نتیجه اسکن ابزار اسکن بازیابی Farbar (FRST) (x64) نسخه: 18-04-2020
Ran by John Doe (مدیر) در DESKTOP-TLKDH3O (18-04 -2020 15:56:53)
در حال اجرا از C: Users John Doe Downloads
پروفایل های بارگذاری شده: جان Doe (پروفایل های موجود: جان Doe)
بستر های نرم افزاری: ویندوز 10 نسخه خانگی 1903 18362.720 (X64 ) زبان: انگلیسی (ایالات متحده)
مرورگر پیش فرض: FF
حالت راه انداز: عادی
آموزش ابزار اسکن بازیابی Farbar: http://www.geekstogo.com/forum/topic/335081-frst- آموزش-چگونه-به-استفاده-farbar-بازیابی-اسکن-ابزار /
====================== پردازش ها (لیست سفید) ======= ========== [
(اگر یک مطلب در لیست ثابت موجود باشد ، روند بسته می شود. پرونده منتقل نمی شود.)
(Advanced Micro Devices، Inc. -> AMD ) C: Windows System32 DriverStore FileRepository͆940.inf_amd64_1ea00c8019a8594e B346681 atiesrxx.exe
(Microsoft Corporation) C: Files Programs Windows برنامه ها Microsoft.ZuneMusic_10.20022.11011.0_x64__8wekyb3d8bbwe Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe
(انتشار دهنده Microsoft Windows -> Microsoft Corporation) C: ProgramData Microsoft Windows Defender Platform 4.18.2003.8-0 MsMpEng.exe
(انتشار دهنده Microsoft Windows -> Microsoft Corporation) C: ProgramData Microsoft Windows Defender Platform 4.18.2003.8-0 NisSrv .exe
(شرکت موزیلا -> شرکت موزیلا) C: برنامه های فایلها Mozilla Firefox firefox.exe <9>
(Corp. نیمهرسانا Realtek – -> Realtek نیمه هادی) C: Windows System32 RtkAudUService64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C: File Files SUPERAntiSpyware SASCore64.exe
(Valve -> Valve Corporation) C: Files Program (x86) Files SteamService.exe
(Valve -> Valve Corporation) D: File Files Steam bin cef cef.win7x64 steamwebhelper.exe <7>
(Valve -> Valve Corporation) D: Program پرونده ها Steam steam.exe
===================== رجیستری (لیست سفید) ================= ===
(اگر یک ورودی در لیست ثابت موجود باشد ، مورد رجیستری به طور پیش فرض باز می شود یا حذف می شود. پرونده منتقل نمی شود.)
HKLM … Run: [RtkAudUService] => C: WINDOWS System32 RtkAudUService64.exe [881440 2019-08-24] (نیمه هادی Realtek Corp. -> نیمه هادی Realtek)
HKLM … Run: [WindowsDefender] => "٪ ProgramFiles٪ Windows Defender MSASCuiL.exe"
HKLM-x32 … : Run: [SDTray] => C: Files Programs (x86 ) Spybot – Search & Destroy 2 SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU S-1-5-21-2882857548-211874605-1953779821-1001 … Run: [Discord] => C: Users John Doe AppData Local Discord app-0.0.306 Discord.exe [90950968 2020-02-24] (Incord Inc -> Discord Inc.)
HKU S-1-5-21-2882857548-211874605-1953779821-1001 … Run: [Steam] => "C: Files Programs (x86) Steam steam.exe" -silent
HKU S-1-5-21-2882857548-211874605-1953779821-1001 … Run: [SUPERAntiSpyware] => C: Files Programs SUPERAntiSpyware SUPERAntiSpyware.exe [9230256 2020-03-30] (Support.com Inc -> SUPERAntiSpyware)
HKU S-1-5-21-2882857548-211874605-1953779821-1001 … Run: [FreeAC] => D: FreeAlarmClock FreeAlarmClock.exe -autorun
HKU S-1-5-21-2882857548-211874605-1953779821-1001 … Run: [Actual Multiple Monitors] => "D: چند مانیتور واقعی ActualMultipleMonitorCenter.exe "
HKU S-1-5-21-2882857548-211874605-1953779821-1001 … Run: [Web Companion] => C: Files Programs (x86) Lavasoft Web Companion Application WebCompanion.exe –minimize
HKU S-1-5-21-2882857548-211874605-1953779821-1001 … Run: [Gaijin.Net Updater] => C: Users John Doe AppData Local Gaijin Files Programme (x86) NetAgent gjagent.exe [2127104 2019-11-12] (Gaijin Network LTD -> Gaijin Entertainment)
HKU S-1-5-21-2882857548-211874605-1953779821- 1001 … Run: [Overwolf] => C: File Files (x86) Overwolf OverwolfLauncher.exe [1749848 2020-03-14] (Overwolf Ltd -> Overwolf Ltd.)
HKU S-1-5- 21-2882857548-211874605-1953779821-1001 … MountPoints2: E – "E: setup.exe"
HKU S-1-5-21-2882857548-211874605-1953779821-1001 … MountPoints2: F – "F: setup.exe"
HKLM نرم افزار مایکروسافت راه اندازی فعال اجزای نصب شده: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C: Files Program (x86) Google Chrome Application 81.0.4044.113 Installer chrmstp.exe [2020-04-16] (Google LLC -> Google LLC)
HKLM Software Wow6432Node Microsoft راه اندازی فعال مؤلفه های نصب شده: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C: Files Programs (x86) Google Chrome برنامه 76.0.3809.132 Installer chrmstp.exe" – پیکربندی-تنظیمات کاربر – فعل ورود به سیستم – سطح سیستم
BootExecute: autocheck autochk * sdnclean64.exe
======================================================================================================== =========
(اگر یک مطلب در لیست فیش موجود باشد ، از رجیستری حذف می شود). پرونده منتقل نمی شود مگر اینکه به طور جداگانه ذکر شود.)
کار: {06276654-066E-4DA6-ABDF-AC24AA8C492E – System32 Tasks Microsoft Windows Windows Defender Windows Defender Cache Maintenance => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 MpCmdRun.exe [480272 2020-03-24] (انتشار دهنده مایکروسافت ویندوز -> شرکت مایکروسافت)
وظیفه: {2196401B-4FCD-4F03-99FC-B667964D5EFE – System32 Tasks StartCN => C: File Files AMD CNext CNext cncmd.exe [61112 2019-09-10] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
کار: {408848C5-FAFD-4DC3-9533- 5E742C8B7351} – System32 Tasks Overwolf Updater Task => C: Files Program (x86) Overwolf OverwolfUpdater.exe [2463064 2020-03-14] (Overwolf Ltd -> Overwolf LTD)
Task: 61 5661AB40-32EF-4330 A -972237C77F66} – System32 Tasks Microsoft Windows Windows Defender Windows Defender Cleanup => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 MpCmdRun.exe [480272 2020-03-24] (انتشارات Microsoft Windows -> مایکروسافت پارسیان oration)
وظیفه: 2 69225F95-5044-48AE-ADCA-FEB3CE509845} – System32 Tasks AMD ThankingURL => C: File Files AMD CIM Bin64 Setup.exe [891576 2019-09-10] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc))
وظیفه: {78EAE6FC-A791-42A8-AE78-DCA27D02203B – System32 Tasks StartDVR => C: File برنامه AMD CNext CNext RSServCmd.exe [68280 2019-09-10] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
وظیفه: BC 81BCA328-B227-4016-9BE1-C99D83FAA7C7} – System32 Tasks Microsoft Windows Windows Defender Windows Defender => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 MpCmdRun.exe [480272 2020-03-24] (انتشار دهنده Microsoft Windows -> Microsoft Corporation)
وظیفه: {86C77294-3138-4AB3-9D57-A3E78560789B } – System32 Tasks GoogleUpdateTaskMachineCore => C: Files Program (x86) Google Update GoogleUpdate.exe [154920 2019-09-03] (Google Inc -> Google LLC)
Task: {A29CCF83-6ABE-4899-941D- E68B501DD781 – System32 وظایف GoogleUpdateTaskMachineUA => C: Pr ogr Files (x86) Google Update GoogleUpdate.exe [154920 2019-09-03] (Google Inc -> Google LLC)
Task: {A4FF79C1-52B8-41EB-B58C-329497DB383F – System32 Taskks Microsoft Windows Windows Defender Windows Defender Scheduled Scheduled => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 MpCmdRun.exe [480272 2020-03-24] (انتشار دهنده Microsoft Windows -> Microsoft Corporation)
وظیفه: 1 C1F38C64-6F73 -4CDC-ACD4-4A670CD786E1 – System32 Tasks AMDLinkUpdate => C: Files Programs AMD CIM BIN64 InstallManagerApp.exe [468992 2019-09-10] (Advanced Micro Devices، Inc.) [File not signed]
کار: {D928BD -4406-97D5-A342B90A1AF8} – System32 Tasks ModifyLinkUpdate => C: File files AMD CIM Bin64 InstallManagerApp.exe [468992 2019-09-10] (Advanced Micro Devices، Inc.) [File not signed]
ورودی در لیست ثابت گنجانده شده است ، پرونده کار (.job) منتقل خواهد شد. پرونده ای که توسط کار اجرا می شود منتقل نمی شود.)
===================== اینترنت (لیست سفید) ========== ============
(اگر یک مورد در لیست ثابت موجود باشد ، اگر یک مورد از رجیستری باشد ، حذف می شود یا به صورت پیش فرض بازیابی می شود.)
Tcpip Parameters: [DhcpNameServer] 24.226.130.182 205.151.67.2 205.151.67.6
Tcpip .. Interfaces {93046595-30b2-492d-898d-0c531e31cc32}:: [DhcpNameServer] 24.226.130.182 205.151.67.2 205.151.57 رابط {ab1e311f-5003-45e7-8f24-1bf331869606}: [DhcpNameServer] 205.151.67.34 205.151.67.2 205.151.67.6
Internet Explorer:
============ ====
HKU S-1-5-21-2882857548-211874605-1953779821-1001 نرم افزار مایکروسافت اینترنت اکسپلورر اصلی ، صفحه شروع = hxxp: //www.bing.com/؟ pc = COS2 و ptag = D102319-N0690A915F698E57 و فرم = CONMHP و conlogo = CT3335818
SearchScopes: HKU S-1-5-21-2882857548-211874605-1953779821-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp: / /www.bing.com/search؟pc=COS2&pt AG = D102319-N0700A915F698E57 و فرم = CONBDF و conlogo = CT3335818 و س = {searchTerms}
SearchScopes: HKU S-1-5-21-2882857548-211874605-1953779821-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp: //www.bing.com/search؟ pc = COS2 & ptag = D102319-N0700A915F698E57 & form = CONBDF & conlogo = CT3335818 & q = {searchTerms}
FireFox:
====== == F= .default
FF ProfilePath: C: کاربران John Doe AppData رومینگ موزیلا Firefox پروفایل q2dzfxli.default [2019-10-23]
FF NewTab: Mozilla Firefox پروفایل q2dzfxli.default -> hxxp: // www.bing.com/؟pc=COS2&ptag=D102319-N0600A915F698E57&form=CONMHP&conlogo=CT3335818 موفق19459003 ProfileFF ProfilePath: C: Users John Doe AppData Roaming Mozilla Firefox Profiles hzdb6 FF NewTab: Mozilla Firefox Profiles hzdb649l.default-release -> hxxp: //www.bing.com/؟ pc = COS2 & ptag = D102319-N0600A915F698E57 & form = CONMHP & conlogo = CT3335818 [19F013] hzdb649l.default-release -> hxxps : //twitter.com
FF Extension: (uBlock Origin) – C: کاربران John Doe AppData رومینگ موزیلا Firefox پروفایل های hzdb649l.default-release پسوندها [email protected] [2020-02-09]
FF Extension: (NoScript) – C: Users John Doe AppData Roaming Mozilla Firefox Profiles hzdb649l.default-release Extensions {73a6fe31-595d-460b-a920-fcc0f8843232} .xpi [19659023] FF Plugin: @ adobe.com / FlashPlayer -> C: WINDOWS system32 Macromed Flash NPSWF64_32_0_0_303.dll [2019-12-18] (Adobe Inc. ->)
FF Plugin-x32: @ adobe.com / FlashPlayer -> C: WINDOWS SysWOW64 Macromed Flash NPSWF32_32_0_0_303.dll [2019-12-18] (Adobe Inc. ->)
Chrome:
====== [
پروفایل CHR: C: کاربران John Doe AppData محلی Google Chrome داده های کاربر پیش فرض [2019-11-18]
پسوند CHR: (اسلایدها) – C: کاربران John Doe AppData محلی Google Chrome داده های کاربر پیش فرض برنامه های افزودنی aapocclcgogkmnckokdopfmhonfmgoek [2019-09-03]
CHR Extension: (Docs) – C: کاربران John Doe AppData محلی Google Chrome داده های کاربر پیش فرض الحاقات aohg hmighlieiainnegkcijnfilokake [2019-09-03]
CHR پسوند: (Google Drive) – C: کاربران John Doe AppData محلی Google Chrome داده های کاربر پیش فرض برنامه های افزودنی apdfllckaahabafndbhieahigkjlhalf [2019-09-03]
CHR پسوند: (YouTube) – (C) John Doe AppData Local Google Chrome داده های کاربر پیش فرض برنامه های افزودنی blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-03]
CHR پسوند: (برگه) – C: کاربران John Doe AppData محلی Google Chrome داده های کاربر پیش فرض ضمیمهها felcaaldnbdncclmgdcncolpebgiejap [2019-09-03]
CHR فرمت: (Google Docs آفلاین) – C: کاربران John Doe در APPDATA محلی گوگل کروم کاربر داده ها پیش فرض ضمیمهها ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-03]
CHR فرمت: (فروشگاه وب Chrome پرداختها – – C: کاربران John Doe AppData محلی Google Chrome داده های کاربر پیش فرض پسوند nmmhkkegccagdldgiimedpiccmgmieda [2019-09-03]
CHR پسوند: (Gmail) – C: کاربران John Doe AppData محلی Google Chrome داده های کاربر پیش فرض برنامه های افزودنی pjkljhegncpnkpknbcohdijeoejaedia [2019-09-03]
فرمت CHR: (Chrome Media Router) – C: کاربران John Doe Ap pData محلی Google Chrome داده های کاربر پیش فرض پسوند pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-03]
===================== خدمات (لیست سفید) ==== ================
(اگر یک مطلب در لیست فیش موجود باشد ، از رجیستری حذف می شود). پرونده منتقل نمی شود مگر اینکه به طور جداگانه ذکر شود.)
R2! SASCORE؛ C: File Files SUPERAntiSpyware SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AMD برنامه رویدادهای خارجی؛ C: WINDOWS System32 DriverStore FileRepository͆940.inf_amd64_1ea00c8019a8594e B346681 atiesrxx.exe [508008 2019-09-23] (Advanced Micro Devices، Inc. -> AMD)
S3 BEService؛ C: File Files (x86) Files Common BattlEye BEService.exe [8395968 2019-10-17] (نوآوری های BattlEye e.K. ->)
S3 OverwolfUpdater؛ C: File Files (x86) Overwolf OverwolfUpdater.exe [2463064 2020-03-14] (Overwolf Ltd -> Overwolf LTD)
R2 RtkAudioUniversalService؛ C: WINDOWS System32 RtkAudUService64.exe [881440 2019-08-24] (نیمه هادی Realtek Corp. -> نیمه هادی Realtek)
S3 SDScannerService؛ C: File Files (x86) Spybot – Search & Destroy 2 SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SDUpdateService؛ C: File Files (x86) Spybot – Search & Destroy 2 SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SDWSCService؛ C: File Files (x86) Spybot – Search & Destroy 2 SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R3 WdNisSvc؛ C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 NisSrv.exe [3294680 2020-03-24] (انتشار دهنده Microsoft Windows -> Microsoft Corporation)
R2 WinDefend؛ C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-0 MsMpEng.exe [103168 2020-03-24] (انتشارات Microsoft Windows -> Microsoft Corporation)
S2 amm_LSService؛ "D: مانیتورهای چندگانه واقعی LogonScreenService.exe" [X]
S3 EasyAntiCheat؛ "C: File Files (x86) EasyAntiCheat EasyAntiCheat.exe" [X]
S3 Origin Service Client؛ "C: File Files (x86) Origin OriginClientService.exe" [X]
S4 Origin Web Helper Service؛ "C: File Files (x86) Origin OriginWebHelperService.exe" [X]
======================= رانندگان (لیست سفید) === =================
(اگر یک مطلب در لیست فیش موجود باشد ، آن را از رجیستری حذف می کنید. پرونده منتقل نمی شود مگر اینکه جداگانه ذکر شود.) [19659002] S3 aftap0901؛ C: WINDOWS System32 driver aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> پروژه OpenVPN)
R3 amdgpio2؛ C: WINDOWS System32 driver amdgpio2.sys [45832 2019-10-01] (Advanced Micro Devices INC. -> Advanced Micro Devices، Inc)
R3 amdgpio3؛ C: WINDOWS System32 driver amdgpio3.sys [24528 2019-08-24] (امضا PMP-PE CB کد امضا v20160415 -> دستگاههای پیشرفته میکرو ، وارز)
S3 amdkmcsp؛ C: WINDOWS system32 DRIVERS amdkmcsp.sys [101232 2017-06-12] (شرکت Advanced Micro Devices -> Advanced Micro Devices، Inc.)
R3 amdkmdag؛ C: WINDOWS System32 DriverStore FileRepository͆940.inf_amd64_1ea00c8019a8594e B346681 atikmdag.sys [60634216 2019-09-23] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
R3 amdkdap؛ C: WINDOWS System32 DriverStore FileRepository͆940.inf_amd64_1ea00c8019a8594e B346681 atikmpag.sys [597608 2019-09-23] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
R0 amdkmpfd؛ C: WINDOWS System32 driver amdkmpfd.sys [102832 2019-05-31] (Advanced Micro Devices، Inc. -> Advanced Micro Devices، Inc)
R3 AMDPCIDev؛ C: WINDOWS System32 driver AMDPCIDev.sys [31592 2018-04-26] (شرکت Micro Advanced Advanced – -> دستگاه های پیشرفته میکرو)
R0 amdpsp؛ C: WINDOWS System32 DRIVERS amdpsp.sys [243056 2017-06-12] (شرکت Micro Advanced Advanced – -> Micro Devices Advanced، Inc.)
R3 AtiHDAudioService؛ C: WINDOWS system32 driver AtihdWT6.sys [108152 2019-07-24] (ناشر سازگاری سخت افزار سخت افزار Microsoft Windows -> دستگاههای پیشرفته میکرو)
S3 BCMH43XX؛ C: WINDOWS system32 DRIVERS AE2500w864.sys [2377448 2015-07-10] (شرکت Broadcom -> شرکت Broadcom)
S3 BthA2dp؛ ج: WINDOWS System32 درایور BthA2dp.sys [231936 2019-09-14] (شرکت مایکروسافت) [File not signed]
S3 netr28ux؛ C: WINDOWS System32 driver netr28ux.sys [2224128 2019-03-19] (Microsoft Windows -> MediaTek Inc.)
R3 rt640x64؛ C: WINDOWS System32 driver rt640x64.sys [1154336 2019-08-24] (Corp.-> نیمه هادی Realtek Corp. -> Realtek)
R1 SASDIFSV؛ C: File Files SUPERAntiSpyware SASDIFSV64.SYS [14928 2011-07-22] (Support.com، Inc. -> SUPERAdBlocker.com و SUPERAntiSpyware.com)
R1 SASKUTIL؛ C: File Files SUPERAntiSpyware SASKUTIL64.SYS [12368 2011-07-12] (Support.com، Inc. -> SUPERAdBlocker.com و SUPERAntiSpyware.com)
S0 WdBoot؛ C: WINDOWS System32 driver wd WdBoot.sys [45960 2020-03-24] (انتشار سریع ضد ویروس مایکروسافت ویندوز مایکروسافت -> Microsoft Corporation)
R0 WdFilter؛ C: WINDOWS System32 driver wd WdFilter.sys [391392 2020-03-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv؛ C: WINDOWS System32 driverers wd WdNisDrv.sys [59104 2020-03-24] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv؛ C: File Files (x86) Bignox BigNoxVM RT YSDrv.sys [310536 2019-08-24] (شرکت علم و فناوری آنلاین پویین دوودین ، با مسئولیت محدود -> شرکت BigNox)
========== =========== NetSvcs (Whitelisted) ====================
(اگر مدخلی در لیست ثابت وجود دارد) حذف می شود پرونده از پرونده استفاده نمی شود ، مگر اینکه به طور جداگانه ذکر شود.)
===================== یک ماه (ایجاد شده) ======= =============
(اگر یک ورودی در لیست ثابت گنجانده شود ، پرونده / پوشه منتقل می شود.)
2020-04-18 15:56 – 2020-04- 18 15:57 – 000016842 _____ C: Users John Doe Downloads FRST.txt
2020-04-18 15:56 – 2020-04-18 15:57 – 000000000 ____D C: FRST
2020-04-18 15:56 – 2020-04-18 15:56 – 002281472 _____ (Farbar) C: Users John Doe Downloads FRST64.exe
2020-04-18 15:55 – 2020- 04-18 15:55 – 002009600 _____ (Farbar) C: Users John Doe Downloads FRST.exe
2020-04-18 15:35 – 2020-04-18 15:40 – 000000121 _____ C: کاربران جان دوی دسک تاپ مهم برای hacker.txt
2020-04-17 16:50 – 2020-04-17 16:50 – 000339600 _____ C: کاربران John Doe بارگیری ها تعمیرات اساسی حزب و دستورات AI-493-1-2-6- 1587057966.zip
2020-04-17 13:45 – 2020-04-17 13:45 – 000001726 _____ C: Users John Doe Desktop TaleWorlds.MountAndBlade.Launcher – Shortcut.lnk
2020- 04-16 21:00 – 2020-04-16 21:18 – 000000000 ____D C: Mount & Blade II Bannerlord
2020-04-16 12:56 – 2020-04-16 12:56 – 000000070 _____ C : WINDOWS RAVTC.TMP
2020-04-16 12:48 – 2020-04-16 12:48 – 000000024 _____ C: Users John Doe Desktop anime.txt
2020-04- 16 11:20 – 2020-04-16 12:56 – 000000000 ____D C: Users John Doe AppData Roaming Panda Security
2020-04-16 11:20 – 2020-04-16 12:56 – 000000000 ____D C: File Files (x86) Panda Security
2020-04-16 11:12 – 2020-04-16 12:56 – 000000000 ____D C: ProgramData Panda Security
2020-04 -15 23:52 – 2020-03-16 23:57 – 000390656 _____ (Microsoft Corporation) C: WINDOWS SysWOW64 poqexec.exe [1 9459003] 2020-04-15 23:52 – 2020-03-16 23:56 – 000492544 _____ (Microsoft Corporation) C: WINDOWS system32 poqexec.exe
2020-04-14 02:56 – 2020- 04-14 02:56 – 000000000 ____D C: Users John Doe AppData Roaming WinRAR
2020-04-14 02:56 – 2020-04-14 02:56 – 000000000 ____D C: Users جان Doe AppData رومینگ مایکروسافت ویندوز منوی شروع برنامه ها WinRAR
2020-04-14 02:56 – 2020-04-14 02:56 – 000000000 ____D C: ProgramData Microsoft Windows Start منو برنامه ها WinRAR
2020-04-14 02:20 – 2020-04-14 02:20 – 000000000 ____D C: Files Programs 7-Zip
2020-04-10 17:01 – 2020 -04-10 17:11 – 000000000 ____D C: Users John Doe AppData Local ElevatedDiagnostics
2020-04-10 00:14 – 2020-04-10 00:14 – 000000000 ____D C: Users John Doe AppData Roaming Goldberg SteamEmu موجب صرفه جویی در
2020-04-03 20:48 – 2020-04-03 20:48 – 014207938 _____ C: Users John Doe Document Mount.and.Blade. 2.Bannerlord.Update.e1.0.3.7z
2020-03-30 23:50 – 2020-04-03 21:08 – 0000000 00 ____D C: کاربران John Doe Document Mount and Blade II Bannerlord
2020-03-30 23:50 – 2020-03-31 09:13 – 000000000 ____D C: ProgramData Mount and Blade II Bannerlord
2020-03-30 23:50 – 2020-03-31 08:40 – 000000000 ____D C: Users John Doe AppData Roaming SmartSteamEmu
2020-03-30 23:12 – 2020- 03-31 08:14 – 000003503 _____ C: Users John Doe Desktop config.xml
2020-03-30 18:54 – 2020-03-30 18:54 – 000001101 _____ C: Users John Doe Desktop steam – Shortcut.lnk
2020-03-30 18:48 – 2020-03-30 19:00 – 000000000 ____D C: File Files (x86) کتابخانه بخار
2020-03 -30 06:57 – 2020-03-30 06:58 – 000001629 _____ C: Users Public Desktop VALORANT.lnk
2020-03-30 06:57 – 2020-03-30 06:58 – 000001629 _____ C: ProgramData Desktop VALORANT.lnk
2020-03-27 16:38 – 2020-03-27 16:38 – 000000000 ____D C: Users John Doe AppData LocalLow Squad
2020-03-22 09:00 – 2020-03-30 23:45 – 000289568 _____ (شرکت Valve) C: WINDOWS steam_a pi64.dll
2020-03-21 07:20 – 2020-03-24 12:06 – 000000000 ____D C: Users John Doe AppData Roaming Domina
2020-03-21 06:23 – 2020-03-21 06:23 – 000000000 ____D C: Users John Doe AppData LocalLow ChainWave LLC
2020-03-19 13:31 – 2020-03-19 13:31 – 000000926 _____ C : کاربران عمومی دسک تاپ تست Overwatch.lnk
2020-03-19 13:31 – 2020-03-19 13:31 – 000000926 _____ C: ProgramData Desktop Overwatch Test.lnk
2020 -03-19 13:31 – 2020-03-19 13:31 – 000000000 ____D C: ProgramData Microsoft Windows menu menu Start Programs Test Overwatch
============ ========= یک ماه (اصلاح شده) ===================
(اگر یک ورودی در لیست فیکس موجود باشد ، پرونده / پوشه خواهد بود نقل مکان کرد.)
2020-04-18 15:50 – 2019-08-24 14:03 – 000000000 ____D C: Users John Doe AppData LocalLow Mozilla
2020-04-18 15:43 – 2019-08-24 10:07 – 000000000 ____D C: Users John Doe AppData Local Battle.net
2020-04-18 15:09 – 2019-08-24 01:54 – 000000000 ____D C: WIN DOWS system32 SleepStudy
2020-04-18 14:52 – 2020-01-29 01:06 – 000000000 ____D C: File Files (x86) Warcraft III
2020-04-18 10:45 – 2019-08-24 02:31 – 000000000 ___HD C: File Programs WindowsApps
2020-04-18 10:45 – 2019-08-24 02:31 – 000000000 ____D C: WINDOWS AppReadiness
2020-04-18 10:44 – 2019-08-24 02:31 – 000000000 ____D C: ProgramData regid.1991-06.com.microsoft
2020-04-17 13:59 – 2019-08 -24 10:08 – 000000000 ____D C: File Files (x86) Overwatch
2020-04-16 22:50 – 2020-03-13 21:30 – 000000297 _____ C: Users John Doe d4ac4633ebd6440fa397b84f1bc94a3c .7z
2020-04-16 22:50 – 2019-08-24 11:27 – 000000000 ____D C: Users John Doe AppData Local Nox
2020-04-16 22:50 – 2019-08-24 02:07 – 000000000 ____D C: Users John Doe
2020-04-16 18:50 – 2019-09-03 07:16 – 000002301 _____ C: ProgramData Microsoft Windows منوی شروع برنامه ها Google Chrome.lnk
2020-04-16 14:05 – 2019-12-16 09:14 – 000000000 ____D C : کاربران John Doe AppData محلی NoxSrv
2020-04-16 14:05 – 2019-12-16 09:14 – 000000000 ____D C: Users John Doe .BigNox
2020- 04-16 14:05 – 2019-08-24 11:29 – 000000000 ____D C: Users John Doe .android
2020-04-16 14:05 – 2019-08-24 11:28 – 000000000 ____D C: کاربران John Doe vmlogs
2020-04-16 14:04 – 2019-09-03 07:15 – 000002030 _____ C: Users Public Desktop SUPERAntiSpyware Free Edition.lnk
2020-04-16 14:04 – 2019-09-03 07:15 – 000002030 _____ C: ProgramData Desktop SUPERAntiSpyware Free Edition.lnk
2020-04-16 14:03 – 2019-11-18 06 : 07 – 000001448 _____ C: Users Public Desktop Spybot-S & D Center Start.lnk
2020-04-16 14:03 – 2019-11-18 06:07 – 000001448 _____ C: ProgramData Desktop Spybot-S&D Start Center.lnk
2020-04-16 12:56 – 2019-08-24 02:30 – 000000000 ____D C: WINDOWS INF
2020-04-16 11:20 – 2019 -08-24 02:31 – 000000000 ____D C: WINDOWS SysWOW64 GroupPolicy
2020-04-16 11:20 – 2019-08-24 02:31 – 00000 0000 ____D C: WINDOWS system32 GroupPolicy
2020-04-15 23:58 – 2019-08-24 02:28 – 000000000 ____D C: WINDOWS CbsTemp
2020-04-14 03:27 – 2019-08-24 01:59 – 000840852 _____ C: WINDOWS system32 PerfStringBackup.INI
2020-04-14 03:21 – 2019-08-24 09:56 – 000003118 _____ C: WINDOWS system32 کارها AMDLinkUpdate
2020-04-14 03:21 – 2019-08-24 09:17 – 000065536 _____ C: WINDOWS system32 spu_storage.bin
2020-04-14 03:21 – 2019-08-24 02:27 – 000524288 _____ C: WINDOWS system32 config BBI
2020-04-14 03:21 – 2019-08-24 01:54 – 000000006 ____H C: WINDOWS Task SA.DAT
2020-04-10 16:59 – 2020-03-11 03:31 – 000000000 ____D C: Users John Doe AppData Local Overwolf
2020-04-10 16: 58 – 2019-08-24 14:03 – 000000000 ____D C: Files Programs Mozilla Firefox
2020-04-10 16:54 – 2019-08-24 14:03 – 000001005 _____ C: ProgramData Microsoft ویندوز منوی شروع برنامه ها Firefox.lnk
2020-04-10 12:54 – 2019-10-23 20:02 – 000000000 ___ _D C: Users John Doe Desktop Games
2020-04-10 00:06 – 2019-11-18 17:01 – 000000000 ____D C: Users John Doe AppData Roaming uTorrent
2020-04-10 00:05 – 2020-01-16 21:54 – 000000000 ____D C: Users John Doe AppData LocalLow uTorrent
2020-04-10 00:04 – 2019-10- 23 04:47 – 000000000 ____D C: Users John Doe AppData Local BitTorrentHelper
2020-04-10 00:03 – 2019-11-18 17:01 – 000000899 _____ C: Users John Doe دسک تاپ μTorrent.lnk
2020-04-07 09:36 – 2019-08-24 10:06 – 000000000 ____D C: File Files (x86) Battle.net
2020-04-04 05 : 17 – 2020-02-27 20:43 – 000000285 _____ C: Users John Doe Desktop SumWar.txt
2020-04-03 23:27 – 2020-03-11 03:33 – 000000000 ____D ج: فایلهای برنامه (x86) Overwolf
2020-04-03 23:26 – 2019-09-03 07:15 – 000000000 ____D C: File Files SUPERAntiSpyware
2020-04-03 22: 23 – 2018-12-12 17:27 – 000721248 _____ (www.sordum.org) C: Users John Doe Desktop sRemover.exe
2020-04-03 20:36 – 2 019-08-24 09:38 – 000000000 ____D C: Users John Doe AppData Local D3DSCache
2020-04-02 20:39 – 2019-08-24 09:17 – 000744808 ____N (Microsoft Corporation ) C: WINDOWS system32 MpSigStub.exe
2020-03-31 09:17 – 2019-10-23 03:24 – 000000730 _____ C: Users Public Desktop PowerISO.lnk
2020 -03-31 09:17 – 2019-10-23 03:24 – 000000730 _____ C: ProgramData Desktop PowerISO.lnk
2020-03-31 09:17 – 2019-10-01 16:49 – 000000730 _____ C: کاربران عمومی دسک تاپ ClipGrab.lnk
2020-03-31 09:17 – 2019-10-01 16:49 – 000000730 _____ C: ProgramData Desktop ClipGrab.lnk
2020-03-30 23:42 – 2019-02-26 13:52 – 000116056 _____ (شرکت Valve) C: WINDOWS steam_api.dll
2020-03-30 19:24 – 2019-08-24 18 : 53 – 000000000 ____D C: ProgramData Microsoft Windows Menu Start Programs Steam
2020-03-30 15:21 – 2019-08-24 02:09 – 000000000 ____D C: Users John Doe AppData محلی بسته ها
2020-03-30 15:13 – 2019-08-24 18:58 – 000000000 ____D C: Progr am Files (x86) Steamworks Shared
2020-03-30 06:57 – 2020-02-20 19:55 – 000000000 ____D C: ProgramData مایکروسافت ویندوز منوی شروع برنامه ها بازی های ضد شورش
2020-03-30 06:57 – 2020-02-20 19:54 – 000000000 ____D C: Users John Doe AppData Local Riot Games
2020-03-27 17:14 – 2019-10- 01 16:49 – 000000000 ____D C: ProgramData Microsoft Windows Start menu Programs ClipGrab
2020-03-24 20:28 – 2019-08-24 01:54 – 000000000 ____D C: WINDOWS system32 Drivers wd
2020-03-21 10:50 – 2019-12-17 07:49 – 000000000 ____D C: Users John Doe Documents The Witcher 3
2020-03-20 15 : 42 – 2019-09-03 07:16 – 000003420 _____ C: WINDOWS system32 Task GoogleUpdateTaskMachineUA
2020-03-20 15:42 – 2019-09-03 07:16 – 000003296 _____ C: WINDOWS system32 Tasks GoogleUpdateTaskMachineCore
===================== پرونده ها در ریشه برخی از فهرست ها ========
2019- 08-29 01:51 – 2019-12-16 08:49 – 000000072 _____ () C: کاربران John Doe AppData محلی بروزرسانی ate_progress.txt
===================== SigCheck ========================= =====
(هیچ فیکس اتوماتیک برای پرونده هایی که تصدیق را تصویب نمی کنند وجود ندارد.)
====================== پایان FRST. txt =========================
نتیجه اسکن اضافی ابزار اسکن بازیابی Farbar (x64) نسخه: 18-04-2020
ران توسط جان Doe (18-04-2020 15:57:36)
در حال اجرا از C: کاربران جان دوی دریافت ها
نسخه 10 ویندوز 10 1903 18362.720 (X64) (2019-08-24 05:55 : 41)
حالت راه انداز: عادی
======================================== ======================
===================== حساب ها: ==== ==========================
مدیر (S-1-5-21-2882857548-211874605-1953779821-500 – مدیر – غیرفعال)
DefaultAccount (S-1-5-21-2882857548-211874605-1953779821-503 – محدود – غیر فعال)
مهمان (S-1-5-21-2882857548-211874605-1953779821-501 – محدود – غیرفعال)
جان دو (S-1-5-21-2882857548-211874605-1953779821-1001 – تبلیغ ministrator – Enabled) => C: Users John Doe
WDAGUtilityAccount (S-1-5-21-2882857548-211874605-1953779821-504 – Limited – Disabled)
========= ============ مرکز امنیت =========================
(اگر یک ورودی در لیست فیکس موجود است ، حذف خواهد شد.)
AV: Windows Defender (فعال – تا به امروز) 68 D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
================ ==== برنامه های نصب شده ======================
(فقط برنامه های تبلیغاتی تبلیغاتی با پرچم "پنهان" می توانند به لیست رفع اضافه شوند تا از آنها جدا نشوند. . برنامه های تبلیغاتی مزاحم باید به صورت دستی حذف شوند.)
µTorrent (HKU S-1-5-21-2882857548-211874605-1953779821-1001 … uTorrent) (نسخه: 3.5.5.45628 – BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM … 7-Zip) (نسخه: 19.00 – ایگور پاولوف)
مانیتور چندگانه واقعی 8.14.1 (HKLM-x32 … واقعی Multiple Monitors_is1) (نسخه: 8.14.1 – ابزارهای واقعی)
Adobe Flash Player 32 NPAPI (HKLM-x32 … Adobe Flash Player NPAPI) (نسخه: 32.0.0.303 – Adobe)
نرم افزار AMD (HKLM . .. AMD مدیر نصب کاتالیست AMD) (نسخه: 19.9.2 – دستگاه های پیشرفته میکرو ، شرکت)
Battle.net (HKLM-x32 … Battle.net) (نسخه: – سرگرمی بلیزارد)
Branding64 (HKLM … {EE2AFCE4-0238-4DE0-A140-1647021627C1) (نسخه: 1.00.0001 – Advanced Micro Devices، Inc.) مخفی
Call of Duty Modern Warfare (HKLM-x32 . .. Call of Duty Modern Warfare) (نسخه: – سرگرمی بلیزارد)
مرکز کنترل کاتالیزور محلی سازی بعدی BR (HKLM … E7AA1A02-575C-14C6- FBEF-4BE6D46A5B74}) (نسخه: 2017.0424.2119.36535 – Advanced Micro Devices، Inc.) پنهان
مرکز کنترل کاتالیزور محلی سازی بعدی CHS (HKLM … EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9 Version) : 2017.0424.2119.36535 – Advanced Micro Devices، Inc.) Hidden
مرکز کنترل کاتالیزور محلی سازی بعدی CHT (HKLM … {B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (نسخه: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM…{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM…{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM…{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM…{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM…{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM…{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM…{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM…{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM…{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) H idden
Catalyst Control Center Next Localization JA (HKLM…{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM…{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM…{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM…{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM…{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM…{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424. 2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM…{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM…{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM…{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 – Advanced Micro Devices, Inc.) Hidden
ClipGrab 3.8.11 (HKLM-x32…{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: – The ClipGrab Project)
Darkest Dungeon The Color of Madness (HKLM-x32…Darkest Dungeon The Color of Madness_is1) (Version: – )
Destiny 2 (HKLM-x32…Destiny 2) (Version: – Blizzard Entertainment)
Diablo III (HKLM-x32…Diablo III) (Version: – Blizzard Entertainment)
Discord (HKUS-1-5-21-28 82857548-211874605-1953779821-1001…Discord) (Version: 0.0.306 – Discord Inc.)
Dragon Ball Z Kakarot (HKLM-x32…Dragon Ball Z Kakarot_is1) (Version: – )
Epic Games Launcher (HKLM-x32…{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 – Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM…{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden
Free Alarm Clock (HKLM-x32…{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 – Comfort Software Group)
Google Chrome (HKLM-x32…Google Chrome) (Version: 81.0.4044.113 – Google LLC)
Google Update Helper (HKLM-x32…{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 – Google LLC) Hidden
Google Update Helper (HKLM-x32…{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 – Google Inc.) Hidden
GPU Temp version 1.0 (HKLM-x32…{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Versi on: 1.0 – gputemp.com)
Launcher Prerequisites (x64) (HKLM-x32…{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden
League of Legends (HKUS-1-5-21-2882857548-211874605-1953779821-1001…Riot Game league_of_legends.live) (Version: – Riot Games, Inc)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM…{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) – 14.14.26429 (HKLM-x32…{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 – Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) – 14.16.27033 (HKLM-x32…{624ba875-fdfc-4efa-9c66-b170dfebc3ec}) (Version: 14.16.27033.0 – Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32…{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 – Microsoft Corporation)
Mount and Blade – Warband (HKLM-x32…1207666913_is1) (Version: 2.2.0.10 – GOG.com)
Mozilla Firefox 75.0 (x64 en-CA) (HKLM…Mozilla Firefox 75.0 (x64 en-CA)) (Version: 75.0 – Mozilla)
No Mans Sky Synthesis (HKLM-x32…No Mans Sky Synthesis_is1) (Version: – )
Nox APP Player (HKLM-x32…Nox) (Version: 6.5.0.3 – Duodian Technology Co. Ltd.)
OBS Studio (HKLM-x32…OBS Studio) (Version: 24.0.3 – OBS Project)
OpenAL (HKLM-x32…OpenAL) (Version: – )
Origin (HKLM-x32…Origin) (Version: 10.5.50.31938 – Electronic Arts, Inc.)
Overwatch (HKLM-x32…Overwatch) (Version: – Blizzard Entertainment)
Overwatch Test (HKLM-x32…Overwatch Test) (Version: – Blizzard Entertainment)
Overwolf (HKLM-x32…Overwolf) (Version: 0.143.0.24 – Overwolf Ltd.)
Phoenix Point (HKUS-1-5-21-2882857548-211874605-1953779821-1001…Phoenix Point) (Version: – HOODLUM)
PowerISO (HKLM-x32…PowerISO) (Version: 7.5 – Power Software Ltd)
Realtek Ethernet Controller Driver (HKLM-x32…{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.35.510.2019 – Realtek)
Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8730.1 – Realtek Semiconductor Corp.)
RimWorld Royalty (HKLM-x32…RimWorld Royalty_is1) (Version: – )
Spybot – Search & Destroy (HKLM-x32…{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 – Safer-Networking Ltd.)
Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)
SUPERAntiSpyware (HKLM…{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1042 – SUPERAntiSpyware.com)
TFTactics (HKUS-1-5-21-2882857548-211874605-1953779821-1001…Overwolf_delfmdadipjjmpajblkalfkbebcbldbknecigjpc) (Version: 1.0.4 – Overwolf app)
The Outer Worlds (HKLM-x32…The Outer Worlds_is1) (Version: – )
The Witcher 3 – Wild Hunt – Game of the Year Edition (HKLM-x32…1495134320_is1) (Version: 1.30.0.0 – GOG.com)
VALORANT (HKUS-1-5-21-2882857548-211874605-1953779821-1001…Riot Game valorant.live) (Version: – Riot Games, Inc)
VLC media player (HKLM-x32…VLC media player) (Version: 3.0.8 – VideoLAN)
War Thunder Launcher 1.0.3.179 (HKUS-1-5-21-2882857548-211874605-1953779821-1001…{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: – Gaijin Entertainment)
Warcraft III (HKLM-x32…Warcraft III) (Version: – Blizzard Entertainment)
WinRAR 5.90 (64-bit) (HKLM…WinRAR archiver) (Version: 5.90.0 – win.rar GmbH)
Packages:
=========
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-16] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-20] (Microsoft Corporation)
Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.3.183.0_x64__dt26b99r8h8gj [2020-02-16] (Realtek Semiconductor Corp)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-2882857548-211874605-1953779821-1001_ClassesCLSID{00020420-0000-0000-C000-000000000046}InprocServer32 -> C:WINDOWSsystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-2882857548-211874605-1953779821-1001_ClassesCLSID{00020421-0000-0000-C000-000000000046}InprocServer32 -> C:WINDOWSsystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-2882857548-211874605-1953779821-1001_ClassesCLSID{00020422-0000-0000-C000-000000000046}InprocServer32 -> C:WINDOWSsystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-2882857548-211874605-1953779821-1001_ClassesCLSID{00020423-0000-0000-C000-000000000046}InprocServer32 -> C:WINDOWSsystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-2882857548-211874605-195377 9821-1001_ClassesCLSID{00020424-0000-0000-C000-000000000046}InprocServer32 -> C:WINDOWSsystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-2882857548-211874605-1953779821-1001_ClassesCLSID{00020425-0000-0000-C000-000000000046}InprocServer32 -> C:WINDOWSsystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-2882857548-211874605-1953779821-1001_ClassesCLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}InprocServer32 -> C:UsersJohn DoeAppDataLocalMicrosoftOneDrive19.123.0624.0005amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-2882857548-211874605-1953779821-1001_ClassesCLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}InprocServer32 -> C:UsersJohn DoeAppDataLocalMicrosoftOneDrive19.123.0624.0005amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-2882857548-211874605-1953779821-1001_ClassesCLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} InprocServer32 -> C:UsersJohn DoeAppDataLocalMicrosoftOneDrive19.123.0624.0005amd64FileSyncShell64.dll => No File
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => D:PowerISOPWRISOSH.DLL -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:Program Filesrarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:Program Filesrarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => D:PowerISOPWRISOSH.DLL -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:Program FilesAMDCNextCNextatiacm64.dll [2019-09-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => D:Power ISOPWRISOSH.DLL -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:Program Filesrarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:Program Filesrarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:UsersJohn DoeAppDataLocalTemp:$DATA [16]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Intern et Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKUS-1-5-21-2882857548-211874605-1953779821-1001…localhost -> localhost
IE trusted site: HKUS-1-5-21-2882857548-211874605-1953779821-1001…webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-08-24 02:31 – 2019-08-24 02:30 – 000000824 _____ C:WINDOWSsystem32driversetchosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKUS-1-5-21-2882857548-211874605-1953779821-1001Control PanelDesktop\Wallpaper -> C:WINDOWSwebwallpaperWindowsimg0.jpg
DNS Servers: 24.226.130.182 – 205.151.67.2
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPol iciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM…StartupApprovedRun: => "SecurityHealth"
HKLM…StartupApprovedRun: => "WindowsDefender"
HKLM…StartupApprovedRun32: => "SDTray"
HKLM…StartupApprovedRun32: => "PSUAMain"
HKUS-1-5-21-2882857548-211874605-1953779821-1001…StartupApprovedRun: => "Discord"
HKUS-1-5-21-2882857548-211874605-1953779821-1001…StartupApprovedRun: => "OneDrive"
HKUS-1-5-21-2882857548-211874605-1953779821-1001…StartupApprovedRun: => "Steam"
HKUS-1-5-21-2882857548-211874605-1953779821-1001…StartupApprovedRun: => "Actual Multiple Monitors"
HKUS-1-5-21-2882857548-211874605-1953779821-1001…StartupApprovedRun: => "FreeAC"
HKUS-1-5-21-2882857548-211874605-1953779821-1001…StartupApprovedRun: => "SUPERAntiSpyware"
HKUS-1-5-21-2882857548-211874605-1953779821-1001…StartupApprovedRun: => "EpicGamesLauncher"
HKUS-1-5-21-2882857548-211874605-1953779821-1001…StartupApprovedRun: => "Web Companion"
HKUS-1-5-21-2882857548-211874605-1953779821-1001…StartupApprovedRun: => "Gaijin.Net Updater"
HKUS-1-5-21-2882857548-211874605-1953779821-1001…StartupApprovedRun: => "Overwolf"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5505C5B3-E8B7-42C5-BCB4-5158A5B143F0}] => (Allow) C:Program Files (x86)Origin GamesApexEasyAntiCheat_launcher.exe No File
FirewallRules: [{6A5FC19A-A409-40FC-970D-3F1C9D5C5AF7}] => (Allow) C:Program Files (x86)Origin GamesApexEasyAntiCheat_launcher.exe No File
FirewallRules: [TCP Query User{A563C31D-93F1-45DE-9C1C-012ABE97A1E2}C:program files (x86)overwatch_retail_overwatch.exe] => (Allow) C:program files (x86)overwatch_retail_overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{3DA1CA74-29AC-48EF-A9D7-AB097336C8F7}C:program files (x86)overwatch_retail_overwatch.exe] => (Allow) C:program files (x86)overwatch_retail_overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{6CE0F517-BEB5-48E7-9EF7-4E0432125944}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C02758C6-E38A-4417-91E5-4A8BBB17E28C}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8895E9AA-16B4-45B2-AFCF-457CCFF7483A}] => (Allow) C:Program Files (x86)SteamSteam.exe No File
FirewallRu les: [{E7A85DDB-0637-4429-B5B9-22A63D6981EF}] => (Allow) C:Program Files (x86)SteamSteam.exe No File
FirewallRules: [{6373FD0D-1F3B-4AC7-BBA9-7EDAA2938ECD}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe No File
FirewallRules: [{70302C30-693E-4D6B-90A8-B95C8B892A38}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe No File
FirewallRules: [{989B0B70-E967-41AA-8706-68B368E670E8}] => (Allow) C:Program Files (x86)SteamsteamappscommonARKShooterGameBinariesWin64ShooterGame_BE.exe No File
FirewallRules: [{4E3EFAA0-B2D5-4674-831A-FEE225C2CCEE}] => (Allow) C:Program Files (x86)SteamsteamappscommonARKShooterGameBinariesWin64ShooterGame_BE.exe No File
FirewallRules: [{95BD1358-FF63-4D5F-A779-9BBE0E2426A3}] => (Allow) C:Program Files (x86)SteamsteamappscommonARKShooterGameBinariesWin64ShooterGame.exe No File
FirewallRules: [{32AA2C7F-38B4-4738-BFE7-062DBD8C8A14}] => (Allow) C:Program Files (x86)SteamsteamappscommonARKShooterGameBinariesWin64ShooterGame.exe No File
FirewallRules: [TCP Query User{3019539A-D6EE-444A-A549-051FB54D66F6}C:program files (x86)overwatch_retail_overwatch.exe] => (Allow) C:program files (x86)overwatch_retail_overwa tch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{39363286-27BB-49F8-891E-7D4F4A70D64D}C:program files (x86)overwatch_retail_overwatch.exe] => (Allow) C:program files (x86)overwatch_retail_overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{B5634922-D66D-43CA-9607-9CDAFB07BFB4}C:program files (x86)origin gamesapexr5apex.exe] => (Allow) C:program files (x86)origin gamesapexr5apex.exe No File
FirewallRules: [UDP Query User{B35B7046-1C51-4C4D-90B0-E7271F473321}C:program files (x86)origin gamesapexr5apex.exe] => (Allow) C:program files (x86)origin gamesapexr5apex.exe No File
FirewallRules: [{9C7015DB-5969-4CD6-B117-1D91E13FAEA4}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe No File
FirewallRules: [{4111DF6C-8B1B-4D54-AA15-CB26FD6DF362}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe No File
FirewallRules: [TCP Query User{F76EBA72-A7BD-4528-8547-0845B4B4D6FE}D:diablo iiix64diablo iii64.exe] => (Allow) D:diablo iiix64diablo iii64.exe No File
FirewallRules: [UDP Query User{29B708FC-FA59-4B6E-A120-B6BC89185AAB}D:diablo iiix64diablo iii64.exe] => (Allow) D:diablo iiix64diablo iii64.exe No File
FirewallRules: [{56A4AE96-55CB-497B-91FF-8BC1CB1B4AD3}] => (Allow) D:SteamLibrarysteamappscommonF13GameEAC_Launcher.exe No File
FirewallRules: [{625185C7-9CCD-4EF7-A9D7-0D2F5454C8BE}] => (Allow) D:SteamLibrarysteamappscommonF13GameEAC_Launcher.exe No File
FirewallRules: [{F021B817-4C61-431D-814F-643D153C808E}] => (Allow) D:SteamLibrarysteamappscommonSkyrim Special EditionSkyrimSELauncher.exe No File
FirewallRules: [{352BD84B-7807-419A-BBA1-583BC4158B39}] => (Allow) D:SteamLibrarysteamappscommonSkyrim Special EditionSkyrimSELauncher.exe No File
FirewallRules: [{031BB861-4999-4DF1-BE82-2F4816F63465}] => (Allow) D:SteamLibrarysteamappscommonSid Meier's Civilization VILaunchPadLaunchPad.exe No File
FirewallRules: [{E824DF6E-B63A-46E1-BC08-A0771B1C46DD}] => (Allow) D:SteamLibrarysteamappscommonSid Meier's Civilization VILaunchPadLaunchPad.exe No File
FirewallRules: [{D8B6EC5F-BD6C-44A6-A203-D60BB0A3607B}] => (Allow) D:SteamLibrarysteamappscommonSid Meier's Civilization VLaunchPadLaunchPad.exe No File
FirewallRules: [{57059BE1-F1D7-418B-8F89-198AC2EE1FF9}] => (Allow) D:SteamLibrarysteamappscommonSid Meier's Civilization VLaunchPadLaunchPad.exe No File
FirewallRules: [{A9B7661E-CBB9-4609-9D35-1BC6767584D6}] => (Allow) D:SteamLibrarysteamappscommonLeft 4 Dead 2left4dead 2.exe No File
FirewallRules: [{981A69DC-AF20-41E2-B422-800BD171675E}] => (Allow) D:SteamLibrarysteamappscommonLeft 4 Dead 2left4dead2.exe No File
FirewallRules: [{18D768A3-6417-4F4E-96B0-E636D633C6CF}] => (Allow) D:SteamLibrarysteamappscommonSouth Park The Fractured But WholeSouthPark_TFBW.exe No File
FirewallRules: [{8D86A529-86EE-42FE-BB22-BCBCC68BE80E}] => (Allow) D:SteamLibrarysteamappscommonSouth Park The Fractured But WholeSouthPark_TFBW.exe No File
FirewallRules: [{B2B1CF81-070C-4175-B442-46FE276A5FB5}] => (Allow) D:SteamLibrarysteamappscommonTerrariaTerraria.exe No File
FirewallRules: [{20588C88-007E-403C-A75C-E5083F9DCF7C}] => (Allow) D:SteamLibrarysteamappscommonTerrariaTerraria.exe No File
FirewallRules: [{6A167F5B-63FC-4BBF-B5C7-85B85A3B48E2}] => (Allow) D:SteamLibrarysteamappscommonL.A.NoireLANLauncher.exe No File
FirewallRules: [{4C967074-784B-46A9-AA80-D199AF258F11}] => (Allow) D:SteamLibrarysteamappscommonL.A.NoireLANLauncher.exe No File
FirewallRules: [{D85F3D61-5189-4625-89CA-557A5DE4BA3F}] => (Allow) D:SteamLibrarysteamappscommondiriptideDeadIslandGame_x86_rwdi.exe No File
FirewallRu les: [{42C1019F-9EC2-450C-8FE1-3F9214B9DB3C}] => (Allow) D:SteamLibrarysteamappscommondiriptideDeadIslandGame_x86_rwdi.exe No File
FirewallRules: [{2B1001C6-F9CC-401A-9C8D-DE36F31AAD8C}] => (Allow) D:SteamLibrarysteamappscommonWar Thunderlauncher.exe No File
FirewallRules: [{9A510A59-DDEF-4774-BE5C-63509F3EAC88}] => (Allow) D:SteamLibrarysteamappscommonWar Thunderlauncher.exe No File
FirewallRules: [TCP Query User{1D3E0F7B-498D-4A5B-ADAA-A698FCB19223}D:steamlibrarysteamappscommon7 days to die7daystodie.exe] => (Allow) D:steamlibrarysteamappscommon7 days to die7daystodie.exe No File
FirewallRules: [UDP Query User{D6185B7E-E2C7-420D-961E-7595AD373851}D:steamlibrarysteamappscommon7 days to die7daystodie.exe] => (Allow) D:steamlibrarysteamappscommon7 days to die7daystodie.exe No File
FirewallRules: [{85031F02-4A46-44C9-8CB7-D5BA8E383B94}] => (Allow) C:Program Files (x86)Steamsteamappscommon7 Days To Die7dLauncher.exe No File
FirewallRules: [{817A4F5D-0B4C-4598-B6B7-0D1F6B961737}] => (Allow) C:Program Files (x86)Steamsteamappscommon7 Days To Die7dLauncher.exe No File
FirewallRules: [TCP Query User{FAC6E9F4-59E4-42DA-9020-23272E881C0A}C:program files (x86)steamsteamappscommon7 days to die7daystodie.exe] => (Allow) C:program files (x86)steamsteamappscommon7 days to die7daystodie.exe No File
FirewallRules: [UDP Query User{EFA4D26A-2E88-422F-803A-587EB984C5EF}C:program files (x86)steamsteamappscommon7 days to die7daystodie.exe] => (Allow) C:pr ogram files (x86)steamsteamappscommon7 days to die7daystodie.exe No File
FirewallRules: [TCP Query User{D5FA91D7-93A8-491B-80FF-04AC572E2A3E}C:program fileswarcraft iiix86_64warcraft iii.exe] => (Allow) C:program fileswarcraft iiix86_64warcraft iii.exe No File
FirewallRules: [UDP Query User{57D08862-22DF-4FB9-AFE1-B96014B8E5AE}C:program fileswarcraft iiix86_64warcraft iii.exe] => (Allow) C:program fileswarcraft iiix86_64warcraft iii.exe No File
FirewallRules: [TCP Query User{464715CD-D1BF-4F30-B449-61C1B5A69548}C:program filesepic gamesdauntlessarchonbinarieswin64dauntless-win64-shipping.exe] => (Allow) C:program filesepic gamesdauntlessarchonbinarieswin64dauntless-win64-shipping.exe No File
FirewallRules: [UDP Query User{FA813346-9338-4A6C-8F29-CBD0E3ABFB86}C:program filesepic gamesdauntlessarchonbinarieswin64dauntless-win64-shipping.exe] => (Allow) C:program filesepic gamesdauntlessarchonbinarieswin64dauntless-win64-shipping.exe No File
FirewallRules: [TCP Query User{198FE9C3-D2C7-4ED7-8941-3F6E8F3EF414}D:subnauticasubnautica.exe] => (Allow) D:subnauticasubnautica.exe No File
FirewallRules: [UDP Query User{9723493C-2951-453B-8376-EFD372553191}D:subnauticasubnautica.exe] => (Allow) D:subnauticasubnautica.exe No File
FirewallRules: [{E6835885-AF57-4597-A558-3BBFCD7E3E66}] => (Allow) C:UsersJohn DoeAppDataRoaminguTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{2299C355-DAE3-436F-842A-B99A4B67C935}] => (Allow) C:UsersJohn DoeAppDataRoaminguTorrentuTorrent.exe (BitTorrent In c -> BitTorrent Inc.)
FirewallRules: [{93682728-96B3-41CB-993D-BD5FE33517C2}] => (Allow) D:SteamLibrarysteamappscommonWarhammer Vermintide 2launcherLauncher.exe No File
FirewallRules: [{524A3D23-7509-47FE-9393-B5C56D5327A2}] => (Allow) D:SteamLibrarysteamappscommonWarhammer Vermintide 2launcherLauncher.exe No File
FirewallRules: [TCP Query User{0ADF1611-0931-4ECA-8D80-97C0959CE005}D:steamlibrarysteamappscommonwar thunderwin64aces.exe] => (Allow) D:steamlibrarysteamappscommonwar thunderwin64aces.exe No File
FirewallRules: [UDP Query User{E9AA054D-CADF-4A50-BED6-2AA77CCC440D}D:steamlibrarysteamappscommonwar thunderwin64aces.exe] => (Allow) D:steamlibrarysteamappscommonwar thunderwin64aces.exe No File
FirewallRules: [TCP Query User{61157C63-5CD9-4DBD-A6D3-786681C48CF8}D:phoenix pointphoenixpointwin64.exe] => (Allow) D:phoenix pointphoenixpointwin64.exe No File
FirewallRules: [UDP Query User{85F0E357-AEA2-4B9A-9F01-321D44EDE6D9}D:phoenix pointphoenixpointwin64.exe] => (Allow) D:phoenix pointphoenixpointwin64.exe No File
FirewallRules: [TCP Query User{561A5D9E-0A19-4514-A0BA-831B5CA66987}C:program files (x86)battle.netbattle.net.exe] => (Allow) C:program files (x86)battle.netbattle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{444F4EEE-F931-4C02-B189-C7AFEA16BFB7}C:program files (x86)battle.netbattle.net.exe] => (Allow) C:program files (x86)battle.netbattle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainme nt)
FirewallRules: [{4B3F675C-B60C-4B0D-A7B8-B888AD530AD3}] => (Allow) D:NoxbinNox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{38C4A098-33F1-459F-A14E-A92D7C9EAD25}] => (Allow) C:Program Files (x86)BignoxBigNoxVMRTNoxVMHandle.exe (Nox Limited -> BigNox Corporation)
FirewallRules: [{51231AC1-F22B-48C6-B980-3E9958515662}] => (Allow) D:SteamLibrarysteamappscommonVRChatVRChat.exe No File
FirewallRules: [{5EFB71DF-686E-4479-95ED-07D361746BB2}] => (Allow) D:SteamLibrarysteamappscommonVRChatVRChat.exe No File
FirewallRules: [{1B760F6A-780C-4093-86B7-E2E1D9713DB5}] => (Allow) D:SteamLibrarysteamappscommonPath of ExilePathOfExileSteam.exe No File
FirewallRules: [{E274F29B-7188-43CD-B231-C423105DA935}] => (Allow) D:SteamLibrarysteamappscommonPath of ExilePathOfExileSteam.exe No File
FirewallRules: [TCP Query User{ADCAA6C9-A725-4099-AF4D-7F5F13F5829D}D:gameshearthstonehearthstone.exe] => (Allow) D:gameshearthstonehearthstone.exe No File
FirewallRules: [UDP Query User{1FA89D0B-CA1C-459D-946C-DBF62C83B6CE}D:gameshearthstonehearthstone.exe] => (Allow) D:gameshearthstonehearthstone.exe No File
FirewallRules: [TCP Query User{AC0DB559-B541-4A98-A823-C6AD69F14463}C:program files (x86)warcraft iiix86_64warcraft iii.exe] => (Allow) C:program files (x86)warcraft iiix86_64warcraft iii.exe (Bli zzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [UDP Query User{CDDDDCC0-4AE4-4902-A3C4-F5A20351D81F}C:program files (x86)warcraft iiix86_64warcraft iii.exe] => (Allow) C:program files (x86)warcraft iiix86_64warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [TCP Query User{3A803F00-AEC6-460C-A74A-50D45D2B88EF}D:call of duty modern warfaremodernwarfare.exe] => (Allow) D:call of duty modern warfaremodernwarfare.exe No File
FirewallRules: [UDP Query User{9F30749F-8F5B-408D-8317-D8F54B67867B}D:call of duty modern warfaremodernwarfare.exe] => (Allow) D:call of duty modern warfaremodernwarfare.exe No File
FirewallRules: [TCP Query User{25F274AF-CFBD-47A6-9613-200CA5351F54}C:program files (x86)overwatch_ptr_overwatch.exe] => (Allow) C:program files (x86)overwatch_ptr_overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{C0159EE6-82A8-42F5-80F5-057CB8A960C5}C:program files (x86)overwatch_ptr_overwatch.exe] => (Allow) C:program files (x86)overwatch_ptr_overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{95C2DAC9-8994-4594-A021-A5006C37FDC1}] => (Block) C:Program Files (x86)Overwolf�.143.0.24OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{A2859287-A6BE-48DA-92B8-722E22885FF0}] => (Block) C:Program Files (x86)Overwolf�.143.0.24OverwolfBrowser.exe (Overwo lf Ltd -> Overwolf LTD)
FirewallRules: [{CD91297E-7D88-418B-BF1B-E67ABF6D4F39}] => (Allow) C:Program Files (x86)Overwolf�.143.0.24OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{EB3D7829-EFCF-4C66-8B96-60918D11F556}] => (Allow) C:Program Files (x86)Overwolf�.143.0.24OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{02F8A3CA-86A3-4337-9081-6AA10D962011}] => (Block) C:Program Files (x86)Overwolf�.143.0.24OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{3331EF51-70C9-47CA-89AD-DAE089092D38}] => (Block) C:Program Files (x86)Overwolf�.143.0.24OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{0ECC9ED2-4307-4FC7-877F-13E3B8EF1F90}] => (Block) C:Program Files (x86)Overwolf�.143.0.24OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{58B3CD8C-BF3D-4987-A621-BC65DF391F52}] => (Block) C:Program Files (x86)Overwolf�.143.0.24OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [TCP Query User{6C9D55EE-010E-4678-A2FB-230F11D153C8}D:program filessteamsteam.exe] => (Allow) D:program filessteamsteam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{932EC6CD-815D-41E2-854F-954AC6BEAE21}D:program filessteamsteam.exe] => (Allow) D:program filessteamsteam.exe (Valve -> Valve Corporation)
FirewallRules: [{CEEC7C0D-DE27-40AD-9493-48F25E0E1C84}] => (Allow) D:Program FilesSteambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B8447C90-1972-4F62-A9A5-0E7C4EAA1FDF}] => (Allow) D:Program FilesSteambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{36F0E844-1888-4661-B06D-D99802DC8774}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordSSELauncher.exe No File
FirewallRules: [{1081DE32-35E1-4E14-AB20-A6815B925509}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordSSELauncher.exe No File
FirewallRules: [{4C49A8D2-185D-47C5-AEAA-6F9D11B2CA45}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordSSELauncher.exe No File
FirewallRules: [{2D9DF619-5451-4605-BB85-BD8CF80EB1BF}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordSSELauncher.exe No File
FirewallRules: [{EE2386E6-A17A-477B-ACB7-CFC4ACA103AE}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordbinWin64_Shipping_ClientBannerlord.exe No File[1 9459003]FirewallRules: [{1395549F-5C0A-4D73-BA47-E488D035E423}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordbinWin64_Shipping_ClientBannerlord.exe No File
FirewallRules: [{D763E331-8B2B-4FF7-8BD7-A0DC8F260A96}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordbinWin64_Shipping_ClientBannerlord.exe No File
FirewallRules: [{9DDB9938-6EF8-43DB-BE9D-6144891D0AF0}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordbinWin64_Shipping_ClientBannerlord.exe No File
FirewallRules: [{B81BB73C-A520-4E03-A945-39E00D02F972}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordbinWin64_Shipping_ClientBannerlord.exe No File
FirewallRules: [{B25B154F-D04D-4C11-A2AC-D313FA48A2CE}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordbinWin64_Shipping_ClientBannerlord.exe No File
FirewallRules: [{69593CE2-5524-4F64-8718-DCE28FAB090C}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordbinWin64_Shipping_ClientBannerlord.Native.exe No File
FirewallRules: [{34CFD73F-ABA3-492D-93CB-FBE1DDAC68BE}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II Bannerlord binWin64_Shipping_ClientBannerlord.Native.exe No File
FirewallRules: [{C29FD96B-E04D-4B69-80F3-D84F0A422386}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordbinWin64_Shipping_ClientBannerlord.Native.exe No File
FirewallRules: [{220C4826-5556-4BAE-81C6-1F3C2BC855BB}] => (Allow) C:UsersJohn DoeDesktopMount & Blade II BannerlordbinWin64_Shipping_ClientBannerlord.Native.exe No File
FirewallRules: [TCP Query User{C347DB46-88DD-4A86-AECE-546B53BAC351}C:mount & blade ii bannerlordbinwin64_shipping_clientbannerlord.exe] => (Allow) C:mount & blade ii bannerlordbinwin64_shipping_clientbannerlord.exe (TaleWorlds Entertainment -> ) [File not signed]
FirewallRules: [UDP Query User{29FCE7E2-544F-4EC1-AC0A-57DD0FEFD87E}C:mount & blade ii bannerlordbinwin64_shipping_clientbannerlord.exe] => (Allow) C:mount & blade ii bannerlordbinwin64_shipping_clientbannerlord.exe (TaleWorlds Entertainment -> ) [File not signed]
FirewallRules: [TCP Query User{D771312D-81DF-48E5-B405-21782CF8D30E}C:mount & blade ii bannerlordbinwin64_shipping_clienttaleworlds.mountandblade.launcher.exe] => (Allow) C:mount & blade ii bannerlordbinwin64_shipping_clienttaleworlds.mountandblade.launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [UDP Query User{440BE370-C28A-49FC-84A2-8F7640128ED5}C:mount & blade ii bannerlordbinwin64_shipping_clienttaleworlds.mountandblade.launcher.exe] => (Allow) C:mount & blade ii bannerlordbinwin64_shipping_clienttaleworlds.mountandblade.launche r.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{DCFB5767-BE3D-4419-96C2-420560F5FB38}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E03B91C0-015C-4DA6-9103-C63925238B0B}] => (Allow) D:Program FilesSteamsteamappscommonPath of ExilePathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{E0140331-0E46-46A0-B72B-8C07D021AB6E}] => (Allow) D:Program FilesSteamsteamappscommonPath of ExilePathOfExileSteam.exe (Grinding Gear Games Limited -> )
StandardProfileAuthorizedApplications: [C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe] => Enabled:Spybot – Search & Destroy tray access
StandardProfileAuthorizedApplications: [C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfileAuthorizedApplications: [C:Program Files (x86)Spybot – Search & Destroy 2SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfileAuthorizedApplications: [C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
06-0 4-2020 18:40:46 Scheduled Checkpoint
14-04-2020 07:21:33 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/17/2020 01:46:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TaleWorlds.MountAndBlade.Launcher.exe, version: 1.0.0.0, time stamp: 0x5e983653
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffa28251b65
Faulting process id: 0x6d9c
Faulting application start time: 0x01d614e018cd4775
Faulting application path: C:Mount & Blade II BannerlordbinWin64_Shipping_ClientTaleWorlds.MountAndBlade.Launcher.exe
Faulting module path: unknown
Report Id: cddb2887-28cf-4fce-b190-298fd1267a12
Faulting package full name:
Faulting package-relative application ID:
Error: (04/17/2020 01:44:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TaleWorlds.MountAndBlade.Launcher.exe, version: 1.0.0.0, time stamp: 0x5e983653
Faulting module name: KERNELBASE.dll, version: 10.0.18362.719, time stamp: 0xb31987d3
Exception code: 0xe0434352
Fault offset: 0x000000000003a859
Faulting process id: 0x5fec
Faulting application start time: 0x01d614dfe639d949
Faulting application path: C:UsersJohn DoeDesktopTaleWorlds.MountAndBlade.Launcher.exe
Faulting module path: C:WINDOWSSystem32KERNELBASE.dll
Report Id: b7c225a3-2f0f-4c6e-9aed-559ccf24a8f9
Faulting package full name:
Faulting package-relative application ID:
Error: (04/17/2020 01:44:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TaleWorlds.MountAndBlade.Launcher.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at TaleWorlds.MountAndBlade.Launcher.Program.Main(System.String[])
Error: (04/16/2020 12:56:30 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (04/16/2020 12:48:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Nox.exe version 6.5.0.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 10a8
Start Time: 01d61288020f6715
Termination Time: 4294967295
Application Path: D:NoxbinNox.exe
Report Id: 9d43b399-8fa7-4102-a723-8187b7c9d2da
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (04/14/2020 03:21:17 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (04/14/2020 03:21:17 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045bAsystemshutdownisinprogress
]
Error: (04/14/2020 03:00:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TaleWorlds.MountAndBlade.Launcher.exe, version: 1.0.0.0, time stamp: 0x5e90c529
Faulting module name: KERNELBASE.dll, version: 10.0.18362.719, time stamp: 0xb31987d3
Exception code: 0xe0434352
Fault offset: 0x000000000003a859
Faulting process id: 0x910
Faulting application start time: 0x01d6122a354b616b
Faulting application path: C:Mount & Blade II BannerlordbinWin64_Shipping_ClientTaleWorlds.MountAndBlade.Launcher.exe
Faulting module path: C:WINDOWSSystem32KERNELBASE.dll
Report Id: 9cc482ae-1a61-4edb-82ec-fa02352fb54e
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (04/16/2020 12:54:32 PM) (Source: Service Co ntrol Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (04/16/2020 12:54:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (04/16/2020 12:54:19 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (04/16/2020 12:54:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (04/16/2020 12:54:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following erro r:
Access is denied.
Error: (04/16/2020 11:20:35 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Panda Elam Service Protection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (04/14/2020 03:21:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The amm_LSService service failed to start due to the following error:
The system cannot find the file specified.
Error: (04/14/2020 03:21:15 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TLKDH3O)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2020-03-15 00:50:42.682
Description:
Code Integrity determined that a process (DeviceHarddiskVolume1UsersJohn DoeAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume1Program Files (x86)Overwolf�.142.0.22win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-03-15 00:50:42.678
Description:
Code Integrity determined that a process (DeviceHarddiskVolume1UsersJohn DoeAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume1Program Files (x86)Overwolf�.142.0.22win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-03-15 00:50:42.673
Description:
Code Integrity determined that a process (DeviceHarddiskVolume1UsersJohn DoeAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume1Program Files (x86)Overwolf�.142.0.22win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-03-15 00:50:42.670
Description:
Code Integrity determined that a process (DeviceHarddiskVolume1UsersJohn DoeAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume1Program Files (x86)Overwolf�.142.0.22win32OWExplorer.dll that did not meet the Microsoft signin g level requirements.
Date: 2020-03-15 00:50:36.995
Description:
Code Integrity determined that a process (DeviceHarddiskVolume1UsersJohn DoeAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume1Program Files (x86)Overwolf�.142.0.22win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-03-15 00:50:36.993
Description:
Code Integrity determined that a process (DeviceHarddiskVolume1UsersJohn DoeAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume1Program Files (x86)Overwolf�.142.0.22win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-03-15 00:50:36.984
Description:
Code Integrity determined that a process (DeviceHarddiskVolume1UsersJohn DoeAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume1Program Files (x 86)Overwolf�.142.0.22win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-03-15 00:50:36.982
Description:
Code Integrity determined that a process (DeviceHarddiskVolume1UsersJohn DoeAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume1Program Files (x86)Overwolf�.142.0.22win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. P3.40 07/02/2019
Motherboard: ASRock B450 Pro4
Processor: AMD Ryzen 5 2600X Six-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 16315.57 MB
Available physical RAM: 11538.31 MB
Total Virtual: 26555.57 MB
Available Virtual: 19499.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:4 76.94 GB) (Free:45.23 GB) NTFS
Drive d: (HDD) (Fixed) (Total:930.94 GB) (Free:173.04 GB) NTFS
\?Volume{5c2fe2d8-0000-0000-0000-100000000000} (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.53 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 5C2FE2D8)
Partition 1: (Active) – (Size=579 MB) – (Type=07 NTFS)
Partition 2: (Not Active) – (Size=930.9 GB) – (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 5C2FE2D7)
Partition 1: (Not Active) – (Size=476.9 GB) – (Type=07 NTFS)
==================== End of Addition.txt =======================
Edited by Oh My!, Today, 04:27 PM.
.
