نتیجه اسکن ابزار اسکن بازیابی Farbar (FRST) (x64) نسخه: 15-04-2020
Ran توسط haim m (مدیر) در DESKTOP-3R5D607 (ASUS All Series) (15-04-2020 22:52:48)
در حال اجرا از C: Users haim m بارگیری
بارگذاری پروفایل: haim m ( پروفایل های موجود: haim m)
Platform: Windows 10 Enterprise Version 1909 18363.720 (X64) Language: English (United States)
مرورگر پیش فرض: Chrome
حالت راه انداز: نرمال
آموزش ابزار اسکن بازیابی Farbar : http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ociation19659002 მეგობარს============ ========= فرآیندهای (لیست در لیست سفید) ==================
(اگر یک ورودی در لیست فهرست گنجانده شده باشد ، روند بسته می شود. منتقل نمی شود.)
(Adobe Inc. -> Adobe Systems) C: Files Program (x86) Files مشترک Adobe ARM 1.0 armsvc.exe
(ASUSTeK Computer Inc. ->) C: File Files (x86) ASUS AXSP 1.01.02 atkexComSvc.exe
(Datpol Janusz Siemienowicz ->) C: Files Program (x86) SpyShelter Premium SpyShelter.exe
(Datpol Janusz Siemienowicz -> Datpol) C: Files Program (x86) SpyShelter Premium SpyShelterSrv.exe
(Discord Inc. -> Discord Inc.) C: Users haim m AppData Local Discord app-0.0.306 Discord.exe <6>
(Google Inc -> Google Inc.) C: Files Programs (x86) Google Update GoogleUpdate.exe
(Google LLC -> Google LLC) C: File Files (x86) Google Chrome Application chrome.exe <89>
(Google LLC -> Google LLC) C: Files Program (x86) Google Update 1.3. 35.452 GoogleCrashHandler.exe
(Google LLC -> Google LLC) C: Files Program (x86) Google Update 1.3.35.452 GoogleCrashHandler64.exe
(Logitech Inc ->) C: File Files LGHUB logi_analytics_client.exe
(Logitech Inc -> Logitech) C: ProgramData LogiShrd LogiOptions نرم افزار فعلی LogiOverlay.exe
(Lo gitech Inc -> Logitech، Inc.) C: File Files LGHUB lghub.exe <2>
(Logitech Inc -> Logitech، Inc.) C: Files Programs LGHUB lghub_agent.exe
(Logitech Inc -> Logitech، Inc.) C: File Files LGHUB lghub_updater.exe
(Logitech Inc -> Logitech، Inc) C: Files Programs Logitech LogiOptions LogiOptions.exe
(Logitech Inc -> Logitech، Inc.) C: ProgramData LogiShrd LogiOptions نرم افزار جاری laclient laclient.exe
(Logitech Inc -> Logitech، Inc.) C: ProgramData LogiShrd LogiOptions نرم افزار فعلی LogiOptionsMgr.exe
(Microsoft Corporation) C: File Programs WindowsApps Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe Microsoft.Photos.exe
(Microsoft Corporation) C: Program Files .windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe HxOutlook.exe
(شرکت مایکروسافت) C: Files Programs WindowsApps microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__ebb 9459003] (Microsoft Corporation) C: File Files WindowsApps Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe WinStore.App.exe
(Microsoft Corporation) C: Files Programme WindowsApps Microsoft.ZuneMusb_0.2x8_8.08.08 Music.UI.exe
(Microsoft Corporation) C: File Files WindowsApps Microsoft.ZuneVideo_10.20022.11011.0_x64__8wekyb3d8bbwe Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C: Windows System32 smartscreen.exe
( Microsoft Windows -> Microsoft Corporation) C: Windows System32 Taskmgr.exe
(انتشار دهنده Microsoft Windows -> Microsoft Corporation) C: ProgramData Microsoft Windows Defender Windows Platform 4.18.2003.8-1 MsMpEng.exe
(انتشار دهنده مایکروسافت ویندوز -> مایکروسافت شرکت) C: ProgramData مایکروسافت Windows Defender Platfo rm 4.18.2003.8-1 NisSrv.exe
(NVIDIA Corporation -> Node.js) C: Files Programs (x86) NVIDIA Corporation NvNode NVIDIA Web Helper.exe
(Corporation NVIDIA -> NVIDIA Corporation) C: File Files NVIDIA Corporation Display.NvContainer NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C: File Files NVIDIA Corporation NvContainer nvcontainer.exe <3>
NVIDIA Corporation -> NVIDIA Corporation) C: File Files NVIDIA Corporation NVIDIA GeForce Experience NVIDIA Share.exe <3>
(شرکت NVIDIA -> NVIDIA Corporation) C: File Files NVIDIA Corporation ShadowPlay nvsphelper64.exe
(Realtek نیمه هادی Corp -> Realtek نیمه هادی) C: برنامه های فایلها Realtek صوتی HDA RtkNGUI64.exe
(Spotify AB -> Spotify Ltd) C: کاربران haim m AppData رومینگ Spotify Spotify.exe <5>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C: Files Program (x86) TeamViewer TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer G ermany GmbH) C: File Files (x86) TeamViewer TeamViewer_Desktop.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C: Files Program (x86) TeamViewer TeamViewer_Service.exe
(TeamViewer آلمان GmbH -> TeamViewer Germany GmbH) C: File Files (x86) TeamViewer tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C: Files Program (x86) TeamViewer tv_x64.exe
(Valve -> Valve Corporation) C: Files Program (x86) Files Common Steam SteamService.exe
(Valve -> Valve Corporation) C: Files Program (x86) Steam bin cef cef.win7x64 steamwebhelper.exe <7>
(Valve -> Valve Corporation) C: Files Program (x86) Steam steam.exe
================ ==== رجیستری (لیست سفید) ====================
(اگر یک ورودی در لیست فهرست گنجانده شده باشد ، آیتم رجیستری به طور پیش فرض بازگردانده می شود یا حذف می شود . پرونده منتقل نمی شود.)
HKLM … Run: [RTHDVCPL] => C: File Files Realtek Audio HDA RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor Corp -> Realtek نیمه هادی )
HKLM … Run: [LogiOptions] => C: File Files Logitech LogiOptions LogiOptions.exe [2177160 2019-06-30] (Logitech Inc -> Logitech، Inc)
HKLM .. . Run: [Logitech Download Assistant] => C: Windows System32 LogiLDA.dll [3942864 2016-10-14] (Logitech -> Logitech، Inc.)
HKLM … Run: [SpyShelter] => C: پرونده های برنامه (x86) SpyShelter Premium SpyShelter.exe [4004032 2019-10-21] (Datpol Janusz Siemienowicz ->)
HKU S-1-5-21-2401923447-2376524134-692581353-1001 … Run: [Spotify] => C: Users haim m AppData Roaming Spotify Spotify.exe [22932200 2020-04-07] (Spotify AB -> Spotify Ltd)
HKU S-1-5-21-2401923447-2376524134-692581353 -1001 … Run: [LGHUB] => C: File Files LGHUB lghub.exe [71464072 2020-04-04] (Logitech Inc -> Logitech، Inc)
HKU S-1-5-21 -2401923447-2376524134-692581353-1001 … Run: [Steam] => C: Files Program (x86) S team steam.exe [3371296 2020-04-04] (Valve -> Valve Corporation)
HKU S-1-5-21-2401923447-2376524134-692581353-1001 … Run: [Discord] => C: کاربران haim m AppData محلی Discord app-0.0.306 Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKLM نرم افزار مایکروسافت راه اندازی فعال اجزای نصب شده: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C: File Files (x86) Google Chrome Application 81.0.4044.92 Installer chrmstp.exe [2020-04-15] (Google LLC -> Google LLC)
FF HKLM نرم افزار سیاست های موزیلا Firefox: محدودیت <==== توجه
================================================================================================================================================================================================================================================ 19659002] (اگر مدخل در لیست فهرست گنجانده شود ، از رجیستری خارج می شود. پرونده منتقل نمی شود مگر اینکه به طور جداگانه ذکر شود.)
کار:: 27FE3AC0-276E-4245-AA5D-8EDB680EF51C – System32 Tasks Microsoft Windows Windows Defender Windows Defender Scheduled Scan => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-1 MpCmdRun.exe [480272 2020-04-03] (انتشار دهنده مایکروسافت ویندوز -> شرکت مایکروسافت)
کار: {32E49C2B-B982-4259-9556-BB14364C4AA1 – System32 Tasks NvTmRR B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C: File Files NVIDIA Corporation NvBackend NvTmRep.exe [1134104 2019-12-08] (شرکت انویدیا -> شرکت انویدیا)
کار 9B58-7211ED27B58C} – System32 وظایف G2MUploadTask-S-1-5-21-2401923447-2376524134-692581353-1001 => C: کاربران haim m AppData Local GoToMeeting 17359 g2mupload.e (LogMeIn Inc. C: File Programs NVIDIA C orporation NVIDIA GeForce Experience NVIDIA GeForce Experience.exe [3302880 2019-12-09] (شركت NVIDIA -> شركت NVIDIA)
وظیفه: {63CCE805-02E9-40CD-B418-978F4920091A – System32 Tasks G2MUp -21-2401923447-2376524134-692581353-1001 => C: کاربران haim m AppData Local GoToMeeting 17359 g2mupdate.exe [32256 2020-04-08] (LogMeIn، Inc. -> LogMeIn، Inc)
Task : {6BD584D1-CEF6-4840-9866-DE107B221E00 – Microsoft Windows UNP RunCampaignManager -> بدون پرونده <==== توجه:
وظیفه: F 76F1D101-FE13-41E5-B375-6ECF92D وظایف Adobe Acrobat Update Task => C: Files Program (x86) Files Common Adobe ARM 1.0 AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {7E33C67D-EE9B -4535-93CE-A9C6DC44D3F4} – System32 Tasks NvTmRep_CrashReport1_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C: File Files NVIDIA Corporation NvBacked NTV] )
کار: {8C23DD82-A53A-4B2D-9062-D652B836A347 – System32 وظایف مایکروسافت Windows Windows Defender تأیید صحیح Windows Defender => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-1 MpCmdRun.exe [480272 2020-04-03] (انتشار دهنده Microsoft Windows -> Microsoft Corporation)
وظیفه: 86 9086FF15-DA33-47BD-9152-E43D35DC9AA5} – System32 Tasks GoogleUpdateTaskMachineCore => C: File Files (x86) Google Update GoogleUpdate.exe [153752 2017-02-10] (Google Inc -> Google Inc.)
وظیفه: C 96C2DCF3-4754-412B-B5D3-D48040435799} – System32 Tasks NvTmRep_CrashReport3_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5AABB برنامه [AE] AEAEB [AEX][1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
وظیفه: {A56F62F9-FD9C-47CC-815A-B2CD04D4E49E – System32 Tasks NvDriverUpdateCheckD Daily_ {B2FE150- A3503A3A3013A201-012A201-A201-A201-A201-014 NVIDIA Corporation NvContainer nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
کار: {B202EF16-FD8E-4A70-84AC-8AE449CB74E6 – System32 Taskks Microsoft Microsoft Win dows Windows Defender Windows Defender Cleanup => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-1 MpCmdRun.exe [480272 2020-04-03] (انتشارات Microsoft Windows Publisher -> Microsoft Corporation)
کار: 00 B778F410 -802C-4902-B03B-D662760A5953} – System32 Tasks NvNodeLauncher_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C: File Files (x86) NVIDIA Corporation NvNx شرکت -> شرکت انویدیا)
وظیفه: {C812DC79-4166-49C1-B55E-30028049C458 – System32 Tasks NvProfileUpdaterOnLogon_ B2FE1952-0186-46C3-BAEC-A80 = A80AA_AAA برنامه # هسته را به روز کنید NvProfileUpdater64.exe [914456 2019-12-08] (شركت NVIDIA -> شركت NVIDIA)
وظیفه: {CD20A49E-5D22-482F-B25F-DB5121B6BBF0} – System32 Tasks NvTmR2_52A2_2 => C: File Files NVIDIA Corporation NvBackend NvTmRep.exe [1134104 2019-12-08] (شرکت NVIDIA -> شرکت انویدیا)
کار: {D2A07EA8-2DF6-4491-96FD-F101CF 7D1EEA – System32 Tasks GoogleUpdateTaskMachineUA => C: Files Program (x86) Google Update GoogleUpdate.exe [153752 2017-02-10] (Google Inc -> Google Inc.)
وظیفه: {DB5D299E-1060-4534- B6B8-D1343E7B7845 – System32 Taskks Microsoft Windows Windows Defender Windows Defender Cache Maintenance => C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-1 MpCmdRun.exe [480272 2020-04-03] (انتشار دهنده Microsoft Windows -> شرکت مایکروسافت)
وظیفه: {E36ECDA2-2CFC-4F6E-9B8B-D4AAE71A8A45} – آدرس system32 وظایف NvBatteryBoostCheckOnLogon_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C: برنامه فایلها NVIDIA شرکت NvContainer nvcontainer.exe [858480 2019-12-06] (NVIDIA شرکت -> NVIDIA شرکت)
وظیفه: {F2419A53-F833-4860-88C3-2DE44BD173F5} – آدرس system32 وظایف NvProfileUpdaterDaily_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C: Files Programs NVIDIA Corporation Update Core NvProfileUpdater64.exe [914456 2019-12-08] (شركت NVIDIA -> NVIDIA Corporation)
(در صورتيكه ورودي در اين بخش وجود دارد t ، پرونده (.job) انتقال داده می شود. پرونده ای که توسط کار اجرا می شود منتقل نمی شود.)
کار: C: WINDOWS وظایف G2MUpdateTask-S-1-5-21-2401923447-2376524134-692581353-1001.job => C: کاربران haim m AppData محلی GoToMeeting 17359 g2mupdate.exe
کار: C: WINDOWS وظایف G2MUploadTask-S-1-5-21-2401923447-2376524134-692581353-1001.job> : کاربران haim m AppData محلی GoToMeeting 17359 g2mupload.exe
====================== اینترنت (لیست سفید) ===== ================
(اگر یک مورد در لیست فیکس موجود باشد ، اگر یک مورد از رجیستری باشد ، حذف می شود یا به صورت پیش فرض بازیابی می شود.)
Tcpip Parameters : [DhcpNameServer] 10.0.0.138
Tcpip .. Interfaces {d29282f2-2577-47a9-b23c-2a0f9b2cf204}: [DhcpNameServer] 10.0.0.138
Tcpip .. interfaces {e55 4ce7-90f5-638d0be66b6e: [DhcpNameServer] 10.0.0.138
Internet Explorer:
===================
HKLM نرم افزار مایکروسافت اینترنت اکسپلورر اصلی ، صفحه شروع = در مورد: خالی
HKLM نرم افزار Wow6432Node Microsoft Internet Explor er Main، صفحه شروع = درباره: vac
HKU S-1-5-21-2401923447-2376524134-692581353-1001 نرم افزار مایکروسافت اینترنت اکسپلورر اصلی ، صفحه شروع = در مورد: خالی
BHO : Google Toolbar Helper -> 5 AA58ED58-01DD-4d91-8333-CF10577473F7 -> C: Files Programs (x86) Google Google Toolbar GoogleToolbar_64.dll [2019-08-29] (Google Inc -> Google Inc.)
BHO-x32: Helper Toolbar Google -> 5 AA58ED58-01DD-4d91-8333-CF10577473F7 -> C: Files Programs (x86) Google Google Toolbar Toolbar GoogleToolbar_32.dll [2019-08-29] (Google Inc -> Google Inc .)
نوار ابزار: HKLM – نوار ابزار Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F – C: Files Programs (x86) Google Google Toolbar GoogleToolbar_64.dll [2019-08-29] (Google Inc -> Google وارز.)
نوار ابزار: HKLM-x32 – Google Toolbar – 18 2318C2B1-4965-11d4-9B18-009027A5CD4F iles – C: Files Program (x86) Google Google Toolbar GoogleToolbar_32.dll [2019-08-29] (Google Inc -> Google Inc.)
نوار ابزار: HKU S-1-5-21-2401923447-2376524134-692581353-1001 -> Google Toolbar – 2318C2B1-4965-11D4-9B18-009027A5CD4F} – C: Files Program (x86) Google Google Toolbar GoogleToolbar_64.dll [2019-08-29] (Google Inc -> Google Inc.)
FireFox:
========
FF Plugin-x32: Adobe Reader -> C: Files Program (x86) Adobe Acrobat Reader DC Reader AIR nppdf32.dll [2020-03-06] (Adobe Inc. – > Adobe Systems Inc.)
Chrome:
=======
پروفایل CHR: C: کاربران haim m AppData محلی Google Chrome داده های کاربر پیش فرض [2020-04-15]
اطلاعیه های CHR: پیش فرض -> hxxps: //adamtal.pushcrew.com؛ hxxps: //adamtal1.pushcrew.com؛ hxxps: //eu1.badoo.com؛ hxxps: //londonreal.tv؛ hxxps: //plus.google.com؛ hxxps: //stockstotrade.pushcrew.com؛ hxxps: //timothysykes.pushcrew.com؛ hxxps: //web.whatsapp.com؛ hxxps: //www.alibaba.com؛ hxxps: //www.facebook.com؛ hxxps: //www.gamespot.com؛ hxxps: //www.themarker.com
CHR پسوند: (اسناد) – C: کاربران haim m AppData محلی Google Chrome داده های کاربر پیش فرض برنامه های افزودنی aohghmighlieiainnegkcijnfilokake [2017-10-23]
CHR پسوند: Google Drive) – C: کاربران haim m AppData Local Google Chrome داده های کاربر پیش فرض برنامه های افزودنی apdfllckaahabafndbhieahigkjlhalf [2017-02-10]
CHR پسوند: (یوتیوب) – C: کاربران haim m AppData محلی Google Chrome داده های کاربری پیش فرض برنامه های افزودنی blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-10]
CHR پسوند: (عسل) – C: کاربران haim m AppData محلی Google Chrome داده های کاربر پیش فرض پسوند bmnlcjabgnpnenek6590 [CHMپسوندبرنامهافزودنی:(Rakuten:برایخریدنقدیدریافتکنید)-C:کاربرانhaimmAppDataمحلیGoogleChromeدادههایکاربرپیشفرضبرنامههایافزودنیchhjbpecpncaggjgjpdakmflnfcopglcmi[2020-03-30]
پسوند CHR: (Adobe Acrobat) – C: کاربران haim m AppData محلی Google Chrome داده های کاربر پیش فرض برنامه های افزودنی efaidnbmnnnibpcajpcglclefindmkaj [2020-03-03]
CHR پسوند: (Google Docs آفلاین) – C: کاربران haim m AppData محلی Goog le Chrome داده های کاربری پیش فرض پسوند Ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-12]
CHR پسوند: (AdBlock – بهترین مسدود کننده تبلیغات) – C: کاربران haim m AppData محلی Google Chrome داده های کاربر پیش فرض gighmmpiobklkj [2020-04-15]
CHR فرمت: (AVG SafePrice | مقایسه ، معاملات ، کوپن ها) – C: کاربران haim m AppData محلی Google Chrome داده های کاربر پیش فرض برنامه های افزودنی mbckjcfnjmoiinpgddefodcighgikkgn [2020-01-22]
CHR پسوند: (پرداخت های فروشگاه وب Chrome) – C: کاربران haim m AppData محلی Google Chrome داده های کاربر پیش فرض برنامه های افزودنی nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR پسوند: (Gmail) – C: کاربران haim m AppData محلی Google Chrome داده های کاربر پیش فرض برنامه های افزودنی pjkljhegncpnkpknbcohdijeoejaedia [2019-05-02]
CHR پسوند: (روت کروم مدیا) – C: کاربران haim m AppData محلی Google Chrome داده های کاربر پیش فرض پسوندها pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-04]
CH: مشخصات: m AppData محلی Google Chrome داده های کاربر پروفایل سیستم [2019-12-22]
CHR HKLM-x32 … Chrome برنامه افزودنی: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32 … Chrome Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
===================== خدمات (لیست سفید) =====================
( اگر یک ورودی در لیست ثابت وجود داشته باشد ، از رجیستری حذف می شود. پرونده منتقل نمی شود مگر اینکه به طور جداگانه ذکر شود.)
R2 asComSvc؛ C: Files Programs (x86) ASUS AXSP 1.01.02 atkexComSvc.exe [936728 2013-07-04] (ASUSTeK Computer Inc. ->)
S3 BEService؛ C: File Files (x86) Files Common BattlEye BEService.exe [6076936 2018-03-27] (نوآوری های BattlEye e.K. ->)
S3 EasyAntiCheat؛ C: File Files (x86) EasyAntiCheat EasyAntiCheat.exe [803440 2020-04-13] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 LGHUBUpdaterService؛ C: File Files LGHUB / lghub_updater.exe [10131080 2020-04-04] (Logitech Inc -> Logitech، Inc)
R2 NvContainerLocalSystem؛ C: File Files NVIDIA Corporation NvContainer nvcontainer.exe [858480 2019-12-06] (شرکت NVIDIA -> شرکت NVIDIA)
S3 NvContainerNetworkService؛ C: File Files NVIDIA Corporation NvContainer nvcontainer.exe [858480 2019-12-06] (شرکت NVIDIA -> شرکت انویدیا)
S3 Rockstar Service؛ G: Program Files Rockstar Games Launcher RockstarService.exe [1738368 2020-04-15] (Rockstar Games، Inc. -> Games Rockstar)
S3 Sense؛ C: File Files Windows Defender Advanced Threat Protection MsSense.exe [5929920 2020-03-11] (انتشار دهنده Microsoft Windows -> Microsoft Corporation)
R2 SpyShelterSrv؛ C: File Files (x86) SpyShelter Premium SpyShelterSrv.exe [61120 2019-10-21] (Datpol Janusz Siemienowicz -> Datpol)
R2 TeamViewer؛ C: File Files (x86) TeamViewer TeamViewer_Service.exe [13216272 2020-03-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc؛ C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-1 NisSrv.exe [3294680 2020-04-03] (انتشار دهنده Microsoft Windows -> Microsoft Corporation)
R2 WinDefend؛ C: ProgramData Microsoft Windows Defender platform 4.18.2003.8-1 MsMpEng.exe [103168 2020-04-03] (انتشارات Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem؛ "C: Program Files NVIDIA Corporation Display.NvContainer NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C: ProgramData NVIDIA NVDisplay.ContainerLocalSystem.log" -l 3 -d "C: فایلهای برنامه NVIDIA Corporation Display.NvContainer plugins LocalSystem "-r -p 30000
======================= درایورها (لیست سفید) === =================
(اگر یک مطلب در لیست فیش موجود باشد ، آن را از رجیستری حذف می کنید. پرونده منتقل نمی شود مگر اینکه جداگانه ذکر شود.) [19659002] S3 aftap0901؛ C: WINDOWS System32 driver aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> پروژه OpenVPN)
R1 AsIO؛ ج: ویندوز SysWow64 درایور AsIO.sys [15232 2013-07-04] (ASUSTeK Computer Inc. ->)
S3 dc3d؛ C: WINDOWS System32 driver dc3d.sys [47616 2011-05-18] (گواهینامه تست گروه سخت افزار -> شرکت مایکروسافت)
S3 dg_ssudbus؛ C: WINDOWS system32 DRIVERS ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co.، LTD. -> Samsung Electronics Co.، Ltd.)
R2 LGHUBTemperatureService؛ C: ProgramData LGHUB انبارها 47127 driver_cpu_temperature logi_core_temp.sys [25448 2020-04-04] (شرکت Logitech -> Logitech)
R3 logi_audio_surround؛ C: WINDOWS system32 driver logi_audio_surround.sys [44088 2020-04-04] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum؛ C: WINDOWS system32 driver logi_joy_bus_enum.sys [38136 2020-03-11] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid؛ C: WINDOWS system32 driver logi_joy_vir_hid.sys [20624 2020-03-11] (WDKTestCert sqa، 131523902232810150 -> Logitech، Inc).
R3 logi_joy_xlcore؛ C: WINDOWS system32 driver logi_joy_xlcore.sys [66808 2020-03-11] (Logitech Inc -> Logitech)
R3 MOSUMAC؛ C: WINDOWS System32 driver MOSUMAC.sys [57208 2014-03-26] (WDKTestCert Alex، 130389727012273971 -> ASIX Electronics Corp.)
R3 nvlddmkm؛ C: WINDOWS System32 DriverStore FileRepository nv_dispi.inf_amd64_9e532b5f619dc909 nvlddmkm.sys [23276960 2020-01-31] (شرکت انویدیا -> شرکت انویدیا)
S3 NvStreamKms؛ C: File Files NVIDIA Corporation NvStreamSrv NvStreamKms.sys [30336 2019-12-07] (شرکت انویدیا -> شرکت انویدیا)
R3 nvvad_WaveExtensible؛ C: WINDOWS system32 driver nvvad64v.sys [69840 2019-04-17] (شرکت انویدیا -> شرکت انویدیا)
R3 nvvhci؛ C: WINDOWS System32 driver nvvhci.sys [75600 2019-11-07] (شرکت انویدیا -> شرکت انویدیا)
R3 rt640x64؛ C: WINDOWS System32 driver rt640x64.sys [662528 2019-03-19] (Microsoft Windows -> Realtek)
R1 Spyshelter؛ C: File Files (x86) SpyShelter Premium SpyShelter.sys [1882328 2019-10-21] (Datpol Janusz Siemienowicz -> SpyShelter)
R1 SpyshelterKb؛ C: File Files (x86) SpyShelter Premium SpyshelterKb.sys [897240 2019-09-17] (Datpol Janusz Siemienowicz -> SpyShelter)
S3 ssudmdm؛ C: WINDOWS system32 DRIVERS ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co.، LTD. -> Samsung Electronics Co.، Ltd.)
S0 WdBoot؛ C: WINDOWS System32 driver wd WdBoot.sys [45960 2020-04-03] (انتشار سریع ضد ویروس مایکروسافت ویندوز مایکروسافت -> مایکروسافت شرکت)
R0 WdFilter؛ C: WINDOWS System32 driver wd WdFilter.sys [391392 2020-04-03] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv؛ C: WINDOWS System32 driver wd WdNisDrv.sys [59104 2020-04-03] (Microsoft Windows -> Microsoft Corporation)
===================== NetSvcs ( Whitelisted) ====================
(اگر در فهرست موجود در فهرست موجود است ، از رجیستری حذف می شود. پرونده منتقل نمی شود مگر اینکه ذکر شود جداگانه.)
===================== یک ماه (ایجاد شده) ===================
(اگر یک ورودی در لیست ثابت گنجانده شود ، پرونده / پوشه منتقل می شود.)
2020-04-15 22:52 – 2020-04-15 22:53 – 000022348 _____ C: Users haim m Downloads FRST.txt
2020-04-15 22:52 – 2020-04-15 22:53 – 000000000 ____D C: FRST
2020-04-15 22:51 – 2020-04 -15 22:52 – 002281472 _____ (Farbar) C: Users haim m Downloads FRST64.exe
2020-04-15 21:44 – 2020-04-15 21:44 – 000000616 _____ C: کاربران haim m دریافت ها BCH-60-ThisOne.zip
2020-04-15 15:22 – 2020-04-15 15:23 – 001295576 _____ (Google LLC) C: کاربران haim m بارگیری ChromeSetup.exe
2020-04-14 09:31 – 20 20-04-14 09:31 – 000000222 _____ C: کاربران haim m دسکتاپ 7 روز برای Die.url
2020-04-13 23:34 – 2020-04-13 23:34 – 000000000 ____D C: Users haim m Downloads PopcornTime
2020-04-13 21:18 – 2020-04-13 21:19 – 000000000 ____D C: File files (x86) EasyAntiCheat
2020-04 -13 20:25 – 2020-04-13 20:25 – 000000931 _____ C: Users Public Desktop Nexus Mod Manager.lnk
2020-04-13 20:25 – 2020-04-13 20: 25 – 000000931 _____ C: ProgramData Desktop Nexus Mod Manager.lnk
2020-04-13 20:25 – 2020-04-13 20:25 – 000000000 ____D C: Files Programs Nexus Mod Manager
2020-04-13 20:23 – 2020-04-13 20:23 – 008364965 _____ (بازی سیاه درخت) C: کاربران haim m بارگیری ها NMM Community Edition-4-0-70-5-1557993552. exe
2020-04-13 20:20 – 2020-04-13 20:22 – 215307600 _____ C: Users haim m Downloads وسایل نقلیه Bdub-342-3-0-1582598267.zip
2020 -04-12 23:00 – 2020-04-12 23:01 – 000002269 _____ C: کاربران haim m دسکتاپ פרטי התחברות לקורס_ ש l דיגיטלי ליזמים – מסלול הפרימיום. eml
2020-04-12 07:20 – 2020-04-12 07:21 – 010853176 _____ (Datpol) C: Users haim m Downloads premiumsetup (1) .exe
2020-04-08 04:03 – 2020-04-08 04:03 – 000002342 _____ C: کاربران haim m AppData رومینگ مایکروسافت ویندوز منوی شروع برنامه ها TuneIn.lnk
2020-04-08 04:03 – 2020-04-08 04:03 – 000002334 _____ C: Users haim m Desktop TuneIn.lnk
2020-04-08 04:02 – 2020-04-08 04:02 – 080750104 _____ (TuneIn Inc) C: Users haim m Downloads TuneIn + Setup + 1.17.0.exe
2020-04-08 02:25 – 2020-04-08 02:25 – 000000000 ____D C: کاربران haim m AppData رومینگ CC
2020-04-08 02:24 – 2020-04-08 02:24 – 000000000 ____D C: Users haim m Document Blade Conqueror
2020-04-08 01:21 – 2020-04-08 01:21 – 000000222 _____ C: Users haim m Desktop Blade.url فاتح
2020-04-04 16:02 – 2020 -04-04 16:02 – 000000650 _____ C: کاربران عمومی دسک تاپ Logitech G HUB.lnk
2020-04-04 1 6:02 – 2020-04-04 16:02 – 000000650 _____ C: ProgramData Desktop Logitech G HUB.lnk
2020-04-04 16:02 – 2020-04-04 16:02 – 000000000 ____D C: WINDOWS LastGood.Tmp
2020-04-04 16:02 – 2020-04-04 16:02 – 000000000 ____D C: ProgramData Microsoft Windows Start menu Programs Logi
2020 -04-04 16:02 – 2020-04-04 16:02 – 000000000 ____D C: Files Programs LGHUB
2020-04-04 16:00 – 2020-04-04 16:00 – 001982048 _____ ( Logitech) C: WINDOWS system32 logi_audio_hx2e_render_apo.dll
2020-04-04 16:00 – 2020-04-04 16:00 – 000405744 _____ (Logitech) C: WINDOWS system32 logi_audio_dts_studio_studio.d ] 2020-04-02 21:03 – 2020-04-02 21:18 – 000000000 ____D C: کاربران haim m AppData رومینگ SpyShelter
2020-04-02 21:03 – 2020-04- 02 21:03 – 000001156 _____ C: Users Public Desktop SpyShelter Premium.lnk
2020-04-02 21:03 – 2020-04-02 21:03 – 000001156 _____ C: ProgramData Desktop SpyShelter Premium.lnk
2020-04-02 21:03 – 2020-04-02 2 1:03 – 000000000 ____D C: ProgramData Microsoft Windows Menu Start Programs SpyShelter
2020-04-02 21:03 – 2020-04-02 21:03 – 000000000 ____D C: File Files ( x86) SpyShelter Premium
2020-04-02 21:03 – 2017-08-29 11:04 – 000052992 _____ (Datpol) C: WINDOWS system32 SpyShelterShellExt.dll
2020-04-02 21 : 03 – 2017-08-29 11:04 – 000045824 _____ (Datpol) C: WINDOWS SysWOW64 SpyShelterShellExt.dll
2020-04-02 20:53 – 2020-04-02 20:53 – 010874384 _____ (Datpol) C: Users haim m Downloads premiumsetup.exe
2020-04-02 20:47 – 2020-04-02 20:47 – 000255928 _____ (Malwarebytes) C: WINDOWS system32 Drivers 4441E174.sys
2020-04-02 20:46 – 2020-04-02 21:00 – 000000000 ____D C: Users haim m Desktop mbar
2020-04-02 20:46 – 2020-04-02 21:00 – 000000000 ____D C: ProgramData ضد بدافزار Malwarebytes (قابل حمل)
2020-04-02 20:46 – 2020-04-02 20:46 – 014178840 _____ (Malwarebytes Corp .) C: کاربران haim m دریافت ها mbar-1.10.3.1001.exe
2020-03-31 11:52 – 2020-03-31 11:52 – 000276984 _____ C: WINDOWS system32 FNTCACHE.DAT
2020-03-27 23:34 – 2020-03-27 23 : 34 – 000000222 _____ C: Users haim m Desktop Cossacks 3.url
2020-03-27 22:51 – 2020-03-27 22:51 – 000000221 _____ C: Users haim m دسک تاپ Grand Theft Auto IV The Complete Edition.url
2020-03-27 22:32 – 2020-03-27 22:32 – 003153872 _____ (philandro Software GmbH) C: Users haim m Downloads AnyDesk (1) .exe
2020-03-27 19:07 – 2020-03-27 19:07 – 000002238 _____ C: کاربران haim m دسکتاپ Discord.lnk
2020-03-27 19 : 07 – 2020-03-27 19:07 – 000000000 ____D C: Users haim m AppData Local Discord
2020-03-27 19:05 – 2020-03-27 19:06 – 062620472 _____ (Discord Inc.) C: Users haim m Downloads DiscordSetup.exe
2020-03-27 04:48 – 2020-03-27 04:48 – 000000020 ___SH C: کاربران haim m ntuser .ini
2020-03-26 19:40 – 2020-03-26 19:40 – 000000137 _____ C: Users haim m Desktop Assassin's Creed Odyssey.url
2020-03 -26 19:14 – 2020-04-10 08:56 – 000000672 _____ C: WINDOWS Task G2MUploadTask-S-1-5-21-2401923447-2376524134-692581353-1001.job
2020-03- 26 19:14 – 2020-04-10 08:56 – 000000576 _____ C: WINDOWS Task G2MUpdateTask-S-1-5-21-2401923447-2376524134-692581353-1001.job
2020-03-26 19:14 – 2020-04-08 13:21 – 000003842 _____ C: WINDOWS system32 Tasks G2MUploadTask-S-1-5-21-2401923447-2376524134-692581353-1001
2020-03-26 19 : 14 – 2020-04-08 13:21 – 000003746 _____ C: WINDOWS system32 Tasks G2MUpdateTask-S-1-5-21-2401923447-2376524134-692581353-1001
2020-03-26 19: 14 – 2020-04-08 13:21 – 000000000 ____D C: Users haim m AppData Local GoToMeeting
2020-03-26 19:14 – 2020-03-26 19:14 – 000000000 ____D C : کاربران haim m AppData Local GoTo Opener
2020-03-26 17:46 – 2020-03-26 17:46 – 000000221 _____ C: Users haim m Desktop Mafia II.url
2020-03-26 17:06 – 2020-03-26 17:06 – 000000222 _____ C: Users haim m Desktop Foundation.url
2020-03-2 6 16:56 – 2020-04-15 22:07 – 000000000 ____D C: Files Program (x86) Steam
2020-03-26 16:56 – 2020-03-26 16:56 – 001573568 _____ C : کاربران haim m بارگیری ها SteamSetup.exe
2020-03-26 16:56 – 2020-03-26 16:56 – 000001032 _____ C: Users Public Desktop Steam.lnk
2020-03-26 16:56 – 2020-03-26 16:56 – 000001032 _____ C: ProgramData Desktop Steam.lnk
2020-03-26 16:56 – 2020-03-26 16:56 – 000000000 ____D C: ProgramData Microsoft Windows منوی شروع برنامه ها بخار
2020-03-25 23:35 – 2020-03-25 23:35 – 000000080 ___SH C: bootTel.dat
2020-03-25 23:03 – 2020-04-02 20:51 – 000000000 ____D C: Users haim m Downloads backup
2020-03-25 23:02 – 2020-03-25 23: 02 – 000001012 _____ C: کاربران haim m AppData رومینگ AppData – Shortcut.lnk
2020-03-25 22:57 – 2020-03-25 22:57 – 000388608 _____ (Trend Micro Inc.) C: Users haim m Downloads HijackThis.exe
2020-03-25 22:34 – 2020-03-25 22:34 – 000291606 _____ C: Users haim m Downloads TC PView.zip
2020-03-25 22:27 – 2020-03-25 22:28 – 001728127 _____ C: Users haim m Downloads Autoruns.zip
2020-03-25 22:25 – 2020-03-25 22:25 – 000380928 _____ C:Usershaim mDownloadsxo1g1hog.exe
2020-03-25 22:14 – 2020-03-25 22:15 – 005659583 _____ (Swearware ) C:Usershaim mDownloadsComboFix.exe
2020-03-25 22:09 – 2020-03-25 22:11 – 000000000 ____D C:Usershaim mAppDataRoamingAnyDesk
2020-03-25 22:09 – 2020-03-25 22:09 – 003153872 _____ (philandro Software GmbH) C:Usershaim mDownloadsAnyDesk.exe
2020-03-25 22 :04 – 2020-03-25 22:04 – 000001112 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsTeamViewer.lnk
2020-03-25 22:04 – 2020-03-25 22: 04 – 000001100 _____ C:UsersPublicDesktopTeamViewer.lnk
2020-03-25 22:04 – 2020-03-25 22:04 – 000001100 _____ C:ProgramDataDesktopTeamViewer.lnk
2020-03-25 22:03 – 2020-03-25 22:03 – 027292336 _____ (TeamViewer Germany GmbH) C:Usershaim mDow nloadsTeamViewer_Setup.exe
2020-03-21 22:36 – 2020-03-21 22:36 – 000001128 _____ C:Usershaim mDesktopGrand Theft Auto V.lnk
2020-03-20 17:04 – 2020-03-20 17:04 – 000000000 ____D C:Usershaim mAppDataLocalmbam
2020-03-20 17:04 – 2020-03-20 17:04 – 000000000 ____D C:Usershaim mAppDataLocalcache
2020-03-20 17:03 – 2020-04-02 21:15 – 000000000 ____D C:ProgramDataMalwarebytes
2020-03-20 17:03 – 2020-03-20 17:03 – 000000000 ____D C:Usershaim mAppDataLocalmbamtray
2020-03-20 17:03 – 2020-03-20 16:48 – 008199856 _____ (Malwarebytes) C:Usershaim mDesktopadwcleaner_8.0.3.exe
2020-03-20 17:03 – 2020-03-20 16:47 – 001928352 _____ (Malwarebytes) C:Usershaim mDesktopMBSetup.exe
2020-03-20 16:54 – 2020-03-20 16:57 – 000000000 ____D C:AdwCleaner
2020-03-18 21:39 – 2020-03-18 21:39 – 000053616 _____ () C:WINDOWSsystem32Driversstaport.sys
==================== One month (modified) = =================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-04-15 22:54 – 2017-11-13 20:00 – 000000000 ____D C:Usershaim mAppDataRoamingdiscord
2020-04-15 22:53 – 2019-03-19 07:52 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2020-04-15 22:52 – 2018-06-01 18:54 – 000000000 ____D C:Program Files (x86)TeamViewer
2020-04-15 22:43 – 2019-07-13 00:23 – 000000000 ____D C:Usershaim mAppDataRoamingSpotify
2020-04-15 21:48 – 2017-11-12 17:51 – 000000000 ____D C:Program Files (x86)Rockstar Games
2020-04-15 21:47 – 2017-11-12 17:51 – 000000000 ____D C:Program FilesRockstar Games
2020-04-15 20:13 – 2018-09-09 12:48 – 000000000 ____D C:UsersPublicLogi
2020-04-15 19:13 – 2019-11-23 16:03 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2020-04-15 15:24 – 2017-02-10 09:51 – 000002373 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsG oogle Chrome.lnk
2020-04-15 15:24 – 2017-02-10 09:51 – 000002332 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2020-04-15 15:24 – 2017-02-10 09:51 – 000002332 _____ C:ProgramDataDesktopGoogle Chrome.lnk
2020-04-15 13:25 – 2019-11-23 16:15 – 000840852 _____ C:WINDOWSsystem32PerfStringBackup.INI
2020-04-15 13:25 – 2019-03-19 07:52 – 000000000 ____D C:WINDOWSAppReadiness
2020-04-15 13:25 – 2019-03-19 07:50 – 000000000 ____D C:WINDOWSINF
2020-04-15 13:20 – 2020-03-11 20:10 – 000000000 ____D C:Usershaim mAppDataLocalLGHUB
2020-04-15 13:19 – 2020-03-11 20:10 – 000000000 ____D C:Usershaim mAppDataRoamingLGHUB
2020-04-15 13:19 – 2019-11-23 16:13 – 000000006 ____H C:WINDOWSTasksSA.DAT
2020-04-15 13:19 – 2019-07-13 00:23 – 000000000 ____D C:Usershaim mAppDataLocalSpotify
2020-04-15 13:19 – 2017-07-12 15:53 – 000000000 ____D C:ProgramDataNVIDIA
2020-04-15 00:24 – 2019 -03-19 07:52 – 000000000 ___HD C:Program FilesWindowsApps
2020-04-14 08:36 – 2019-03-19 07:37 – 000786432 _____ C:WINDOWSsystem32configBBI
2020-04-13 23:37 – 2019-03-03 19:34 – 000000000 ____D C:Usershaim mAppDataRoaming.minecraft
2020-04-13 20:25 – 2017-11-21 01:18 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNexus Mod Manager
2020-04-13 20:25 – 2017-02-10 23:48 – 000000000 ____D C:Usershaim mAppDataLocalBlack_Tree_Gaming
2020-04-08 17:42 – 2018-05-20 18:31 – 000000000 ____D C:Usershaim mAppDataLocalD3DSCache
2020-04-08 04:05 – 2020-02-04 00:55 – 000000000 ____D C:Usershaim mAppDataRoamingTuneIn
2020-04-07 04:00 – 2019-11-23 16:08 – 000000000 ____D C:Usershaim m
2020-04-04 16:02 – 2017-05-17 19:51 – 000000000 ____D C:Usershaim mAppDataRoamingLogishrd
2020-04-04 16:00 – 2020-03-11 20:10 – 000044088 _____ (Logitech) C:WINDOWSsystem32Driverslogi_ audio_surround.sys
2020-04-03 19:34 – 2018-02-19 16:46 – 000000000 ____D C:WINDOWSsystem32Driverswd
2020-04-02 21:17 – 2019-08-29 22:14 – 000000000 ____D C:Usershaim mAppDataRoamingAVG
2020-04-02 21:17 – 2019-08-29 22:14 – 000000000 ____D C:Usershaim mAppDataLocalAvg
2020-04-02 21:17 – 2019-08-29 22:11 – 000000000 ____D C:ProgramDataAVG
2020-04-02 21:16 – 2017-02-11 11:10 – 000744808 ____N (Microsoft Corporation) C:WINDOWSsystem32MpSigStub.exe
2020-04-02 21:15 – 2019-03-19 07:52 – 000000000 ___HD C:WINDOWSELAMBKUP
2020-04-02 21:14 – 2017-02-14 05:41 – 000000000 ____D C:Usershaim mAppDataLocalCrashDumps
2020-04-02 21:13 – 2019-11-23 16:13 – 000003482 _____ C:WINDOWSsystem32TasksAdobe Acrobat Update Task
2020-04-02 21:05 – 2018-06-10 20:06 – 000000000 ____D C:ProgramDataMcAfee
2020-04-02 21:02 – 2019-03-19 07:37 – 000032768 _____ C:WINDOWSsystem32configELAM
2020-04-02 20:34 – 2019-11-23 16:13 – 000000000 ____D C:WINDOWSsystem32TasksAVAST Software
2020-03-29 00:53 – 2019-03-19 07:52 – 000000000 ____D C:WINDOWSLiveKernelReports
2020-03-29 00:53 – 2018-06-01 18:54 – 000000000 ____D C:Usershaim mAppDataRoamingTeamViewer
2020-03-27 19:17 – 2017-03-23 12:52 – 000000000 ____D C:Usershaim mAppDataLocalUbisoft Game Launcher
2020-03-27 19:07 – 2017-11-13 20:00 – 000000000 ____D C:Usershaim mAppDataRoamingMicrosoftWindowsStart MenuProgramsDiscord Inc
2020-03-27 19:07 – 2017-11-13 20:00 – 000000000 ____D C:Usershaim mAppDataLocalSquirrelTemp
2020-03-26 18:07 – 2017-06-16 22:46 – 000000000 ____D C:Usershaim mAppDataLocal2K Games
2020-03-25 22:57 – 2017-02-10 09:21 – 000000000 ____D C:Usershaim mAppDataLocalVirtualStore
2020-03-25 22:30 – 2018-10-27 17:14 – 000000000 ____D C:Program Files (x86)GOG Galaxy
2020-03-25 22:04 – 2018- 06-01 18:58 – 000000000 ____D C:Usershaim mAppDataLocalTeamViewer
2020-03-25 03:49 – 2018-01-11 03:31 – 000000000 ____D C:Usershaim mAppDataLocalPackages
2020-03-25 02:53 – 2019-11-23 16:13 – 000003212 _____ C:WINDOWSsystem32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-25 02:53 – 2019-11-23 16:13 – 000003044 _____ C:WINDOWSsystem32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-25 02:53 – 2019-11-23 16:13 – 000003008 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-25 02:53 – 2019-11-23 16:13 – 000003008 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-25 02:53 – 2019-11-23 16:13 – 000003008 _____ C:WINDOWSsystem32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-25 02:53 – 2019-11-23 16:13 – 000003008 _____ C: WINDOWSsystem32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-25 02:53 – 2019-11-23 16:13 – 000002974 _____ C:WINDOWSsystem32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-25 02:53 – 2019-11-23 16:13 – 000002918 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-2401923447-2376524134-692581353-1001
2020-03-25 02:53 – 2019-11-23 16:13 – 000002804 _____ C:WINDOWSsystem32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-25 02:52 – 2019-11-23 16:13 – 000003458 _____ C:WINDOWSsystem32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-25 02:52 – 2019-11-23 16:13 – 000003408 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA
2020-03-25 02:52 – 2019-11-23 16:13 – 000003256 _____ C:WINDOWSsystem32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-25 02:52 – 201 9-11-23 16:13 – 000003184 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore
2020-03-25 02:22 – 2017-05-23 00:30 – 000000000 ____D C:Usershaim mAppDataRoaminguTorrent
2020-03-21 22:36 – 2019-11-14 20:46 – 000000000 ____D C:Usershaim mAppDataRoamingMicrosoftWindowsStart MenuProgramsRockstar Games
2020-03-21 03:57 – 2017-03-14 21:06 – 000000000 ___HD C:Program Files (x86)InstallShield Installation Information
2020-03-21 01:19 – 2019-11-15 00:40 – 000000000 ___DC C:WINDOWSPanther
2020-03-21 01:19 – 2017-02-10 12:41 – 000000000 ____D C:Usershaim mAppDataRoamingMicrosoftWindowsStart MenuProgramsSteam
2020-03-21 01:19 – 2017-02-10 09:23 – 000000000 ____D C:Usershaim mAppDataRoamingSkype
2020-03-21 00:45 – 2017-06-07 19:07 – 000000000 ____D C:Usershaim mDocumentsAmerican Truck Simulator
2020-03-20 22:34 – 2018-01-11 03:36 – 000000000 ___RD C:Usershaim m3D Objects
20 20-03-20 17:06 – 2017-02-15 01:32 – 000000000 ____D C:Program Files (x86)Cheat Engine 6.6
2020-03-20 17:06 – 2017-02-10 11:56 – 000000000 ____D C:ProgramDataKMSAuto
2020-03-19 23:11 – 2018-06-10 20:06 – 000002457 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2020-03-17 21:43 – 2019-11-23 16:08 – 000002366 _____ C:Usershaim mAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
==================== Files in the root of some directories ========
2020-03-25 23:02 – 2020-03-25 23:02 – 000001012 _____ () C:Usershaim mAppDataRoamingAppData – Shortcut.lnk
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2020
Ran by haim m (15-04-2020 2 2:54:46)
Running from C:Usershaim mDownloads
Windows 10 Enterprise Version 1909 18363.720 (X64) (2019-11-23 13:14:00)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2401923447-2376524134-692581353-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-2401923447-2376524134-692581353-503 – Limited – Disabled)
defaultuser0 (S-1-5-21-2401923447-2376524134-692581353-1000 – Limited – Disabled)
Guest (S-1-5-21-2401923447-2376524134-692581353-501 – Limited – Disabled)
haim m (S-1-5-21-2401923447-2376524134-692581353-1001 – Administrator – Enabled) => C:Usershaim m
WDAGUtilityAccount (S-1-5-21-2401923447-2376524134-692581353-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled – Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled – Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKUS-1-5-21-2401923447-2376524134-692581353-1001…uTorrent) (Version: 3.5.5.45395 – BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32…{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 – Adobe Systems Incorporated)
Assassin's Creed Rogue version 1.1.0 (HKLM-x32…{07665C2D-12BD-4358-9969-5D067DB37C9C}_is1) (Version: 1.1.0 – UBISoft)
AutoHotkey 1.1.26.01 (HKLM…AutoHotkey) (Version: 1.1.26.01 – Lexikos)
Bully: Scholarship Edition (HKLM-x32…Bully: Scholarship Edition) (Version: 1.0.0.19 – Rockstar Games)
Cheat Engine 6.6 (HKLM-x32…Cheat Engine 6.6_is1) (Version: – Cheat Engine)
Crossout Launcher 1.0.3.68 (HKLM-x32…CrossOutLauncher_is1) (Version: – )
Discord (HKUS-1-5-21-2401923447-2376524134-692581353-1001…Discord) (Version: 0.0.306 – Discord Inc.)
Dreadnought (HKLM-x32…Dreadnought) (Version: 1.0.5 – Grey Box)
Google Chrome (HKLM-x32…Google Chrome) (Version: 81.0.4044.92 – Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32…{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 – Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32…{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 – Google Inc.)
Google Update Helper (HKLM-x32…{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 – Google LLC) Hidden
GoTo Opener (HKLM-x32…{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 – LogMeIn, Inc.)
GoToMeeting 10.9.1.17359 (HKUS-1-5-21-2401923447-2376524134-692581353-1001…GoToMeeting) (Version: 10.9.1.17359 – LogMeIn, Inc.)
Grand Theft Auto V (HKLM-x32…{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.1868.1 – Rockstar Games)
Gwent (HKLM-x32…1971477531_is1) (Version: 1.3.1 – GOG.com)
Logitech G HUB (HKLM…{521c89be-637f-42 74-a840-baaf7460c2b2}) (Version: – Logitech)
Logitech Options (HKLM…LogiOptions) (Version: 7.14.70 – Logitech)
MCS783x Windows 8.x Drivers (HKLM-x32…{2BDD8E68-208B-45E0-BEE7-FB379FBA5D78}) (Version: 1.0.1.0 – ASIX Electronics Corporation) Hidden
MCS783x Windows 8.x Drivers (HKLM-x32…InstallShield_{2BDD8E68-208B-45E0-BEE7-FB379FBA5D78}) (Version: 1.0.1.0 – ASIX Electronics Corporation)
Microsoft Games for Windows – LIVE Redistributable (HKLM-x32…{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-2401923447-2376524134-692581353-1001…OneDriveSetup.exe) (Version: 19.232.1124.0010 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB 8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1f d90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.24.28127 (HKLM-x32…{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.24.28127 (HKLM-x32…{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 – Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32…{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 – Microsoft Corp.)
Minecraft Launcher (HKLM-x32…{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Vers ion: 1.0.0.0 – Mojang)
Nexus Mod Manager (HKLM…6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.70.5 – Black Tree Gaming)
NVAPI Monitor plugin for NvContainer (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 – NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.2.34 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 – NVIDIA Corporation)
NVIDIA Graphics Driver 442.19 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.19 – NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 – NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32…{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 – NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19. 0218 – NVIDIA Corporation)
Popcorn Time (HKLM-x32…Popcorn Time_is1) (Version: 5.6.1.0 – Popcorn Time) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 – Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32…Red Dead Redemption 2) (Version: 1.0.1232.48 – Rockstar Games)
Rockstar Games Launcher (HKLM-x32…Rockstar Games Launcher) (Version: 1.0.20.241 – Rockstar Games)
Rockstar Games Social Club (HKLM-x32…Rockstar Games Social Club) (Version: 2.0.5.4 – Rockstar Games)
Spotify (HKUS-1-5-21-2401923447-2376524134-692581353-1001…Spotify) (Version: 1.1.30.658.gf13cde74 – Spotify AB)
SpyShelter Premium 12.0 (HKLM…Spyshelter_is1) (Version: 12.0 – Datpol)
Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)
TeamSpeak 3 Client (HKUS-1-5-21-2401923447-2376524134-692581353-1001…TeamSpeak 3 C lient) (Version: 3.1.4 – TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32…TeamViewer) (Version: 15.4.4445 – TeamViewer)
TuneIn 1.17.0 (HKUS-1-5-21-2401923447-2376524134-692581353-1001…{491e9b4c-9857-50a5-9caf-cb9616fbaf49}) (Version: 1.17.0 – TuneIn Inc)
UE4 Prerequisites (HKLM…{E8F64548-5B1F-405A-89EA-9D3147E9DE39}) (Version: 1.0.6.0 – Epic Games, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM…{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 – Microsoft Corporation)
Uplay (HKLM-x32…Uplay) (Version: 30.0 – Ubisoft)
Windows 10 Update Assistant (HKLM-x32…{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 – Microsoft Corporation)
WinRAR 5.71 (64-bit) (HKLM…WinRAR archiver) (Version: 5.71.0 – win.rar GmbH)
Packages:
=========
Autodesk SketchBook -> C:Program FilesWindowsApps89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-23] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:Program FilesWindowsAppsking.com.BubbleWitch3Saga_6.8.5.0_x86__kgqvnymyfvs32 [2020-04-09] (king.com)
Candy Crush Soda Saga -> C:Program FilesWindowsAppsking.com.CandyCrushSodaSaga_1.165.800.0_x86__kgqvnymyfvs32 [2020-04-03] (king.com)
Docs Viewer -> C:Program FilesWindowsApps32581DocumentManagement.DocxViewer_1.88.0.0_neutral__bxxb0jeh05ret [2017-04-06] (Document Management)
Document Reader & Editor -> C:Program FilesWindowsApps34366PDFViewer.DocumentReaderEditor_1.19.0.1_neutral__paafd5e9n5y7a [2017-06-27] (PDF Viewer)
Facebook -> C:Program FilesWindowsAppsFacebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-22] (Facebook Inc)
Hotspot Shield Free VPN -> C:Program FilesWindowsApps6F71D7A7.HotspotShieldFreeVPN_2.5.2.0_x64__nsbqstbb9qxb6 [2019-12-05] (AnchorFree Inc.)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml _10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:Program FilesWindowsAppsMicrosoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.6.4030.0_x64__8wekyb3d8bbwe [2020-04-15] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:Program FilesWindowsAppsMicrosoft.MinecraftUWP_1.14.3002.0_x64__8wekyb3d8bbwe [2020-02-13] (Microsoft Studios)
MSN Weather -> C:Program FilesWindowsAppsMicrosoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
Netflix -> C:Program FilesWindowsApps4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-11] (Netflix, Inc.)
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-10] (Microsoft Corporation)
Twitter -> C:Program FilesWindowsApps9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-2401923447-2376524134-692581353-1001_ClassesCLSID{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}InprocServer32 -> C:Usershaim mAppDataLocalGoToMeeting16786G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [SpyshelterExt] -> {030D32F7-BF26-40a2-AB44-A34E78908701} => C:WINDOWSsystem32SpyShelterShellExt.dll [2017-08-29] (Datpol Janusz Siemienowicz -> Datpol)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2019-04-27] (wi n.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [SpyshelterExt] -> {030D32F7-BF26-40a2-AB44-A34E78908701} => C:WINDOWSsystem32SpyShelterShellExt.dll [2017-08-29] (Datpol Janusz Siemienowicz -> Datpol)
ContextMenuHandlers4: [SpyshelterExt] -> {030D32F7-BF26-40a2-AB44-A34E78908701} => C:WINDOWSsystem32SpyShelterShellExt.dll [2017-08-29] (Datpol Janusz Siemienowicz -> Datpol)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WINDOWSsystem32nvshext.dll [2020-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Drivers32: [vidc.VP60] => C:WINDOWSSysWOW64vp6vfw.dll [447752 2008-09-05] (Electronic Arts -> On2.com)
HKLM…Drivers32: [vidc.VP61] => C:WINDOWSSysWOW64vp6vfw.dll [447752 2008-09-05] (Electronic Arts -> On2.com)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2017-07-12 15:52 – 2020-04-15 13:19 – 000025600 _____ () [File not signed] C:Program Files (x86)ASUSAXSP1.01.02PEbiosinterface32.dll
2019-06-26 03:37 – 2019-06-26 03:37 – 000144896 _____ () [File not signed] C:ProgramDataLogishrdLogiOptionsSoftwareCurrentlaclientlibssh2.dll
2019-06-26 03:37 – 2019-06-26 03:37 – 000077824 _____ () [File not signed] C:ProgramDataLogishrdLogiOptionsSoftwareCurrentlaclientzlib.dll
2019-06-26 03:37 – 2019-06-26 03:37 – 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:ProgramDataLogishrdLogiOptionsSoftware CurrentlaclientLIBCURL.dll
2019-06-26 03:37 – 2019-06-26 03:37 – 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:ProgramDataLogishrdLogiOptionsSoftwareCurrentlaclientLIBEAY32.dll
2019-06-26 03:37 – 2019-06-26 03:37 – 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:ProgramDataLogishrdLogiOptionsSoftwareCurrentlaclientSSLEAY32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMCODS => ""="Service"
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMcMPFSvc => ""="Service"
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMCODS => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 14:47 – 2018-06-16 16:01 – 000000826 _____ C:WINDOWSsystem32driversetchosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKUS-1-5-21-2401923447-2376524134-692581353-1001Control PanelDesktop\Wallpaper ->
DNS Servers: 10.0.0.138
HKLMSOFTWAREMi crosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKUS-1-5-21-2401923447-2376524134-692581353-1001…StartupApprovedRun: => "OneDrive"
HKUS-1-5-21-2401923447-2376524134-692581353-1001…StartupApprovedRun: => "GalaxyClient"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{452F100B-8B47-476A-AB18-B3B7A9906867}C:usershaim mappdataroamingspotifyspotify.exe] => (Allow) C:usershaim mappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{53E74C39-7BDC-4E60-95FA-668BB5A2E7AF}C:usershaim mappdataroamingspotifyspotify.exe] => (Allow) C:usershaim mappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{C1AA5B9F-6288-4982-AB23-63A6D9C7AC76}C:program files (x86)googlechromeapplicationchrome.exe] => (Allow) C:program files (x86)googlechromeapplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{454D3A43-0E1C-4427-AC17-7F112E3BDE69}C:program files (x86)googlechromeapplicationchrome.exe] => (Allow) C:program files (x86)googlechromeapplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{499E347A-19D0-42E1-BA84-7C5380C8FE06}C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe] => (Allow) C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{383BC617-8BD2-4470-83A5-E3A1B31463AC}C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe] => (Allow) C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{1AD0B090-D961-4AA6-8AC5-9FE483C548B7}C:program fileslogitech gaming softwarelcore.exe] => (Allow) C:program fileslogitech gaming softwarelcore.exe No File
FirewallRul es: [UDP Query User{F42347BE-DD92-4ADE-A5CD-2F63325FB131}C:program fileslogitech gaming softwarelcore.exe] => (Allow) C:program fileslogitech gaming softwarelcore.exe No File
FirewallRules: [{72680DB5-B554-4029-A033-F9519B160C60}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)
FirewallRules: [{1A6490C8-8B04-4A21-BE6F-77DB265E24FA}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)
FirewallRules: [{41B52D8D-004B-419D-84F1-A5A6E34E0039}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{09E84952-33D2-490B-B76B-8BEB98A855DD}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D85A7F4E-1978-4A6D-BBF4-867FACB7EA89}] => (Allow) G:Program FilesRockstar GamesRed Dead Redemption 2RDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{434AA844-7A56-4962-8FF3-1F994485033F}] => (Allow) G:Program FilesRockstar GamesRed Dead Redemption 2RDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{DB138868-7ABA-401D-BB7A-A089FB44F6A8}C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe] => (Block) C:programdatalogishrdlogioptionssoftwarecurrentl ogioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{7C122521-CF8C-41CA-A695-847DC6B5376A}C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe] => (Block) C:programdatalogishrdlogioptionssoftwarecurrentlogioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{DE2EFCDB-FCE3-47C1-8ABB-B616E3549391}] => (Allow) E:steamsteamappscommonFoundationfoundation.exe (Polymorph Games) [File not signed]
FirewallRules: [{5BB970FC-A0E8-44E8-BA5D-A5712B14D7C5}] => (Allow) E:steamsteamappscommonFoundationfoundation.exe (Polymorph Games) [File not signed]
FirewallRules: [TCP Query User{49ED94AB-CC69-4BC9-8113-8AA558000CF4}C:usershaim mappdataroamingutorrentutorrent.exe] => (Block) C:usershaim mappdataroamingutorrentutorrent.exe No File
FirewallRules: [UDP Query User{8FDAA9D6-FE41-4F55-9A76-D8085E181052}C:usershaim mappdataroamingutorrentutorrent.exe] => (Block) C:usershaim mappdataroamingutorrentutorrent.exe No File
FirewallRules: [TCP Query User{DCD1C267-B185-4BA6-90F8-959AD4A13743}C:usershaim mappdataroamingspotifyspotify.exe] => (Allow) C:usershaim mappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{C1E0362D-9CF3-4129-A716-D50D22EB54C0}C:usershaim mappdataroamingspotifyspotify.exe] => (Allow) C:usershaim mappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DF34E125-8962-4CE3-8F37-A921BD717602}] => (Allow) I:SteamLibrarysteamappscommonAssassins Creed O dysseyACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{6C9EAFA4-01CF-491B-BAA4-4FE0997D2401}] => (Allow) I:SteamLibrarysteamappscommonAssassins Creed OdysseyACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [TCP Query User{DCA6DC6A-8CBD-43BF-A137-917BFDAA7796}I:steamlibrarysteamappscommonmen of war assault squad 2mowas_2.exe] => (Allow) I:steamlibrarysteamappscommonmen of war assault squad 2mowas_2.exe (Digitalmindsoft) [File not signed]
FirewallRules: [UDP Query User{E95589C2-1BF8-4197-B2A7-42200F62350C}I:steamlibrarysteamappscommonmen of war assault squad 2mowas_2.exe] => (Allow) I:steamlibrarysteamappscommonmen of war assault squad 2mowas_2.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{C204F9D8-2A4A-48C7-B9EB-B96C7423E0F5}] => (Allow) I:SteamLibrarysteamappscommonFoxholeWar.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F6506E78-8789-4357-A9A4-91AF2AE8B498}] => (Allow) I:SteamLibrarysteamappscommonFoxholeWar.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{18FFC828-EABD-4E80-B01C-8B8001CBF36D}I:steamlibrarysteamappscommonfoxholewarbinarieswin64war-win64-shipping.exe] => (Allow) I:steamlibrarysteamappscommonfoxholewarbinarieswin64war-win64-shipping.exe (Clapfoot Inc) [File not signed]
FirewallRules: [UDP Query User{43870405-1F5A-44CF-BC73-A927E9ECA4A6}I:steamlibrarysteamappscommonfoxholewarbinarieswin64war-win64-shipping.exe] => (Allow) I:steamlibrarysteamappscommonfoxholewarbinarieswin64war-win64-shipping.exe (Clapfoot Inc) [19659104]FirewallRules: [{F68167AD-AB89-4E87-BD74-AB4056E52259}] => (Allow) E:steamsteamappscommonFarCry5binFarCry5.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{358E8233-B072-4683-8F68-21309BBA9D55}] => (Allow) E:steamsteamappscommonFarCry5binFarCry5.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{AE21A08D-BB10-45E4-A0C7-F2FFC2B433EF}] => (Allow) E:steamsteamappscommonFarCry5binArcadeEditor64.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{F646A12F-34B6-4D14-9B6B-BA3C6955E164}] => (Allow) E:steamsteamappscommonFarCry5binArcadeEditor64.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{E622A569-1178-4A04-9098-D323858A04D4}] => (Allow) E:steamsteamappscommonMafiaMafiaGame.exe (Illusion Softworks) [File not signed]
FirewallRules: [{B12F7DC2-85E6-4E45-B67B-ACFE15EE2855}] => (Allow) E:steamsteamappscommonMafiaMafiaGame.exe (Illusion Softworks) [File not signed]
FirewallRules: [{E468822B-F903-4731-949C-40CF002D33B9}] => (Allow) E:steamsteamappscommonMafiaMafiasetup.exe () [File not signed]
FirewallRules: [{85E82208-D034-4690-BDCA-D418FE1D1DD1}] => (Allow) E:steamsteamappscommonMafiaMafiasetu p.exe () [File not signed]
FirewallRules: [{31EEC3CF-7155-4252-8CE2-DBDC7B57D185}] => (Allow) E:steamsteamappscommonLife is Feudal Forest VillageForestVillage.exe () [File not signed]
FirewallRules: [{8663C0D5-5CCE-41A8-BD72-A8B4260758B7}] => (Allow) E:steamsteamappscommonLife is Feudal Forest VillageForestVillage.exe () [File not signed]
FirewallRules: [{EB9302B5-BECF-4BC8-88B1-E9E72AF521D8}] => (Allow) E:steamsteamappscommonCall of Duty WWIIs2_sp64_ship.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{D5DCA627-3743-4EAD-8FDE-B20787AD8477}] => (Allow) E:steamsteamappscommonCall of Duty WWIIs2_sp64_ship.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{715434AB-406A-45F6-B2AC-8CF94103CC6D}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{290308F2-DEF5-41FB-9183-3FAF0DC14624}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B2DF5D29-7DEE-4564-B277-B2E9A775527D}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDI A Corporation)
FirewallRules: [{D0924D5A-D196-4C46-A3C5-B912A49F06C3}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{71424275-4795-4FE9-AD37-006F4DF1E7D5}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E8CB6A7E-FE08-4BE1-B700-227F8E236994}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9956FED1-F442-43D8-A1F3-D5E8667E67CF}] => (Allow) E:steamsteamappscommonFactoriobinx64factorio.exe (Wube Software) [File not signed]
FirewallRules: [{B9F5633B-A8DE-47AF-B5FA-2A1DD92DBBEE}] => (Allow) E:steamsteamappscommonFactoriobinx64factorio.exe (Wube Software) [File not signed]
FirewallRules: [TCP Query User{23188BDD-F10B-4CD0-B9F1-DBC74CE33509}E:steamsteamappscommon7 days to die7daystodie.exe] => (Allow) E:steamsteamappscommon7 days to die7daystodie.exe No File
FirewallRules: [UDP Query User{EFE5E967-7280-4874-90FA-15533A00942E}E:steamsteamappscommon7 days to die7daystodie.exe] => (Allow) E:steamsteamappscommon7 days to die7daystodie.exe No File
FirewallRules: [{74492AF3-A593-4B50-9840-C40AE91C13F1}] => (Allow) E:steamsteamappscommon American Truck Simulatorbinwin_x64amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{3154A955-BC3B-4CDB-999A-4B9616097B1E}] => (Allow) E:steamsteamappscommonAmerican Truck Simulatorbinwin_x64amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{08C6641D-BC79-41EA-A511-DD19E2DFF974}] => (Allow) E:steamsteamappscommonFarm Manager 2018Farm Manager 2018.exe () [File not signed]
FirewallRules: [{4C2C2CBF-6401-435D-8A32-C40FBA72984F}] => (Allow) E:steamsteamappscommonFarm Manager 2018Farm Manager 2018.exe () [File not signed]
FirewallRules: [TCP Query User{056291EA-6BF6-4C56-80AA-032506DE286D}E:steamsteamappscommonwalking simulator 2020walkingsimulator2020binarieswin64walkingsimulator2020-win64-shipping.exe] => (Allow) E:steamsteamappscommonwalking simulator 2020walkingsimulator2020binarieswin64walkingsimulator2020-win64-shipping.exe No File
FirewallRules: [UDP Query User{D84FB444-616E-49DF-8824-4A46D684EABC}E:steamsteamappscommonwalking simulator 2020walkingsimulator2020binarieswin64walkingsimulator2020-win64-shipping.exe] => (Allow) E:steamsteamappscommonwalking simulator 2020walkingsimulator2020binarieswin64walkingsimulator2020-win64-shipping.exe No File
FirewallRules: [TCP Query User{DA8F8193-459D-4733-982B-901FE6AF0030}C:program fileslghublghub_agent.exe] => (Allow) C:program fileslghublghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{87A1B33C-4425-40C0-A494-7D102101E60A}C:program fileslghublghub_agent.exe] => (Allow) C:program fileslghublghub_agent.exe (Logitech Inc -> Logitech, Inc .)
FirewallRules: [TCP Query User{39099BBA-18B3-4D53-B2B8-302D4EEBA469}H:program files (x86)rockstar gamesgrand theft auto vgta5.exe] => (Allow) H:program files (x86)rockstar gamesgrand theft auto vgta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{70288ADC-694F-4004-A47D-DED1D8EACBD3}H:program files (x86)rockstar gamesgrand theft auto vgta5.exe] => (Allow) H:program files (x86)rockstar gamesgrand theft auto vgta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{C51669FA-0733-4388-9ADA-81451BD26C26}H:program files (x86)rockstar gamesgrand theft auto vgta5.exe] => (Block) H:program files (x86)rockstar gamesgrand theft auto vgta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{035EC19E-E6DE-4F31-A3D2-1708490880B9}H:program files (x86)rockstar gamesgrand theft auto vgta5.exe] => (Block) H:program files (x86)rockstar gamesgrand theft auto vgta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{2E8A1E96-A912-4ED5-9D56-2D90AFAA9F65}G:program filesrockstar gamesred dead redemption 2rdr2.exe] => (Block) G:program filesrockstar gamesred dead redemption 2rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{6EA74111-FF97-484C-BDE6-A1DE53E65E20}G:program filesrockstar gamesred dead redemption 2rdr2.exe] => (Block) G:program filesrockstar gamesred dead redemption 2rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{C5B88422-9B3A-4816-9C2F-036C8FD19B29}] => (Allow) C:Program Files (x86)TeamViewerTeamV iewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D54CD073-2071-4BBE-9421-07E25E2405DE}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D444A669-251E-4F5F-9B79-6A5269217277}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{49397424-13E7-40BD-ABF9-7ACF224ED1EC}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DC7083A8-6CAC-4185-90BD-D91778A76C52}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe No File
FirewallRules: [{68B86431-6769-404C-8F75-34AC1FAF31E5}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe No File
FirewallRules: [{D2662B7D-8461-4AB4-81DE-33A717CE89DB}] => (Allow) C:Program Files (x86)SteamsteamappscommonFoundationfoundation.exe (Polymorph Games) [File not signed]
FirewallRules: [{32E97BAD-7057-47FC-B490-5735E8CCFBC0}] => (Allow) C:Program Files (x86)SteamsteamappscommonFoundation foundation.exe (Polymorph Games) [File not signed]
FirewallRules: [{38EB4B2C-02B0-4434-81B1-25DEF71E4B20}] => (Allow) I:Program Files (x86)SteamLibrarysteamappscommonMafia IIpcmafia2.exe (Valve Corp. -> 2K Czech) [File not signed]
FirewallRules: [{004D624C-04B8-487B-B37D-E3C8FB7D33C8}] => (Allow) I:Program Files (x86)SteamLibrarysteamappscommonMafia IIpcmafia2.exe (Valve Corp. -> 2K Czech) [File not signed]
FirewallRules: [{94075695-6A92-4671-A356-139692392282}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonAssassins Creed OdysseyACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{E722B1F9-6B0E-4286-952B-5A7DB3BA52CF}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonAssassins Creed OdysseyACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{B16DB957-87A9-4374-B8B2-470B62F51EC5}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonCossacks 3cossacks.exe (GSC Game World) [File not signed]
FirewallRules: [{1B248C77-CE15-48D4-B4D3-93BD6EDFF985}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonCossacks 3cossacks.exe (GSC Game World) [File not signed]
FirewallRules: [{E66E60E5-D7A9-4411-B7B0-12482FC4E9B0}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonCossacks 3config.exe (GSC Game World) [File not signed]
FirewallRules: [{340EF78F-09B9-4AC8-AD03-7D23491993FD}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonCossacks 3config.exe (GSC Game World) [File not signed]
FirewallRules: [{98C5790B-4753-4887-B8B4-297BF97CC578}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonCossacks 3editor.exe (GSC Game World) [File not signed]
FirewallRules: [{582E6B5B-7713-49C9-B68A-F4786AEAD0C0}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonCossacks 3editor.exe (GSC Game World) [File not signed]
FirewallRules: [{28EB5461-4C11-45D3-B630-D5918029DC04}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonCossacks 3modman.exe (GSC Game World) [File not signed]
FirewallRules: [{888A4DF0-A7EE-44CA-BD04-BE32C2ECB3FF}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonCossacks 3modman.exe (GSC Game World) [File not signed]
FirewallRules: [{77C1AF3B-48B2-4237-94D7-7018B4B26D1F}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonGrand Theft Auto IVGTAIVPlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{D2D4E010-4376-439B-A4D9-B62C3AD4D672}] => (Allow) H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonGrand Theft Auto IVGTAIVPlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{B2A7706F-9E56-4F70-875E-CAEB4F263E12}C:usershaim mdownloadsanydesk (1).exe] => (Allow) C:usershaim mdownloadsanydesk (1).exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [UDP Query User{B88EAF17-58C9-4D84-B841-CE5E69DDFB02}C:usershaim mdownloadsanydesk (1).exe] => (Allow) C:usershaim mdownloadsanydesk (1).exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [TCP Query User{9F562971-05D1-4DBD-86ED-5A433BF3A46D}I:program files (x86)steamlibrarysteamappscommonconqueror’s blade frontiergamex64shipclientccccmini.exe] => (Block) I:program files (x86)steamlibrarysteamappscommonconqueror's blade frontiergamex64shipclientccccmini.exe (NetEase(Hangzhou) Network Co. Ltd. -> 网易公司) [File not signed]
FirewallRules: [UDP Query User{6F866A57-FD62-4A65-AFE1-CAA4FB27DD66}I:program files (x86)steamlibrarysteamappscommonconqueror’s blade frontiergamex64shipclientccccmini.exe] => (Block) I:program files (x86)steamlibrarysteamappscommonconqueror's blade frontiergamex64shipclientccccmini.exe (NetEase(Hangzhou) Network Co. Ltd. -> 网易公司) [File not signed]
FirewallRules: [TCP Query User{390C1E67-EE63-4B10-9B0D-9D4178711AA1}C:program files (x86)popcorn timechromecastnode.exe] => (Block) C:program files (x86)popcorn timechromecastnode.exe (Joyent Inc -> Joyent, Inc)
FirewallRules: [UDP Query User{AF4E4A21-2B54-469E-A9CE-BA897DA561F0}C:program files (x86)popcorn timechromecastnode.exe] => (Block) C:program files (x86)popcorn timechromecastnode.exe (Joyent Inc -> Joyent, Inc)
FirewallRules: [TCP Query User{3C814ED1-C947-48E1-A030-4C17B122A5EB}C:program files (x86)popcorn timepopcorntimedesktop.exe] => (Block) C:program files (x86)popcorn timepopcorntimedesktop.exe () [File not signed]
FirewallRules: [UDP Query User{61F9E850-1211-4579-8E35-5E3A36F28610}C:program files (x86)popcorn timepopcorntimedesktop.exe] => (Block) C:program files (x86)popcorn timepopcorntimedesktop.exe () [File not signed]
FirewallRules: [{306B89E8-C052-4F29-ABD5-E6E4B6CD6DBA}] => (Allow) I:Program Files (x86)SteamLibrarysteamappscommon7 Days To Die7dLauncher.exe () [File not signed]
FirewallRules: [{51C10F1E-B302-4D19-87FC-A1620C3FD795}] => (Allow) I:Program Files (x86)SteamLibrarysteamappscommon7 Days To Die7dLauncher.exe () [File not signed]
FirewallRules: [{8A7CC9E4-0F3D-46B5-B561-92D487BE2192}] => (Allow) I:Program Files (x86)SteamLibrarysteamappscommonConqueror's Blade Frontiergamex64Shipclientproven_ground_client.exe (NetEase(Hangzhou) Network Co. Ltd. -> BoomingGames)
FirewallRules: [{8D19A691-DFCC-419E-A2CA-8CFE70705962}] => (Allow) I:Program Files (x86)SteamLibrarysteamappscommonConqueror's Blade Frontiergamex64Shipclientproven_ground_client.exe (NetEase(Hangzhou) Network C o. Ltd. -> BoomingGames)
FirewallRules: [{C58789DD-E21D-4189-998D-0B64F7854089}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
04-04-2020 17:54:28 Scheduled Checkpoint
13-04-2020 21:52:28 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: HID-compliant headset
Description: HID-compliant headset
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/15/2020 10:51:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (16380,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.
Error: (04/15/2020 10:07:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GTAIV.exe version 1.2.0.32 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 37dc
Start Time: 01d613567b0bc619
Termination Time: 4294967295
Application Path: H:Program Files (x86)R.G. MechanicsSteamLibrarysteamappscommonGrand Theft Auto IVGTAIVGTAIV.exe
Report Id: 2220d385-9eab-44a3-b314-af25ba1056f5
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (04/15/2020 09:53:57 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12192,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.
Error: (04/15/2020 08:51:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15412,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.
Error: (04/15/2020 08:24:54 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13252,R,98) TILEREPOSITORYS-1-5-18: Erro r -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.
Error: (04/15/2020 08:02:25 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (828,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.
Error: (04/15/2020 07:51:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13780,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabaseEDB.log.
Error: (04/15/2020 07:18:31 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15356,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:WINDOWSsystem32configsystemprofileAppDataLocalTileDataLayerDatabase EDB.log.
System errors:
=============
Error: (04/15/2020 01:19:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.
Error: (04/15/2020 01:19:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:56:52 AM on 4/15/2020 was unexpected.
Error: (04/15/2020 01:18:55 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.
Error: (04/13/2020 11:43:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.[19659002]Error: (04/13/2020 09:19:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for ImagePath with the following error:
Access is denied.
Error: (04/13/2020 09:19:02 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for ImagePath with the following error:
Access is denied.
Error: (04/13/2020 09:19:00 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for ImagePath with the following error:
Access is denied.
Error: (04/13/2020 09:18:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for ImagePath with the following error:
Access is denied.
Windows Defender:
===================================
Date: 2020-04-15 17:33:13.439
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {15111873-5A7D-4631-9522-31CAEB216332}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-04-12 07:31:44.089
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DC26C7C6-1D54-423E-91EF-19AB93A3E621}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-04-06 14:21:40.317
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: rootcert:_F81F111D0E5AB58D396F7BF525577FD30FDC95AA
Det ection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.313.861.0, AS: 1.313.861.0, NIS: 1.313.861.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-06 14:13:00.679
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C25F5BB9-5EBA-4A6C-8BAD-30B2609D536C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-04-06 13:45:10.405
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {00A0FB78-7A06-462B-BFEA-31412B0C727A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-04-02 21:16:18.865
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Ver sion:
Previous security intelligence Version: 1.305.2675.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072f8f
Error description: A security error occurred
Date: 2020-04-02 21:16:18.865
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.2675.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072f8f
Error description: A security error occurred
Date: 2020-04-02 21:16:18.348
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.2675.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2020-04-02 21:16:18.348
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.2675.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error cod e: 0x80240022
Error description: The program can't check for definition updates.
Date: 2019-11-23 15:15:01.142
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2020-04-02 21:16:11.655
Description:
Code Integrity determined that a process (DeviceHarddiskVolume6Usershaim mAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume6Program Files (x86)Overwolf�.143.0.24win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-02 21:16:11.628
Description:
Code Integrity determined that a process (DeviceHarddiskVolume6Usershaim mAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume6Program Files (x86)Overwolf�.143.0.24win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-02 21:15:22.898
Description:
Code Integrity determined that a process (DeviceHarddiskVolume6Usershaim mAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume6Program Files (x86)Overwolf�.143.0.24win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-02 21:15:22.892
Description:
Code Integrity determined that a process (DeviceHarddiskVolume6Usershaim mAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume6Program Files (x86)Overwolf�.143.0.24win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-02 21:15:22.879
Description:
Code Integrity determined that a process (DeviceHarddiskVolume6Usershaim mAppDataLocalDiscordapp-0.0.306Discord.exe) attempted to load DeviceHarddiskVolume6Program Files (x86)Overwolf�.143.0.24win32OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-02 21:15:06.563
Description:
Code Integrity determined that a process (DeviceHarddiskVolume6Program FilesWindows DefenderMpCmdRun.exe) attempted to load DeviceHarddiskVolume6Program FilesAVGAntivirusaswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-02 21:15:06.539
Description:
Code Integrity determined that a process (DeviceHarddiskVolume6Program FilesWindows DefenderMpCmdRun.exe) attempted to load DeviceHarddiskVolume6Program FilesAVGAntivirusaswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2020-04-02 21:15:06.517
Description:
Code Integrity determined that a process (DeviceHarddiskVolume6Program FilesWindows DefenderMpCmdRun.exe) attempted to load DeviceHarddiskVolume6Program FilesAVGAntivirusaswAMSI.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatr ends Inc. 0404 07/19/2013
Motherboard: ASUSTeK COMPUTER INC. H81-PLUS
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 64%
Total physical RAM: 16322.23 MB
Available physical RAM: 5819.84 MB
Total Virtual: 27586.23 MB
Available Virtual: 8337.56 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.56 GB) (Free:105 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
Drive e: () (Fixed) (Total:223.57 GB) (Free:52.25 GB) NTFS
Drive g: (GamesLoh) (Fixed) (Total:195.21 GB) (Free:74.53 GB) NTFS
Drive h: (Dawonlod) (Fixed) (Total:341.8 GB) (Free:66.64 GB) NTFS
Drive i: (Games) (Fixed) (Total:394.4 GB) (Free:43.23 GB) NTFS
Drive j: (My Disc) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
\?Volume{b564daad-0000-0000-0000-100000000000} (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\?Volume{9c69e7d9-0000-0000-0000-30c337000000} () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B564DAAD)
Partition 1: (Active) – (Size=100 MB) – (Type=07 NTFS)
Partition 2: (Not Active) – (Size=195.2 GB) – (Type=07 NTFS)
Partition 3: (Not Active) – (Size=341.8 GB) – (Type=07 NTFS)
Partition 4: (Not Active) – (Size=394.4 GB) – (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 9C69E7D9)
Partition 1: (Active) – (Size=500 MB) – (Type=07 NTFS)
Partition 2: (Not Active) – (Size=222.6 GB) – (Type=07 NTFS)
Partition 3: (Not Active) – (Size=531 MB) – (Type=27)
======== ==================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 9C69E7CF)
Partition 1: (Not Active) – (Size=223.6 GB) – (Type=07 NTFS)
==================== End of Addition.txt =======================
Edited by Oh My!, Today, 05:09 PM.
.
