تروجان مرورگر؟ digitalcaptcha.top & cu27t-evo29lution.xyz ⋆

لطفاً این را حذف کنید – ببخشید که آن را دوبار ارسال کردم. با تشکر – به نظر می رسد نسخه تکراری حذف شده است.

این دستگاه دارای BSOD برای مشکل حافظه بود. من هر دو dimms را با MemTest86 بررسی کردم با خطاهای بسیار زیاد خراب شد. dimm را حذف کرد (ظاهراً یکی از دو مورد در اولین تلاش) و با MemTest86 دستگاهی که در دستگاه عبور کرده بود را بررسی کنید. من دیم حذف شده را جداگانه آزمایش نکردم. به نظر می رسد که این مشکل حل شده است.

ADWCleaner یک ورودی را حذف می کند که به نظر می رسد بعداً باز می گردد. نام با هیچ یک از موارد بالا مطابقت ندارد. Malwarebytes دو ورودی مربوط به MiniTool Partition Wizard 12 را که دیگر بر روی این دستگاه نصب نشده است حذف می کند. Trend Micro HouseCall برخی از فایلها را در c: Program Files Trend Micro گذاشته است. Rkill چیزی برای متوقف کردن پیدا نکرد.

یکی دیگر از موارد قابل توجه تنظیمات پنجره ها می گوید Windows Update در قسمت سربرگ به روز است. پنجره Windows Update می گوید "مشکلی پیش آمد. سعی کنید بعداً دوباره تنظیمات را باز کنید."

من معتقدم که دو مدخل ذکر شده در بالا باعث ایجاد پنجره هایی از نمونه گوگل کروم نوه ام می شود. در google chrome من دو ورودی متخلف را پیدا کردم و همه دسترسی ها را مسدود کردم به جز صدایی که به صورت خودکار گذاشتم (هیچ مسدودی وجود نداشت) همچنین HTTPS را مشاهده کردم: میزبان فایل برای مسدود کردن دسترسی بیشتر من از آن زمان هیچ کدام را فعال ندیدم.

نتایج RKILL

Rkill 2.9.1 توسط لارنس آبرامز (گرینلر)

حق چاپ 2008-2021 BleepingComputer.com

اطلاعات بیشتر در مورد Rkill را می توانید در این پیوند پیدا کنید:

[19659002] برنامه در: 09/16/2021 11:06:30 صبح در حالت x64 شروع شد.

نسخه Windows: Windows 10 Pro

بررسی سرویس های Windows برای توقف:

* شماره سرویس های بدافزار متوقف شده است.

در حال بررسی برای خاتمه فرآیندها:

* هیچ گونه بدافزارهایی که باعث مرگ می شوند یافت نشد.

بررسی رجیستری برای تنظیمات مربوط به بدافزار:

* مشکلی در رجیستری یافت نشد.

بازنشانی انجمن های .EXE ، .COM ، و .BAT در رجیستری ویندوز.

انجام چک های متفرقه:

* مشکلی پیدا نشد.

جستجوی امضای دیجیتال گمشده:

* هیچ مشکلی پیدا نشد.

بررسی پرونده HOSTS:

* نوشته های فایل HOSTS پیدا شد:

127.0.0.1 digitalcaptcha.top

127.0.0.1 cu27t-evo29lution.xyz

در: 09/16/2021 11:06:39 صبح

زمان اجرا: 0 ساعت (ثانیه) ، 0 دقیقه (ثانیه) و 9 ثانیه (ثانیه)

[19659002]

نتیجه اسکن ابزار اسکن بازیابی Farbar (FRST) (x64) نسخه: 15-09-2021

توسط مدیر (مدیر) در HCSPSB677 (MicroElectronics B677) (16-09-2021 11:08: 48)

در حال اجرا از D: Users admin Downloads

مشخصات بارگذاری شده: admin

پلت فرم: Windows 10 Pro Version 2004 19041.1 (X64) زبان: انگلیسی (ایالات متحده)

مرورگر پیش فرض: Chrome

حالت بوت: عادی

================== فرآیندها (در لیست سفید) ============= ====

(اگر مدخلی در لیست رفع مشکلات موجود باشد ، فرآیند بسته می شود. فایل منتقل نمی شود.)

[19659002] (Acronis International GmbH ->) C: Program Files (x86) Common Files Acronis Schedule2 schedhlp.exe

(Acronis International GmbH ->) C: Program Files (x86) Common Files Acronis Schedule2 schedul2.exe

(Acronis International GmbH -> Acronis) C: Program Files (x86) Common Files Acronis CDP afcdpsrv.exe

(Acronis International GmbH -> Acronis) C: Program Files (x86) Common Files Acronis SyncAgent syncagentsrv.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Chrome Application chrome.exe <19> [19659002] (Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.36.102 GoogleCrashHandler.exe

(Google LLC -> Google LLC) C: Program Files (x86) Google Update 1.3.36.102 GoogleCrashHandler64.exe

(GuinpinSoft inc) [File not signed] C: Program Files Common Files cdarbsvc cdarbsvc_v1.0.0_x64.exe

(HP Inc -> HP Inc.) C: Program Files HP HP ENVY 5000 series Bin ScanToPCActivationApp.exe

(Intelsy Embedded Subsyst ems and IP Blocks Group -> Intel Corporation) C: Windows System32 DriverStore FileRepository dal.inf_amd64_ffc75848a6342fdf jhi_service.exe

(Intel® pGFX 2020 -> Intel Corporation) C: Windows System32 DriverStore FileRepository cui_dch.inf_amd64_b8e01d9e8716d2a7 igfxCUIService.exe

(Intel® pGFX 2020 -> Intel Corporation) C: Windows System32 DriverStore FileRepository cui_dch.inf_6e6d7 Intel Corporation) C: Windows System32 DriverStore FileRepository igcc_dch.inf_amd64_54b736e5be5b50b2 OneApp.IGCC.WinService.exe

(Intel® pGFX 2020 -> Intel Corporation) C: Windows System32 Driver .inf_amd64_a086f01cc7be643a IntelCpHDCPSvc.exe

(Intel® pGFX 2020 -> Intel Corporation) C: Windows System32 DriverStore FileRepository iigd_dch.inf_amd64_a086a0c6c0c6c06c06c06c06c06c0x6c02c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c06c056c06c0f6c06f01c7 WindowsApps Microsoft.549981C3F5F10_3.2108.25001.0_x64__8 wekyb3d8bbwe Cortana.exe

(Microsoft Corporation) C: Program Files WindowsApps Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe WinStore.App.exe

(Microsoft Windows -> Microsoft Windows Corporation) dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 Speech_OneCore common SpeechRuntime.exe

(Microsoft Windows -> Microsoft Corporation) C: Windows System32 wlanext.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C: ProgramData Microsoft Windows Defender Platform 4.18.2108.7-0 MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C: ProgramData Microsoft Windows Defender Platform 4.18.2108.7-0 NisSrv.exe

(Oracle America، Inc. -> Oracle Corporation ) C: Program Files (x86) Common Files Java Java Update jusched.exe

================= ثبت نام (در لیست سفید ) ==================

(اگر مدخلی در لیست رفع مشکلات موجود باشد ، مورد رجیستری به حالت پیش فرض بازگردانده یا حذف می شود. فایل منتقل نمی شود.)

HKLM … Run: [Acronis Scheduler2 Service] => C: Program Files (x86) Common Files Acronis Schedule2 schedhlp.exe [497824 2016-12-15] ( Acronis International GmbH ->)

HKLM -x32 … Run: [AcronisTibMounterMonitor] => C: Program Files (x86) Common Files Acronis TibMounter TibMounterMonitor.exe [651560 2015-11-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)

HKLM -x32 … Run: [TrueImageMonitor.exe] => C: Program Files (x86) Acronis TrueImageHome TrueImageMonitor.exe [6813680 2016-12-15] (Acronis International GmbH ->)

HKLM -x32 … Run: [SunJavaUpdateSched] => C: Program Files (x86) Common Files Java Java Update jusched.exe [706344 2021-06-09] (Oracle America، Inc. -> Oracle Corporation)

HKU S-1-5-21-2651347966-3486153666-3033398168-1002 … اجرا: [HP ENVY 5000 (NET)] => C: Program Files HP HP ENVY 5000 series Bin ScanToPCActivationApp .exe [4064160 2019-03-18] (HP Inc-> HP Inc.)

HKU S-1-5-21-2651347966-3486153666-3033398168-1011 … اجرا: [Zoom] => C: کاربران Tiny Humans AppData Roaming Zoom bi n Zoom.exe [267560 2021-09-12] (Zoom Video Communications، Inc.-> Zoom Video Communications، Inc.)

HKU S-1-5-21-2651347966-3486153666-3033398168-1011 … اجرا : [MicrosoftEdgeAutoLaunch_784F1A1D937A2359B654DACB759B84EC] => "C: Program Files (x86) Microsoft Edge Application msedge.exe" –no-startup-window –win-session-start /prefetch: 5

HKU S -1-5-21-2651347966-3486153666-3033398168-1011 … اجرا: [SUPERAntiSpyware] => C: Program Files SUPERAntiSpyware SUPERAntiSpyware.exe

HKLM Software Microsoft Active Setup Installed اجزاء: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C: Program Files (x86) Google Chrome Application 93.0.4577.82 Installer chrmstp.exe [2021-09-15] (Google LLC -> Google LLC)

راه اندازی: C: ProgramData Microsoft Windows Start Menu Programs Startup ESETMC.lnk [2019-09-05]

ShortcutTarget: ESETMC.lnk -> C: Program Files ESETMC ESETMC.exe (ESET LLC ->)

HKLM SOFTWARE Policies Mozilla Firefox: محدودیت <==== ATTENTION

HKLM SOFTWARE Policies Microsoft Edge: Restriction <==== ATTENTION

HKU S-1-5-21-2651 347966-3486153666-3033398168-1002 SOFTWARE Policies Microsoft Edge: Restriction <==== ATTENTION

=================== برنامه ریزی شده وظایف (در لیست سفید) ===========

(اگر مدخلی در لیست رفع مشکلات موجود باشد ، از رجیستری حذف می شود. فایل منتقل نمی شود مگر اینکه به طور جداگانه ذکر شود.)

وظیفه: {062EB65C-74A2-4614-BEA9-0A5439FF7387}-بدون پرونده no filepath

وظیفه: {1839B1FC-370D-4A34-ACA3-D0230326CB8A}-System32 Tasks Microsoft Windows Windows Defender Windows Defender Cache Maintenance => C: ProgramData Microsoft Windows Defender Platform 4.18. 2108.7-0 MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher-> Microsoft Corporation)

وظیفه: {2C5BAFB1-7E94-4E9A-A15F-BDDCA0E35DD3}-System32 Tasks Microsoft Windows Windows Defender Windows Defender Scan => C: ProgramData Microsoft Windows Defender Platform 4.18.2108.7-0 MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher-> Microsoft Corporation)

وظیفه: {4694DC64-1C3C-4A28-BA30- 075FA5A5745C} -System32 Tasks GoogleUpdateTaskMachineCore => C: Program Files (x86) Google Update GoogleUpdate.exe [156104 2020-08-15] (Google LLC -> Google LLC)

وظیفه: {61461923-6C23-43 C1-8A80-0B568D42A80E}-بدون مسیر فایل

وظیفه: {67A0264F-B05B-4C01-BB4E-8126C28A4429}-System32 Tasks Microsoft Windows Windows Windows Defender Windows Defender Cleanup => C: ProgramData Microsoft Windows Defender Platform 4.18.2108.7-0 MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher-> Microsoft Corporation)

وظیفه: {80434998-AFE1-40A5-BDB9-E6473A086099}-بدون مسیر فایل

وظیفه: { 80E00CBA-9FDC-469C-ADBE-D6872E658E66} – هیچ filepath

وظیفه: {9522AB0A-8B5B-4E18-8A38-337B3F8F90D4} – هیچ filepath

وظیفه: {BAB9CC58-C8B9-4AA5-93D8-9BF5C213A369} – System32 در Tasks GoogleUpdateTaskMachineUA => C: فایلهای برنامه (x86) Google Update GoogleUpdate.exe [156104 2020-08-15] (Google LLC-> Google LLC)

وظیفه: {BD8E5AB6-809D-4DB5-AD7E-7B1806-7B1806- بدون فایل

وظیفه: {CD1709B0-41E2-4101-A218-04EB584BC876}-بدون فایل

وظیفه: {D09C2946-8BE1-40AD-A62D-B4F80467D009}}-بدون فایل فایل [1965] 4B23-8925-8929DF0EACCF}-System32 Tasks Microsoft Windo ws Windows Defender Windows Defender Verification => C: ProgramData Microsoft Windows Defender Platform 4.18.2108.7-0 MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)

وظیفه: {D8AFEAD8 -485E-4A20-9D06-BFEB20C66857}-بدون مسیر فایل

وظیفه: {FB9D740B-A93B-4D9F-9F92-49AA0958BE0E}-بدون مسیر فایل

[19659002درکارگنجاندهشدهاست] .job) فایل منتقل می شود. فایلی که توسط کار اجرا می شود جابجا نمی شود.)

==================== اینترنت (در لیست سفید) === ================

(اگر موردی در لیست رفع مشکلات موجود باشد ، اگر مورد رجیستری باشد حذف یا به حالت پیش فرض بازگردانده می شود.) [19659002]

میزبان: بیش از یک ورودی در هاست وجود دارد. بخش میزبان Addition.txt

Tcpip پارامترها: [DhcpNameServer] 192.168.1.253

Tcpip .. Interfaces {ad20b601-2272-4a96-8c02-54da0a45a3f8}: [DhcpNameServer] 192.168 ] Tcpip .. Interfaces {b21b99cf-c0f4-479e-a4bc-6e2ab944a240}: [DhcpNameServer] 192.168.1.254

لبه:

======= Ed

ed C: Users admin AppData Local Microsoft Edge User Data Default [2021-09-15]

Edge HKLM-x32 … Edge Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox: [19659002] ========

FF Plugin -x32: @java.com/DTPlugin، version = 11.301.2 -> C: Program Files (x86) Java jre1.8.0_301 bin dtplugin npDeployJava1.dll [2021-09-13] (Oracle America، Inc. -> Oracle Corporation)

FF Plugin -x32: @java.com/JavaPlugin، version = 11.301.2 -> C: فایل برنامه (x86) جاوا jre1.8.0_301 bin plugin2 npjp2.dll [2021-09-13] (Oracle America، Inc. -> Oracle Corporation)

Chrome:

=======

CHR نمایه: C: Users admin AppData Local Google Chrome User Data Default [2021-09-16]

CHR Extension: (Slides) – C: Users admin AppData Local Google Chrome User User Default Extensions aapocclcgogkmnckokdopfmhonfmgoek [2020-08-15]

CHR Extension: (اسناد) – C: Users admin AppData Local Google Chrome User User Default Extensions aohghmighlieiainnegkcijnfilokake [2020-08-15]

CHR Extension: (Google Drive) – C: Users admin AppData Local Google Chrome User Data Default Extensions apdfllckaahabafndbhieahigkjlhalf [2020-11-26]

CHR Extension: (YouTube) – C: Users admin AppData Local Google Chrome Chrome User Data Default Extensions blpcfgokakmnkc [2020-08-15]

افزونه CHR: (کاربرگ) – C: Users admin AppData Local Google Chrome User Data Default Extensions felcaaldnbdncclmgdcncolpebgiejap [2020-08-15]

CHR Extension: (Google Docs Offline) – C: Users admin AppData Local Google Chrome User Data Default Extensions ghbmnnjooekpmoecnnnilnnbdlolkhhi [2020-11-26]

CHR Extension: (Chrome Web Store Paym ents) – C: Users admin AppData Local Google Chrome User Data Default Extensions nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]

CHR Extension: (Gmail) – C: Users admin AppData Local Google Chrome User Data Default Extensions pjkljhegncpnkpknbcohdijeoejaedia [2020-11-26]

CHR HKLM-x32 … Chrome Extension: [ihcjicgdanjaechkgeegckofjjedodee]

=========== ========= خدمات (در لیست سفید) ===================

(اگر مدخلی در لیست رفع مشکلات موجود باشد ، از رجیستری حذف خواهد شد. فایل ذکر شده منتقل نمی شود مگر اینکه جداگانه ذکر شود.)

R2 AcrSch2Svc؛ C: Program Files (x86) Common Files Acronis Schedule2 schedul2.exe [1135600 2016-12-15] (Acronis International GmbH ->)

R2 afcdpsrv؛ C: Program Files (x86) Common Files Acronis CDP afcdpsrv.exe [4463960 2020-08-16] (Acronis International GmbH -> Acronis)

R2 CdRomArbiterService؛ C: Program Files Common Files cdarbsvc cdarbsvc_v1.0.0_x64.exe [8704 2021-01-09] (GuinpinSoft inc) [File not signed]

S4 mmsminisrv؛ C: Program Files (x86) Common Files Acronis Infrastructure mms_mini.exe [4884064 2015-08-11] (Acronis International GmbH -> Acronis)

S3 Sense؛ C: Program Files Windows Defender Advanced Threat Protection MsSense.exe [4956856 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 syncagentsrv؛ C: Program Files (x86) Common Files Acronis SyncAgent syncagentsrv.exe [7637744 2015-11-06] (Acronis International GmbH -> Acronis)

R3 WdNisSvc؛ C: ProgramData Microsoft Windows Defender platform 4.18.2108.7-0 NisSrv.exe [2772856 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend؛ C: ProgramData Microsoft Windows Defender platform 4.18.2108.7-0 MsMpEng.exe [136640 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinRM ؛ C: WINDOWS system32 WsmSvc.dll [2772992 2019-12-07] (شرکت مایکروسافت) [File not signed]

=================== درایورها (در لیست سفید ) ==================

[اگرمدخلیدرلیسترفعمشکلاتموجودباشد،ازرجیستریحذفمیشودمگراینکهجداگانهذکرشدهباشد)

S3 aftap0901؛ C: WINDOWS System32 drivers aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)

S3 AppleLowerFilter؛ C: WINDOWS System32 drivers AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build، 132303256403278908 -> Apple Inc.)

R0 file_tracker؛ C: WINDOWS System32 DRIVERS file_tracker.sys [339808 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)

R0 pwdrvio؛ C: WINDOWS System32 pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd ->)

S3 pwdspio؛ C: windows system32 pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd ->)

R0 tib؛ C: WINDOWS System32 DRIVERS tib.sys [1049432 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)

R2 tib_mounter؛ C: WINDOWS system32 DRIVERS tib_mounter.sys [202592 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)

S3 tnd؛ C: WINDOWS system32 DRIVERS tnd.sys [581464 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)

R2 virtual_file؛ C: WINDOWS System32 DRIVERS virtual_file.sys [301408 2020-08-16] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)

S0 WdBoot؛ C: WINDOWS System32 drivers wd WdBoot.sys [48536 2021-09-08] (Microsoft Windows Early Launch Laununch Anti -malware Publisher -> Microsoft Corporation)

R0 WdFilter؛ C: WINDOWS System32 drivers wd WdFilter.sys [433384 2021-09-08] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv؛ C: WINDOWS System32 drivers wd WdNisDrv.sys [86264 2021-09-08] (Microsoft Windows -> Microsoft Corporation)

==================== = NetSvcs (Whitelisted) ==================

(اگر مدخلی در لیست رفع مشکلات موجود باشد ، از رجیستری حذف می شود. فایل منتقل نمی شود مگر اینکه جداگانه ذکر شود.)

=================== یک ماه (ایجاد شده) (در لیست سفید) ==== =====

(اگر مدخلی در لیست ثابت موجود باشد ، فایل/پوشه منتقل می شود.)

2021-09-16 12:17-2021-09-16 08:41-073924608 _____ C: WINDOWS system32 config SOFTWARE

2021-09-16 12:15-2021-09-16 12:16-000000000 ____D C: WINDOWS Microsoft Antimalware

2021 -09-16 11:08-2021-09-16 11:08-000000000 ____D C: FRST

2021-09-16 08:34-2021-09-16 08:34-000000024 _____ C: WINDOWS PSENDGU.TMP

2021-09-16 07:24-2021-09-16 08:17-000000000 ____D C: فایل برنامه (x86) Trend Micro

2021- 09-16 07:24-2020-08-26 03:31-000036600 _____ (Riverbed Technology، Inc.) C: WINDOWS system32 Drivers npf.sys

2021-09-16 07:01-2021 -09-16 08:19-000000000 ____D C: Users admin AppData Roaming Panda Security

2021-09-16 07:00-2021-09-16 08:19-000000000 ____D C: ProgramData Panda Security

2021-09-16 06:25-2021-09-16 06:25-000000000 ____D C: Program Files Malwarebytes

2021-09-16 05:59-2021-09-16 05:59-000000000 ____D C: Users Tiny Humans AppData Roaming SUPERAntiSpyware.com

2021-09-16 05:58-2021-09-16 08:07-000000000 ____D C: فایل فایل SUPERAntiSpyware

2021-09-16 05:58-2021-09-16 05:58-000000000 ____D C: ProgramData SUPERAntiSpyware.com

2021-09-15 20:41-2021-09-15 16 : 44-000000000 ____D C: Windows.old

2021-09-15 17:28-2021-09-16 06:18-000000000 ____D C: WINDOWS Minidump

2021-09-15 16: 52-2021-09-15 16:52-000000020 ___SH C: Users admin ntuser.ini

2021-09-15 16:47 -2021-09-16 08:46-000795738 _____ C: WINDOWS system32 PerfStringBackup.INI

2021-09-15 16:46-2021-09-15 17:11-000000000 ____D C: WINDOWS system32 Tasks Agent Activation Runtime

2021-09-15 16:46-2021-09-15 16:46-000000000 ____D C: ProgramData Microsoft OneDrive

2021-09-15 16:44-2021 -09-16 08:41-000000006 ____H C: WINDOWS Tasks SA.DAT

2021-09-15 16:44-2021-09-15 16:44-000015243 _____ C: WINDOWS diagwrn. xml

2021-09-15 16:44-2021-09-15 16:44-000015243 _____ C: WINDOWS diagerr.xml

2021-09-15 16:44-2021-09-15 16 : 44-000003408 _____ C: WINDOWS system32 Tasks MicrosoftEdgeUpdateTaskMachineUA

2021-09-15 16:44-2021-09-15 16:44-000003348 _____ C: WINDOWS system32 Tasks GoogleUpdateTask ] 2021-09-15 16:44-2021-09-15 16:44-000003214 _____ C: WINDOWS system32 Tasks MicrosoftEdgeUpdateTaskMachineCore1d73c3c70b4e845

2021-09-15 16:44-2021-09-15 16: 44 – 000003184 _____ C: WINDOWS s ystem32 Tasks MicrosoftEdgeUpdateTaskMachineCore

2021-09-15 16:44-2021-09-15 16:44-000003124 _____ C: WINDOWS system32 Tasks GoogleUpdateTaskMachineCore

2021-09-15 16:44 2021-09-15 16:44-000000020 ___SH C: Users Tiny Humans ntuser.ini

2021-09-15 16:41-2021-09-15 20:00-000000000 ____D C: WINDOWS system32 SleepStudy

2021-09-15 16:41-2021-09-15 16:41-000472992 _____ C: WINDOWS system32 FNTCACHE.DAT

2021-09-15 08:30-2021- 09-15 20:41-000000000 ____D C: WINDOWS system32 config bbimigrate

2021-09-15 08:29-2021-09-16 07:38-000000000 ____D C: Users admin [19659002] 2021-09-15 08:29-2021-09-15 20:41-000000000 ____D C: Users dshum

2021-09-15 08:29-2021-09-15 16:44-000000000 ____D C: Users Tiny Humans

2021-09-15 08:29-2019-12-07 05:10-000001105 _____ C: Users Tiny Humans AppData Roaming Microsoft Windows Start Menu Programs OneDrive.lnk

2021-09-15 08:29-2019-12-07 05:10-000001105 _____ C: Users dshum AppData Roaming Microsoft Windows Start Menu Programs OneDrive.lnk

2021-09-15 08:29-2019-12-07 05:10-000001105 _____ C: کاربران admin AppData Roaming Microsoft Windows Start Menu Programs OneDrive.lnk

2021-09-15 08:28-2021-09-15 08:30-000000000 ____D C: WINDOWS ServiceProfiles [19659002] 2021-09-15 08:22-2021-09-15 08:22-000008192 _____ C: WINDOWS system32 config userdiff

2021-09-15 08:01-2021-09-15 17 : 25-000000000 ___DC C: WINDOWS Panther

2021-09-15 08:01-2021-09-15 08:01-000000000 ___HD C: $ WinREAgent

2021-09-15 07:46 -2021-09-15 07:46-000074316 _____ C: ProgramData agent.uninstall.1631706398.bdinstall.v2.bin

2021-09-15 07:44-2021-09-15 07:44-000087620 _____ C: ProgramData agent.update.1631706250.bdinstall.v2.bin

2021-09-15 07:43-2021-09-15 17:09-000000000 ____D C: ProgramData AVG

2021 -09-15 07:41-2021-09-15 07:41-000000000 ____D C: ProgramData bdch

202 1-09-15 07:41-2021-09-15 07:41-000000000 ____D C: ProgramData 48C4687D-9760-4F5B-BAB3-60351B0841E4

2021-09-15 07:40-2021-09- 15 07:40-000000000 ____D C: ProgramData Bitdefender

2021-09-15 07:38-2021-09-15 07:38-000116212 _____ C: ProgramData agent.1631705924.bdinstall.v2.bin

2021-09-15 07:38-2021-09-15 07:38-000000000 ____D C: ProgramData Bitdefender Agent

2021-09-15 07:31-2021-09-15 07:31 -000000000 ____D C: Program Files Common Files McAfee

2021-09-15 07:30-2021-09-15 07:33-000000000 ____D C: ProgramData McAfee

2021-09-15 07:19-2021-09-16 07:39-000000000 ____D C: ProgramData Trend Micro

2021-09-15 07:19-2021-09-16 07:19-000000000 ____D C: فایل فایل Trend Micro

2021-09-15 07:19-2021-09-15 07:19-000000000 ____D C: WINDOWS Trend Micro

2021-09-15 07:16-2021-09-15 07:17-000000000 ____D C: ProgramData F-Secure

2021-09-15 07:10-2021-09-15 07:13-000000000 __ __D C: Program Files HitmanPro

2021-09-15 07:10-2021-09-15 07:12-000000000 ____D C: ProgramData HitmanPro

2021-09-14 16:56-2021 -09-14 16:56-000000000 ____D C: Users admin AppData Roaming .minecraft

2021-09-13 17:40-2021-09-15 20:41-000000000 ____D C: ProgramData Microsoft Windows Start Menu Programs Java

2021-09-13 17:40-2021-09-13 17:40-000164696 _____ (Oracle Corporation) C: WINDOWS SysWOW64 WindowsAccessBridge-32.dll

2021-09-13 17:40-2021-09-13 17:40-000000000 ____D C: Users Tiny Humans AppData Roaming Sun

2021-09-13 17:40-2021- 09-13 17:40-000000000 ____D C: Users Tiny Humans AppData LocalLow Sun

2021-09-13 17:40-2021-09-13 17:40-000000000 ____D C: Users admin AppData Roaming Sun

2021-09-13 17:40-2021-09-13 17:40-000000000 ____D C: ProgramData Oracle

2021-09-13 17:40-2021- 09-13 17:40-000000000 ____D C: فایل فایل (x86) جاوا

2021-09-13 17:30-2021-09-16 08 : 56-000000000 ____D C: Users Tiny Humans AppData Roaming .minecraft

2021-09-13 17:30-2021-09-15 20:41-000000000 ____D C: ProgramData Microsoft Windows Start Menu Programs Minecraft Launcher

2021-09-13 17:30-2021-09-13 17:34-000000000 ____D C: Program Files (x86) Minecraft Launcher

2021-09-13 17:30-2021-09-13 17:30-000001110 _____ C: Users Public Desktop Minecraft Launcher.lnk

2021-09-12 19:26-2021-09-15 20:41-000000000 ____D C: Users Tiny Humans AppData Roaming Microsoft Windows Start Menu Programs Zoom

================== One ماه (اصلاح شده) =================

(اگر مدخلی در لیست رفع مشکلات موجود باشد ، فایل/پوشه منتقل می شود.)

2021-09-16 10:46-2020-08-30 04:33-000000000 __SHD C: Users Tiny Humans IntelGraphicsProfiles

2021-09-16 10:46-2020-08-15 19 : 33-000000000 ____D C: Program Files (x86) Google

2021-09-16 10:46-2020-08-15 16:04-000000 000 __SHD C: Users admin IntelGraphicsProfiles

2021-09-16 08:55-2019-12-07 05:14-000000000 ____D C: ProgramData regid.1991-06.com.microsoft

2021-09-16 08:46-2019-12-07 05:13-000000000 ____D C: WINDOWS INF

2021-09-16 08:41-2021-04-28 08:24-000008192 ___SH C : DumpStack.log.tmp

2021-09-16 08:41-2019-12-07 05:03-001048576 _____ C: WINDOWS system32 config BBI

2021-09-16 08: 41-2019-09-05 17:05-000000000 ____D C: Intel

2021-09-16 08:13-2019-12-07 05:14-000000000 ___HD C: WINDOWS ELAMBKUP

2021 -09-16 08:08-2020-11-26 10:25-000000000 ____D C: AdwCleaner

2021-09-16 07:00-2019-12-07 05:14-000000000 ____D C: WINDOWS SysWOW64 GroupPolicy

2021-09-16 07:00-2019-03-19 00:52-000000000 ____D C: WINDOWS system32 GroupPolicy

2021-09-16 05:51-2019-12 -07 05:14-000000000 ____D C: WINDOWS appcompat

2021-09-15 20:41-2021-01-09 17:15-000000000 ____D C: Users admin AppData Roaming Microsoft Windows Start Menu Programs MakeMKV

2021-09-15 20:41-2020-11-26 09:50-000000000 ___SD C: ProgramData Microsoft Windows Start Menu Programs OpenOffice 4.1.8

2021-09-15 20:41-2020-10-27 14:34-000000000 ____D C: Users Tiny Humans AppData Roaming Microsoft Windows Start Menu Programs Chrome Apps

2021-09-15 20:41-2020-08-30 03:43-000000000 ____D C: WINDOWS system32 Windows

2021-09-15 20:41-2020-08-16 06: 53-000000000 ____D C: Program Files UNP

2021-09-15 20:41-2019-12-07 05:14-000028672 _____ C: WINDOWS system32 config BCD-Template

2021 -09-15 20:41-2019-12-07 05:14-000000000 ____D C: WINDOWS system32 WinBioDatabase

2021-09-15 20:41-2019-12-07 05:14-000000000 ____D C: WINDOWS system32 Tasks_Migrated

2021-09-15 20:41-2019-12-07 05:14-000000000 ____D C: WINDOWS system32 spool

2021-09-15 20:41 – 2019-12-07 05:14- 000000000 ____D C: WINDOWS system32 NDF

202 1-09-15 20:41-2019-12-07 05:14-000000000 ____D C: WINDOWS system32 Drivers DriverData

2021-09-15 20:41-2019-12-07 05:14 -000000000 ____D C: WINDOWS ServiceState

2021-09-15 20:41-2019-12-07 05:14-000000000 ____D C: Program Files Common Files microsoft shared

2021-09- 15 20:41-2019-09-05 17:53-000000000 ____D C: WINDOWS system32 Temp

2021-09-15 20:41-2019-09-05 17:04-000000000 ____D C: فایلهای برنامه Intel

2021-09-15 20:41-2019-03-19 00:52-000000000 ____D C: WINDOWS system32 MsDtc

2021-09-15 17:28-2019-12 -07 05:14-000000000 ____D C: WINDOWS AppReadiness

2021-09-15 17:25-2019-12-07 05:14-000000000 ____D C: WINDOWS LiveKernelReports

2021-09- 15 17:11-2019-09-05 17:00-000000000 __RHD C: Users Public AccountPictures

2021-09-15 16:47-2019-12-07 05:14-000000000 ___RD C: WINDOWS PrintDialog

2021-09-15 16:44-2019-12-07 05:14-000000000 ____D C: WINDOWS system32 oobe [19659002] 2021-09-15 16:44-2019-12-07 05:14-000000000 ____D C: Program Files Windows Defender

2021-09-15 16:44-2019-12-07 05:03 -000032768 _____ C: WINDOWS system32 config ELAM

2021-09-15 16:44-2019-12-07 05:03-000000000 ____D C: WINDOWS CbsTemp

2021-09-15 16:43-2019-12-07 05:14-000000000 ___HD C: Program Files WindowsApps

2021-09-15 16:42-2019-12-07 05:14-000000000 __RSD C: WINDOWS رسانه

2021-09-15 16:41-2020-09-06 19:30-000000000 ____D C: Program Files Common Files logishrd

2021-09-15 16:40-2019-12- 07 05:18-000000000 ____D C: WINDOWS Setup

2021-09-15 08:31-2019-12-07 05:14-000000000 __RHD C: Users Public Libraries

2021-09 -15 08:31-2019-12-07 05:14-000000000 ____D C: ProgramData USOPrivate

2021-09-15 08:30-2020-08-26 09:55-000000000 ____D C: ProgramData Microsoft Windows Start Menu Programs HP

2021-09-15 08:30-2020-08-16 11:37-000000000 ____D C: ProgramData Microsoft Windows Start Menu Programs Acronis

2021-09-15 07:55-2020-08-15 14:16-135637312 ____C (Microsoft Corporation) C: WINDOWS system32 MRT.exe [19659002] 2021-09-15 07:26-2020-08-15 19:33-000002308 _____ C: ProgramData Microsoft Windows Windows Start Menu Programs Google Chrome.lnk

2021-09-15 07:26 -2020-08-15 19:33-000002267 _____ C: Users Public Desktop Google Chrome.lnk

2021-09-15 07:25-2020-08-15 19:38-000000000 ____D C: Users admin AppData Roaming GlarySoft

2021-09-14 17:34-2020-08-24 14:27-000002445 _____ C: ProgramData Microsoft Windows Start Menu Programs Microsoft Edge. lnk

2021-09-12 19:26-2020-09-08 08:49-000000000 ____D C: Users Tiny Humans AppData Roaming Zoom

2021-09-11 17:52-2020 -09-29 18:15-000000000 ____D C: Program Files Microsoft Update Health Tools

2021-09-08 16:50-2019-09-05 16:54-000000000 ____D C: WINDOWS system32 رانندگان wd

2021-08-31 06:31-2020-08-15 14:14-0008 03176 _____ (شرکت مایکروسافت) C: WINDOWS system32 MpSigStub.exe

2021-08-17 01:22-2020-09-29 18:15-000740168 _____ (شرکت مایکروسافت) C: WINDOWS system32 sedplugins.dll

2021-08-17 01:22-2020-09-29 18:15-000486728 _____ (شرکت مایکروسافت) C: WINDOWS system32 QualityUpdateAssistant.dll

==== =============== فایل های ریشه برخی دایرکتوری ها ========

2021-09-15 07:23-2021-09- 16 07:23 – 000327508 _____ () C:UsersadminAppDataLocalars.cache

2021-09-15 07:24 – 2021-09-16 07:24 – 001143566 _____ () C: UsersadminAppDataLocalcensus.cache

2021-09-15 07:19 – 2021-09-15 07:19 – 000000036 _____ () C:UsersadminAppDataLocalhousecall. guid.cache

2021-09-15 07:24 – 2021-09-16 07:24 – 000000010 _____ () C:UsersadminAppDataLocalsponge.last.runtime.cache

[19659002]==================== SigCheck =========================== =

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021

Ran by admin (16-09-2021 11:09:26)

Running from D:UsersadminDownloads

Windows 10 Pro Version 2004 19041.1 (X64) (2021-09-15 20:44:25)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

admin (S-1-5-21-2651347966-3486153666-3033398168-1002 – Administrator – Enabled) => C:Usersadmin

Administrator (S-1-5-21-2651347966-3486153666-3033398168-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-2651347966-3486153666-3033398168-503 – Limited – Disabled)[1 9659002]dshum (S-1-5-21-2651347966-3486153666-3033398168-1010 – Limited – Enabled) => C:Usersdshum

Guest (S-1-5-21-2651347966-3486153666-3033398168-501 – Limited – Disabled)

Tiny Humans (S-1-5-21-2651347966-3486153666-3033398168-1011 – Limited – Enabled) => C:UsersTiny Humans

WDAGUtilityAccount (S-1-5-21-2651347966-3486153666-3033398168-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image WD Edition (HKLM-x32…{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}) (Version: 19.0.33 – Acronis)

Google Chrome (HKLM-x32…Google Chrome) (Version: 93.0.4577.82 – Google LLC)

HP Dropbox Plugin (HKLM-x32…{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 – HP)

HP EmailSMTP Plugin (HKLM-x32…{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 – HP)

HP ENVY 5000 series Basic Device Software (HKLM…{948DB328-2F71-4760-A9ED-BD44CA10362D}) (Version: 44.4.2678.1977 – HP Inc.)

HP ENVY 5000 series Help (HKLM-x32…{B868134D-0D88-4973-BDD8-07E2522C9102}) (Version: 44.0.0 – HP)

HP FTP Plugin (HKLM-x32…{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 – HP)

HP Google Drive Plugin (HKLM-x32…{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 – HP)

HP OneDrive Plugin (HKLM-x32 …{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 – HP)

HP Photo Creations (HKLM-x32…HP Photo Creations) (Version: 1.0.0.9572 – HP)

HP SharePoint Plugin (HKLM-x32…{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 – HP)

Intel® Chipset Device Software (HKLM-x32…{568ea722-b869-4838-af7c-0c2cd156db85}) (Version: 10.1.18015.8142 – Intel® Corporation)

Java 8 Update 301 (HKLM-x32…{26A24AE4-039D-4CA4-87B4-2F32180301F0}) (Version: 8.0.3010.9 – Oracle Corporation)

MakeMKV v1.15.4 (HKLM-x32…MakeMKV) (Version: v1.15.4 – GuinpinSoft inc)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 93.0.961.47 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-2651347966-3486153666-3033398168-1010…OneDriveSetup.exe) (Version: 20.134.0705.0008 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-2651347966-3486153666-3033398168-1011…OneDriveSetup.exe) (Version: 21.160.0808.0 002 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) – 14.16.27012 (HKLM-x32…{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 – Microsoft Corporation)

Minecraft Launcher (HKLM-x32…{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 – Mojang)

OpenOffice 4.1.8 (HKLM-x32…{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 – Apache Software Foundation)

Zoom (HKUS-1-5-21-2651347966-3486153666-3033398168-1011…ZoomUM X) (Version: 5.7.8 (1247) – Zoom Video Communications, Inc.)

Packages:

=========

HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-09-13] (HP Inc.)

Intel® Graphics Command Center -> C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-09-13] (INTEL CORP) [Startup Task]

LinkedIn -> C:Program FilesWindowsApps7EE7776C.LinkedInforWindows_2.0.1.0_neutral__w1wdnht996qgy [2019-09-05] (LinkedIn)

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-28] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-28] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

[19659002](If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:Program Files (x86)AcronisTrueImageHometishell64.dll [2015-11-11] (Acronis International GmbH – > Acronis)

ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:Program Files (x86)AcronisTrueImageHometishell64.dll [2015-11-11] (Acronis International GmbH -> Acronis)

ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:Program Files (x86)AcronisTrueImageHometishell64.dll [2015-11-11] (Acronis International GmbH -> Acronis)

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File

ShellIconOverlayIdenti fiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:Program Files (x86)Glary Utilities 5x64ContextHandler.dll -> No File

ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File

ContextMenuHandlers1-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:Program Files (x86)AcronisTrueImageHomeversions_page.dll [2015-11-11] (Acronis International GmbH -> Acronis)

ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:Program Files (x86)Glary Utilities 5x64ContextHandler.dll -> No File

ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File

ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:Program Files (x86)Glary Utilities 5x64ContextHandler.dll -> No File

ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File

ContextMenuHandlers6-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:Program Files (x86)AcronisTrueImageHomeversions_page.dll [2015-11-11] (Acronis International GmbH -> Acronis)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Drivers32: [vidc.i420] => C:WINDOWSsystem32lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

HKLM…Drivers32: [vidc.i420] => C:WindowsSysWOW64lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKUS-1-5-21-2651347966-3486153666-3033398168-1002SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://oem17win10.msn.com/?PC=NMTE

HKUS-1-5-21-2651347966-34861536 66-3033398168-1002SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://OEM17WIN10.MSN.COM/?PC=NMTE

HKUS-1-5-21-2651347966-3486153666-3033398168-1002SoftwareMicrosoftInternet ExplorerMain,Secondary Start Pages = www.microcentertech.com

HKUS-1-5-21-2651347966-3486153666-3033398168-1010SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://OEM17WIN10.MSN.COM/?PC=NMTE

HKUS-1-5-21-2651347966-3486153666-3033398168-1011SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://OEM17WIN10.MSN.COM/?PC=NMTE

HKUS-1-5-21-2651347966-3486153666-3033398168-1011SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://OEM17WIN10.MSN.COM/?PC=NMTE

HKUS-1-5-21-2651347966-3486153666-3033398168-1011SoftwareMicrosoftInternet ExplorerMain,Secondary Start Pages = www.microcentertech.com

SearchScopes: HKUS-1-5-21-2651347966-3486153666-3033398168-1002 -> DefaultScope {EE0C618A-278D-4C95-9815-3F70EECE 3F41} URL =

SearchScopes: HKUS-1-5-21-2651347966-3486153666-3033398168-1002 -> {EE0C618A-278D-4C95-9815-3F70EECE3F41} URL =

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program Files (x86)Javajre1.8.0_301binssv.dll [2021-09-13] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program Files (x86)Javajre1.8.0_301binjp2ssv.dll [2021-09-13] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 – 2021-09-16 08:51 – 000000897 _____ C:WINDOWSsystem32driversetchosts

127.0.0.1 digitalcaptcha.top

127.0.0.1 cu27t-evo29lution.xyz

2020-11-11 14:08 – 2020-11-11 14:08 – 000000438 _____ C:WINDOWSs ystem32driversetchosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH;C:Program Files (x86)Common FilesAcronisVirtualFile;C:Program Files (x86)Common FilesAcronisVirtualFile64;C:Program Files (x86)Common FilesAcronisSnapAPI

HKUS-1-5-21-2651347966-3486153666-3033398168-1002Control PanelDesktop\Wallpaper -> C:windowsSystem32oobeinfobackgroundsPSW10.jpg

HKUS-1-5-21-2651347966-3486153666-3033398168-1010Control PanelDesktop\Wallpaper -> c:windowssystem32oobeinfobackgroundspsw10.jpg

HKUS-1-5-21-2651347966-3486153666-3033398168-10 11Control PanelDesktop\Wallpaper -> C:windowsSystem32oobeinfobackgroundsPSW10.jpg

DNS Servers: 192.168.1.253

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM…StartupApprovedRun32: => "AcronisTibMounterMonitor"

HKLM…StartupApprovedRun32: => "TrueImageMonitor.exe"

HKUS-1-5-21-2651347966-3486153666-3033398168-1002…StartupApprovedRun: => "GUDelayStartup"

HKUS-1-5-21-2651347966-3486153666-3033398168-1002…StartupApprovedRun: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{60AC9BC7-FB38-462B-8EEE-937AB3DD28B6}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{24875769-71AF-4E66-BF31-789136655553}] => (Allow) C:Program FilesTrend MicroHouseCalltmasenmapnmap.exe (Insec ure.Org) [File not signed]

FirewallRules: [{A774543C-04D6-4405-B47E-1698B06C65F8}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{A645E5B6-70EE-49E1-B17E-99C8D6C58047}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{77DCEE5C-EA17-4596-B399-E714991F4049}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{A027303E-6BAB-4257-82A9-7F71700736F0}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{2044AE82-388A-4955-8FF7-D6DEC5CA26E3}] => (Allow) C:Program Files (x86)Common FilesAcronisSyncAgentsyncagentsrv.exe (Acronis International GmbH -> Acronis)

FirewallRules: [{5AEB65D1-C747-4D31-AD66-662FC73F657B}] => (Allow) C:Program Files (x86)Common FilesAcronisInfrastructuremms_mini.exe (Acronis International GmbH -> Acronis)

FirewallRules: [{9B7091D7-5BE2-4BE8-A1C3-3F49BE60F6F9}] => (Allow) C:Program FilesHPHP ENVY 5000 seriesBinDeviceSetup.exe (HP Inc -> HP Inc.)

FirewallRules: [{FE023C48-D28F-4375-A260-F41CFC3D10BC}] => (Allow) LPort=5357

FirewallRules: [{DF89D203-39CA-429E-9320-41A8358A08CB}] => (Allow) C:Program FilesHPHP ENVY 5000 seriesBinHPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)

FirewallRules: [TCP Query User{CFB3A198-B14B-4D7A-8E51-2169AE9F7BD3}C:userstiny humansappdataroamingzoombinzoom.exe] => (Block) C:userstiny humansappdataroamingzoombinzoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [UDP Query User{ABF4EA93-B505-4DEF-9DAA-C26B67146FC6}C:userstiny humansappdataroamingzoombinzoom.exe] => (Block) C:userstiny humansappdataroamingzoombinzoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [TCP Query User{B02816B3-4745-4A56-922B-42E476C210B9}C:userstiny humansappdataroamingzoombinzoom.exe] => (Block) C:userstiny humansappdataroamingzoombinzoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [UDP Query User{103A24AE-DF53-4FA2-BD83-84508F1D54F5}C:userstiny humansappdataroamingzoombinzoom.exe] => (Block) C:userstiny humansappdat aroamingzoombinzoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{10D5B1FE-3E57-4545-97AA-1A6FA1ADF628}] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{6FDC9B9D-25B6-41FD-BA20-AF0AFDC06B6A}] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{79767F80-C3A3-46CF-BE25-F1244BE82D60}] => (Allow) C:WINDOWSsystem32alg.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{F953FF63-D5B7-4C8A-A0D5-E233AE7C0869}] => (Allow) C:Program FilesTrend MicroHouseCalltmasenmapnmap.exe (Insecure.Org) [File not signed]

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:208.49 GB) (Free:122.05 GB) (59%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

====== ============

Error: (09/16/2021 10:47:25 AM) (Source: Application Error) (EventID: 1005) (User: )

Description: Windows cannot access the file for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program wuapihost because of this error.

Program: wuapihost

File:

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

If the file still cannot be accessed and

– It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

– It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

Additional Data

Error value: 00000000

Disk type: 0

Error: (09/16/2021 10:47:25 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wuapihost.exe, version: 10.0.19041.1, time stamp: 0xa106b9f7

Faulting module name: wuapi.dll, version: 10.0.19041.1, time stamp: 0xe59ef086

Exception code: 0xc000001d

Fault offset: 0x0000000000008b08

Faulting process id: 0x2244

Faulting application start time: 0x01d7ab09c3aa3f3c

Faulting application path: C:WindowsSystem32wuapihost.exe

Faulting module path: C:WindowsSystem32wuapi.dll

Report Id: 68095933-3add-4925-bb06-439b2ecf1634

Faulting package full name:

Faulting package-relative application ID:

Error: (09/16/2021 10:47:25 AM) (Source: Application Error) (EventID: 1005) (User: )

Description: Windows cannot access the file for on e of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services

File:

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

If the file still cannot be accessed and

– It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

– It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

Additional Data

Error value: 00000000

Disk type: 0

Error: (09/16/2021 10:47:25 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe_InstallService, version: 10.0.19041.1, time stamp: 0x7f0c4c00

Faulting module name: wuapi.dll, version: 10.0.19041.1, time stamp: 0xe59ef086

Exception code: 0xc000001d

Fault offset: 0x0000000000008b08

Faulting process id: 0x1ab8

Faulting application start time: 0x01d7aaf82ceabd06

Faulting application path: C:WINDOWSSystem32svchost.exe

Faulting module path: C:WindowsSystem32wuapi.dll

Report Id: 49f2eb82-6482-49f3-8a0a-c082518c3287

Faulting package full name:

Faulting package-relative application ID:

Error: (09/16/2021 10:47:09 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: RuntimeBroker.exe, version: 10.0.19041.1, time stamp: 0xf586f62a

Faulting module name: wuapi.dll, version: 10.0.19041.1, time stamp: 0xe59ef086

Exception code: 0xc000001d

Fault offset: 0x0000000000008b08

Faulting process id: 0x414

Faulting application start time: 0x01d7ab09b9ce6ee6

Faulting application path: C:WindowsSystem32RuntimeBroker.exe

Faulting module path: C:WindowsSystem32wuapi.dll

Report Id: ae11d0de-6d19-4bf9-a5cd-e333f0a0638f

Faulting package full name: Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1

Error: (09/16/2021 10:47:07 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: RuntimeBroker.exe, version: 10.0.19041.1, time stamp: 0xf586f62a

Faulting module name: wuapi.dll, version: 10.0.19041.1, time stamp: 0 xe59ef086

Exception code: 0xc000001d

Fault offset: 0x0000000000008b08

Faulting process id: 0x7cc

Faulting application start time: 0x01d7ab09b8b2e291

Faulting application path: C:WindowsSystem32RuntimeBroker.exe

Faulting module path: C:WindowsSystem32wuapi.dll

Report Id: c52fdddb-dc6f-4faf-b41d-d10aaaedb100

Faulting package full name: Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1

Error: (09/16/2021 10:46:55 AM) (Source: Application Error) (EventID: 1005) (User: )

Description: Windows cannot access the file for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program wuapihost because of this error.

Program: wuapihost

File:

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

If the file still cannot be accessed and

– It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

– It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

Additional Data

Error value: 00000000

Disk type: 0

Error: (09/16/2021 10:46:55 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wuapihost.exe, version: 10.0.19041.1, time stamp: 0xa106b9f7

Faulting module name: wuapi.dll, version: 10.0.19041.1, time stamp: 0xe59ef086

Exception code: 0xc000001d

Fault offset: 0x0000000000008b08

Faulting process id: 0x75c

Faulting application start time: 0x01d7ab09b1785bf4

Faulting application path: C:WindowsSystem32wuapihost.exe

Faulting module path: C:WindowsSystem32wuapi.dll

Report Id: baa85210-f58e-45c0-ab1a-fcc23f543955

Faulting package full name:

Faulting package-relative application ID:

System errors:

=============

Error: (09/16/2021 10:47:55 AM) (Source: DCOM) (EventID: 10010) (User: HCSPSB677)[19659002]Description: The server {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C} did not register with DCOM within the required timeout.

Error: (09/16/2021 10:47:25 AM) (Source: DCOM) (EventID: 10010) (User: HCSPSB677)