsoft Corporation)
کار: {16B659CA-CB59-4C25-BFA6- 7F94676735E8} – System32 Tasks Microsoft Windows Windows Defender Windows Defender Cleanup => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft شرکت)
کار: 41707C1B-71C6-4FFE-8427-2 121C5F499A1} – System32 Tasks ModifyLinkUpdate => C: File files AMD CIM Bin64 InstallManagerApp.exe [468992 2019-09-10] (Advanced Micro Devices، Inc.) [File not signed]
وظیفه: CA 4CA19139-2E60-45FF-A253 F72BC8D8ECD3} – Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {578ED41F-444A-4113-82DD-E1287D92FB4E} – System32 Taskks Microsoft Windows Windows Defender Windows Defender تعمیر و نگهداری => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 MpCmdRun.exe [480272 2020-03-25] (انتشار دهنده Microsoft Windows -> Microsoft Corporation)
کار: {5B7EDC07-2838-4917-9FF0- 7 027C3D98E983} – System32 Tasks EOSv3 Scheduler onLogOn => C: Users Hung Downloads esetonlinescanner_enu.exe
وظیفه: {6062A1EB-7D0C-4B99-9032-C241017STNSS77STNSCS7SSTSC7CSNSCSC7CSNSCSC7CSCSCS فایلهای برنامه AMD InstallUEP AMDInstallUEP.exe
کار: {62824730-59EB-40BD-9202-58EB96AE507B – System32 Tasks StartCN => C: File Files AMD CNext CNext cncmd.exe [61112 2019-09-10] (دستگاه های پیشرفته Micro، I nc. -> Advanced Micro Devices، Inc))
کار: {86AEBD9B-0BA9-4C2F-9D39-F21B864EFD39} – System32 Tasks EOSv3 Scheduler onTime => C: Users Hung Downloads esetonlinesner_
کار: 86E53B9D-306A-4A77-8801-8B505898A900} – System32 Tasks Microsoft Windows Windows Defender Windows Defender Verification => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 MpCmdRun.exe [480272 2020-03-25] (انتشارات ویندوز مایکروسافت -> Microsoft Corporation)
کار: D 88D58469-FB0D-402A-8DAE-1F6487584027} – System32 Tasks Apple AppleSoftwareUpdate => C: Program Files (x86) به روز رسانی نرم افزار اپل SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc)
کار: {9BC13504-E018-4B82-9F27-D167BECF5CA2} – System32 Tasks StartCNBM => C: Files Programs AMD CNext CNext cncmd.exe [61112 2019-09-10] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
کار: {A52E03CB-16C9-464E-B912-10FF0D0AE117 – System32 Tasks AMD ThankingURL => C: Files Programs AMD CIM Bin64 Setup.exe [891576 2019-09-10] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
کار: {CA659592-54F2-443A-B42E-64D616DB15A0} – System32 Tasks AMDLinkUpdate => C: File files AMD CIM BIN64 InstallManagerApp.exe [468992 2019-09-10] (Advanced Micro Devices، Inc.) [File not signed]
کار: {E62AB39E-2D23-4EF9-B3AC-145DB46B66F0} – System32 Tasks StartDVR => C: File Files AMD CNext CNext RSServCmd.exe [68280 2019-09-10] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
کار: {EE7E09B1-580D-4F0E-BEB7-9CA2A8128DDA Software – System32 Tasks Avast Software Overseer => C: File Files File Common Common Software AVAST Overseer overseer.exe [1660520 2020-02-27] (Avast Software sro -> Avast Software)

(اگر یک ورودی در لیست ثابت وجود داشته باشد ، پرونده وظیفه (.job) منتقل می شود. پرونده ای که توسط کار اجرا می شود منتقل نمی شود.)

= ==================== اینترنت (لیست سفید) ======================

(اگر یک مورد [در لیست صحیح گنجانده شده است ، اگر این یک رجیستری باشد ، حذف خواهد شد یا به صورت پیش فرض بازیابی می شود.]

Winsock: Catalog5 08 C: File Files (x86) Bonjour mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C: File Files Bonjour mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip Parameters: [DhcpNameServer] 209.18 .47.61 209.18.47.62
Tcpip .. Interfaces {297f043b-a688-49ab-9844-290a6e85da74}: [DhcpNameServer] 172.20.10.1
Tcpip ../f44-44 4443b02 8e11-8fa5d522fc04}: [NameServer] 162.252.172.57،149.154.159.92
Tcpip .. Interfaces {4443b02a-f54a-4dda-8e11-8fa5d522fc044 194 کاوشگر:
====== =============

Edge:
======
DownloadDir: B: Downlaods
Notification Edge: HKU S-1-5-21 -3414523710-2269299248-687328276-1001 -> hxxps: //www.facebook.com؛ hxxps: //www.youtube.com

FireFox:
========
FF DefaultProfile: 2gwlfzbp.default
FF ProfilePath: C: Users Hung AppData Roaming موزیلا Firefox پروفایل ها 2gwlfzbp.default [2020-03-13]
FF ProfilePath: C: کاربران Hung AppData رومینگ موزیلا Firefox پروفایل 482uhftv.default-انتشار [2020-04-05]
FF Plugin-x32: @ foxitsoftware.com / افزونه ReaderPlugin.dll [No File]
FF Plugin-x32: @ foxitsoftware.com / Foxit: / افزونه Foxit Reader Plugin، version = 1.0، Application / vnd.xdp -> C: Files Program (x86) Foxit Software Foxit Reader Reader Plugin، version = 1.0، Application / vnd.xfdf -> C: Files Program (x86) Foxit Software Foxit Reader plugins npFoxitReaderPlugin.dll [No File]

========== =========== خدمات (لیست سفید) ===================

(اگر یک ورودی در لیست ثابت موجود باشد) حذف می شود پرونده از پرونده استفاده نمی شود ، مگر اینکه به طور جداگانه ذکر شود.)

R2 AMD برنامه رویدادهای خارجی. C: WINDOWS System32 DriverStore FileRepository c0346729.inf_amd64_a4e838010b04088c B346681 atiesrxx.exe [508632 2019-09-12] (Advanced Micro Devices، Inc. -> AMD)
R2 سرویس دستگاه تلفن همراه اپل؛ C: برنامه های پرونده پرونده های معمول اپل پشتیبانی دستگاه تلفن همراه AppleMobileDeviceService.exe [96056 2020-01-10] (اپل شرکت -> اپل وارز).
R2 AUEPLauncher؛ C: File Files AMD Client Profile Profile AUEPLauncher.exe [43008 2019-09-10] (AMD) [File not signed]
S3 BEService؛ C: File Files (x86) Files Common BattlEye BEService.exe [8567960 2020-03-24] (نوآوری های BattlEye e.K. ->)
R2 cbVSCService11؛ C: File Files (x86) Cobian Backup 11 cbVSCService11.exe [67584 2013-03-07] (CobianSoft، Luis Cobian) [File not signed]
S3 EasyAntiCheat؛ C: File Files (x86) EasyAntiCheat EasyAntiCheat.exe [803440 2019-11-13] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn؛ C: File Files ESET ESET Security ekrn.exe [2245488 2019-12-13] (ESET، spol. s r.o. -> ESET)
R3 ekrnEpfw؛ C: File Files ESET ESET Security ekrn.exe [2245488 2019-12-13] (ESET، spol. s r.o. -> ESET)
R2 GamingService؛ C: File Files WindowsApps Microsoft.GamingService_1.39.6001.0_x64__8wekyb3d8bbwe GamingService.exe [21640 2020-03-12] (Microsoft Corporation -> Microsoft Corporation)
R2 GamingServiceNet؛ C: File Files WindowsApps Microsoft.GamingService_1.39.6001.0_x64__8wekyb3d8bbwe GamingServiceNet.exe [21640 2020-03-12] (شرکت مایکروسافت -> شرکت Microsoft)
S4 PnkBstrA؛ C: Windows system32 PnkBstrA.exe [76152 2019-04-16] (حتی Balance، Inc. ->)
S3 Sense؛ C: File Files Windows Defender Advanced Threat Protection MsSense.exe [5929920 2020-03-11] (انتشار دهنده Microsoft Windows -> Microsoft Corporation)
R2 Surfshark Service؛ C: File Files (x86) Surfshark Resources x64 nssm.exe [436688 2020-02-17] (Surfshark Ltd. -> Iain Patterson)
R3 WdNisSvc؛ C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 NisSrv.exe [3294680 2020-03-25] (انتشار دهنده Microsoft Windows -> Microsoft Corporation)
R2 WinDefend؛ C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 MsMpEng.exe [103168 2020-03-25] (انتشارات Microsoft Windows -> Microsoft Corporation)

=============== ======== درایورها (لیست سفید) ====================

(اگر مدخلی در لیست تعمیر گنجانده شده باشد ، از فهرست رجیستری حذف می شود) پرونده منتقل نمی شود مگر اینکه به طور جداگانه ذکر شود.)

R3 amdgpio2؛ C: WINDOWS System32 driver amdgpio2.sys [45832 2019-10-01] (Advanced Micro Devices INC. -> Advanced Micro Devices، Inc)
R3 amdgpio3؛ C: WINDOWS System32 driver amdgpio3.sys [24424 2016-08-12] (امضا PMP-PE CB کد امضا v20160415 -> دستگاههای پیشرفته میکرو ، وارز)
S3 amdkmafd؛ C: WINDOWS System32 driver amdkmafd.sys [58144 2017-05-16] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
S3 amdkmcsp؛ C: WINDOWS system32 DRIVERS amdkmcsp.sys [101232 2017-06-16] (شرکت Advanced Micro Devices -> Advanced Micro Devices، Inc.)
R3 amdkmdag؛ C: WINDOWS System32 DriverStore FileRepository c0346729.inf_amd64_a4e838010b04088c B346681 atikmdag.sys [60634840 2019-09-12] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
R3dd C: WINDOWS System32 DriverStore FileRepository c0346729.inf_amd64_a4e838010b04088c B346681 atikmpag.sys [598224 2019-09-12] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
Rdd C: WINDOWS System32 driver amdkmpfd.sys [102832 2019-05-31] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
R3 AMDPCIDev؛ ج: WINDOWS System32 درایورها AMDPCIDev.sys [31592 2018-04-26] (شرکت Micro Advanced Advanced – -> دستگاه های پیشرفته میکرو)
R0 amdpsp؛ C: WINDOWS System32 DRIVERS amdpsp.sys [243048 2017-06-16] (شرکت Advanced Micro Devices -> Advanced Micro Devices، Inc.)
R2 AMDRyzenMasterDriver؛ C: File Files AMD Client Profile Profile RyzenMaster AMDRyzenMasterDriver.sys [70304 2017-11-16] (Advanced Micro Devices، Inc. -> دستگاههای پیشرفته میکرو)
S3 AppleKmdfFilter؛ ج: WINDOWS System32 درایورها AppleKmdfFilter.sys [20640 2018-05-10] (ساخت WDKTestCert ، 131474841775766162 -> اپل وارز).
S3 AppleLowerFilter؛ C: WINDOWS System32 driverers AppleLowerFilter.sys [35560 2018-05-10] (ساخت WDKTestCert ، 131474841775766162 -> اپل وارز).
R3 AtiHDAudioService؛ C: WINDOWS system32 driver AtihdWT6.sys [108152 2019-07-23] (ناشر سازگاری سخت افزار سخت افزار مایکروسافت ویندوز -> دستگاه های میکرو پیشرفته)
S3 dg_ssudbus؛ C: WINDOWS system32 DRIVERS ssudbus.sys [135520 2019-07-09] (شرکت سامسونگ الکترونیک ، آموزشی ویبولیتین -> شرکت الکترونیک سامسونگ ، با مسئولیت محدود)
R1 eamonm؛ C: WINDOWS System32 DRIVERS eamonm.sys [149944 2019-11-05] (ESET، spol. s r.o. -> ESET)
R0 edevmon؛ C: WINDOWS System32 DRIVERS edevmon.sys [103264 2019-11-05] (ESET ، spol. s r.o. -> ESET)
S0 eelam؛ C: WINDOWS System32 DRIVERS eelam.sys [15800 2019-06-05] (انتشار دهنده اولیه ضد ویروس مایکروسافت ویندوز مایکروسافت -> ESET)
R1 ehdrv؛ C: WINDOWS system32 DRIVERS ehdrv.sys [189512 2019-11-05] (ESET، spol. s r.o. -> ESET)
S4 ekbdflt؛ C: WINDOWS system32 DRIVERS ekbdflt.sys [50280 2019-02-27] (ESET ، spol. s r.o. -> ESET)
S4 epfw؛ C: WINDOWS system32 DRIVERS epfw.sys [82472 2019-02-27] (ESET، spol. s r.o. -> ESET)
R1 epfwwfp؛ C: WINDOWS system32 DRIVERS epfwwfp.sys [116696 2019-12-13] (ESET ، spol. s r.o. -> ESET)
R3 gameflt؛ C: WINDOWS System32 DriverStore FileRepository gameflt.inf_amd64_1b1c9965dc1c6f0f gameflt.sys [71000 2019-12-11] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl؛ C: WINDOWS System32 driver netaapl64.sys [23040 2020-01-10] (ناشر سازگاری سخت افزار سخت افزار Microsoft Windows -> Apple Inc.)
R3 rt640x64؛ C: WINDOWS System32 driver rt640x64.sys [662528 2019-03-18] (Microsoft Windows -> Realtek)
S3 ssudmdm؛ C: WINDOWS system32 DRIVERS ssudmdm.sys [213088 2018-01-12] (Samsung Electronics Co.، LTD. -> شرکت DEVGURU ، LTD. (www.devguru.co.kr))
S3 SurfsharkSplitTunnelDriver؛ C: File Files (x86) Surfshark Resources x64 SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-02-17] (انتشار دهنده سازگاری سخت افزار مایکروسافت ویندوز ->)
S3 tap0901؛ C: WINDOWS System32 driver tap0901.sys [36168 2020-01-13] (McAfee، Inc. -> پروژه OpenVPN)
R3 tapsurfshark؛ C: WINDOWS System32 driver tapsurfshark.sys [38728 2019-05-22] (WDKTestCert Lenovo ، 131775874531219913 -> پروژه OpenVPN)
S3 USBAAPL64؛ C: WINDOWS System32 Drivers usbaapl64.sys [54784 2018-08-22] (ناشر سازگاری سخت افزار مایکروسافت ویندوز -> اپل ، شرکت.)
U5 vwifimp؛ C: Windows System32 Drivers vwifimp.sys [50176 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot؛ C: WINDOWS System32 driverers wd WdBoot.sys [45960 2020-03-25] (انتشار سریع ضد ویروس مایکروسافت ویندوز مایکروسافت -> Microsoft Corporation)
R0 WdFilter؛ C: WINDOWS System32 driver wd WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv؛ C: WINDOWS System32 driver wd WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1؛ C: WINDOWS xhunter1.sys [74552 2019-12-18] (شرکت Wellbia.com ، آموزشی ویبولیتین -> شرکت Wellbia.com ، با مسئولیت محدود)
R3 Xvdd؛ C: WINDOWS System32 DriverStore FileRepository xvdd.inf_amd64_5ef00c58b02692b7 xvdd.sys [492376 2020-02-27] (Microsoft Windows -> Microsoft Corporation)

================== == NetSvcs (Whitelisted) ===================

(در صورتيكه در فهرست تصوير گنجانده شده باشد ، آن را از رجيستري حذف مي كنيد) منتقل شود مگر اینکه به طور جداگانه ذکر شود.)

===================== یک ماه (ایجاد شده) ============= =======

(اگر یک ورودی در لیست ثابت گنجانده شود ، پرونده / پوشه منتقل می شود.)

2020-04-11 04:27 – 2020-04-11 04:30 – 000000000 ____D C: FRST
2020-04-11 04:13 – 2020-04-11 04:18 – 000000000 ____D C: Users Hung / Documents FOLDERS NEW BACKUP FK U
2020-04- 11 04:13 – 2020-04-11 04:13 – 000000000 ____D C: Users Hung Documents BACKUPS FK U
2020-04-11 03:58 – 2020-04-11 03:58 – 000000000 ____D C: ProgramData Microsoft Windows منوی شروع برنامه ها نسخه پشتیبان Cobian 11
2020-04-11 03:58 – 2020-04-11 03:58 – 000000000 ____D C: فایلهای برنامه (x86) نسخه پشتیبان تهیه Cobian 11
2020-04-07 22:04 – 2020-04-07 22:04 – 000000812 _____ C: کاربران عمومی دسک تاپ iMazing.lnk
2020- 04-07 22:04 – 2020-04-07 22:04 – 000000812 _____ C: ProgramData Desktop iMazing.lnk
2020-04-07 22:04 – 2020-04-07 22:04 – 000000000 ____D C: ProgramData مایکروسافت ویندوز منوی شروع برنامه ها iMazing
2020-04-07 19:43 – 2020-04-06 11:48 – 1007038068 _____ C: Users Hung Downloads FL. Studio.Producer.Edition.20.6.1.1513.rar
2020-04-07 19:43 – 2020-04-06 11:24 – 449680957 _____ C: Users Hung / Downloads Tableau_Desktop_Professional_Edition_2020.1.2.rar
2020-04-07 19:43 – 2020-04-06 11:17 – 1710252769 _____ C: Users Hung Downloads autodesk-autocad-2021-x64-p2p.rar
2020-04-07 19 : 43 – 2020-04-06 11:07 – 1942937253 _____ C: Users Hung Downloads ableton-live-suite-v10-1-9-multilingual-p2p.rar
2020-04-07 19: 34 – 2020-04-07 19:34 – 000001100 _____ C: کاربران آویزان دسک تاپ WinDirStat.lnk
2020-0 4-07 19:34 – 2020-04-07 19:34 – 000000000 ____D C: کاربران Hung AppData رومینگ مایکروسافت ویندوز منوی شروع برنامه ها WinDirStat
2020-04-07 19:34 – 2020-04-07 19:34 – 000000000 ____D C: Files Program (x86) WinDirStat
2020-04-06 11:08 – 2020-04-06 11:19 – 000000000 ____D C: Users آویزان اسناد بارگیریهای MEGAsync
2020-03-31 23:21 – 2020-03-31 23:21 – 000000000 ____D C: WINDOWS system32 Tasks Agent activation Runtime
2020-03-25 11 : 19 – 2020-03-25 11:19 – 000000000 ____D C: ProgramData Microsoft Windows منوی شروع برنامه ها Surfshark
2020-03-24 18:32 – 2020-03-24 18:32 – 000000000 ____D C: کاربران Hung AppData Local FPSAimTrainer
2020-03-24 17:32 – 2020-03-24 17:32 – 000000222 _____ C: Users Hung Desktop KovaaK 2.0 The Meta .url
2020-03-23 ​​15:00 – 2020-03-23 ​​15:00 – 000000000 ____D C: Users Hung AppData Local Surfshark
2020-03-23 ​​15:00 – 2020 -03-23 ​​15:00 – 000000000 ____D C: Users Hung AppData Local IsolatedStorage
2020-03-22 01:43 – 2020-03-22 01:43 – 000031053 _____ C: کاربران آویزان بارگیری ها گزارش پیشرفت تحصیلی بهار 2020.pdf
2020-03-16 20:02 – 2020 -03-16 20:04 – 000000000 ____D C: Users Hung Documents Ableton
2020-03-16 20:02 – 2020-03-16 20:02 – 000000000 ____D C: Users Hung AppData رومینگ Ableton
2020-03-16 20:02 – 2020-03-16 20:02 – 000000000 ____D C: Users Hung AppData Local Ableton
2020-03-16 19: 25 – 2020-03-16 19:25 – 000000398 __RSH C: ProgramData ntuser.pol
2020-03-13 16:23 – 2020-04-05 01:55 – 000000000 ____D C: Users Hung AppData LocalLow موزیلا
2020-03-13 16:23 – 2020-03-13 16:23 – 000000000 ____D C: کاربران Hung AppData رومینگ موزیلا
2020-03-13 16 : 23 – 2020-03-13 16:23 – 000000000 ____D C: Users Hung AppData Local Mozilla
2020-03-13 16:23 – 2020-03-13 16:23 – 000000000 ____D C : ProgramData Mozilla
2020-03-13 08:09 – 2020-03-13 08:09 – 025444352 _____ (Microsoft Corporation) C: WINDOWS system32 H ydrogen.dll
2020-03-13 08:09 – 2020-03-13 08:09 – 009930552 _____ (مایکروسافت شرکت) C: WINDOWS system32 ntoskrnl.exe
2020-03-13 08: 09 – 2020-03-13 08:09 – 007604584 _____ (Microsoft Corporation) C: WINDOWS system32 Windows.Media.Protection.PlayReady.dll
2020-03-13 08:09 – 2020-03-13 08:09 – 006520776 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 Windows.Media.Protection.PlayReady.dll
2020-03-13 08:09 – 2020-03-13 08:09 – 004563416 _____ ( شرکت مایکروسافت) C: WINDOWS system32 sppsvc.exe
2020-03-13 08:09 – 2020-03-13 08:09 – 001610240 _____ (Microsoft Corporation) C: WINDOWS system32 HologramCompositor.dll
2020-03-13 08:09 – 2020-03-13 08:09 – 001398584 _____ (شرکت مایکروسافت) ج: WINDOWS system32 hvix64.exe
2020-03-13 08:09 – 2020 -03-13 08:09 – 001077048 _____ (Microsoft Corporation) C: WINDOWS system32 hvax64.exe
2020-03-13 08:09 – 2020-03-13 08:09 – 000772096 _____ (Microsoft Corporation ) C: WI NDOWS system32 Drivers srv2.sys
2020-03-13 08:09 – 2020-03-13 08:09 – 000689152 _____ (شرکت مایکروسافت) C: WINDOWS SysWOW64 CPFilters.dll
2020 -03-13 08:09 – 2020-03-13 08:09 – 000561464 _____ (Microsoft Corporation) C: WINDOWS system32 Drivers mrxsmb.sys

============ ========= یک ماه (اصلاح شده) ===================

(اگر یک ورودی در لیست فیکس موجود باشد ، پرونده / پوشه خواهد بود نقل مکان کرد.)

2020-04-11 04:24 – 2019-03-18 21:52 – 000000000 ____D C: ProgramData regid.1991-06.com.microsoft
2020-04-11 03: 54 – 2019-02-17 19:41 – 000000000 ____D C: Users Hung AppData رومینگ Spotify
2020-04-11 03:40 – 2019-02-17 19:26 – 000000000 ____D C: کاربران Hung AppData محلی D3DSCache
2020-04-11 03:19 – 2019-08-29 01:15 – 000000000 ____D C: WINDOWS system32 SleepStudy
2020-04-10 19 : 10 – 2019-11-13 19:47 – 000003088 _____ C: WINDOWS system32 Task AMDLinkUpdate
2020-04-10 19:10 – 2019-03-18 21:52 – 000000000 ___HD C : File Files WindowsApps
2020-04-10 19:10 – 2019-03-18 21:52 – 000000000 ____D C: WINDOWS AppReadiness
2020-04-09 17:27 – 2019-02 -17 19:41 – 000000000 ____D C: Users Hung AppData Local Spotify
2020-04-07 22:52 – 2020-01-09 12:04 – 000000000 ____D C: Users Hung AppData رومینگ iMazing
2020-04-07 22:04 – 2020-01-09 12:04 – 000000000 ____D C: Users Hung AppData Local DigiDNA
2020-04-07 21: 35 – 2019-02-17 19:42 – 000000000 ____D C: Users Hung AppData رومینگ Apple Apple
2020-04-07 19:03 – 2019-11-02 21:03 – 000000000 ____D C : File Files ابزار تأیید AMDProduct
2020-04-07 19:03 – 2019-02-17 19:40 – 000000000 ____D C: Files Programs (x86) Steam
2020-04-07 00 : 37 – 2019-08-29 01:21 – 000840852 _____ C: WINDOWS system32 PerfStringBackup.INI
2020-04-07 00:37 – 2019-03-18 21:50 – 000000000 ____D C: WINDOWS INF
2020-04-07 00:33 – 2019-08-29 01:22 – 000000006 ____H C: WINDOWS Task SA.DAT
2020-04-07 00:32 – 2019-03-18 21:37 – 000524288 _____ C: WINDOWS system32 config BBI
2020-04-07 00:32 – 2019-02-17 19: 41 – 000000000 ____D C: کاربران Hung AppData رومینگ Discord
2020-04-07 00:32 – 2019-02-17 19:02 – 000065536 _____ C: WINDOWS system32 spu_storage.bin
2020-04-05 17:45 – 2019-03-18 21:52 – 000000000 ____D C: WINDOWS LiveKernelReports
2020-04-04 23:28 – 2019-02-17 19:47 – 000000000 ____D C: Users Hung AppData Local ElevatedDiagnostics
2020-04-04 23:24 – 2020-02-14 11:38 – 000000000 ____D C: Users Hung AppData Local Ubisoft پرتاب بازی
2020-04-02 03:12 – 2019-08-29 01:17 – 000000000 ____D C: Users Hung
2020-04-02 01:29 – 2019-02-17 19:08 – 000744808 ____N (شرکت مایکروسافت) C: WINDOWS system32 MpSigStub.exe
2020-03-31 02:16 – 2020-02-29 20:33 – 000000000 ____D C: Files Program (x86) Surfshark
2020-03-25 17:59 – 2020-02-29 20:32 – 000000000 ____D C: کاربران Hung AppData رومینگ Surfshark [1 9459008] 2020-03-25 11:22 – 2019-02-18 10:15 – 000000000 ____D C: WINDOWS system32 Drivers wd
2020-03-25 11:19 – 2020-02-29 20 : 33 – 000001018 _____ C: Users Public Desktop Surfshark.lnk
2020-03-25 11:19 – 2020-02-29 20:33 – 000001018 _____ C: ProgramData Desktop Surfshark.lnk
2020-03-24 17:32 – 2019-02-21 00:42 – 000000000 ____D C:UsersHungAppDataRoamingMicrosoftWindowsStart MenuProgramsSteam
2020-03 -24 13:34 – 2019-03-18 21:37 – 000032768 _____ C:WINDOWSsystem32configELAM
2020-03-18 03:14 – 2020-03-08 01:11 – 000000000 ____D C:UsersHungAppDataLocalMEGAsync
2020-03-16 20:14 – 2019-03-18 21:52 – 000000000 ____D C:WINDOWSsystem32NDF
2020-03- 16 19:25 – 2019-02-20 21:34 – 000000000 ____D C:Program FilesCommon FilesPropellerhead Software
2020-03-16 19:25 – 2018-09-15 00:33 – 000000000 ___HD C:WINDOWSsystem32GroupPolicy
2020-03-13 09:15 – 2019-03-18 21:52 – 000000000 ____D C:WINDOWSSh ellExperiences
2020-03-13 09:15 – 2019-03-18 21:52 – 000000000 ____D C:WINDOWSbcastdvr
2020-03-13 08:10 – 2019-03-18 21:37 – 000000000 ____D C:WINDOWSCbsTemp
2020-03-12 03:07 – 2019-12-11 00:37 – 000052360 _____ (Microsoft Corporation) C:WINDOWSsystem32gameplatformservices.dll
2020-03-12 03:07 – 2019-11-02 21:09 – 001340856 _____ (Microsoft Corporation) C:WINDOWSsystem32xgameruntime.dll
2020-03-12 03:07 – 2019-11-02 21:09 – 000149432 _____ (Microsoft Corporation) C:WINDOWSsystem32gameconfighelper.dll
2020-03-12 03:07 – 2019-11-02 21:09 – 000088504 _____ (Microsoft Corporation) C:WINDOWSsystem32gamingservicesproxy.dll
2020-03-12 03:07 – 2019-11-02 21:09 – 000031672 _____ (Microsoft Corporation) C:WINDOWSsystem32gamemodcontrol.exe
2020-03-12 00:05 – 2019-08-29 01:15 – 000267728 _____ C:WINDOWSsystem32FNTCACHE.DAT
2020-03-12 00:05 – 2019-02-17 19:04 – 000000000 __RHD C:UsersPublicAcco untPictures
2020-03-12 00:05 – 2019-02-17 19:04 – 000000000 ___RD C:UsersHung3D Objects
2020-03-12 00:04 – 2019-03-18 23:23 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2020-03-12 00:04 – 2019-03-18 21:52 – 000000000 ___SD C:WINDOWSsystem32DiagSvcs
2020-03-12 00:04 – 2019-03-18 21:52 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2020-03-12 00:04 – 2019-03-18 21:52 – 000000000 ____D C:WINDOWSSysWOW64setup
2020-03-12 00:04 – 2019-03-18 21:52 – 000000000 ____D C:WINDOWSSysWOW64Dism
2020-03-12 00:04 – 2019-03-18 21:52 – 000000000 ____D C:WINDOWSSystemResources
2020-03-12 00:04 – 2019-03-18 21:52 – 000000000 ____D C:WINDOWSsystem32SystemResetPlatform
2020-03-12 00:04 – 2019-03-18 21:52 – 000000000 ____D C:WINDOWSsystem32setup
2020-03-12 00:04 – 2019-03-18 21:52 – 000000000 ____D C:WINDOWSsystem32oobe
2020-03-12 00:04 – 2019-03-18 21 :52 – 000000000 ____D C:WINDOWSsystem32Dism
2020-03-12 00:04 – 2019-03-18 21:52 – 000000000 ____D C:Program FilesWindows Defender
2020-03-12 00:04 – 2019-03-18 21:37 – 000000000 ____D C:WINDOWSservicing

==================== Files in the root of some directories ========

2019-02-17 19:29 – 2019-10-28 17:38 – 000007608 _____ () C:UsersHungAppDataLocalresmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2020
Ran by Hung (11-04-2020 04:31:30)
Running from C:UsersHungAppDataLocalPackagesMicrosoft.MicrosoftEdge_8wekyb3d8bbweTempStateDownloads
Windows 10 Pro Version 1903 18362.720 (X64) (2019-08-29 08:22:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3414523710-2269299248-687328276-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-3414523710-2269299248-687328276-503 – Limited – Disabled)
Guest (S-1-5-21-3414523710-2269299248-687328276-501 – Limited – Disabled)
Hung (S-1-5-21-3414523710-2269299248-687328276-1001 – Administrator – Enabled) => C:UsersHung
WDAGUtilityAccount (S-1-5-21-3414523710-2269299248-687328276-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Disabled – Out of date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: ESET Security (Enabled – Up to date) {EC1D6F37- E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled – Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled – Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM…AMD Catalyst Install Manager) (Version: 19.9.2 – Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32…{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 – Apple Inc.)
Apple Application Support (64-bit) (HKLM…{DA78A9DC-3599-4D81-A960-B679687A6C14}) (Version: 8.3 – Apple Inc.)
Apple Mobile Device Support (HKLM…{7D606B87-0AEB-4C27-ABCE-1138EE09777B}) (Version: 13.0.0.41 – Apple Inc.)
Apple Software Update (HKLM-x32…{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 – Apple Inc.)
ASIO4ALL (HKLM-x32…ASIO4ALL) (Version: 2.14 – Michael Tippach)
Bonjour (HKLM…{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 – Apple Inc.)
Branding64 (HKLM…{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localiza tion BR (HKLM…{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM…{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM…{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM…{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM…{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM…{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM…{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM…{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM…{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM…{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM…{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM…{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.3 6535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM…{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM…{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM…{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM…{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM…{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM…{4D1D5407-9B69-6422-62 9C-8518A26004A4}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM…{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM…{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM…{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Cobian Backup 11 Gravity (HKLM-x32…CobBackup11) (Version:  – )
Discord (HKUS-1-5-21-3414523710-2269299248-687328276-1001…Discord) (Version: 0.0.306 – Discord Inc.)
ESET Security (HKLM…{F26B2665-502A-4214-B336-BB723CF74E38}) (Version: 13.0.24.0 – ESET, spol. s r.o.)
iMazing 2.11.4.0 (HKLM…iMazing_is1) (Version: 2.11.4.0 – DigiDNA)
League of Legends (HKUS-1-5-21-3414523710-2269299248-687328276-1001…Riot Game league_of_legends.live) (Version:  – Riot Games, Inc)
MEGAsync (HKLM-x32…MEGAsync) (Version:  – Mega Limited)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.21022 (HKLM-x32…{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redi stributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.24.28127 (HKLM-x32…{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 – Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) – 14.10.25008 (HKLM-x32…{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 – Microsoft Corporation)
PunkBuster Services (HKLM-x32…PunkBusterSvc) (Version: 0.993 – Even Balance, Inc.)
Revo Uninstaller 2.0.6 (HKLM…{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 – VS Revo Group, Ltd.)
Spotify (HKUS-1-5-21-3414523710-2269299248-687328276-1001…Spotify) (Version: 1.1.30.658.gf13cde74 – Spotify AB)
Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)
Surfshark (HKLM-x32…{97BF3003-CFBB-472E-A316-EF81E56A680B}) (Version: 2.6.2000 – Surfshark) Hidden
Surfshark (HKLM-x32…Surfshark 2.6.2000) (Version: 2.6.2000 – Surfshark)
Surfshark TAP Driver Windows (HKLM-x32…{2F5D753E-329B-4BE7-BD58-360214A493CB}) (Version: 1.0 – Surfshark)
Uplay (HKLM-x32…Uplay) (Version: 102.0 – Ubisoft)
WinDirStat 1.1.2 (HKU S-1-5-21-3414523710-2269299248-687328276-1001…WinDirStat) (Version:  – )
WinRAR 5.61 (64-bit) (HKLM…WinRAR archiver) (Version: 5.61.0 – win.rar GmbH)

Packages:
=========
DirectX -> C:Program FilesWindowsAppsMicrosoft.DirectXRuntime_9.29.952.0_x64__8wekyb3d8bbwe [2019-11-02] (Microsoft Corporation)
DirectX -> C:Program FilesWindowsAppsMicrosoft.DirectXRuntime_9.29.952.0_x86__8wekyb3d8bbwe [2019-11-02] (Microsoft Corporation)
Gaming Services -> C:Program FilesWindowsAppsMicrosoft.GamingServices_1.39.6001.0_x64__8wekyb3d8bbwe [2020-03-12] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
MSN Weather -> C: Program FilesWindowsAppsMicrosoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-3414523710-2269299248-687328276-1001_ClassesCLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}InprocServer32 -> C:UsersHungAppDataLocalMicrosoftOneDrive19.174.0902.0013amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-3414523710-2269299248-687328276-1001_ClassesCLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}InprocServer32 -> C:UsersHungAppDataLocalMicrosoftOneDrive19.174.0902.0013amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-3414523710-2269299248-687328276-1001_ClassesCLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}InprocServer32 -> C:UsersHungAppDataLocalMicrosoftOneDrive19.174.0902.0013amd64FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:UsersHungAppDataLocalMEGAsyncShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:UsersHungAppDataLocalMEGAsyncShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:UsersHungAppDataLocalMEGAsyncShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:UsersHungAppDataLocalMEGAsyncShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:UsersHungAppDataLocalMEGAsyncShellExtX64.dll [2020-03-18] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:UsersHungAppDataLocalMEGAsyncShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers1: [1 9459131] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:Program FilesESETESET SecurityshellExt.dll [2019-12-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersHungAppDataLocalMEGAsyncShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:Program FilesCommon FilesAppleInternet ServicesShellStreams64.dll [2020-01-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:Program FilesESETESET SecurityshellExt.dll [2019-12-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersHungAppD ataLocalMEGAsyncShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersHungAppDataLocalMEGAsyncShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersHungAppDataLocalMEGAsyncShellExtX64.dll [2020-03-18] (Mega Limited -> )
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:Program FilesAMDCNextCNextatiacm64.dll [2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C :Program FilesESETESET SecurityshellExt.dll [2019-12-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-02-05 05:24 – 2020-02-05 05:24 – 000270848 _____ () [File not signed] C:Program Files (x86)SurfsharkResourcesx32Surfshark.Firewall.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 003598336 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll
2018-03-13 04:47 – 2018-03-13 04 :47 – 000912896 _____ () [File not signed] C:Program FilesAMDPerformance Profile Clientaws-cpp-sdk-core.dll
2018-03-13 04:47 – 2018-03-13 04:47 – 003109888 _____ () [File not signed] C:Program FilesAMDPerformance Profile Clientaws-cpp-sdk-s3.dll
2015-02-19 01:13 – 2015-02-19 01:13 – 000817152 _____ () [File not signed] C:Program FilesAMDPerformance Profile ClientDevice.dll
2015-02-19 01:13 – 2015-02-19 01:13 – 003650560 _____ () [File not signed] C:Program FilesAMDPerformance Profile ClientPlatform.dll
2020-04-11 03:58 – 2013-03-07 23:07 – 000056320 _____ (Alphaleonis) [File not signed] C:Program Files (x86)Cobian Backup 11AlphaVSS.Common.dll
2020-04-11 03:58 – 2013-03-07 23:07 – 000166400 _____ (Alphaleonis) [File not signed] C:Program Files (x86)Cobian Backup 11AlphaVSS.Win2008.x64.dll
2020-04-11 03:58 – 2013-03-07 23:07 – 000009728 _____ (Luis Cobian) [File not signed] C:Program Files (x86)Cobian Backup 11CobStringList.dll
2020-04-11 03:58 – 20 13-03-07 23:27 – 002684928 _____ (Luis Cobian, CobianSoft) [File not signed] C:Program Files (x86)Cobian Backup 11cbEngine.dll
2017-09-13 23:37 – 2017-09-13 23:37 – 000026112 _____ (The Qt Company Ltd) [File not signed] C:UsersHungAppDataLocalMEGAsyncimageformatsqgif.dll
2017-09-13 23:42 – 2017-09-13 23:42 – 000033280 _____ (The Qt Company Ltd) [File not signed] C:UsersHungAppDataLocalMEGAsyncimageformatsqicns.dll
2017-09-13 23:37 – 2017-09-13 23:37 – 000027648 _____ (The Qt Company Ltd) [File not signed] C:UsersHungAppDataLocalMEGAsyncimageformatsqico.dll
2017-09-13 23:37 – 2017-09-13 23:37 – 000245760 _____ (The Qt Company Ltd) [File not signed] C:UsersHungAppDataLocalMEGAsyncimageformatsqjpeg.dll
2017-09-13 23:42 – 2017-09-13 23:42 – 000021504 _____ (The Qt Company Ltd) [File not signed] C:UsersHungAppDataLocalMEGAsyncimageformatsqsvg.dll
2017-09-13 23:42 – 2017-09-13 23:42 – 000020992 _____ (The Qt Company Ltd) [File not signed] C:UsersH ungAppDataLocalMEGAsyncimageformatsqtga.dll
2017-09-13 23:42 – 2017-09-13 23:42 – 000316416 _____ (The Qt Company Ltd) [File not signed] C:UsersHungAppDataLocalMEGAsyncimageformatsqtiff.dll
2017-09-13 23:42 – 2017-09-13 23:42 – 000019968 _____ (The Qt Company Ltd) [File not signed] C:UsersHungAppDataLocalMEGAsyncimageformatsqwbmp.dll
2017-09-13 23:42 – 2017-09-13 23:42 – 000322560 _____ (The Qt Company Ltd) [File not signed] C:UsersHungAppDataLocalMEGAsyncimageformatsqwebp.dll
2017-09-13 23:37 – 2017-09-13 23:37 – 001010688 _____ (The Qt Company Ltd) [File not signed] C:UsersHungAppDataLocalMEGAsyncplatformsqwindows.dll
2019-01-08 12:55 – 2019-01-08 12:55 – 001441280 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextplatformsqwindows.dll
2019-09-10 17:47 – 2019-09-10 17:47 – 005999104 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 006413824 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 001141760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 000339968 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 004143104 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 003840000 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 000332800 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 000113152 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll
2019-01-08 12:54 – 2019-01-0 8 12:54 – 000349184 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 080959488 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 005622272 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 000463360 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 000190464 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll
2019-01-08 12:54 – 2019-01-08 12:54 – 002825216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll
2019-01-08 12:55 – 2019-01-08 12:55 – 000053760 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraph icaleffectsprivate.dll
2019-01-08 12:55 – 2019-01-08 12:55 – 000059392 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll
2019-01-08 12:55 – 2019-01-08 12:55 – 000017408 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll
2019-01-08 12:55 – 2019-01-08 12:55 – 000330752 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll
2019-01-08 12:55 – 2019-01-08 12:55 – 000137216 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll
2019-01-08 12:55 – 2019-01-08 12:55 – 000090112 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll
2019-01-08 12:55 – 2019-01-08 12:55 – 000017920 _____ (The Qt Company Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWi ndow.2windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:WINDOWStracing:? [16]
AlternateDataStreams: C:UsersHungApplication Data:19480092594194a127310869d618ccd6 [394]
AlternateDataStreams: C:UsersHungntuser.ini:NTV [12728]
AlternateDataStreams: C:UsersHungAppDataRoaming:19480092594194a127310869d618ccd6 [394]
AlternateDataStreams: C:UsersHungAppDataLocalTemp:$DATA​ [34]
AlternateDataStreams: C:UsersPublicShared Files:VersionCache [472]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 00:31 – 2020-03-04 04:47 – 000000822 _____ C:WINDOWSsystem32driversetchosts

==================== Other Areas ===========================

(Currently there is no aut omatic fix for this section.)

HKUS-1-5-21-3414523710-2269299248-687328276-1001Control PanelDesktop\Wallpaper -> B:Downlaodsisk1sa03fz221.png
DNS Servers: 162.252.172.57 – 149.154.159.92
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM…StartupApprovedRun: => "iTunesHelper"
HKLM…StartupApprovedRun32: => "SunJavaUpdateSched"
HKUS-1-5-21-3414523710-2269299248-687328276-1001…StartupApprovedRun: => "EpicGamesLauncher"
HKUS-1-5-21-3414523710-2269299248-687328276-1001…StartupApprovedRun: => "OneDrive"
HKUS-1-5-21-3414523710-2269299 248-687328276-1001…StartupApprovedRun: => "Discord"
HKUS-1-5-21-3414523710-2269299248-687328276-1001…StartupApprovedRun: => "Spotify"
HKUS-1-5-21-3414523710-2269299248-687328276-1001…StartupApprovedRun: => "EADM"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D2FA4EBC-DB63-4DFA-9F0D-8FE744E0625D}] => (Block) C:program files (x86)hearthstonehearthstone.exe No File
FirewallRules: [{1C620D1F-205F-41FB-9201-BB4F2533D1A1}] => (Block) C:program files (x86)hearthstonehearthstone.exe No File
FirewallRules: [UDP Query User{898EF33A-46DB-4492-81B0-676544968B61}C:program files (x86)hearthstonehearthstone.exe] => (Allow) C:program files (x86)hearthstonehearthstone.exe No File
FirewallRules: [TCP Query User{5A06D445-A559-4DF6-8905-62821B77ADF9}C:program files (x86)hearthstonehearthstone.exe] => (Allow) C:program files (x86)hearthstonehearthstone.exe No File
FirewallRules: [UDP Query User{BE110B9C-1408-49B3-85E6-4573C60A95A5}C:riot gamesleague of legendsgameleague of legends.exe] => (Allow) C:riot gamesleague of legendsgameleague of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{62CADB47-AD36-46E1-9F68-80B99F5CB2E6}C:riot gamesleague of legendsgameleague of legends.exe] => (Allow) C:riot gamesleague of legendsgameleague of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D05E9253-2764-4310-9DB6-BE258A4E7F94}C:program files (x86)heroes of the stormversionsbase75132heroesofthestorm_x64.exe] => (Allow) C:program files (x86)heroes of the stormversionsbase75132heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{959C462E-E86F-494D-854D-6F887B7E6C75}C:program files (x86)heroes of the stormversionsbase75132heroesofthestorm_x64.exe] => (Allow) C:program files (x86)heroes of the stormversions base75132heroesofthestorm_x64.exe No File
FirewallRules: [{897761B1-657A-4BDF-9A03-8DDFFB1983B8}] => (Allow) C:Program Files (x86)SteamsteamappscommonDeceitbinwin_x64Deceit.exe No File
FirewallRules: [{B2E7A910-4F2D-4F10-96A7-BEF616E21903}] => (Allow) C:Program Files (x86)SteamsteamappscommonDeceitbinwin_x64Deceit.exe No File
FirewallRules: [{FCBD8E57-C6AD-4EDC-9F05-3DB57BACD002}] => (Allow) C:Riot GamesPBELeagueClient.exe No File
FirewallRules: [{BB15305C-5831-4E66-A1A8-E604A3A0BEDC}] => (Allow) C:Riot GamesPBELeagueClient.exe No File
FirewallRules: [UDP Query User{D84DEEE9-8C26-4F20-8DA7-D02E83D5940A}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.200deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.200deployleagueclient.exe No File
FirewallRules: [TCP Query User{CEA8901C-E0B7-456E-8E35-118EF74EA897}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.200deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.200deployleagueclient.exe No File
FirewallRules: [UDP Query User{A1288CE0-E87F-46F7-8E58-37793D8F7A06}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.199deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.199deployleagueclient.exe No File
FirewallRules: [TCP Query User{697E5CC2-6718-4BFF-BC3C-2423C42DCD86}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.199deployleagueclient.exe] => (Allow) C :riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.199deployleagueclient.exe No File
FirewallRules: [UDP Query User{31895957-76D3-41FF-B848-F6BDECE9B856}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.198deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.198deployleagueclient.exe No File
FirewallRules: [TCP Query User{B04EFF96-64AE-4672-9082-C168E6A7E292}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.198deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.198deployleagueclient.exe No File
FirewallRules: [UDP Query User{696C8869-630C-4C0A-8163-4670563BFD7F}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.197deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.197deployleagueclient.exe No File
FirewallRules: [TCP Query User{90552EB8-C910-467E-AB02-085379AA9767}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.197deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.197deployleagueclient.exe No File
FirewallRules: [UDP Query User{A54A182C-0A83-44D7-A47A-B38D8EFDF55E}C:program files (x86)origin gamesbattlefield 4bf4.exe] => (Allow) C:program files (x86)origin gamesbattlefield 4bf4.exe No File
FirewallRules: [TCP Query User{38598C81-0C06-45C0-8552-AF4EA1AE8705}C:program files (x86)origin gamesbattlefield 4bf4.exe] => (Allow) C:program files (x86)origin gamesbattlefield 4bf4.exe No File
FirewallRules: [{51BD655A-6791-4108-A36D-0836EA481FDE}] => (Allow) C:WindowsSysWOW64PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{BD83365C-8720-444D-986A-E62142D202F8}] => (Allow) C:WindowsSysWOW64PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{B067AF74-DA23-4AD6-8DFD-4856AD2F5779}] => (Allow) C:WindowsSysWOW64PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{14049924-419B-4232-9E24-29086A3D129B}] => (Allow) C:WindowsSysWOW64PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [UDP Query User{18D73439-5735-42E6-8784-142A34D5A962}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.196deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.196deployleagueclient.exe No File
FirewallRules: [TCP Query User{59411A62-CEC6-4F8A-AD77-11679ACC22A8}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.196deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.196deployleagueclient.exe No File
FirewallRules: [UDP Query User{B9C6B516-2ED1-4AF6-BB44-E37008FBB45E}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.195deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.195deployleagueclient.exe No File
FirewallRules: [TCP Query User{C653309F-5C8A-468A-AA05-6F1ED3C873EA}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.195deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.195deployleagueclient.exe No File
FirewallRules: [UDP Query User{A724C62D-C2C4-4A9C-BBDE-4EFE6D0CB341}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.194deployleagueclient.exe] => (Block) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.194deployleagueclient.exe No File
FirewallRules: [TCP Query User{410B4F34-2FEC-4283-A032-388B78E27B4B}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.194deployleagueclient.exe] => (Block) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.194deployleagueclient.exe No File
FirewallRules: [UDP Query User{A128E657-0843-4954-9E23-255885053D6C}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.193deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.193deployleagueclient.exe No File
FirewallRules: [TCP Query User{F6D7F78B-1D47-48F8-BB73-B7A6194BBD88}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.193deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.193deployleagueclient.exe No File
FirewallRules: [{7937D54C-1083-4DAC-B74E-976FF57FE8B6}] => (Block) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.192deployleagueclient.exe No File
FirewallRules: [{48CCFBBA-8A60-4907-AB72-FDED9C174BB0}] => (Block) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.192deployleagueclient.exe No File
FirewallRules: [UDP Query User{FF4E7450-EC1C-47B6-8CE0-ABDF5C769AFD}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.192deployleagueclient.exe] => (Allow) C:rio t gamesleague of legendsradsprojectsleague_clientreleases.0.0.192deployleagueclient.exe No File
FirewallRules: [TCP Query User{1F640A8B-5972-4469-978B-F2C5C9DE8527}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.192deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.192deployleagueclient.exe No File
FirewallRules: [UDP Query User{D306D77B-CCEB-4D0C-9A98-B31741E2E55E}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.191deployleagueclient.exe] => (Block) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.191deployleagueclient.exe No File
FirewallRules: [TCP Query User{DADA0D6F-1CE9-4D48-B783-456F383184FB}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.191deployleagueclient.exe] => (Block) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.191deployleagueclient.exe No File
FirewallRules: [{BC2334BC-9894-4F61-830C-12A0FF706816}] => (Block) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.190deployleagueclient.exe No File
FirewallRules: [{5E2F68BF-DB89-4E2B-BD26-B985D926F43D}] => (Block) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.190deployleagueclient.exe No File
FirewallRules: [UDP Query User{66FA0938-8C2A-4A23-8DEA-60D0DFE51A8D}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.190deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientrele ases.0.0.190deployleagueclient.exe No File
FirewallRules: [TCP Query User{D2452E7F-21CB-4F90-9028-89FF4EC461EA}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.190deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.190deployleagueclient.exe No File
FirewallRules: [UDP Query User{9A2240FF-2E0A-4984-BA9B-AD84DB734CFE}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.189deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.189deployleagueclient.exe No File
FirewallRules: [TCP Query User{09F4AC2F-79A8-4773-8550-66B3B5C84718}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.189deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.189deployleagueclient.exe No File
FirewallRules: [{634715EA-62C2-43DB-B9DE-E284290EF7F7}] => (Block) C:program files (x86)overwatchoverwatch.exe No File
FirewallRules: [{4E9A2AA1-FFDC-4CEE-BC0C-2DE4CAFFC460}] => (Block) C:program files (x86)overwatchoverwatch.exe No File
FirewallRules: [UDP Query User{B1911E0A-EC40-46CC-BF08-9F247E14F991}C:program files (x86)overwatchoverwatch.exe] => (Allow) C:program files (x86)overwatchoverwatch.exe No File
FirewallRules: [TCP Query User{BF46FD6D-FC51-4E0F-A7B5-DB3B9D715E8C}C:program files (x86)overwatchoverwatch.exe] => (Allow) C:program files (x86)overwatchoverwatch.exe No File
FirewallRules: [UDP Query User{11D8F62B-78FD-4E5D-AB75-E2C22CD7E1E0}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.188deployleagueclient.exe] => (Allow) C:riot gamesleague of legends radsprojectsleague_clientreleases.0.0.188deployleagueclient.exe No File
FirewallRules: [TCP Query User{DE2954E2-862B-478B-AF69-B4904BF81E41}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.188deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.188deployleagueclient.exe No File
FirewallRules: [UDP Query User{E548318B-7F6C-4812-B012-04E7EC436FF7}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.187deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.187deployleagueclient.exe No File
FirewallRules: [TCP Query User{EEDBC78E-7A49-42EF-B3EF-B0F5476BED83}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.187deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.187deployleagueclient.exe No File
FirewallRules: [UDP Query User{DDDD5521-A423-452B-AF25-CC519EAAA230}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.186deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.186deployleagueclient.exe No File
FirewallRules: [TCP Query User{1E03B9B6-375B-4882-A81D-48E5A7342A14}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.186deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.186deployleagueclient.exe No File
FirewallRules: [{FF13E7A2-DCD4-4957-AD01-6248A5871038}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corpor ation)
FirewallRules: [{BABA68A9-9E2B-43DC-8503-BB88556C7B17}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{47EB3748-D6B5-4D94-91CE-E7BAF3EA0089}] => (Block) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.184deployleagueclient.exe No File
FirewallRules: [{44C57EC0-A1A2-4972-A389-F00DB639482D}] => (Block) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.184deployleagueclient.exe No File
FirewallRules: [UDP Query User{2A46DD05-A015-4AF2-B164-AD4F0F2E0340}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.184deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.184deployleagueclient.exe No File
FirewallRules: [TCP Query User{C5A0B951-C83C-4C9C-A6ED-FC43626E221A}C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.184deployleagueclient.exe] => (Allow) C:riot gamesleague of legendsradsprojectsleague_clientreleases.0.0.184deployleagueclient.exe No File
FirewallRules: [{2B94EBCC-CD1F-4230-B506-C4D89B3644F6}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1B166643-0A11-45A5-A3E1-B80EBA4AFFAC}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Appl e Inc. -> Apple Inc.)
FirewallRules: [{276301E3-95F2-4128-84EF-46F4A5D067A8}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3580D5E7-E7D5-493F-801D-355D00A98D00}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A29C09A0-2B81-4904-A35C-00FA3C5A21D7}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)
FirewallRules: [{CC1F6DE2-7DD6-4D35-B9BD-AF5F2D80649B}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{5EB163A2-62FE-4981-AFF6-0F1C8847B3DA}C:usershungappdataroamingspotifyspotify.exe] => (Allow) C:usershungappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{E6F14224-8EBD-4A56-AC98-81DF3C667323}C:usershungappdataroamingspotifyspotify.exe] => (Allow) C:usershungappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D46DE029-D6E9-4176-862D-14102F2AE848}C:program files (x86)call of duty modern warfare betamodernwarfare.exe] => (Allow) C:program files (x86)call of duty modern warfare betamodernwarfare.exe No File
FirewallRules: [UDP Query User{F626B80A-CA18-48EA-903F-6F8999CFD08A}C:program files (x86)call of duty modern warfare betamodernwarfare.exe] => (Allow) C:program files (x86)call of duty modern warfare betamodernwarfare.exe No File
Firew allRules: [TCP Query User{87F00261-52FB-484D-AF32-6AA819F96873}C:program files (x86)overwatch_retail_overwatch.exe] => (Allow) C:program files (x86)overwatch_retail_overwatch.exe No File
FirewallRules: [UDP Query User{EE6D4B55-2FA6-491D-B1B2-FD4DC97C9666}C:program files (x86)overwatch_retail_overwatch.exe] => (Allow) C:program files (x86)overwatch_retail_overwatch.exe No File
FirewallRules: [{3BC841D4-58E5-429F-9B2A-D603F22B08BE}] => (Block) C:program files (x86)overwatch_retail_overwatch.exe No File
FirewallRules: [{6A2C2962-0031-4569-8098-3196C0D8FC1B}] => (Block) C:program files (x86)overwatch_retail_overwatch.exe No File
FirewallRules: [TCP Query User{203B6C02-1BDC-4D29-B277-21273ABE9E69}C:usershungappdataroamingspotifyspotify.exe] => (Block) C:usershungappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{F0C6D3D5-D428-4B72-9E41-62863C6CA4DB}C:usershungappdataroamingspotifyspotify.exe] => (Block) C:usershungappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{0A4062A8-8DA0-435B-A11D-FE52E65FA9C9}C:riot gamesleague of legendsgameleague of legends.exe] => (Allow) C:riot gamesleague of legendsgameleague of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{064E166F-7DD8-46BD-A271-570CD9025818}C:riot gamesleague of legendsgameleague of legends.exe] => (Allow) C:riot gamesleague of legendsgameleague of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{2B550E34-BDE7-431B-9548-40350F58EF39}C:riot gamespbegameleague of legends.exe] => (Allow) C:riot gamespbegameleague of legends.exe No File
FirewallRules: [UDP Query User{4564B000-39AB-4A74-864C-CE0C594C59F7}C:riot gamespbegameleague of legends.exe] => (Allow) C:riot gamespbegameleague of legends.exe No File
FirewallRules: [TCP Query User{3535AB90-92E5-493B-A5B8-1EF3DF4FF805}C:usershungappdatalocalcitranightly-mingwcitra-qt.exe] => (Allow) C:usershungappdatalocalcitranightly-mingwcitra-qt.exe No File
FirewallRules: [UDP Query User{58EE6466-F836-417D-B532-F9FA259601B7}C:usershungappdatalocalcitranightly-mingwcitra-qt.exe] => (Allow) C:usershungappdatalocalcitranightly-mingwcitra-qt.exe No File
FirewallRules: [{F1E7ADDF-E8C4-4EB8-BE99-929ED5FD4D5B}] => (Allow) C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1270D4EC-1EBF-4107-A20E-6A964CB1C5F7}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{54EFC043-0D92-49E0-A0E8-76F417C524D9}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1E270FC3-48D9-42CF-A093-73D71B0B3221}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F589AF7E-D212-4DDA-9A33-D2A0CA0D1EA0}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9ECF4771-344D-45A5-B3C4-AE6AB2F7E25D}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy's Rainbow Six SiegeRainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{E64DBBE2-AB2D-47FC-B2F9-AF40E1576419}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy's Rainbow Six SiegeRainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{87265F92-8C74-4A18-B84E-AC0253541BC4}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy's Rainbow Six SiegeRainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{306A8D96-CFB5-4CEE-8568-908382B165A1}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy's Rainbow Six SiegeRainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{AB9C178E-D801-42BC-8CFC-436E70389D99}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy's Rainbow Six SiegeRainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{8DE0D19E-BA40-42FE-A63B-32EA4CD34F2C}] => (Allow) C:Program Files (x86)SteamsteamappscommonTom Clancy's Rainbow Six SiegeRainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{2A3CA85D-FA32-4063-A23C-99809B10ABC7}] => (Allow) B:SteamLibrarysteamappscommonFPSAimTrainerFPSAimTrainer.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{7982A1C3-A44C-42B1-877D-99A69A136BB6}] => (Allow) B:SteamLibrarysteamappscommonFPSAimTrainerFPSAimTrainer.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{56D0BB2A-B33C-4653-8FFE-7E6FD9661C0E}B:steamlibrarysteamappscommonfpsaimtrainerfpsaimtrainerbinarieswin64fpsaimtrainer-win64-shipping.exe] => (Allow) B:steamlibrarysteamappscommonfpsaimtrainerfpsaimtrainerbinarieswin64fpsaimtrainer-win64-shipping.exe () [File not signed]
FirewallRules: [UDP Query User{4A0097C8-67F3-4C5E-BD34-1DF617E120E1}B:steamlibrarysteamappscommonfpsaimtrainerfpsaimtrainerbinarieswin64fpsaimtrainer-win64-shipping.exe] => (Allow) B:steamlibrarysteamappscommonfpsaimtrainerfpsaimtrainerbinarieswin64fpsaimtrainer-win64-shipping.exe () [File not signed]

==================== Restore Points =========================

09-04-2020 00:34:14 Scheduled Checkpoint

==================== Faulty Device Manager Devices =========== =

==================== Event log errors: ========================

Application errors:
==================
Error: (04/11/2020 04:30:01 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (27624,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (04/11/2020 04:18:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {281ddd87-6739-4283-9083-0fc8a74a840b}

Error: (04/11/2020 04:08:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (04/11/2020 03:54:31 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9488,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.[19659002]Error: (04/11/2020 03:46:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (17500,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (04/11/2020 03:31:15 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (25516,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (04/10/2020 10:52:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11124,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

Error: (04/10/2020 10:45:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (20976,R,98) TILER EPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.

System errors:
=============
Error: (04/09/2020 11:28:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (04/07/2020 05:04:36 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (04/07/2020 12:32:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly. It has done this 1 time(s).

Error: (04/06/2020 03:26:15 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (04/06/2020 03:26:02 AM) (Source: DCOM) (EventID: 10010) (User: HUNG)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (04/04/2020 06:37:03 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Error: (04/02/2020 01:19:17 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:54:10 AM on ‎4/‎2/‎2020 was unexpected.

Error: (03/31/2020 05:14:10 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Windows Defender:
===================================
Date: 2020-04-06 02:53:17.347
Description:
Controlled Folder Access blocked C:WindowsSystem32svchost.exe from making changes to memory.
Detection time: 2020-04-06T09:53:17.347Z
Path: DeviceHarddiskVolume4
Process Name: C:WindowsSystem32svchost.exe
Security intelligence Version: 1.313.861.0
Engine Version: 1.1.16900.4
Product Version: 4.18.2003.8

Date: 2020-04-06 02:41:42.227
Description:
Controlled Folder Access blocked C:WindowsSystem32svchost.exe from making changes to memory.
Detection time: 2020-04-06T09:41:42.227Z
Path: DeviceHarddiskVolume7
Process Name: C:WindowsSystem32svchost.exe
Security intelligence Version: 1.313.861.0
Engine Version: 1.1.16900.4
Product Version: 4.18.2003.8

Date: 2020-03-27 16:22:31.821
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {86A11C48-76EF-4FA3-8477-982ABCBB3C4D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-08 11:27:16.293
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {22E08B66-E7DC-47F6-BFA6-1CC688A4AFED}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-24 13:34:38.274
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware security intell igence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-03-11 18:56:06.534
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.311.918.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16800.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-04-11 04:31:08.209
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2020-04-11 04:31:08.208
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2020-04-11 04:29:42.996
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesESETESET Securityekrn.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP. dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-11 04:29:42.996
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesESETESET Securityekrn.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-11 04:29:42.991
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesESETESET Securityekrn.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-11 04:29:42.991
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesESETESET Securityekrn.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-11 04:24:34.569
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2020-04-11 04:24:34.569
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. A.30 11/06/2018
Motherboard: Micro-Star International Co., Ltd B450-A PRO (MS-7B86)
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 48%
Total physical RAM: 16335.08 MB
Available physical RAM: 8456.35 MB
Total Virtual: 31230.02 MB
Available Virtual: 15220.85 MB

==================== Drives ================================

Drive b: (HHD) (Fixed) (Total:799.87 GB) (Free:428.65 GB) NTFS
Drive c: () (Fixed) (Total:465.16 GB) (Free:214.93 GB) NTFS

\?Volume{e4fec26a-ae83-403d-88e4-5e95e23c50af} (Recovery) (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\?Volume{20435e03-4f42-4569-a976-ea171e9dbcbf} () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 by tes.
Could not read MBR for disk 2.

==================== End of Addition.txt =======================

Edited by hungmao99, Today, 07:24 AM.