Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Podezření na keyloggera

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Podezření na keyloggera

#1 Příspěvek od Windi »

Zdravím,

prosím o kontrolu. Tento měsíc jsem opakovaně zachytil pokusy o přihlášení na 2 moje maily a pak steam apod.
Na jeden mail se zřejmě podařilo. Jelikož jsem tam včera našel cizí aktivitu.
Navíc přišel klasický výhružný mail ať pošlu prachy, jinak... (no znáte to). V každém případě tam bylo uvedený mail i heslo správně.
Takže jsem si hesla rychle změnil a teď bych to potřeboval nějak vyřešit.

Výpis z FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2022
Ran by Mermeoth (administrator) on DESKTOP-VGTMQ82 (MSI MS-7970) (30-07-2022 14:32:01)
Running from C:\Users\Mermeoth\Desktop
Loaded Profiles: Mermeoth
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1826 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files\Opera GX\89.0.4447.64\opera_crashreporter.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(E:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\steam.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Opera Norway AS -> Opera Software) C:\Program Files\Opera GX\opera.exe <28>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_7ed3bacbb0a8cc67\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Proton Technologies AG -> ) E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe
(services.exe ->) (Proton Technologies AG -> ) E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2021-03-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Eraser] => E:\Program Files\Eraser\Eraser.exe [1068624 2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Opera GX Browser Assistant] => C:\Program Files\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\Run: [EpicGamesLauncher] => E:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32706000 2022-07-21] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3535416 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\Run: [OneDrive] => C:\Users\Evička\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1584488 2020-01-12] (Microsoft Corporation) [File not signed]
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --enable-audio-service-sandbox --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switc (the data entry has 60 more characters). [2673480 2022-07-18] (Google LLC -> Google LLC)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3535416 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\...\AppCompatFlags\Custom\MFatigue.exe: [{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb] -> Metal Fatigue Compatibility Database (Saleck)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{b783cee4-8f7f-45fe-873f-953f2b6d3442}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb [2020-08-31]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-22] (Google LLC -> Google LLC)
Startup: C:\Users\Mermeoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-09-27]
ShortcutTarget: Twitch.lnk -> E:\Program Files\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04B1BEE5-0CE8-4576-B9A7-5DE57C59BD8D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {05650F80-4CD1-4101-B134-B568B02932BA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {10C1F606-CC81-406F-948F-413365EDBB01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6563280 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {281800E8-303D-4815-ACBB-150252D6C2F6} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1636403563 => C:\Program Files\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera GX\assistant" $(Arg0)
Task: {41F3E518-5C7E-48FA-9661-76288E42CBCD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {45872910-FA5F-45CA-ABD4-C5D13206193B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D6DD58D-1AB1-49EA-B0A1-826CC3B5B78A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {650BBEEC-88D8-45AA-B7D2-61332656E0F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Task: {67F63918-ACEC-4B18-88F4-80D7838B17D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Task: {85042E61-0EF8-4E73-A78C-7D4CBDC9BCEB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A74BC68D-3DBD-4B0F-99FB-C80E83EAE195} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6563280 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {B039A956-6B8E-4425-AD33-A75BF414AE1D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C11BDAC2-30DC-4966-8A61-028791620F6B} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {C842A0DC-C010-4321-8E47-5CEE049A4A8F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F2EC6625-D90F-4769-8AB8-6AE40AA06EA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F2F757DB-092B-46D7-AD21-36C7DB9806DC} - System32\Tasks\Opera GX scheduled Autoupdate 1635276729 => C:\Program Files\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS -> Opera Software)
Task: {FDA5D773-B8A4-42E8-AF21-75E76FE0D73B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{b2101a9a-91d0-4cd8-b3ca-978816e8a935}: [DhcpNameServer] 62.129.50.20 85.135.32.100

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Mermeoth\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-27]

FireFox:
========
FF DefaultProfile: a44ojqp7.default
FF ProfilePath: C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\a44ojqp7.default [2019-09-19]
FF ProfilePath: C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release [2022-07-27]
FF Extension: (AdBlocker Ultimate) - C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2022-05-25]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-07-07]
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default [2022-07-28]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.idnes.cz
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps: ... oogle.com/"
CHR Extension: (Dark Mode) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmghijelimhndkbmpgbldicpogfkceaj [2022-06-23]
CHR Extension: (React Developer Tools) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2022-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

Opera:
=======
StartMenuInternet: (HKLM) Opera GXStable - C:\Program Files\Opera GX\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2020-02-06] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-03-04] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-06-09] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 MBAMService; E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
R3 ProtonVPN Service; E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [102648 2021-01-29] (Proton Technologies AG -> )
R3 ProtonVPN Update Service; E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [62712 2021-01-29] (Proton Technologies AG -> )
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [300600 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; E:\Games\Launcher\RockstarService.exe [2559896 2022-03-15] (Rockstar Games, Inc. -> Rockstar Games)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [534440 2022-04-28] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ElevationService; C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_skl.inf_amd64_2a35efc43f1a612e\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_skl.inf_amd64_363c7132639e12a6\iaLPSS2_I2C_ICL.sys [200456 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_skl.inf_amd64_a59239db7de9954f\iaLPSS2_UART2_ICL.sys [312600 2020-04-28] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsldcff2823; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC2A418F-FEA8-4B4D-A0DB-474EAAB48E12}\MpKslDrv.sys [141576 2022-07-30] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPNCallout; E:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2021-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_021e; C:\WINDOWS\System32\drivers\RzDev_021e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-30 14:32 - 2022-07-30 14:32 - 000022921 _____ C:\Users\Mermeoth\Desktop\FRST.txt
2022-07-30 14:26 - 2022-07-30 14:32 - 000000000 ____D C:\FRST
2022-07-30 14:26 - 2022-07-30 14:26 - 002369536 _____ (Farbar) C:\Users\Mermeoth\Desktop\FRST64.exe
2022-07-30 14:08 - 2022-07-30 14:09 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\Tiger
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\INTL
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\ProgramData\INTL
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2022-07-30 12:54 - 2022-06-24 02:17 - 000172304 _____ (Razer Inc) C:\WINDOWS\system32\RazerS2S3CoinstallerEx.dll
2022-07-27 12:44 - 2022-07-27 14:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-22 21:54 - 2022-07-22 21:53 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-07-21 17:45 - 2022-07-21 17:45 - 000000000 ____D C:\Users\Mermeoth\AppData\LocalLow\Tlön Industries
2022-07-14 20:50 - 2022-07-14 20:50 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-14 20:50 - 2022-07-14 20:50 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-14 20:50 - 2022-07-14 20:50 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-14 20:44 - 2022-07-14 20:44 - 000000000 ___HD C:\$WinREAgent
2022-07-14 14:02 - 2022-07-14 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-07-14 14:02 - 2022-07-14 14:04 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\Wondershare
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\MobileBackupForeverIni
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\Users\Mermeoth\.android
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\ProgramData\Wondershare
2022-07-14 14:01 - 2022-07-14 14:12 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2022-07-14 14:01 - 2022-07-14 14:12 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\Wondershare

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-30 14:25 - 2021-03-10 11:11 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\EasyAntiCheat
2022-07-30 14:10 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-30 14:08 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-30 14:08 - 2019-09-20 20:40 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\D3DSCache
2022-07-30 14:06 - 2020-09-17 06:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-30 14:05 - 2019-09-19 08:51 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-30 12:26 - 2019-09-19 09:01 - 000000000 ____D C:\Users\Mermeoth\AppData\LocalLow\Mozilla
2022-07-30 08:02 - 2019-09-19 16:46 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-30 06:47 - 2020-06-09 09:10 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-30 06:47 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-30 06:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-30 06:33 - 2019-09-19 09:39 - 000009863 _____ C:\Users\Mermeoth\Desktop\Games.txt
2022-07-29 00:44 - 2021-10-26 21:32 - 000000000 ____D C:\Program Files\Opera GX
2022-07-28 13:47 - 2021-12-13 08:27 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1578781637-3808001763-1541333437-1002
2022-07-28 13:47 - 2020-09-17 06:46 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1578781637-3808001763-1541333437-1002
2022-07-28 13:47 - 2020-09-17 00:27 - 000002392 _____ C:\Users\Mermeoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-28 13:45 - 2021-10-26 21:32 - 000003970 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1635276729
2022-07-28 13:45 - 2021-10-26 21:32 - 000001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera GX Browser .lnk
2022-07-27 14:26 - 2022-02-09 11:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-27 14:25 - 2021-10-11 07:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-27 14:25 - 2019-09-19 09:01 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-27 14:25 - 2019-09-19 09:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-22 21:54 - 2022-04-14 11:12 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-22 21:54 - 2022-03-14 11:12 - 000000991 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-22 21:54 - 2021-06-22 20:00 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-22 21:54 - 2021-03-25 08:18 - 000000991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-22 21:54 - 2021-03-25 08:17 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-07-22 21:53 - 2021-03-25 08:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-22 19:56 - 2019-09-19 08:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-22 19:56 - 2019-09-19 08:52 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-21 07:38 - 2020-09-17 06:46 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-21 07:38 - 2020-09-17 06:46 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 15:10 - 2019-08-26 11:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-07-16 11:07 - 2020-09-17 06:51 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-16 11:07 - 2020-09-17 00:15 - 000716754 _____ C:\WINDOWS\system32\perfh005.dat
2022-07-16 11:07 - 2020-09-17 00:15 - 000144952 _____ C:\WINDOWS\system32\perfc005.dat
2022-07-16 11:02 - 2021-05-16 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-07-16 11:00 - 2020-09-17 06:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-16 11:00 - 2020-09-17 06:41 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-16 07:23 - 2020-09-17 06:41 - 000437144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-16 07:23 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-16 07:22 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-15 05:27 - 2021-03-26 16:44 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\CrashDumps
2022-07-14 20:52 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-14 20:50 - 2020-09-17 06:46 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-14 20:44 - 2019-09-23 00:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-14 20:43 - 2019-09-23 00:19 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-14 14:02 - 2020-09-17 00:27 - 000000000 ____D C:\Users\Mermeoth
2022-07-11 09:59 - 2020-10-10 21:01 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\paradox-launcher-v2

==================== Files in the root of some directories ========

2021-12-16 15:27 - 2021-12-16 15:27 - 000000839 _____ () C:\Users\Mermeoth\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2022
Ran by Mermeoth (30-07-2022 14:33:08)
Running from C:\Users\Mermeoth\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1826 (X64) (2020-09-17 04:46:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1578781637-3808001763-1541333437-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1578781637-3808001763-1541333437-503 - Limited - Disabled)
Evička (S-1-5-21-1578781637-3808001763-1541333437-1003 - Limited - Enabled) => C:\Users\Evička
Guest (S-1-5-21-1578781637-3808001763-1541333437-501 - Limited - Disabled)
Mermeoth (S-1-5-21-1578781637-3808001763-1541333437-1002 - Administrator - Enabled) => C:\Users\Mermeoth
WDAGUtilityAccount (S-1-5-21-1578781637-3808001763-1541333437-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Reader 9.1 - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Age of Empires II Definitive Edition Dawn of the Dukes (HKLM-x32\...\Age of Empires II Definitive Edition Dawn of the Dukes_is1) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.77.1092 - AB Team, d.o.o.)
Crusader Kings II Holy Fury (HKLM-x32\...\Crusader Kings II Holy Fury_is1) (Version: - )
Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.)
Eraser 6.2.0.2989 (HKLM\...\{A8F9BDFF-27EA-478D-BC23-9F518B33E5E9}) (Version: 6.2.2989 - The Eraser Project)
Europa Universalis IV Leviathan (HKLM-x32\...\Europa Universalis IV Leviathan_is1) (Version: - )
Gaming Mouse Driver v1.0.8 (HKLM-x32\...\{AB928D70-A6F6-4C35-860E-170B1FE43C45}_is1) (Version: - )
GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - )
Hearts of Iron IV Man the Guns (HKLM-x32\...\Hearts of Iron IV Man the Guns_is1) (Version: - )
Hearts of Iron IV No Step Back (HKLM-x32\...\Hearts of Iron IV No Step Back_is1) (Version: - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Irony Mod Manager v1.20.44 (HKLM-x32\...\{8AAA7D9F-2192-4A6B-AAEE-EBB2A355EF75}_is1) (Version: 1.20.44+20367d6ace - Mario)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
KMPlayer (HKLM\...\The KMPlayer) (Version: 4.2.2.34 - PandoraTV)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Metal Fatigue Compatibility Database (Saleck) (HKLM\...\{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.77 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.71 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (HKLM\...\{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30037 (HKLM-x32\...\{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30037 (HKLM-x32\...\{dfea0fad-88b2-4a1f-8536-3f8f9391f4ef}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30037 (HKLM\...\{529D20E8-132A-4F1A-A25F-9211B8C943AC}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30037 (HKLM\...\{C874FB5A-1C85-460A-A4A9-CBCC3FAE7880}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30037 (HKLM-x32\...\{01FAEC41-B3BC-44F4-B185-5E8475AEB855}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30037 (HKLM-x32\...\{7D75664A-6C04-424C-82A1-EE88913E5F16}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 103.0 (x64 cs)) (Version: 103.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.6 - Notepad++ Team)
NVIDIA Graphics Driver 457.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.51 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Opera GX Stable 89.0.4447.64 (HKLM-x32\...\Opera GX 89.0.4447.64) (Version: 89.0.4447.64 - Opera Software)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
ProtonVPN (HKLM-x32\...\{FFAFEA09-E7DA-4710-A278-7F0506C96829}) (Version: 1.18.5 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.18.5) (Version: 1.18.5 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{5DA710E2-1B81-4675-BFC5-76BAF63AE1F6}) (Version: 1.1.3 - Proton Technologies AG)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.0630.062903 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9126.1 - Realtek Semiconductor Corp.)
RimWorld - Royalty (HKLM-x32\...\1233017772_is1) (Version: 1.1.2571 rev945 - GOG.com)
RimWorld (HKLM-x32\...\1094900565_is1) (Version: 1.1.2571 rev945 - GOG.com)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.53.576 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.3 - Rockstar Games)
Stellaris Lithoids Species Pack (HKLM-x32\...\Stellaris Lithoids Species Pack_is1) (Version: - )
The Protectors v 0.8.9 FULL (HKLM-x32\...\{08BB95E5-777A-4027-8798-89487B524594}) (Version: 0.8.9 - The Protectors modding team)
The Protectors v 0.8.9a patch (HKLM-x32\...\{1220C567-A35A-4FD7-80D2-4E5DFEA305D6}) (Version: 0.8.9.1 - The Protectors modding team)
Twitch (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 100.0 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warcraft III Beta (HKLM-x32\...\Warcraft III Beta) (Version: - Blizzard Entertainment)
WeMod (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\WeMod) (Version: 8.2.0 - WeMod)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-26] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-18] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-21] (Spotify AB) [Startup Task]
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2021-08-25] (VideoLAN)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1578781637-3808001763-1541333437-1002_Classes\CLSID\{642ccb6b-4be1-471e-bc61-606dd9dc7c79}\localserver32 -> "E:\inPixio Photo Studio 11\PhotoStudioIPS11.exe" -ToastActivated => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-12-04] (Notepad++ -> )
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\nvshext.dll [2021-08-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-22] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Mermeoth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-10-21 13:37 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-04-19 18:59 - 2020-04-19 18:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-19 18:59 - 2020-04-19 18:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\Control Panel\Desktop\\Wallpaper -> E:\Whatever\CD\Miao Ying vs Kairos Fateweaver.png
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 62.129.50.20 - 85.135.32.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{037A6278-844B-4B2C-87F9-FDF8C7137FFD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\nglide_config.exe (Zeus Software) [File not signed]
FirewallRules: [{5BF225D5-0D0C-4ECC-A6D8-4F1A2B1018C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\nglide_config.exe (Zeus Software) [File not signed]
FirewallRules: [{954CB9B4-61B1-4C68-BF57-F81CAD32FB5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\MFatigue.exe () [File not signed]
FirewallRules: [{DD648C61-554F-46EB-A78C-63805EBE78EE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\MFatigue.exe () [File not signed]
FirewallRules: [UDP Query User{AA8460D6-26C6-46BA-8561-32DBD2A7FF5A}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{2FB7F65D-A7ED-461C-8B81-F1098ABFDCC6}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{12ACDBEC-D9C9-468C-82B4-CD1FE72B46E3}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{1ADA5DB0-9265-427E-8821-AA9CACE26B10}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{A2A821EC-19DC-4576-BD7A-C831208414EE}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{E54C2AD6-332A-444F-A91B-7AC5A83B813D}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{3D832854-4348-4D73-B543-966F1BCF947C}E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{D3EBA88B-D039-4013-8DB6-5F7EDEDB62C8}E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{ED3D4F27-0C91-41ED-90F4-F95EBB457068}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{14D6276D-3E72-45ED-8C43-2B2849AA30D6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{96E6597D-399D-4DBA-A885-4851A7A18DD2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
FirewallRules: [{C2B5AB54-DB1B-4DEA-BF8F-BEA8047C1EEA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
FirewallRules: [{E36067BD-7822-4591-86AC-F3400312851D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{8593E9F4-4A23-43D6-BB9A-2BB463392867}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{83389818-02BD-461E-8611-FE64994C6EC0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [{AC09C301-8441-471C-AB02-7489A8F67484}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [UDP Query User{70E45932-F5EE-45B1-8F0F-BA1ECAA25A46}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2D5A5636-BA41-414C-9778-D33875EB2C02}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{751C6BB7-6297-4E77-9952-C745E90550E4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [{8B1AC280-23ED-4B9C-9AA9-DA7DF7B74444}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [UDP Query User{74FEFDD1-F5AB-4C5B-9E92-E2CB91B8EC28}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [TCP Query User{98BE0E47-C93D-48B3-9528-656974085F3C}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [UDP Query User{A61D54BC-9D90-41C3-A8D1-6B2A7D78E4DE}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [TCP Query User{2CDD0DF0-4148-4A6B-906D-A361DB9EDB7E}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [UDP Query User{7E7FF871-C92D-4AC1-9C4A-611D045323CF}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [TCP Query User{184F2FC4-D37E-46F1-B0B2-4BFA7C6718C9}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [{21138A28-A00E-4862-AC8B-8AADF59CFA3B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{F14400E6-67A2-4A50-ADFE-CA1A19F7FE9F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [UDP Query User{557277C4-D858-4400-9ECB-ACE745A319C8}C:\quick games\warcraft iii\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\x86_64\warcraft iii.exe => No File
FirewallRules: [TCP Query User{8B295AED-8691-407D-8DAB-1E313A12A17C}C:\quick games\warcraft iii\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\x86_64\warcraft iii.exe => No File
FirewallRules: [UDP Query User{FC69EF54-7910-42C6-92DF-1755C5E0FF95}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [TCP Query User{4A9DF36A-727B-46A1-8282-C1B6F539C167}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [{53643330-8CEE-4D90-9717-D3ABC55ED5A0}] => (Allow) E:\Games\ANNO1800Trial\Bin\Win64\Anno1800.exe => No File
FirewallRules: [UDP Query User{0E742F5E-AEDF-4470-A826-A194EFE9A6B4}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{46F587FA-0AF4-40FC-BB4C-21B46C83C3FE}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{53B074E9-903D-4553-A879-9D690C0E7A0D}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [TCP Query User{4BF9472D-0318-4A44-B3CA-1F3F333B8AAD}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [UDP Query User{FB135923-C7FF-49FF-A18A-DEA4BF06B68E}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [TCP Query User{3592AC26-EF6E-4BF4-930E-1ABEC5F6579B}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [{3DB8CF03-00EB-4103-8FDE-78DCE456899B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{EFF5D996-17C5-4277-9497-B34E5937E2C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{D0477641-F30C-43B1-82AE-40C4B40C9D33}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (11 bit studios S.A.) [File not signed]
FirewallRules: [{0CDD9C6E-C97C-4C29-A516-4A9E52ADB9B6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (11 bit studios S.A.) [File not signed]
FirewallRules: [UDP Query User{15F4AEB1-E922-412D-8778-F51E061CB0D3}E:\program files\utorrent\utorrent.exe] => (Allow) E:\program files\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{47FD8B24-B235-4633-A73A-E489CF13ABF4}E:\program files\utorrent\utorrent.exe] => (Allow) E:\program files\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{60D940BC-BF19-4A6E-AA3C-662F009F60A5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [{A662161C-E2AB-42B6-9D5E-50844F2647A1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [{8FD2F080-B70C-4D66-B0A1-AD0A1F765E00}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{284E2E9A-347F-4488-8152-164B7F99FF76}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [UDP Query User{393B4840-31F8-4E50-BD0F-59E2F4F0CE67}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [TCP Query User{A93D5DAE-49D3-4332-B0CF-A3B1E367F219}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [UDP Query User{9D04D7C7-C1C0-475C-BD5D-A902451A1EEA}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [TCP Query User{5944AFD6-7408-429C-9592-F167D1756AB8}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [UDP Query User{4813CD27-13A5-4E7A-9035-19CC6E93D42F}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [TCP Query User{0A577BA0-8E13-4D1A-A870-61764EA2A317}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [{41AB4427-C3A5-4735-9934-D16A53E2FC59}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe (Unknown Worlds Entertainment -> )
FirewallRules: [{850919B6-3110-46A2-90F0-D9623646A229}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe (Unknown Worlds Entertainment -> )
FirewallRules: [{85EC4804-0F80-4CE5-AD05-2D55ED418BAF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{8CC7CCC3-C371-4A03-A1AE-7EAF0EBF4FAD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{AC1C7DB7-BD13-410E-9B50-7A28125B58C7}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{6ECA6DCC-6763-4C41-822D-4841202986B4}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D765618B-3358-4B95-972F-9428C286BAFD}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1FCB5E8B-4B29-4446-81E4-B9F15EDB1955}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{77970D38-0B76-4877-B873-C2EEDA6F24C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BF367D47-87CB-4517-AEE8-04D8A7D58ED9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1B8A3E14-FEC7-496D-B418-06E653C17644}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [UDP Query User{1749D708-6AA2-4EA7-8D77-3475EB21A686}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [{2B5B86A7-1A68-4940-81E2-958DDBC7179B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{D93C317B-C020-4D1E-9063-A5E7E875A898}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{6531480F-2D43-4732-8958-19670F084B4C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe () [File not signed]
FirewallRules: [{9F311F02-DACD-400A-9820-FA8DB1C3E127}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe () [File not signed]
FirewallRules: [{19399C4B-D0D5-4ED5-9499-B4064E484D4B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{F6A03E50-B320-46FA-95BA-4E3DAC93716E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{D116FA49-9576-4DA7-B5F5-48E6DDBDBD21}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{C58B4F5B-D38C-47DA-8C32-09E54B56D82F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{ECF34A9C-3778-46BF-84B6-093B0EDC8F95}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [{97BEE38F-0977-44C3-9C62-3B2D0AA01139}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [{B91068B0-90FB-4DD5-A127-45B48E131C5A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{F6618346-E488-4ADD-8CD8-1B3BB9DEDCC9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [TCP Query User{D0B373C4-F507-4CA1-A9F8-D95732D0CDBB}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [UDP Query User{41143AEA-1C23-4072-B35B-120D716B87DC}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [{8A06E3F2-55A2-4187-AD68-5AA975484AD6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [{19B136CC-3A16-49F0-8D80-9E24FB55D294}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [TCP Query User{8444DDEE-96E4-41DA-9B76-BF9FB6D869D7}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{C48C8A53-256E-4D24-A9FB-1DD822811E2E}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{16DC5210-7268-4324-BF04-D776773CB74E}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [UDP Query User{0844BE68-B7DE-42FF-B759-CA2BF44DC24A}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{FC7CF378-4541-4A69-9D59-6DA634C3A716}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{D2BFA281-25FA-4CA2-AA54-30E01F074526}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{B4B62D17-AA18-44CF-AC5D-6BE97896254C}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{63CBBB81-C7D7-4C12-8229-9C1CE1823091}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [{A43991FE-E4B9-4603-A405-18EFDC98B28B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{8B22F7B6-CC3C-4018-B1D8-1FE10B1AC21C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [TCP Query User{40884ED5-A9AF-4DDE-BBBF-557CC5A2C55B}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{B381E370-B5BD-4350-A63B-B09C55356D84}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{E95F76C2-6B69-43AB-9E31-D7B634A667D6}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{E236E002-2DEE-4B49-AB06-AD2B828934E8}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{3208E553-3EB2-4593-A854-F498F1B08B06}C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [UDP Query User{23B099D3-AF9D-4CE8-9D86-69468F552292}C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [{A6564809-365E-4A8C-95C2-06D98DE5C75F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{823B0C0A-F98C-47BB-BB16-ABCD9DD3ECF4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{361CE1E5-AA98-4FD3-A6EA-C1388DFEE6C5}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [UDP Query User{6186A1D7-909E-4E11-AF2E-56663DA05574}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [{3CED1803-43DA-469D-B8AF-9EEB37AC3D5A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\WormsWMD\Worms W.M.D.exe () [File not signed]
FirewallRules: [{7F84F302-4ADD-4E3F-8B05-E8E3C62E2E12}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\WormsWMD\Worms W.M.D.exe () [File not signed]
FirewallRules: [TCP Query User{68474532-E969-49B6-A142-0C282E8DE99A}E:\games\age of empires ii\aoe2de_s.exe] => (Allow) E:\games\age of empires ii\aoe2de_s.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{BD6B4375-9AA4-4E9F-B7E0-CBD30D143B87}E:\games\age of empires ii\aoe2de_s.exe] => (Allow) E:\games\age of empires ii\aoe2de_s.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{803DEBBB-20FF-4393-BBC8-3D8010CB3C0B}E:\games\age of empires ii\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii\battleserver\battleserver.exe (Microsoft Corporation -> )
FirewallRules: [UDP Query User{13A9A3A5-3A4D-4A56-ABD1-69ADB187EC0F}E:\games\age of empires ii\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii\battleserver\battleserver.exe (Microsoft Corporation -> )
FirewallRules: [{D4AE6FD6-4482-4DDD-826F-4F09791CB1D5}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{7B18F54B-C17B-4E42-AFE9-0EA86F83D059}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{E598963F-F1B2-4B9B-8713-16A563C982EC}] => (Allow) C:\Quick Games\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{F6102896-BF7F-4911-A83C-05D700546219}] => (Allow) C:\Quick Games\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{AFC117DE-1620-46CB-9976-8AF9AC733AF1}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [UDP Query User{39E637F0-7570-4C18-8287-9527B1072D47}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [{DA608CA4-1901-44A1-BF0B-1907FA5FBD57}] => (Allow) C:\Quick Games\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{B16AFB1C-70F9-4811-9077-88B9C9CC0131}] => (Allow) C:\Quick Games\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{92F7E7C0-A5E0-4421-97C8-F069540D9047}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
FirewallRules: [{4472A0F8-542A-43E3-AC3A-094B693AE422}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
FirewallRules: [{A1C7455B-1F50-4633-A8E0-5B59FD80E1B1}] => (Allow) C:\Quick Games\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{74CBBF8F-7E7B-4529-BE95-404977E2111F}] => (Allow) C:\Quick Games\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{9F2C98C8-F9E0-435C-977F-843C082071E0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{493CC20D-8466-4BA5-B668-F9B6DE744E43}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [TCP Query User{823D8D89-F8B7-4597-9A6F-E84EE7BA7C90}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{BAF2163C-88D7-4BAC-8852-86911C50D3BF}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{569F9980-77A0-43CC-8A7B-019A74CCE48C}C:\program files\opera gx\opera.exe] => (Block) C:\program files\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{3797D972-AC37-4F4C-86C8-96F30A9E8D2C}C:\program files\opera gx\opera.exe] => (Block) C:\program files\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{584C8FC2-8148-458E-8EFD-2DEA54DC7AD0}E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{CA69E102-246B-4DBE-A3DA-340D424C7D59}E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{ECFEE7A8-BC05-422F-B9D8-D084D9358E3B}] => (Allow) C:\Quick Games\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [{24AAD416-D0C7-44ED-97FE-F377DE34C19A}] => (Allow) C:\Quick Games\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [TCP Query User{7554F35F-F32A-4AD9-80A9-08CF053CDFE7}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [UDP Query User{D56066A1-554D-496D-834E-7DA5FE1EAF02}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [{8F99DF62-0C0A-448D-A753-93F1027F10E3}] => (Allow) C:\Quick Games\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{7BE4A747-9FE2-4800-9E80-F32A4DAE2E6E}] => (Allow) C:\Quick Games\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{13D3CA15-2236-418B-B91B-678DE398D84D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BF3A6750-5C1E-4291-ACA7-BDF28DB3BF7C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{74B27E8F-04FB-4820-8F03-E6049E8A27D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26D7F1BC-7B53-4231-82F0-53DB1BC0717A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea 2 The Shattering\Thea2.exe () [File not signed]
FirewallRules: [{34708A9D-6D35-45DC-976F-10201F7EE965}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea 2 The Shattering\Thea2.exe () [File not signed]
FirewallRules: [TCP Query User{1F5FAB82-6B59-46EA-B35A-359FBDFC621C}E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{38019C89-8592-45BD-B640-B47B438F072F}E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{BEA02876-9AB5-4F07-AE15-1624A18DA60D}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{85377F2C-570D-4FA4-83BA-6A5043FD99AB}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{73C6840C-15B5-4C29-9883-5669FC574BED}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{F9F83B40-41C3-4EBE-9C24-49BB647CA062}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [TCP Query User{FDE77B3C-AD00-48E0-996C-DCA177A91382}C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe (The Creative Assembly Ltd -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{C7F1288C-09C4-4EE7-97A8-F6B383729844}C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe (The Creative Assembly Ltd -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{BB74E66F-18E2-4B7E-9B41-D2A640E647E5}E:\games\hearts of iron iv no step back\hoi4.exe] => (Block) E:\games\hearts of iron iv no step back\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [UDP Query User{666F6613-F11F-49A2-846A-FC6EF138A661}E:\games\hearts of iron iv no step back\hoi4.exe] => (Block) E:\games\hearts of iron iv no step back\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{6848A8DE-747D-400B-B6CF-19EC2EF1173C}] => (Allow) C:\Quick Games\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe (Wolcen Studio) [File not signed]
FirewallRules: [{E51130E7-B6AD-4956-8F7C-151680D19A85}] => (Allow) C:\Quick Games\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe (Wolcen Studio) [File not signed]
FirewallRules: [{4A1078B5-11F9-492E-9B5E-8D686C8524F3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bloodhunt\Tiger.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{1DC09D92-EDB8-45F4-93CF-22E21D33EF05}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bloodhunt\Tiger.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{A50AB71E-F6B4-4156-9088-FD43C6A6A68C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{67A8502A-9A6E-4C8C-8242-240DBAADBFC9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{9D7DFD1D-874E-4FC4-8EA3-E15269D5A406}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{ECB032CC-99C9-419D-89AF-024FB4555ECE}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{89E95E95-51B4-4461-B6B1-432118FD2560}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\x64\NS2.exe (UNKNOWN WORLDS ENTERTAINMENT -> )
FirewallRules: [{31472397-64EA-4D4A-9F85-2574CD7E5A37}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\x64\NS2.exe (UNKNOWN WORLDS ENTERTAINMENT -> )
FirewallRules: [{5BD4E765-ACFE-4541-A8E3-6672FD29C0A7}] => (Allow) C:\Quick Games\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{70A7EA31-006A-44E2-89AA-FD8565E64464}] => (Allow) C:\Quick Games\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{5C59681B-6B76-4C8B-A320-B2CDD3E1DA5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Per Aspera\Per Aspera.exe () [File not signed]
FirewallRules: [{91438B91-BE75-4EE2-B025-AF17F4396A5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Per Aspera\Per Aspera.exe () [File not signed]
FirewallRules: [{71B05DA4-38AA-48AB-BC52-9DED84B6A20B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{B00561B5-E73E-49D6-98BA-4EE64507F929}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{70DF0C83-674B-4D7C-AE9E-38F22C6463BD}] => (Allow) C:\Program Files\Opera GX\88.0.4412.85\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{90353DF6-2762-4E85-B2A7-F3C9F08B3B9C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{41063086-D718-44DE-97FF-7E61AF611BC2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{04D73F0C-BB54-4B74-B5BB-6103F137CFFB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAFF02D9-14B8-4DF7-819F-16917732042B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F35714EA-115D-4493-9BA0-2CFE74F93B6E}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{1BBA500A-B3E6-4DD1-AF58-9F93AD12880B}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{8203DEC9-E04B-4644-A9CE-DECA8239D47C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6CC83F9-7D55-443D-85CA-C521C2244616}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3ED4F008-E057-4D6A-A078-9B7E6C4B2F46}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3D2B7FF7-58BB-4774-8575-42831DFE729B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{52B66FD7-C89D-43FD-A7C0-593AA5F03C67}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60D6A8CF-61C0-4D95-A277-172B172C0DEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A160ABF3-5C53-4A69-BE19-B55E1F67376F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2A23326-1E6F-462B-8CB7-2C2384A9C67E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5CE72EA4-5B91-49C8-BD4C-0960263791E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A81D5FBE-EC72-4B3C-9506-AA06EA7F271C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.71\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ACA36C56-1B89-4B52-B1A6-65BADD987D4E}] => (Allow) C:\Program Files\Opera GX\89.0.4447.64\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{1E860CC0-347E-4100-8D21-B479B80AC21F}] => (Allow) C:\Quick Games\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{D3E9A615-12A6-4ADD-AA73-ED8F5A7D5E90}] => (Allow) C:\Quick Games\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )

==================== Restore Points =========================

24-07-2022 09:02:26 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/30/2022 07:14:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Nový svazek (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15766

Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15766

Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15750

Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15750

Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2022 12:37:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Nový svazek (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (07/30/2022 08:02:29 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server {38E441FB-3D16-422F-8750-B2DACEC5CEFC} did not register with DCOM within the required timeout.

Error: (07/27/2022 05:57:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server {38E441FB-3D16-422F-8750-B2DACEC5CEFC} did not register with DCOM within the required timeout.

Error: (07/27/2022 12:41:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.ZuneVideo_10.22041.10091.0_x64__8wekyb3d8bbwe!Microsoft.ZuneVideo.AppXjgy0dfr6tssa93yj5px65cbv2gsc8r39.mca did not register with DCOM within the required timeout.

Error: (07/27/2022 12:41:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.WindowsFeedbackHub_1.2203.761.0_x64__8wekyb3d8bbwe!App.AppX8a6w88secebzyje9nrqc47xt488tkbmc.mca did not register with DCOM within the required timeout.

Error: (07/27/2022 12:41:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (07/26/2022 03:01:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.MicrosoftOfficeHub_18.2205.1091.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXvhez9tbpytkh6zv5q0bx5fj12yay14wg.mca did not register with DCOM within the required timeout.

Error: (07/23/2022 08:57:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.MicrosoftOfficeHub_18.2205.1091.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXvhez9tbpytkh6zv5q0bx5fj12yay14wg.mca did not register with DCOM within the required timeout.

Error: (07/23/2022 01:39:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-07-30 07:12:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-28 23:24:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-28 15:25:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-26 14:19:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-25 10:07:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-07-16 20:29:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-17 20:52:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 3.00 09/10/2015
Motherboard: MSI Z170A-G43 PLUS (MS-7970)
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 43%
Total physical RAM: 16339.84 MB
Available physical RAM: 9186.95 MB
Total Virtual: 24275.84 MB
Available Virtual: 11297 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.89 GB) (Free:323.53 GB) (Model: CT1000P1SSD8) NTFS
Drive d: () (Fixed) (Total:1862.79 GB) (Free:774 GB) (Model: ST2000DM008-2FR102) NTFS
Drive e: (Nový svazek) (Fixed) (Total:1863.01 GB) (Free:940.75 GB) (Model: ST2000DM001-1ER164) NTFS

\\?\Volume{0f8c9d20-fca9-4cdd-933a-802f5df718e1}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{f1d397e9-2f37-4f10-b8b5-3bfd253f320c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81190A92)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B7FE9059)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podezření na keyloggera

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Podezření na keyloggera

#3 Příspěvek od Windi »

Ok. Buď to změnili nebo jsem něco udělal špatně.
První to nabízí "Spustit skenování"
Pak mi to nabídlo jedině výsledek hodit do karantény.
Na možnost čištění a opravy jsem nenarazil. Restart taky neproběhl.

V každém případě log:


# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-30-2022
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reviversoft.com
Deleted HKLM\Software\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1808 octets] - [30/07/2022 16:51:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podezření na keyloggera

#4 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Podezření na keyloggera

#5 Příspěvek od Windi »

can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2022
Ran by Mermeoth (administrator) on DESKTOP-VGTMQ82 (MSI MS-7970) (30-07-2022 18:07:14)
Running from C:\Users\Mermeoth\Desktop
Loaded Profiles: Mermeoth
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1826 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files\Opera GX\89.0.4447.64\opera_crashreporter.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(E:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\steam.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Opera Norway AS -> Opera Software) C:\Program Files\Opera GX\opera.exe <32>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Proton Technologies AG -> ) E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe
(services.exe ->) (Proton Technologies AG -> ) E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2021-03-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Eraser] => E:\Program Files\Eraser\Eraser.exe [1068624 2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Opera GX Browser Assistant] => C:\Program Files\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\Run: [EpicGamesLauncher] => E:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32706000 2022-07-21] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3535416 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\Run: [OneDrive] => C:\Users\Evička\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1584488 2020-01-12] (Microsoft Corporation) [File not signed]
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --enable-audio-service-sandbox --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switc (the data entry has 60 more characters). [2673480 2022-07-18] (Google LLC -> Google LLC)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3535416 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\...\AppCompatFlags\Custom\MFatigue.exe: [{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb] -> Metal Fatigue Compatibility Database (Saleck)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{b783cee4-8f7f-45fe-873f-953f2b6d3442}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb [2020-08-31]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-22] (Google LLC -> Google LLC)
Startup: C:\Users\Mermeoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-09-27]
ShortcutTarget: Twitch.lnk -> E:\Program Files\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04B1BEE5-0CE8-4576-B9A7-5DE57C59BD8D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {05650F80-4CD1-4101-B134-B568B02932BA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {10C1F606-CC81-406F-948F-413365EDBB01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6563280 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {281800E8-303D-4815-ACBB-150252D6C2F6} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1636403563 => C:\Program Files\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera GX\assistant" $(Arg0)
Task: {41F3E518-5C7E-48FA-9661-76288E42CBCD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {45872910-FA5F-45CA-ABD4-C5D13206193B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D6DD58D-1AB1-49EA-B0A1-826CC3B5B78A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {650BBEEC-88D8-45AA-B7D2-61332656E0F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Task: {67F63918-ACEC-4B18-88F4-80D7838B17D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Task: {85042E61-0EF8-4E73-A78C-7D4CBDC9BCEB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A74BC68D-3DBD-4B0F-99FB-C80E83EAE195} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6563280 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {B039A956-6B8E-4425-AD33-A75BF414AE1D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C11BDAC2-30DC-4966-8A61-028791620F6B} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {C842A0DC-C010-4321-8E47-5CEE049A4A8F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F2EC6625-D90F-4769-8AB8-6AE40AA06EA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F2F757DB-092B-46D7-AD21-36C7DB9806DC} - System32\Tasks\Opera GX scheduled Autoupdate 1635276729 => C:\Program Files\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS -> Opera Software)
Task: {FDA5D773-B8A4-42E8-AF21-75E76FE0D73B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{b2101a9a-91d0-4cd8-b3ca-978816e8a935}: [DhcpNameServer] 62.129.50.20 85.135.32.100

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Mermeoth\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-27]

FireFox:
========
FF DefaultProfile: a44ojqp7.default
FF ProfilePath: C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\a44ojqp7.default [2019-09-19]
FF ProfilePath: C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release [2022-07-27]
FF Extension: (AdBlocker Ultimate) - C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2022-05-25]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-07-07]
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default [2022-07-28]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.idnes.cz
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps: ... oogle.com/"
CHR Extension: (Dark Mode) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmghijelimhndkbmpgbldicpogfkceaj [2022-06-23]
CHR Extension: (React Developer Tools) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2022-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

Opera:
=======
StartMenuInternet: (HKLM) Opera GXStable - C:\Program Files\Opera GX\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2020-02-06] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-03-04] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 MBAMService; E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
R3 ProtonVPN Service; E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [102648 2021-01-29] (Proton Technologies AG -> )
R3 ProtonVPN Update Service; E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [62712 2021-01-29] (Proton Technologies AG -> )
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. -> Razer Inc)
S2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [300600 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; E:\Games\Launcher\RockstarService.exe [2559896 2022-03-15] (Rockstar Games, Inc. -> Rockstar Games)
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [534440 2022-04-28] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ElevationService; C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_skl.inf_amd64_2a35efc43f1a612e\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_skl.inf_amd64_363c7132639e12a6\iaLPSS2_I2C_ICL.sys [200456 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_skl.inf_amd64_a59239db7de9954f\iaLPSS2_UART2_ICL.sys [312600 2020-04-28] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsldcff2823; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC2A418F-FEA8-4B4D-A0DB-474EAAB48E12}\MpKslDrv.sys [141576 2022-07-30] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPNCallout; E:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2021-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_021e; C:\WINDOWS\System32\drivers\RzDev_021e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-30 16:51 - 2022-07-30 16:52 - 000000000 ____D C:\AdwCleaner
2022-07-30 16:51 - 2022-07-30 16:45 - 008551608 _____ (Malwarebytes) C:\Users\Mermeoth\Desktop\adwcleaner.exe
2022-07-30 14:33 - 2022-07-30 14:34 - 000067697 _____ C:\Users\Mermeoth\Desktop\Addition.txt
2022-07-30 14:32 - 2022-07-30 18:07 - 000021001 _____ C:\Users\Mermeoth\Desktop\FRST.txt
2022-07-30 14:26 - 2022-07-30 18:07 - 000000000 ____D C:\FRST
2022-07-30 14:26 - 2022-07-30 14:26 - 002369536 _____ (Farbar) C:\Users\Mermeoth\Desktop\FRST64.exe
2022-07-30 14:08 - 2022-07-30 14:09 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\Tiger
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\INTL
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\ProgramData\INTL
2022-07-30 12:54 - 2022-06-24 02:17 - 000172304 _____ (Razer Inc) C:\WINDOWS\system32\RazerS2S3CoinstallerEx.dll
2022-07-27 12:44 - 2022-07-27 14:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-22 21:54 - 2022-07-22 21:53 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-07-21 17:45 - 2022-07-21 17:45 - 000000000 ____D C:\Users\Mermeoth\AppData\LocalLow\Tlön Industries
2022-07-14 20:50 - 2022-07-14 20:50 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-14 20:50 - 2022-07-14 20:50 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-14 20:50 - 2022-07-14 20:50 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-14 20:44 - 2022-07-14 20:44 - 000000000 ___HD C:\$WinREAgent
2022-07-14 14:02 - 2022-07-14 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-07-14 14:02 - 2022-07-14 14:04 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\Wondershare
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\MobileBackupForeverIni
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\Users\Mermeoth\.android
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\ProgramData\Wondershare
2022-07-14 14:01 - 2022-07-14 14:12 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2022-07-14 14:01 - 2022-07-14 14:12 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\Wondershare

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-30 18:05 - 2019-09-19 08:51 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-30 17:39 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-30 16:55 - 2019-09-19 16:46 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-30 14:25 - 2021-03-10 11:11 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\EasyAntiCheat
2022-07-30 14:10 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-30 14:08 - 2019-09-20 20:40 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\D3DSCache
2022-07-30 14:06 - 2020-09-17 06:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-30 12:26 - 2019-09-19 09:01 - 000000000 ____D C:\Users\Mermeoth\AppData\LocalLow\Mozilla
2022-07-30 06:47 - 2020-06-09 09:10 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-30 06:47 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-30 06:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-30 06:33 - 2019-09-19 09:39 - 000009863 _____ C:\Users\Mermeoth\Desktop\Games.txt
2022-07-29 00:44 - 2021-10-26 21:32 - 000000000 ____D C:\Program Files\Opera GX
2022-07-28 13:47 - 2021-12-13 08:27 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1578781637-3808001763-1541333437-1002
2022-07-28 13:47 - 2020-09-17 06:46 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1578781637-3808001763-1541333437-1002
2022-07-28 13:47 - 2020-09-17 00:27 - 000002392 _____ C:\Users\Mermeoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-28 13:45 - 2021-10-26 21:32 - 000003970 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1635276729
2022-07-28 13:45 - 2021-10-26 21:32 - 000001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera GX Browser .lnk
2022-07-27 14:26 - 2022-02-09 11:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-27 14:25 - 2021-10-11 07:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-27 14:25 - 2019-09-19 09:01 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-27 14:25 - 2019-09-19 09:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-22 21:54 - 2022-04-14 11:12 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-22 21:54 - 2022-03-14 11:12 - 000000991 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-22 21:54 - 2021-06-22 20:00 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-22 21:54 - 2021-03-25 08:18 - 000000991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-22 21:54 - 2021-03-25 08:17 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-07-22 21:53 - 2021-03-25 08:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-22 19:56 - 2019-09-19 08:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-22 19:56 - 2019-09-19 08:52 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-21 07:38 - 2020-09-17 06:46 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-21 07:38 - 2020-09-17 06:46 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 15:10 - 2019-08-26 11:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-07-16 11:07 - 2020-09-17 06:51 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-16 11:07 - 2020-09-17 00:15 - 000716754 _____ C:\WINDOWS\system32\perfh005.dat
2022-07-16 11:07 - 2020-09-17 00:15 - 000144952 _____ C:\WINDOWS\system32\perfc005.dat
2022-07-16 11:02 - 2021-05-16 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-07-16 11:00 - 2020-09-17 06:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-16 11:00 - 2020-09-17 06:41 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-16 07:23 - 2020-09-17 06:41 - 000437144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-16 07:23 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-16 07:22 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-15 05:27 - 2021-03-26 16:44 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\CrashDumps
2022-07-14 20:52 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-14 20:50 - 2020-09-17 06:46 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-14 20:44 - 2019-09-23 00:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-14 20:43 - 2019-09-23 00:19 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-14 14:02 - 2020-09-17 00:27 - 000000000 ____D C:\Users\Mermeoth
2022-07-11 09:59 - 2020-10-10 21:01 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\paradox-launcher-v2

==================== Files in the root of some directories ========

2021-12-16 15:27 - 2021-12-16 15:27 - 000000839 _____ () C:\Users\Mermeoth\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2022
Ran by Mermeoth (30-07-2022 18:08:09)
Running from C:\Users\Mermeoth\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1826 (X64) (2020-09-17 04:46:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1578781637-3808001763-1541333437-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1578781637-3808001763-1541333437-503 - Limited - Disabled)
Evička (S-1-5-21-1578781637-3808001763-1541333437-1003 - Limited - Enabled) => C:\Users\Evička
Guest (S-1-5-21-1578781637-3808001763-1541333437-501 - Limited - Disabled)
Mermeoth (S-1-5-21-1578781637-3808001763-1541333437-1002 - Administrator - Enabled) => C:\Users\Mermeoth
WDAGUtilityAccount (S-1-5-21-1578781637-3808001763-1541333437-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Reader 9.1 - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Age of Empires II Definitive Edition Dawn of the Dukes (HKLM-x32\...\Age of Empires II Definitive Edition Dawn of the Dukes_is1) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.77.1092 - AB Team, d.o.o.)
Crusader Kings II Holy Fury (HKLM-x32\...\Crusader Kings II Holy Fury_is1) (Version: - )
Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.)
Eraser 6.2.0.2989 (HKLM\...\{A8F9BDFF-27EA-478D-BC23-9F518B33E5E9}) (Version: 6.2.2989 - The Eraser Project)
Europa Universalis IV Leviathan (HKLM-x32\...\Europa Universalis IV Leviathan_is1) (Version: - )
Gaming Mouse Driver v1.0.8 (HKLM-x32\...\{AB928D70-A6F6-4C35-860E-170B1FE43C45}_is1) (Version: - )
GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - )
Hearts of Iron IV Man the Guns (HKLM-x32\...\Hearts of Iron IV Man the Guns_is1) (Version: - )
Hearts of Iron IV No Step Back (HKLM-x32\...\Hearts of Iron IV No Step Back_is1) (Version: - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Irony Mod Manager v1.20.44 (HKLM-x32\...\{8AAA7D9F-2192-4A6B-AAEE-EBB2A355EF75}_is1) (Version: 1.20.44+20367d6ace - Mario)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
KMPlayer (HKLM\...\The KMPlayer) (Version: 4.2.2.34 - PandoraTV)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Metal Fatigue Compatibility Database (Saleck) (HKLM\...\{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.77 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.71 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (HKLM\...\{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30037 (HKLM-x32\...\{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30037 (HKLM-x32\...\{dfea0fad-88b2-4a1f-8536-3f8f9391f4ef}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30037 (HKLM\...\{529D20E8-132A-4F1A-A25F-9211B8C943AC}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30037 (HKLM\...\{C874FB5A-1C85-460A-A4A9-CBCC3FAE7880}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30037 (HKLM-x32\...\{01FAEC41-B3BC-44F4-B185-5E8475AEB855}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30037 (HKLM-x32\...\{7D75664A-6C04-424C-82A1-EE88913E5F16}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 103.0 (x64 cs)) (Version: 103.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.6 - Notepad++ Team)
NVIDIA Graphics Driver 457.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.51 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Opera GX Stable 89.0.4447.64 (HKLM-x32\...\Opera GX 89.0.4447.64) (Version: 89.0.4447.64 - Opera Software)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
ProtonVPN (HKLM-x32\...\{FFAFEA09-E7DA-4710-A278-7F0506C96829}) (Version: 1.18.5 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.18.5) (Version: 1.18.5 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{5DA710E2-1B81-4675-BFC5-76BAF63AE1F6}) (Version: 1.1.3 - Proton Technologies AG)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.0630.062903 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9126.1 - Realtek Semiconductor Corp.)
RimWorld - Royalty (HKLM-x32\...\1233017772_is1) (Version: 1.1.2571 rev945 - GOG.com)
RimWorld (HKLM-x32\...\1094900565_is1) (Version: 1.1.2571 rev945 - GOG.com)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.53.576 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.3 - Rockstar Games)
Stellaris Lithoids Species Pack (HKLM-x32\...\Stellaris Lithoids Species Pack_is1) (Version: - )
The Protectors v 0.8.9 FULL (HKLM-x32\...\{08BB95E5-777A-4027-8798-89487B524594}) (Version: 0.8.9 - The Protectors modding team)
The Protectors v 0.8.9a patch (HKLM-x32\...\{1220C567-A35A-4FD7-80D2-4E5DFEA305D6}) (Version: 0.8.9.1 - The Protectors modding team)
Twitch (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 100.0 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warcraft III Beta (HKLM-x32\...\Warcraft III Beta) (Version: - Blizzard Entertainment)
WeMod (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\WeMod) (Version: 8.2.0 - WeMod)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-26] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-18] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-21] (Spotify AB) [Startup Task]
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2021-08-25] (VideoLAN)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1578781637-3808001763-1541333437-1002_Classes\CLSID\{642ccb6b-4be1-471e-bc61-606dd9dc7c79}\localserver32 -> "E:\inPixio Photo Studio 11\PhotoStudioIPS11.exe" -ToastActivated => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-12-04] (Notepad++ -> )
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\nvshext.dll [2021-08-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-22] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Mermeoth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-10-21 13:37 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-04-19 18:59 - 2020-04-19 18:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-19 18:59 - 2020-04-19 18:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\Control Panel\Desktop\\Wallpaper -> E:\Whatever\CD\Miao Ying vs Kairos Fateweaver.png
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 62.129.50.20 - 85.135.32.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{037A6278-844B-4B2C-87F9-FDF8C7137FFD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\nglide_config.exe (Zeus Software) [File not signed]
FirewallRules: [{5BF225D5-0D0C-4ECC-A6D8-4F1A2B1018C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\nglide_config.exe (Zeus Software) [File not signed]
FirewallRules: [{954CB9B4-61B1-4C68-BF57-F81CAD32FB5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\MFatigue.exe () [File not signed]
FirewallRules: [{DD648C61-554F-46EB-A78C-63805EBE78EE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\MFatigue.exe () [File not signed]
FirewallRules: [UDP Query User{AA8460D6-26C6-46BA-8561-32DBD2A7FF5A}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{2FB7F65D-A7ED-461C-8B81-F1098ABFDCC6}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{12ACDBEC-D9C9-468C-82B4-CD1FE72B46E3}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{1ADA5DB0-9265-427E-8821-AA9CACE26B10}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{A2A821EC-19DC-4576-BD7A-C831208414EE}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{E54C2AD6-332A-444F-A91B-7AC5A83B813D}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{3D832854-4348-4D73-B543-966F1BCF947C}E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{D3EBA88B-D039-4013-8DB6-5F7EDEDB62C8}E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{ED3D4F27-0C91-41ED-90F4-F95EBB457068}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{14D6276D-3E72-45ED-8C43-2B2849AA30D6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{96E6597D-399D-4DBA-A885-4851A7A18DD2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
FirewallRules: [{C2B5AB54-DB1B-4DEA-BF8F-BEA8047C1EEA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
FirewallRules: [{E36067BD-7822-4591-86AC-F3400312851D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{8593E9F4-4A23-43D6-BB9A-2BB463392867}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{83389818-02BD-461E-8611-FE64994C6EC0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [{AC09C301-8441-471C-AB02-7489A8F67484}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [UDP Query User{70E45932-F5EE-45B1-8F0F-BA1ECAA25A46}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2D5A5636-BA41-414C-9778-D33875EB2C02}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{751C6BB7-6297-4E77-9952-C745E90550E4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [{8B1AC280-23ED-4B9C-9AA9-DA7DF7B74444}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [UDP Query User{74FEFDD1-F5AB-4C5B-9E92-E2CB91B8EC28}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [TCP Query User{98BE0E47-C93D-48B3-9528-656974085F3C}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [UDP Query User{A61D54BC-9D90-41C3-A8D1-6B2A7D78E4DE}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [TCP Query User{2CDD0DF0-4148-4A6B-906D-A361DB9EDB7E}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [UDP Query User{7E7FF871-C92D-4AC1-9C4A-611D045323CF}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [TCP Query User{184F2FC4-D37E-46F1-B0B2-4BFA7C6718C9}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [{21138A28-A00E-4862-AC8B-8AADF59CFA3B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{F14400E6-67A2-4A50-ADFE-CA1A19F7FE9F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [UDP Query User{557277C4-D858-4400-9ECB-ACE745A319C8}C:\quick games\warcraft iii\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\x86_64\warcraft iii.exe => No File
FirewallRules: [TCP Query User{8B295AED-8691-407D-8DAB-1E313A12A17C}C:\quick games\warcraft iii\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\x86_64\warcraft iii.exe => No File
FirewallRules: [UDP Query User{FC69EF54-7910-42C6-92DF-1755C5E0FF95}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [TCP Query User{4A9DF36A-727B-46A1-8282-C1B6F539C167}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [{53643330-8CEE-4D90-9717-D3ABC55ED5A0}] => (Allow) E:\Games\ANNO1800Trial\Bin\Win64\Anno1800.exe => No File
FirewallRules: [UDP Query User{0E742F5E-AEDF-4470-A826-A194EFE9A6B4}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{46F587FA-0AF4-40FC-BB4C-21B46C83C3FE}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{53B074E9-903D-4553-A879-9D690C0E7A0D}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [TCP Query User{4BF9472D-0318-4A44-B3CA-1F3F333B8AAD}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [UDP Query User{FB135923-C7FF-49FF-A18A-DEA4BF06B68E}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [TCP Query User{3592AC26-EF6E-4BF4-930E-1ABEC5F6579B}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [{3DB8CF03-00EB-4103-8FDE-78DCE456899B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{EFF5D996-17C5-4277-9497-B34E5937E2C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{D0477641-F30C-43B1-82AE-40C4B40C9D33}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (11 bit studios S.A.) [File not signed]
FirewallRules: [{0CDD9C6E-C97C-4C29-A516-4A9E52ADB9B6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (11 bit studios S.A.) [File not signed]
FirewallRules: [UDP Query User{15F4AEB1-E922-412D-8778-F51E061CB0D3}E:\program files\utorrent\utorrent.exe] => (Allow) E:\program files\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{47FD8B24-B235-4633-A73A-E489CF13ABF4}E:\program files\utorrent\utorrent.exe] => (Allow) E:\program files\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{60D940BC-BF19-4A6E-AA3C-662F009F60A5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [{A662161C-E2AB-42B6-9D5E-50844F2647A1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [{8FD2F080-B70C-4D66-B0A1-AD0A1F765E00}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{284E2E9A-347F-4488-8152-164B7F99FF76}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [UDP Query User{393B4840-31F8-4E50-BD0F-59E2F4F0CE67}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [TCP Query User{A93D5DAE-49D3-4332-B0CF-A3B1E367F219}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [UDP Query User{9D04D7C7-C1C0-475C-BD5D-A902451A1EEA}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [TCP Query User{5944AFD6-7408-429C-9592-F167D1756AB8}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [UDP Query User{4813CD27-13A5-4E7A-9035-19CC6E93D42F}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [TCP Query User{0A577BA0-8E13-4D1A-A870-61764EA2A317}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [{41AB4427-C3A5-4735-9934-D16A53E2FC59}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe (Unknown Worlds Entertainment -> )
FirewallRules: [{850919B6-3110-46A2-90F0-D9623646A229}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe (Unknown Worlds Entertainment -> )
FirewallRules: [{85EC4804-0F80-4CE5-AD05-2D55ED418BAF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{8CC7CCC3-C371-4A03-A1AE-7EAF0EBF4FAD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{AC1C7DB7-BD13-410E-9B50-7A28125B58C7}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{6ECA6DCC-6763-4C41-822D-4841202986B4}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D765618B-3358-4B95-972F-9428C286BAFD}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1FCB5E8B-4B29-4446-81E4-B9F15EDB1955}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{77970D38-0B76-4877-B873-C2EEDA6F24C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BF367D47-87CB-4517-AEE8-04D8A7D58ED9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1B8A3E14-FEC7-496D-B418-06E653C17644}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [UDP Query User{1749D708-6AA2-4EA7-8D77-3475EB21A686}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [{2B5B86A7-1A68-4940-81E2-958DDBC7179B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{D93C317B-C020-4D1E-9063-A5E7E875A898}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{6531480F-2D43-4732-8958-19670F084B4C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe () [File not signed]
FirewallRules: [{9F311F02-DACD-400A-9820-FA8DB1C3E127}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe () [File not signed]
FirewallRules: [{19399C4B-D0D5-4ED5-9499-B4064E484D4B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{F6A03E50-B320-46FA-95BA-4E3DAC93716E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{D116FA49-9576-4DA7-B5F5-48E6DDBDBD21}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{C58B4F5B-D38C-47DA-8C32-09E54B56D82F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{ECF34A9C-3778-46BF-84B6-093B0EDC8F95}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [{97BEE38F-0977-44C3-9C62-3B2D0AA01139}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [{B91068B0-90FB-4DD5-A127-45B48E131C5A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{F6618346-E488-4ADD-8CD8-1B3BB9DEDCC9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [TCP Query User{D0B373C4-F507-4CA1-A9F8-D95732D0CDBB}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [UDP Query User{41143AEA-1C23-4072-B35B-120D716B87DC}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [{8A06E3F2-55A2-4187-AD68-5AA975484AD6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [{19B136CC-3A16-49F0-8D80-9E24FB55D294}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [TCP Query User{8444DDEE-96E4-41DA-9B76-BF9FB6D869D7}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{C48C8A53-256E-4D24-A9FB-1DD822811E2E}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{16DC5210-7268-4324-BF04-D776773CB74E}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [UDP Query User{0844BE68-B7DE-42FF-B759-CA2BF44DC24A}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{FC7CF378-4541-4A69-9D59-6DA634C3A716}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{D2BFA281-25FA-4CA2-AA54-30E01F074526}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{B4B62D17-AA18-44CF-AC5D-6BE97896254C}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{63CBBB81-C7D7-4C12-8229-9C1CE1823091}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [{A43991FE-E4B9-4603-A405-18EFDC98B28B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{8B22F7B6-CC3C-4018-B1D8-1FE10B1AC21C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [TCP Query User{40884ED5-A9AF-4DDE-BBBF-557CC5A2C55B}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{B381E370-B5BD-4350-A63B-B09C55356D84}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{E95F76C2-6B69-43AB-9E31-D7B634A667D6}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{E236E002-2DEE-4B49-AB06-AD2B828934E8}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{3208E553-3EB2-4593-A854-F498F1B08B06}C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [UDP Query User{23B099D3-AF9D-4CE8-9D86-69468F552292}C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [{A6564809-365E-4A8C-95C2-06D98DE5C75F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{823B0C0A-F98C-47BB-BB16-ABCD9DD3ECF4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{361CE1E5-AA98-4FD3-A6EA-C1388DFEE6C5}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [UDP Query User{6186A1D7-909E-4E11-AF2E-56663DA05574}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [{3CED1803-43DA-469D-B8AF-9EEB37AC3D5A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\WormsWMD\Worms W.M.D.exe () [File not signed]
FirewallRules: [{7F84F302-4ADD-4E3F-8B05-E8E3C62E2E12}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\WormsWMD\Worms W.M.D.exe () [File not signed]
FirewallRules: [TCP Query User{68474532-E969-49B6-A142-0C282E8DE99A}E:\games\age of empires ii\aoe2de_s.exe] => (Allow) E:\games\age of empires ii\aoe2de_s.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{BD6B4375-9AA4-4E9F-B7E0-CBD30D143B87}E:\games\age of empires ii\aoe2de_s.exe] => (Allow) E:\games\age of empires ii\aoe2de_s.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{803DEBBB-20FF-4393-BBC8-3D8010CB3C0B}E:\games\age of empires ii\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii\battleserver\battleserver.exe (Microsoft Corporation -> )
FirewallRules: [UDP Query User{13A9A3A5-3A4D-4A56-ABD1-69ADB187EC0F}E:\games\age of empires ii\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii\battleserver\battleserver.exe (Microsoft Corporation -> )
FirewallRules: [{D4AE6FD6-4482-4DDD-826F-4F09791CB1D5}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{7B18F54B-C17B-4E42-AFE9-0EA86F83D059}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{E598963F-F1B2-4B9B-8713-16A563C982EC}] => (Allow) C:\Quick Games\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{F6102896-BF7F-4911-A83C-05D700546219}] => (Allow) C:\Quick Games\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{AFC117DE-1620-46CB-9976-8AF9AC733AF1}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [UDP Query User{39E637F0-7570-4C18-8287-9527B1072D47}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [{DA608CA4-1901-44A1-BF0B-1907FA5FBD57}] => (Allow) C:\Quick Games\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{B16AFB1C-70F9-4811-9077-88B9C9CC0131}] => (Allow) C:\Quick Games\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{92F7E7C0-A5E0-4421-97C8-F069540D9047}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
FirewallRules: [{4472A0F8-542A-43E3-AC3A-094B693AE422}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
FirewallRules: [{A1C7455B-1F50-4633-A8E0-5B59FD80E1B1}] => (Allow) C:\Quick Games\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{74CBBF8F-7E7B-4529-BE95-404977E2111F}] => (Allow) C:\Quick Games\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{9F2C98C8-F9E0-435C-977F-843C082071E0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{493CC20D-8466-4BA5-B668-F9B6DE744E43}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [TCP Query User{823D8D89-F8B7-4597-9A6F-E84EE7BA7C90}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{BAF2163C-88D7-4BAC-8852-86911C50D3BF}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{569F9980-77A0-43CC-8A7B-019A74CCE48C}C:\program files\opera gx\opera.exe] => (Block) C:\program files\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{3797D972-AC37-4F4C-86C8-96F30A9E8D2C}C:\program files\opera gx\opera.exe] => (Block) C:\program files\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{584C8FC2-8148-458E-8EFD-2DEA54DC7AD0}E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{CA69E102-246B-4DBE-A3DA-340D424C7D59}E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{ECFEE7A8-BC05-422F-B9D8-D084D9358E3B}] => (Allow) C:\Quick Games\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [{24AAD416-D0C7-44ED-97FE-F377DE34C19A}] => (Allow) C:\Quick Games\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [TCP Query User{7554F35F-F32A-4AD9-80A9-08CF053CDFE7}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [UDP Query User{D56066A1-554D-496D-834E-7DA5FE1EAF02}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [{8F99DF62-0C0A-448D-A753-93F1027F10E3}] => (Allow) C:\Quick Games\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{7BE4A747-9FE2-4800-9E80-F32A4DAE2E6E}] => (Allow) C:\Quick Games\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{13D3CA15-2236-418B-B91B-678DE398D84D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BF3A6750-5C1E-4291-ACA7-BDF28DB3BF7C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{74B27E8F-04FB-4820-8F03-E6049E8A27D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26D7F1BC-7B53-4231-82F0-53DB1BC0717A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea 2 The Shattering\Thea2.exe () [File not signed]
FirewallRules: [{34708A9D-6D35-45DC-976F-10201F7EE965}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea 2 The Shattering\Thea2.exe () [File not signed]
FirewallRules: [TCP Query User{1F5FAB82-6B59-46EA-B35A-359FBDFC621C}E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{38019C89-8592-45BD-B640-B47B438F072F}E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{BEA02876-9AB5-4F07-AE15-1624A18DA60D}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{85377F2C-570D-4FA4-83BA-6A5043FD99AB}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{73C6840C-15B5-4C29-9883-5669FC574BED}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{F9F83B40-41C3-4EBE-9C24-49BB647CA062}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [TCP Query User{FDE77B3C-AD00-48E0-996C-DCA177A91382}C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe (The Creative Assembly Ltd -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{C7F1288C-09C4-4EE7-97A8-F6B383729844}C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe (The Creative Assembly Ltd -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{BB74E66F-18E2-4B7E-9B41-D2A640E647E5}E:\games\hearts of iron iv no step back\hoi4.exe] => (Block) E:\games\hearts of iron iv no step back\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [UDP Query User{666F6613-F11F-49A2-846A-FC6EF138A661}E:\games\hearts of iron iv no step back\hoi4.exe] => (Block) E:\games\hearts of iron iv no step back\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{6848A8DE-747D-400B-B6CF-19EC2EF1173C}] => (Allow) C:\Quick Games\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe (Wolcen Studio) [File not signed]
FirewallRules: [{E51130E7-B6AD-4956-8F7C-151680D19A85}] => (Allow) C:\Quick Games\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe (Wolcen Studio) [File not signed]
FirewallRules: [{A50AB71E-F6B4-4156-9088-FD43C6A6A68C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{67A8502A-9A6E-4C8C-8242-240DBAADBFC9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{9D7DFD1D-874E-4FC4-8EA3-E15269D5A406}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{ECB032CC-99C9-419D-89AF-024FB4555ECE}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{89E95E95-51B4-4461-B6B1-432118FD2560}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\x64\NS2.exe (UNKNOWN WORLDS ENTERTAINMENT -> )
FirewallRules: [{31472397-64EA-4D4A-9F85-2574CD7E5A37}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\x64\NS2.exe (UNKNOWN WORLDS ENTERTAINMENT -> )
FirewallRules: [{5BD4E765-ACFE-4541-A8E3-6672FD29C0A7}] => (Allow) C:\Quick Games\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{70A7EA31-006A-44E2-89AA-FD8565E64464}] => (Allow) C:\Quick Games\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{5C59681B-6B76-4C8B-A320-B2CDD3E1DA5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Per Aspera\Per Aspera.exe () [File not signed]
FirewallRules: [{91438B91-BE75-4EE2-B025-AF17F4396A5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Per Aspera\Per Aspera.exe () [File not signed]
FirewallRules: [{71B05DA4-38AA-48AB-BC52-9DED84B6A20B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{B00561B5-E73E-49D6-98BA-4EE64507F929}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{70DF0C83-674B-4D7C-AE9E-38F22C6463BD}] => (Allow) C:\Program Files\Opera GX\88.0.4412.85\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{90353DF6-2762-4E85-B2A7-F3C9F08B3B9C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{41063086-D718-44DE-97FF-7E61AF611BC2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{04D73F0C-BB54-4B74-B5BB-6103F137CFFB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAFF02D9-14B8-4DF7-819F-16917732042B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F35714EA-115D-4493-9BA0-2CFE74F93B6E}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{1BBA500A-B3E6-4DD1-AF58-9F93AD12880B}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{8203DEC9-E04B-4644-A9CE-DECA8239D47C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6CC83F9-7D55-443D-85CA-C521C2244616}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3ED4F008-E057-4D6A-A078-9B7E6C4B2F46}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3D2B7FF7-58BB-4774-8575-42831DFE729B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{52B66FD7-C89D-43FD-A7C0-593AA5F03C67}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60D6A8CF-61C0-4D95-A277-172B172C0DEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A160ABF3-5C53-4A69-BE19-B55E1F67376F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2A23326-1E6F-462B-8CB7-2C2384A9C67E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5CE72EA4-5B91-49C8-BD4C-0960263791E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A81D5FBE-EC72-4B3C-9506-AA06EA7F271C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.71\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ACA36C56-1B89-4B52-B1A6-65BADD987D4E}] => (Allow) C:\Program Files\Opera GX\89.0.4447.64\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{1E860CC0-347E-4100-8D21-B479B80AC21F}] => (Allow) C:\Quick Games\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{D3E9A615-12A6-4ADD-AA73-ED8F5A7D5E90}] => (Allow) C:\Quick Games\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )

==================== Restore Points =========================

24-07-2022 09:02:26 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/30/2022 07:14:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Nový svazek (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15766

Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15766

Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15750

Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15750

Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2022 12:37:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Nový svazek (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (07/30/2022 04:55:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/30/2022 04:55:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/30/2022 04:55:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ProtonVPN Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/30/2022 04:55:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ProtonVPN Update Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/30/2022 04:55:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.

Error: (07/30/2022 04:52:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Game Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2022 04:52:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Synapse Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.

Error: (07/30/2022 04:52:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
================
Date: 2022-07-30 07:12:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-28 23:24:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-28 15:25:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-26 14:19:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-25 10:07:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-07-16 20:29:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-17 20:52:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 3.00 09/10/2015
Motherboard: MSI Z170A-G43 PLUS (MS-7970)
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 41%
Total physical RAM: 16339.84 MB
Available physical RAM: 9514.49 MB
Total Virtual: 24275.84 MB
Available Virtual: 14049.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.89 GB) (Free:323.22 GB) (Model: CT1000P1SSD8) NTFS
Drive d: () (Fixed) (Total:1862.79 GB) (Free:773.99 GB) (Model: ST2000DM008-2FR102) NTFS
Drive e: (Nový svazek) (Fixed) (Total:1863.01 GB) (Free:957.06 GB) (Model: ST2000DM001-1ER164) NTFS

\\?\Volume{0f8c9d20-fca9-4cdd-933a-802f5df718e1}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{f1d397e9-2f37-4f10-b8b5-3bfd253f320c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81190A92)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B7FE9059)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podezření na keyloggera

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
Task: {650BBEEC-88D8-45AA-B7D2-61332656E0F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Task: {67F63918-ACEC-4B18-88F4-80D7838B17D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FirewallRules: [UDP Query User{A2A821EC-19DC-4576-BD7A-C831208414EE}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{E54C2AD6-332A-444F-A91B-7AC5A83B813D}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [{96E6597D-399D-4DBA-A885-4851A7A18DD2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
FirewallRules: [{C2B5AB54-DB1B-4DEA-BF8F-BEA8047C1EEA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
irewallRules: [{751C6BB7-6297-4E77-9952-C745E90550E4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [{8B1AC280-23ED-4B9C-9AA9-DA7DF7B74444}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [UDP Query User{74FEFDD1-F5AB-4C5B-9E92-E2CB91B8EC28}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [TCP Query User{98BE0E47-C93D-48B3-9528-656974085F3C}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [UDP Query User{A61D54BC-9D90-41C3-A8D1-6B2A7D78E4DE}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [TCP Query User{2CDD0DF0-4148-4A6B-906D-A361DB9EDB7E}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [UDP Query User{7E7FF871-C92D-4AC1-9C4A-611D045323CF}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [TCP Query User{184F2FC4-D37E-46F1-B0B2-4BFA7C6718C9}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [UDP Query User{FC69EF54-7910-42C6-92DF-1755C5E0FF95}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [TCP Query User{4A9DF36A-727B-46A1-8282-C1B6F539C167}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [{53643330-8CEE-4D90-9717-D3ABC55ED5A0}] => (Allow) E:\Games\ANNO1800Trial\Bin\Win64\Anno1800.exe => No File
FirewallRules: [UDP Query User{0E742F5E-AEDF-4470-A826-A194EFE9A6B4}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{46F587FA-0AF4-40FC-BB4C-21B46C83C3FE}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{53B074E9-903D-4553-A879-9D690C0E7A0D}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [TCP Query User{4BF9472D-0318-4A44-B3CA-1F3F333B8AAD}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [UDP Query User{FB135923-C7FF-49FF-A18A-DEA4BF06B68E}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [TCP Query User{3592AC26-EF6E-4BF4-930E-1ABEC5F6579B}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [{3DB8CF03-00EB-4103-8FDE-78DCE456899B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{EFF5D996-17C5-4277-9497-B34E5937E2C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{60D940BC-BF19-4A6E-AA3C-662F009F60A5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [{A662161C-E2AB-42B6-9D5E-50844F2647A1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [UDP Query User{393B4840-31F8-4E50-BD0F-59E2F4F0CE67}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [TCP Query User{A93D5DAE-49D3-4332-B0CF-A3B1E367F219}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [UDP Query User{9D04D7C7-C1C0-475C-BD5D-A902451A1EEA}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [TCP Query User{5944AFD6-7408-429C-9592-F167D1756AB8}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [UDP Query User{4813CD27-13A5-4E7A-9035-19CC6E93D42F}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [TCP Query User{0A577BA0-8E13-4D1A-A870-61764EA2A317}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [TCP Query User{1B8A3E14-FEC7-496D-B418-06E653C17644}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [UDP Query User{1749D708-6AA2-4EA7-8D77-3475EB21A686}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [{D116FA49-9576-4DA7-B5F5-48E6DDBDBD21}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{C58B4F5B-D38C-47DA-8C32-09E54B56D82F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{ECF34A9C-3778-46BF-84B6-093B0EDC8F95}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [{97BEE38F-0977-44C3-9C62-3B2D0AA01139}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [TCP Query User{D0B373C4-F507-4CA1-A9F8-D95732D0CDBB}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [UDP Query User{41143AEA-1C23-4072-B35B-120D716B87DC}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [TCP Query User{8444DDEE-96E4-41DA-9B76-BF9FB6D869D7}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{C48C8A53-256E-4D24-A9FB-1DD822811E2E}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{16DC5210-7268-4324-BF04-D776773CB74E}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [UDP Query User{0844BE68-B7DE-42FF-B759-CA2BF44DC24A}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{FC7CF378-4541-4A69-9D59-6DA634C3A716}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{D2BFA281-25FA-4CA2-AA54-30E01F074526}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{B4B62D17-AA18-44CF-AC5D-6BE97896254C}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{63CBBB81-C7D7-4C12-8229-9C1CE1823091}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{40884ED5-A9AF-4DDE-BBBF-557CC5A2C55B}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{B381E370-B5BD-4350-A63B-B09C55356D84}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{E95F76C2-6B69-43AB-9E31-D7B634A667D6}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{E236E002-2DEE-4B49-AB06-AD2B828934E8}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{361CE1E5-AA98-4FD3-A6EA-C1388DFEE6C5}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [UDP Query User{6186A1D7-909E-4E11-AF2E-56663DA05574}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [{D4AE6FD6-4482-4DDD-826F-4F09791CB1D5}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{7B18F54B-C17B-4E42-AFE9-0EA86F83D059}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [TCP Query User{AFC117DE-1620-46CB-9976-8AF9AC733AF1}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [UDP Query User{39E637F0-7570-4C18-8287-9527B1072D47}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [{92F7E7C0-A5E0-4421-97C8-F069540D9047}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
FirewallRules: [{4472A0F8-542A-43E3-AC3A-094B693AE422}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
irewallRules: [{9F2C98C8-F9E0-435C-977F-843C082071E0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{493CC20D-8466-4BA5-B668-F9B6DE744E43}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [TCP Query User{823D8D89-F8B7-4597-9A6F-E84EE7BA7C90}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{BAF2163C-88D7-4BAC-8852-86911C50D3BF}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{7554F35F-F32A-4AD9-80A9-08CF053CDFE7}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [UDP Query User{D56066A1-554D-496D-834E-7DA5FE1EAF02}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [{BEA02876-9AB5-4F07-AE15-1624A18DA60D}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{85377F2C-570D-4FA4-83BA-6A5043FD99AB}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{73C6840C-15B5-4C29-9883-5669FC574BED}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{F9F83B40-41C3-4EBE-9C24-49BB647CA062}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{9D7DFD1D-874E-4FC4-8EA3-E15269D5A406}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{ECB032CC-99C9-419D-89AF-024FB4555ECE}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Podezření na keyloggera

#7 Příspěvek od Windi »

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2022
Ran by Mermeoth (30-07-2022 19:20:28) Run:1
Running from C:\Users\Mermeoth\Desktop
Loaded Profiles: Mermeoth & Evička
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
Task: {650BBEEC-88D8-45AA-B7D2-61332656E0F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Task: {67F63918-ACEC-4B18-88F4-80D7838B17D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FirewallRules: [UDP Query User{A2A821EC-19DC-4576-BD7A-C831208414EE}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{E54C2AD6-332A-444F-A91B-7AC5A83B813D}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [{96E6597D-399D-4DBA-A885-4851A7A18DD2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
FirewallRules: [{C2B5AB54-DB1B-4DEA-BF8F-BEA8047C1EEA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
irewallRules: [{751C6BB7-6297-4E77-9952-C745E90550E4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [{8B1AC280-23ED-4B9C-9AA9-DA7DF7B74444}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [UDP Query User{74FEFDD1-F5AB-4C5B-9E92-E2CB91B8EC28}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [TCP Query User{98BE0E47-C93D-48B3-9528-656974085F3C}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [UDP Query User{A61D54BC-9D90-41C3-A8D1-6B2A7D78E4DE}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [TCP Query User{2CDD0DF0-4148-4A6B-906D-A361DB9EDB7E}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [UDP Query User{7E7FF871-C92D-4AC1-9C4A-611D045323CF}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [TCP Query User{184F2FC4-D37E-46F1-B0B2-4BFA7C6718C9}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [UDP Query User{FC69EF54-7910-42C6-92DF-1755C5E0FF95}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [TCP Query User{4A9DF36A-727B-46A1-8282-C1B6F539C167}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [{53643330-8CEE-4D90-9717-D3ABC55ED5A0}] => (Allow) E:\Games\ANNO1800Trial\Bin\Win64\Anno1800.exe => No File
FirewallRules: [UDP Query User{0E742F5E-AEDF-4470-A826-A194EFE9A6B4}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{46F587FA-0AF4-40FC-BB4C-21B46C83C3FE}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{53B074E9-903D-4553-A879-9D690C0E7A0D}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [TCP Query User{4BF9472D-0318-4A44-B3CA-1F3F333B8AAD}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [UDP Query User{FB135923-C7FF-49FF-A18A-DEA4BF06B68E}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [TCP Query User{3592AC26-EF6E-4BF4-930E-1ABEC5F6579B}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [{3DB8CF03-00EB-4103-8FDE-78DCE456899B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{EFF5D996-17C5-4277-9497-B34E5937E2C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{60D940BC-BF19-4A6E-AA3C-662F009F60A5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [{A662161C-E2AB-42B6-9D5E-50844F2647A1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [UDP Query User{393B4840-31F8-4E50-BD0F-59E2F4F0CE67}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [TCP Query User{A93D5DAE-49D3-4332-B0CF-A3B1E367F219}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [UDP Query User{9D04D7C7-C1C0-475C-BD5D-A902451A1EEA}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [TCP Query User{5944AFD6-7408-429C-9592-F167D1756AB8}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [UDP Query User{4813CD27-13A5-4E7A-9035-19CC6E93D42F}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [TCP Query User{0A577BA0-8E13-4D1A-A870-61764EA2A317}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [TCP Query User{1B8A3E14-FEC7-496D-B418-06E653C17644}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [UDP Query User{1749D708-6AA2-4EA7-8D77-3475EB21A686}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [{D116FA49-9576-4DA7-B5F5-48E6DDBDBD21}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{C58B4F5B-D38C-47DA-8C32-09E54B56D82F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{ECF34A9C-3778-46BF-84B6-093B0EDC8F95}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [{97BEE38F-0977-44C3-9C62-3B2D0AA01139}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [TCP Query User{D0B373C4-F507-4CA1-A9F8-D95732D0CDBB}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [UDP Query User{41143AEA-1C23-4072-B35B-120D716B87DC}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [TCP Query User{8444DDEE-96E4-41DA-9B76-BF9FB6D869D7}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{C48C8A53-256E-4D24-A9FB-1DD822811E2E}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{16DC5210-7268-4324-BF04-D776773CB74E}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [UDP Query User{0844BE68-B7DE-42FF-B759-CA2BF44DC24A}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{FC7CF378-4541-4A69-9D59-6DA634C3A716}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{D2BFA281-25FA-4CA2-AA54-30E01F074526}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{B4B62D17-AA18-44CF-AC5D-6BE97896254C}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{63CBBB81-C7D7-4C12-8229-9C1CE1823091}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{40884ED5-A9AF-4DDE-BBBF-557CC5A2C55B}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{B381E370-B5BD-4350-A63B-B09C55356D84}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{E95F76C2-6B69-43AB-9E31-D7B634A667D6}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{E236E002-2DEE-4B49-AB06-AD2B828934E8}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{361CE1E5-AA98-4FD3-A6EA-C1388DFEE6C5}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [UDP Query User{6186A1D7-909E-4E11-AF2E-56663DA05574}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [{D4AE6FD6-4482-4DDD-826F-4F09791CB1D5}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{7B18F54B-C17B-4E42-AFE9-0EA86F83D059}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [TCP Query User{AFC117DE-1620-46CB-9976-8AF9AC733AF1}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [UDP Query User{39E637F0-7570-4C18-8287-9527B1072D47}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [{92F7E7C0-A5E0-4421-97C8-F069540D9047}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
FirewallRules: [{4472A0F8-542A-43E3-AC3A-094B693AE422}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
irewallRules: [{9F2C98C8-F9E0-435C-977F-843C082071E0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{493CC20D-8466-4BA5-B668-F9B6DE744E43}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [TCP Query User{823D8D89-F8B7-4597-9A6F-E84EE7BA7C90}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{BAF2163C-88D7-4BAC-8852-86911C50D3BF}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{7554F35F-F32A-4AD9-80A9-08CF053CDFE7}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [UDP Query User{D56066A1-554D-496D-834E-7DA5FE1EAF02}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [{BEA02876-9AB5-4F07-AE15-1624A18DA60D}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{85377F2C-570D-4FA4-83BA-6A5043FD99AB}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{73C6840C-15B5-4C29-9883-5669FC574BED}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{F9F83B40-41C3-4EBE-9C24-49BB647CA062}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{9D7DFD1D-874E-4FC4-8EA3-E15269D5A406}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{ECB032CC-99C9-419D-89AF-024FB4555ECE}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{650BBEEC-88D8-45AA-B7D2-61332656E0F8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{650BBEEC-88D8-45AA-B7D2-61332656E0F8}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67F63918-ACEC-4B18-88F4-80D7838B17D5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67F63918-ACEC-4B18-88F4-80D7838B17D5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A2A821EC-19DC-4576-BD7A-C831208414EE}E:\games\diablo iii\x64\diablo iii64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E54C2AD6-332A-444F-A91B-7AC5A83B813D}E:\games\diablo iii\x64\diablo iii64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96E6597D-399D-4DBA-A885-4851A7A18DD2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2B5AB54-DB1B-4DEA-BF8F-BEA8047C1EEA}" => removed successfully
irewallRules: [{751C6BB7-6297-4E77-9952-C745E90550E4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B1AC280-23ED-4B9C-9AA9-DA7DF7B74444}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{74FEFDD1-F5AB-4C5B-9E92-E2CB91B8EC28}E:\games\hearts of iron iv man the guns\hoi4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{98BE0E47-C93D-48B3-9528-656974085F3C}E:\games\hearts of iron iv man the guns\hoi4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A61D54BC-9D90-41C3-A8D1-6B2A7D78E4DE}E:\games\hearts of iron iv - copy\hoi4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2CDD0DF0-4148-4A6B-906D-A361DB9EDB7E}E:\games\hearts of iron iv - copy\hoi4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7E7FF871-C92D-4AC1-9C4A-611D045323CF}E:\games\hearts of iron iv\hoi4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{184F2FC4-D37E-46F1-B0B2-4BFA7C6718C9}E:\games\hearts of iron iv\hoi4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FC69EF54-7910-42C6-92DF-1755C5E0FF95}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4A9DF36A-727B-46A1-8282-C1B6F539C167}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53643330-8CEE-4D90-9717-D3ABC55ED5A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0E742F5E-AEDF-4470-A826-A194EFE9A6B4}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{46F587FA-0AF4-40FC-BB4C-21B46C83C3FE}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{53B074E9-903D-4553-A879-9D690C0E7A0D}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4BF9472D-0318-4A44-B3CA-1F3F333B8AAD}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FB135923-C7FF-49FF-A18A-DEA4BF06B68E}E:\games\age of empires ii definitive edition\aoe2de_s.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3592AC26-EF6E-4BF4-930E-1ABEC5F6579B}E:\games\age of empires ii definitive edition\aoe2de_s.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DB8CF03-00EB-4103-8FDE-78DCE456899B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFF5D996-17C5-4277-9497-B34E5937E2C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60D940BC-BF19-4A6E-AA3C-662F009F60A5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A662161C-E2AB-42B6-9D5E-50844F2647A1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{393B4840-31F8-4E50-BD0F-59E2F4F0CE67}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A93D5DAE-49D3-4332-B0CF-A3B1E367F219}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9D04D7C7-C1C0-475C-BD5D-A902451A1EEA}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5944AFD6-7408-429C-9592-F167D1756AB8}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4813CD27-13A5-4E7A-9035-19CC6E93D42F}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0A577BA0-8E13-4D1A-A870-61764EA2A317}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1B8A3E14-FEC7-496D-B418-06E653C17644}E:\games\hearts of iron iv new\hoi4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1749D708-6AA2-4EA7-8D77-3475EB21A686}E:\games\hearts of iron iv new\hoi4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D116FA49-9576-4DA7-B5F5-48E6DDBDBD21}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C58B4F5B-D38C-47DA-8C32-09E54B56D82F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECF34A9C-3778-46BF-84B6-093B0EDC8F95}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97BEE38F-0977-44C3-9C62-3B2D0AA01139}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D0B373C4-F507-4CA1-A9F8-D95732D0CDBB}E:\games\anno 1800\bin\win64\anno1800.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{41143AEA-1C23-4072-B35B-120D716B87DC}E:\games\anno 1800\bin\win64\anno1800.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8444DDEE-96E4-41DA-9B76-BF9FB6D869D7}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C48C8A53-256E-4D24-A9FB-1DD822811E2E}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{16DC5210-7268-4324-BF04-D776773CB74E}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0844BE68-B7DE-42FF-B759-CA2BF44DC24A}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FC7CF378-4541-4A69-9D59-6DA634C3A716}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D2BFA281-25FA-4CA2-AA54-30E01F074526}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B4B62D17-AA18-44CF-AC5D-6BE97896254C}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{63CBBB81-C7D7-4C12-8229-9C1CE1823091}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{40884ED5-A9AF-4DDE-BBBF-557CC5A2C55B}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B381E370-B5BD-4350-A63B-B09C55356D84}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E95F76C2-6B69-43AB-9E31-D7B634A667D6}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E236E002-2DEE-4B49-AB06-AD2B828934E8}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{361CE1E5-AA98-4FD3-A6EA-C1388DFEE6C5}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6186A1D7-909E-4E11-AF2E-56663DA05574}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4AE6FD6-4482-4DDD-826F-4F09791CB1D5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B18F54B-C17B-4E42-AFE9-0EA86F83D059}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AFC117DE-1620-46CB-9976-8AF9AC733AF1}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{39E637F0-7570-4C18-8287-9527B1072D47}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92F7E7C0-A5E0-4421-97C8-F069540D9047}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4472A0F8-542A-43E3-AC3A-094B693AE422}" => removed successfully
irewallRules: [{9F2C98C8-F9E0-435C-977F-843C082071E0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{493CC20D-8466-4BA5-B668-F9B6DE744E43}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{823D8D89-F8B7-4597-9A6F-E84EE7BA7C90}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BAF2163C-88D7-4BAC-8852-86911C50D3BF}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7554F35F-F32A-4AD9-80A9-08CF053CDFE7}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D56066A1-554D-496D-834E-7DA5FE1EAF02}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BEA02876-9AB5-4F07-AE15-1624A18DA60D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85377F2C-570D-4FA4-83BA-6A5043FD99AB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73C6840C-15B5-4C29-9883-5669FC574BED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9F83B40-41C3-4EBE-9C24-49BB647CA062}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D7DFD1D-874E-4FC4-8EA3-E15269D5A406}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECB032CC-99C9-419D-89AF-024FB4555ECE}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 509720255 B
Java, Discord, Steam htmlcache => 673154224 B
Windows/system/drivers => 19186889 B
Edge => 1393461 B
Chrome => 1417246796 B
Firefox => 1113576325 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 59808 B
LocalService => 147966 B
NetworkService => 14351776 B
Mermeoth => 106948928 B
Evička => 107055503 B

RecycleBin => 20336106948 B
EmptyTemp: => 22.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:25:55 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podezření na keyloggera

#8 Příspěvek od Rudy »

Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Podezření na keyloggera

#9 Příspěvek od Windi »

Dobrá, tak snad to bude ok.
Moc krát děkuji za rychlou pomoc :-)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podezření na keyloggera

#10 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno