Jump to content

Nicholas123

Honorary Members
  • Posts

    27
  • Joined

  • Last visited

Everything posted by Nicholas123

  1. Hi Kevin. The fixlog was successful. The first scannow found some files but the second one didn't find any violations, plus everything else did work, i didn't read any note about posting it. EDIT: Nevermind, i spotted it later. I'm attaching the fixlog. This is the MSS scan: --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.339, (build 1.339.1512.0) Started On Thu May 27 23:44:12 2021 Engine: 1.1.18200.3 Signatures: 1.339.1512.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Quick Scan Results: ------------------- Threat Detected: VirTool:Win32/DefenderTamperingRestore, for cleaning, the system needs to be restarted. Action: Remove, Result: 0x00000000 regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware SigSeq: 0x0000055555C57273 Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore, for cleaning, the system needs to be restarted. Microsoft Safety Scanner Finished On Thu May 27 23:48:08 2021 Return code: 10 (0xa) Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.339, (build 1.339.1512.0) Started On Thu May 27 23:49:23 2021 Engine: 1.1.18200.3 Signatures: 1.339.1512.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode It found that there was this issue regarding my Anti spyware being disabled, if i'm correct, it's not a malware per se, but rather a option i've probably set up when i added MBAM to my Windows Defender. I've turned it back on and it found no threats anymore. I've ran the MSS scan again and every time it would pick a cheatengine.exe file as infected, but the scan results would claim that nothing was detected. After i deleted the .exe, no files were found infected. Could it have been a false positive ? (Although CheatEngine does resemble a malicious software by itself). Thanks Fixlog.txt
  2. Hello Kevin, the MBAM scan has finished. Thank you for your patience. Sorry if it's in italian, but i think it's understandable. Here is the log: Malwarebytes www.malwarebytes.com -Dettagli log- Data scansione: 27/05/21 Ora scansione: 18:56 File di log: 8af13ac2-bf0c-11eb-9531-309c23835076.json -Informazioni software- Versione: 4.3.0.98 Versione componenti: 1.0.1308 Aggiorna versione pacchetto: 1.0.41000 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19042.985) CPU: x64 File system: NTFS Utente: DESKTOP-MDCJCBS\nicco -Riepilogo scansione- Tipo di scansione: Scansione personalizzata Scansione avviata da: Manuale Risultati: Completata Elementi analizzati: 487685 Minacce rilevate: 0 Minacce messe in quarantena: 0 Tempo impiegato: 3 ore, 54 min, 33 sec -Opzioni di scansione- Memoria: Attivata Esecuzioni automatiche: Attivata File system: Attivata Archivi compressi: Attivata Rootkit: Attivata Analisi euristica: Attivata PUP: Rilevare PUM (modifica potenzialmente indesiderata): Rilevare -Dettagli scansione- Processo: 0 (Nessun elemento nocivo rilevato) Modulo: 0 (Nessun elemento nocivo rilevato) Chiave di registro: 0 (Nessun elemento nocivo rilevato) Valore di registro: 0 (Nessun elemento nocivo rilevato) Dati di registro: 0 (Nessun elemento nocivo rilevato) Flusso di dati: 0 (Nessun elemento nocivo rilevato) Cartella: 0 (Nessun elemento nocivo rilevato) File: 0 (Nessun elemento nocivo rilevato) Settore fisico: 0 (Nessun elemento nocivo rilevato) WMI: 0 (Nessun elemento nocivo rilevato) (end)
  3. Hello Kevin, thanks for the reply. The MBAM scan is already running (with rootkits on) but it's gonna take a while. In the meantime i'II send the rest, in case there is something. Adware - # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-05-17.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 05-27-2021 # Duration: 00:00:06 # OS: Windows 10 Pro # Scanned: 31982 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [1405 octets] - [14/04/2021 16:08:21] AdwCleaner[S01].txt - [1466 octets] - [27/05/2021 19:25:51] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ########## FRST - Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2021 Ran by nicco (administrator) on DESKTOP-MDCJCBS (Micro-Star International Co., Ltd. MS-7B61) (27-05-2021 19:30:55) Running from C:\Users\nicco\Downloads Loaded Profiles: nicco Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: Italiano (Italia) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe (Discord Inc. -> Discord Inc.) C:\Users\nicco\AppData\Local\Discord\app-1.0.9002\Discord.exe <12> (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe (EXPRSVPN LLC -> The OpenVPN Project) C:\Program Files (x86)\ExpressVPN\expressvpnd\windows\openvpn.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_69d915519e0a2ac8\aesm_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_1e5aa28740c131d2\RstMwService.exe (Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7> (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe <2> (Riot Games, Inc. -> ) C:\Riot Games\League of Legends\Game\LeagueCrashHandler.exe (Riot Games, Inc. -> ) C:\Riot Games\League of Legends\LeagueCrashHandler.exe (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\League of Legends\Game\League of Legends.exe (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\League of Legends\LeagueClientUx.exe (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\League of Legends\LeagueClientUxRender.exe <2> (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe (Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe (Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe [1253232 2021-03-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3137728 2021-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [370032 2021-04-26] (EXPRSVPN LLC -> ExpressVPN) HKU\S-1-5-21-649220962-4129155526-1441513336-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-05-19] (Valve -> Valve Corporation) HKU\S-1-5-21-649220962-4129155526-1441513336-1001\...\Run: [Discord] => C:\Users\nicco\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-649220962-4129155526-1441513336-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [850288 2021-04-26] (EXPRSVPN LLC -> ExpressVPN) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {19B2A0E7-A0F5-4ED6-A5E6-67A047ABF870} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {299AFB94-8F50-4F46-93E2-B195B951F50F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {30009A99-0929-48BC-87CD-7C9CD8B3B4FB} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {438EF5AF-5BA5-4289-83D7-500775ABB823} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4AEBAF8B-4E33-46F5-8894-E43305868E6B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {512DE4B9-AAB8-46D8-B73B-75F42E635133} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5C413F52-922B-400A-99D5-584E0AAAB0CF} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {626F226F-DA13-4692-AFF6-9601EB3B1F27} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {958DEC50-7BF5-448F-B049-15645B2A9977} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A44CE4FB-093C-43A4-993E-8C40776C567C} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {AABB44E1-6514-402C-9638-809590E679F2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-06] (Mozilla Corporation -> Mozilla Foundation) Task: {B53A67F4-0176-484A-AFF2-F0AA982C60D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {CC283EBF-8C47-41BD-96E9-3AC1A7941D84} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D69F9A93-9B9E-450E-841A-7CEF9B8D22EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {EAADA80B-CC68-4FD8-A3A2-3ECE3A49D657} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EEDCCA36-4CAB-418A-880C-69669F093A12} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.97.0.1 Tcpip\..\Interfaces\{011efdce-53e5-4e44-a979-1c32240f8084}: [NameServer] 1.1.1.1,1.0.0.1 Tcpip\..\Interfaces\{011efdce-53e5-4e44-a979-1c32240f8084}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{ace74d26-7649-4840-8561-e652436beb57}: [NameServer] 10.17.0.1 Tcpip\..\Interfaces\{e5970501-283e-443c-b29e-6ca445c28309}: [DhcpNameServer] 10.97.0.1 Edge: ======= Edge Profile: C:\Users\nicco\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-27] FireFox: ======== FF DefaultProfile: sl7932kx.default FF ProfilePath: C:\Users\nicco\AppData\Roaming\Mozilla\Firefox\Profiles\sl7932kx.default [2021-04-14] FF ProfilePath: C:\Users\nicco\AppData\Roaming\Mozilla\Firefox\Profiles\jy53c66p.default-release [2021-05-27] FF Extension: (Dashlane) - C:\Users\nicco\AppData\Roaming\Mozilla\Firefox\Profiles\jy53c66p.default-release\Extensions\jetpack-extension@dashlane.com.xpi [2021-05-25] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=] FF Extension: (LeechBlock NG) - C:\Users\nicco\AppData\Roaming\Mozilla\Firefox\Profiles\jy53c66p.default-release\Extensions\leechblockng@proginosko.com.xpi [2021-04-07] FF Extension: (uBlock Origin) - C:\Users\nicco\AppData\Roaming\Mozilla\Firefox\Profiles\jy53c66p.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-05-05] FF Extension: (Malwarebytes Browser Guard) - C:\Users\nicco\AppData\Roaming\Mozilla\Firefox\Profiles\jy53c66p.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-05-25] FF Extension: (ClearURLs) - C:\Users\nicco\AppData\Roaming\Mozilla\Firefox\Profiles\jy53c66p.default-release\Extensions\{74145f27-f039-47ce-a470-a662b129930a}.xpi [2021-04-05] FF Extension: (blues) - C:\Users\nicco\AppData\Roaming\Mozilla\Firefox\Profiles\jy53c66p.default-release\Extensions\{915b37f4-4ba9-45fb-917b-1bf08c5da6f2}.xpi [2021-04-05] FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation) ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-04-27] (BattlEye Innovations e.K. -> ) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2021-04-27] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437104 2021-04-26] (EXPRSVPN LLC -> ExpressVPN) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-04-04] (Malwarebytes Inc -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [6973168 2021-05-01] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [520288 2021-04-04] (Skutta, Kristjan -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-16] (Microsoft Windows Publisher -> Microsoft Corporation) S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7256720 2021-05-01] (PUBG CORPORATION -> PUBG Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2020-09-21] (Microsoft Corporation) [File not signed] R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3792904 2020-09-21] (Microsoft Windows Hardware Compatibility Publisher -> C-MEDIA) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [199128 2021-04-04] (Malwarebytes Inc -> Malwarebytes) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-04-26] (ExprsVPN LLC -> ExpressVPN) R3 expressvpnwintun; C:\Windows\System32\drivers\expressvpn-wintun.sys [46824 2021-04-26] (Express VPN International Ltd. -> ExpressVPN) S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [79872 2018-09-24] (Microsoft Windows Hardware Compatibility Publisher -> FTDI Ltd.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-05-25] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-04-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198888 2021-05-25] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-05-25] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-05-25] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [157944 2021-05-25] (Malwarebytes Inc -> Malwarebytes) S3 mbtun; C:\Windows\system32\DRIVERS\mbtun.sys [86680 2021-04-02] (Malwarebytes Inc -> Malwarebytes) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) S3 ssudcdf; C:\Windows\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssuddmgr; C:\Windows\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudobex; C:\Windows\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudqcfilter; C:\Windows\System32\drivers\ssudqcfilter.sys [64912 2019-08-13] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated) S3 ssudrmnet; C:\Windows\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.) S3 ssudserd; C:\Windows\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [43648 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [52904 2021-04-26] (ExprsVPN LLC -> The OpenVPN Project) S3 VirtualHID; C:\Windows\System32\drivers\VirtualHID.sys [26768 2020-02-05] (Voyetra Turtle Beach, Inc. -> TurtleBeach) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-05-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [421112 2021-05-16] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-16] (Microsoft Windows -> Microsoft Corporation) S3 xhunter1; C:\Windows\xhunter1.sys [2729456 2021-05-26] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) U4 npcap_wifi; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-27 19:30 - 2021-05-27 19:32 - 000019397 _____ C:\Users\nicco\Downloads\FRST.txt 2021-05-27 19:29 - 2021-05-27 19:29 - 002299904 _____ (Farbar) C:\Users\nicco\Downloads\FRST64English.exe 2021-05-27 18:44 - 2021-05-27 19:09 - 000000000 ____D C:\Program Files\Cheat Engine 7.2 2021-05-27 18:44 - 2021-05-27 18:44 - 003439424 _____ ( ) C:\Users\nicco\Downloads\CheatEngine72.exe 2021-05-27 18:44 - 2021-05-27 18:44 - 000000000 ____D C:\Users\nicco\OneDrive\Documenti\My Cheat Tables 2021-05-27 18:44 - 2021-05-27 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.2 2021-05-26 18:00 - 2021-05-26 18:00 - 000000000 ____D C:\Users\nicco\AppData\Local\GameAnalytics 2021-05-26 00:12 - 2021-05-26 00:12 - 000007605 _____ C:\Users\nicco\AppData\Local\Resmon.ResmonCfg 2021-05-23 17:53 - 2021-05-23 17:53 - 000000000 ____D C:\Users\nicco\AppData\Roaming\StardewValley 2021-05-22 23:18 - 2021-05-22 23:18 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA 2021-05-22 23:12 - 2021-05-22 23:12 - 000000000 ____D C:\Users\nicco\AppData\Local\VA_11_Hall_A 2021-05-16 16:07 - 2021-05-25 18:13 - 000198888 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2021-05-16 16:07 - 2021-05-25 18:13 - 000157944 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2021-05-16 16:07 - 2021-05-25 18:13 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2021-05-14 18:49 - 2021-05-14 18:51 - 003169030 _____ C:\Users\nicco\Downloads\file_Referto_132017.zip 2021-05-14 16:59 - 2021-05-14 16:59 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2021-05-14 16:59 - 2021-05-14 16:59 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2021-05-14 16:59 - 2021-05-14 16:59 - 001687040 _____ C:\Windows\system32\libcrypto.dll 2021-05-14 16:59 - 2021-05-14 16:59 - 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi 2021-05-14 16:59 - 2021-05-14 16:59 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE 2021-05-14 16:59 - 2021-05-14 16:59 - 000700928 _____ C:\Windows\system32\FsNVSDeviceSource.dll 2021-05-14 16:59 - 2021-05-14 16:59 - 000157184 _____ C:\Windows\system32\uwfcsp.dll 2021-05-14 16:59 - 2021-05-14 16:59 - 000153600 _____ C:\Windows\system32\uwfcfgmgmt.dll 2021-05-14 16:59 - 2021-05-14 16:59 - 000011351 _____ C:\Windows\system32\DrtmAuthTxt.wim 2021-05-14 16:58 - 2021-05-14 16:58 - 001823816 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2021-05-14 16:58 - 2021-05-14 16:58 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2021-05-14 16:58 - 2021-05-14 16:58 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe 2021-05-14 16:58 - 2021-05-14 16:58 - 000060928 _____ C:\Windows\system32\runexehelper.exe 2021-05-14 16:58 - 2021-05-14 16:58 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe 2021-05-12 22:37 - 2021-05-12 22:37 - 000003313 _____ C:\Users\nicco\OneDrive\Documenti\Fattura Biostory.odt 2021-05-06 17:21 - 2021-05-06 17:21 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2021-05-05 19:58 - 2021-05-05 19:58 - 000000000 ____D C:\Windows\system32\appmgmt 2021-05-05 19:58 - 2021-05-05 19:58 - 000000000 ____D C:\Users\nicco\OneDrive\Documenti\FRST 2021-05-05 19:54 - 2021-05-05 19:54 - 000002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk 2021-05-05 19:54 - 2021-05-05 19:54 - 000002170 _____ C:\Users\Public\Desktop\ExpressVPN.lnk 2021-05-05 19:54 - 2021-05-05 19:54 - 000002170 _____ C:\ProgramData\Desktop\ExpressVPN.lnk 2021-05-05 19:54 - 2021-05-05 19:54 - 000000000 ____D C:\Users\nicco\AppData\Local\ExpressVPN 2021-05-05 19:54 - 2021-05-05 19:54 - 000000000 ____D C:\ProgramData\ExpressVPN 2021-05-05 19:54 - 2021-05-05 19:54 - 000000000 ____D C:\Program Files (x86)\ExpressVPN 2021-05-05 19:53 - 2021-05-05 19:53 - 038609320 _____ (ExpressVPN) C:\Users\nicco\Downloads\expressvpn_windows_10.2.4.11_release.exe 2021-05-01 18:48 - 2021-05-26 22:04 - 000000000 ____D C:\Program Files\Common Files\PUBG 2021-05-01 18:48 - 2021-05-26 20:07 - 002729456 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys 2021-05-01 18:48 - 2021-05-01 18:48 - 000000000 ____D C:\Users\nicco\AppData\Local\WELLBIA 2021-05-01 18:48 - 2021-05-01 18:48 - 000000000 ____D C:\Users\nicco\AppData\Local\TslGame 2021-05-01 18:48 - 2021-05-01 18:48 - 000000000 ____D C:\Users\nicco\AppData\Local\BattlEye 2021-05-01 18:48 - 2021-05-01 18:48 - 000000000 ____D C:\Program Files\Common Files\UNCHEATER 2021-05-01 18:48 - 2021-05-01 18:48 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat 2021-05-01 18:07 - 2021-05-01 18:07 - 000000000 ____D C:\Users\nicco\AppData\LocalLow\HandyGames 2021-04-30 18:05 - 2021-04-30 18:05 - 000003335 _____ C:\Users\nicco\OneDrive\Documenti\Proforma.odt 2021-04-27 19:05 - 2021-04-27 19:05 - 000000000 ____D C:\Users\nicco\AppData\LocalLow\adamgryu ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-27 19:31 - 2021-04-14 16:10 - 000000000 ____D C:\FRST 2021-05-27 19:31 - 2021-04-04 16:00 - 000000000 ____D C:\Users\nicco\AppData\Roaming\discord 2021-05-27 19:21 - 2021-04-04 02:05 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-05-27 19:17 - 2021-04-04 16:00 - 000000000 ____D C:\Users\nicco\AppData\Local\Discord 2021-05-27 19:07 - 2021-04-15 17:54 - 000000000 ____D C:\Users\nicco\AppData\Roaming\KeePass 2021-05-27 18:45 - 2021-04-04 14:20 - 000000000 ____D C:\Users\nicco\AppData\LocalLow\Mozilla 2021-05-27 18:45 - 2021-04-04 14:20 - 000000000 ____D C:\ProgramData\Mozilla 2021-05-27 18:39 - 2021-04-04 19:56 - 000000000 ____D C:\ProgramData\Riot Games 2021-05-27 18:38 - 2021-04-04 03:26 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-05-27 18:38 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\LiveKernelReports 2021-05-27 18:38 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\INF 2021-05-27 17:01 - 2021-04-04 14:40 - 000000000 ____D C:\Program Files (x86)\Steam 2021-05-27 16:55 - 2021-04-04 16:31 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2021-05-27 14:22 - 2021-04-04 02:05 - 000000000 ___HD C:\Program Files\WindowsApps 2021-05-27 14:22 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\AppReadiness 2021-05-27 14:20 - 2021-04-04 03:26 - 000000000 ____D C:\ProgramData\NVIDIA 2021-05-27 01:05 - 2021-04-04 03:58 - 000000000 ____D C:\Users\nicco 2021-05-26 17:59 - 2021-04-04 18:58 - 000000000 ____D C:\ProgramData\Package Cache 2021-05-26 14:51 - 2021-04-04 03:33 - 001746596 _____ C:\Windows\system32\PerfStringBackup.INI 2021-05-26 14:51 - 2021-04-04 02:07 - 000776072 _____ C:\Windows\system32\perfh010.dat 2021-05-26 14:51 - 2021-04-04 02:07 - 000145152 _____ C:\Windows\system32\perfc010.dat 2021-05-26 02:13 - 2021-04-04 03:26 - 000008192 ___SH C:\DumpStack.log.tmp 2021-05-26 02:13 - 2021-04-04 03:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-05-25 21:31 - 2021-04-04 14:03 - 000000000 ____D C:\Users\nicco\AppData\Local\D3DSCache 2021-05-25 21:21 - 2021-04-04 21:30 - 000000000 ____D C:\Users\nicco\AppData\Local\CrashDumps 2021-05-25 18:13 - 2021-04-04 04:04 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-05-25 18:13 - 2021-04-04 04:04 - 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-05-22 23:18 - 2021-04-26 18:40 - 000000000 ____D C:\Users\nicco\OneDrive\Documenti\My Games 2021-05-22 14:54 - 2021-04-04 03:28 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-05-22 14:54 - 2021-04-04 03:28 - 000002286 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-05-22 14:54 - 2021-04-04 03:28 - 000002286 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-05-21 22:37 - 2021-04-04 04:00 - 000000000 ____D C:\Users\nicco\AppData\Local\VirtualStore 2021-05-20 22:37 - 2021-04-15 18:05 - 000006510 _____ C:\Users\nicco\OneDrive\Documenti\Database.kdbx 2021-05-18 15:00 - 2021-04-04 02:02 - 000032768 _____ C:\Windows\system32\config\ELAM 2021-05-16 16:09 - 2021-04-04 03:26 - 000000000 ____D C:\Windows\system32\Drivers\wd 2021-05-16 16:07 - 2021-04-04 02:05 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-05-15 21:41 - 2021-04-04 02:02 - 000524288 _____ C:\Windows\system32\config\BBI 2021-05-15 21:40 - 2021-04-04 03:26 - 000259280 _____ C:\Windows\system32\FNTCACHE.DAT 2021-05-15 21:39 - 2021-04-04 02:07 - 000000000 ____D C:\Windows\system32\OpenSSH 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ___RD C:\Windows\PrintDialog 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\SysWOW64\setup 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\SysWOW64\oobe 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\SysWOW64\lt-LT 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\SysWOW64\Dism 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\SystemResources 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\system32\WinMetadata 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\system32\SystemResetPlatform 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\system32\setup 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\system32\oobe 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\system32\lt-LT 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\system32\Dism 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\Provisioning 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\PolicyDefinitions 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\DiagTrack 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Windows\bcastdvr 2021-05-15 21:39 - 2021-04-04 02:05 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-05-14 17:01 - 2021-04-04 02:05 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll 2021-05-14 17:01 - 2021-04-04 02:02 - 000000000 ____D C:\Windows\CbsTemp 2021-05-14 14:48 - 2021-04-04 14:20 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-05-14 14:48 - 2021-04-04 14:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-05-13 20:08 - 2021-04-06 16:10 - 000000000 ____D C:\Windows\system32\MRT 2021-05-13 20:07 - 2021-04-06 16:10 - 132732536 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-05-12 20:56 - 2021-04-04 04:02 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-649220962-4129155526-1441513336-1001 2021-05-12 20:56 - 2021-04-04 04:02 - 000000000 ___RD C:\Users\nicco\OneDrive 2021-05-12 20:56 - 2021-04-04 03:58 - 000002431 _____ C:\Users\nicco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-05-06 17:21 - 2021-04-04 14:20 - 000001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-05-05 19:57 - 2021-04-04 04:04 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-05-01 18:49 - 2021-04-04 18:59 - 000000000 ____D C:\Users\nicco\AppData\Local\NVIDIA Corporation 2021-05-01 18:48 - 2021-04-26 18:40 - 000000000 ____D C:\Users\nicco\AppData\Local\UnrealEngine 2021-05-01 17:31 - 2021-04-06 16:10 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-04-27 20:49 - 2021-04-04 04:00 - 000000000 ____D C:\Users\nicco\AppData\Local\Packages ==================== Files in the root of some directories ======== 2021-05-26 00:12 - 2021-05-26 00:12 - 000007605 _____ () C:\Users\nicco\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Last thing, i've attached the log.Addition.txt Thanks for looking into this.
  4. Hello. I got a MBAM notification trying to install Cheat Engine. I completely forgot it had adware bundled it and i was supposed to get it from the direct code source. I got 2 files detected, a PUP (which was a gamehack, obvious since it's this program) and if i could get any information on this file i would be more than grateful. It was detected by the real time protection, i suppose it's a temporary malware that executes once the program is the installed for the first time. Should i restore it, then submit it, for example on Virus Total, before deleting it ? Just to be sure, although It is risky i believe. -Dettagli log- Data evento di protezione: 27/05/21 Ora evento di protezione: 18:44 File di log: daa41fa0-bf0a-11eb-8aa0-309c23835076.json -Informazioni software- Versione: 4.3.0.98 Versione componenti: 1.0.1308 Aggiorna versione pacchetto: 1.0.40998 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19042.985) CPU: x64 File system: NTFS Utente: System -Dettagli malware bloccati- File: 1 Malware.AI.4184278924, C:\Users\nicco\AppData\Local\Temp\is-VEFJ7.tmp\jgpkvtdz.dll, In quarantena, 1000000, 0, 1.0.40998, 8573E34BAD5701D8F967078C, dds, 01263684, 125131EC25337A9BD60E71AA032B26C2, 1B420DB6D4763174EF54A7D9BC9A3F204D978599047178E56807368E29F447F1 I'm running a full scan to see if anything else pops out. Could this be anything serious ? Sorry that someone has to look into my foolishness.
  5. Thanks for the support. Yes the weird process appeared only once and i was also streaming/ talking so it couldve been related to that. Also i haven't seen any infection signs at all.
  6. Hi again. Sfc.exe did indeed work now, maybe i had a scan in the background. The result says no integrity violation was found (roughly translated). Since the ESET scan will take a while, i will edit this comment once it's finished. Edit: Full Scan was finished, nothing was found, should i still post the log ? Regarding DNS, ive never had trouble of that kind but my wifi has never been very fast.
  7. Added note: I changed the DNS servers to the ones from Dnswatch, unfortunately my ISP doesnt let me change them on the router so i just changed it on my devices. Edit: Did CHKDSK C: /F work ? I have run CHKDSK C: /F /R in the past and i'm wondering if i should.
  8. Hello AdvancedSetup. Thank you for looking into this. I have ran the fix, but i forgot completely that MbVpn was set up to start on his own when i booted my pc on. Hope it didn't have an influence on the fix, altough i changed FRST into FRSTEnglish the fixlog is still in italian. I think most of it was successful. Regarding DNS Watch, was the server change included in the fix or should i look for changing it on my own ? Thanks. Fixlog.txt
  9. Adding this last comment since a friend has spotted something i didn't realize and i wouldn't want someone to waste time on it: the eye "program" under Steam is just Steam itself. The color palette of the icon changed when it moved from a position to another, and by looking at a specific frame, thought it was something else (i feel like a idiot). Still, the other process wasn't one i knew.
  10. Sorry for the added comment again, im kinda "shocked" so i tend to forget to add stuff, plus it's very late. I used netstat today and didn't spot anything unusual, there are no programs or processes like the ones ive mentioned before in my pc and the upper program is Steam, the one under i don't know, looks like an eye or ball to me.
  11. Sorry for the double post i clicked send as an error. I was saying i got a picture but it's very blurry. You can kinda see the icon. Its not firefox. Is it recognizable ? I unfortunately dont think so. I'm attaching picture, FRST and Addition. Today ive done a full MBAM and MSE scan, so i don't really know what to do. If someone could help i would be very grateful. Addition.txt FRST.txt
  12. Hello. If someone could help (or explain, if it's not a malware issue) i would be very thankful. A couple of days ago my mouse had some jumping issues and i've thought of it as related to hardware. But because of that i've been worried about my pc and i was more attentive. Today i turn off my pc and a process i've never seen appeared in the "Waiting for this applications to close before turning off". I can't unfortunately remember the name. It had NV - Class and a bunch of 0s in the name. I thought it couldve been a windows process, so just to see if i could see the exact name i turned on and off my pc again. This time i saw an application with a reddish eye orb as icon that i've never seen. Wasn't fast enough to see the name but i q
  13. Thanks for the answers. Yep, it's a wired gaming mouse. Have yet to try use a different one. I will leave it on it's own to see if it happens again, then use the coin test. Depending on the outcome i'II look for drivers or substitute it entirely (and use a mousepad).
  14. Hello everyone. I have an issue with my mouse that i find very particular. While i was watching my second monitor, i noticed my mouse (which was in the first one) moved on his own. I thought it was my imagination, so i ignored it, but after i got up and went back i realized it moved again. A perfect distance (or almost) of 1cm (both times) vertically. I recorded the screen for 20 mins but it didnt happen again. My mouse is 4 years old, ive always used it with no pad, and its drivers are not updated. It most likely is related to that. But i saw posts of malware possibly moving it, although i reset my pc 2 weeks ago and ive barely installed anything since. Checking online it doesn't look like anyone had a similar problem on the hardware side, and it doesn't look close to a malware situation either. Should i try with updated drivers ? MBAM scans and premium protection don't show anything, should i send FRST to be sure ? Thanks anyone who would like to help.
  15. Thank, i have read and followed both articles. I don't need anything else.
  16. Hello. Thank you for the check-up. I did a PC reset after confirmation,i've been wanting to for a while now. I was mostly worried i had an infection in case i had to change my passwords. I would like a last advice, i switched to Firefox after the reset, should i delete everything Chrome has ? I mean logging off absolutely everything recordered and delete cookies, history etc. Is there a risk in not doing it ?
  17. Hello. Thanks a lot for the answer. I agree, it doesn't feel like something serious but i prefer to be sure. I appreciate what you do here very much. I attached all the logs. AdwCleaner[S03].txt MBAM Scan.txt FRST.txt Addition.txt
  18. Hello everyone. I have a question since i'm very ignorant in this kind of stuff. Today i checked my desktop and i saw a blank.gif file, i clicked on it and didnt really care about it at first. Then i checked online and some articles talk about this file as some kind of virus in certain circumstances. I ran a scan, nothing was found, analyzed the file with both MBAM and Windows Defender, also nothing. I just deleted it to be sure, but couldve it possibly be something more ? With MBAM in real time protection, i wouldve certainly got a warning or noticed something else ? PC was kinda laggy tonight but i also had an unfinished full scan stopped in the background. Would that have an influence on performance ? If anyone can lend me an hand i'II be very grateful.
  19. Looks like a false positive. Posting this in case anyone check this post. Still, if anyone can check my FRST and notices if anything is wrong i would apprecciate
  20. Hey Khadijah Checking MBAM forums, a few minutes ago a trojan warnings post like mine have been made, caused by the same site. Wouldn't know what we all have in common but you should also make a post in case it's a different issue.
  21. Sorry for the comment, forgot i couldn't edit my post. I have attached Addition and FRST scans. Adware scan found nothing. I have also got another malware warning, this time from nowhere. -Dettagli log- Data evento di protezione: 02/04/21 Ora evento di protezione: 18:18 File di log: 1124fee4-93cf-11eb-9977-309c23835076.json -Informazioni software- Versione: 4.3.0.98 Versione componenti: 1.0.1217 Aggiorna versione pacchetto: 1.0.39012 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19041.867) CPU: x64 File system: NTFS Utente: System -Dettagli siti web bloccati- Sito web nocivo: 1 , , Bloccato, -1, -1, 0.0.0, , -Dati sito web- Categoria: Malware Dominio: Indirizzo IP: 93.184.220.29 Porta: 80 Tipo: In uscita File: (end) Addition.txt FRST.txt
  22. Hello everyone. I hope you can help me with this issue. I have mbam premium and while i was browsing through a site, i got a "Trojan blocked" notification from mbam. Usually, when they are related to google.exe, i imagine they simply are ads that share the IP with malicious sites. Yet this time the issue was at svchost.exe, which threw me instantly off guard. I performed a quick scan, nothing was found. Right now i'm performing a full scan with rootkits detection on. Just a couple of weeks ago nothing was found on my pc after posting it on the forums, so i'm pretty worried. Sorry if my sistem is in Italian, it might take a while to translate. -Dettagli log- Data evento di protezione: 02/04/21 Ora evento di protezione: 17:45 File di log: 800bbc94-93ca-11eb-a80a-309c23835076.json -Informazioni software- Versione: 4.3.0.98 Versione componenti: 1.0.1217 Aggiorna versione pacchetto: 1.0.39012 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19041.867) CPU: x64 File system: NTFS Utente: System -Dettagli siti web bloccati- Sito web nocivo: 1 , C:\Windows\System32\svchost.exe, Bloccato, -1, -1, 0.0.0, , -Dati sito web- Categoria: Trojan Dominio: cs9.wac.phicdn.net Indirizzo IP: 93.184.220.29 Porta: 80 Tipo: In uscita File: C:\Windows\System32\svchost.exe (end)
  23. Hi Kevin! No they are not! It only happened once and i was just very very much overthinking if i had anything. Just needed to be sure. If that's everything, thanks a lot! Stay safe.
  24. Hello Kevin, thanks for the help! Adwcleaner didn't find anything so i didn't need to quarantine, hope that's what you meant. I'm sorry if the MBAM scan and parts of addition are in italian, hopefully it's somewhat understandable. Malwarebytes www.malwarebytes.com -Dettagli log- Data scansione: 08/03/21 Ora scansione: 21:05 File di log: 9bcf2540-8049-11eb-8fc1-309c23835076.json -Informazioni software- Versione: 4.3.0.98 Versione componenti: 1.0.1173 Aggiorna versione pacchetto: 1.0.37885 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19042.804) CPU: x64 File system: NTFS Utente: Maxine\Utente -Riepilogo scansione- Tipo di scansione: Ricerca elementi nocivi Scansione avviata da: Manuale Risultati: Completata Elementi analizzati: 275635 Minacce rilevate: 0 Minacce messe in quarantena: 0 Tempo impiegato: 1 min, 19 sec -Opzioni di scansione- Memoria: Attivata Esecuzioni automatiche: Attivata File system: Attivata Archivi compressi: Attivata Rootkit: Attivata Analisi euristica: Attivata PUP: Rilevare PUM: Rilevare -Dettagli scansione- Processo: 0 (Nessun elemento nocivo rilevato) Modulo: 0 (Nessun elemento nocivo rilevato) Chiave di registro: 0 (Nessun elemento nocivo rilevato) Valore di registro: 0 (Nessun elemento nocivo rilevato) Dati di registro: 0 (Nessun elemento nocivo rilevato) Flusso di dati: 0 (Nessun elemento nocivo rilevato) Cartella: 0 (Nessun elemento nocivo rilevato) File: 0 (Nessun elemento nocivo rilevato) Settore fisico: 0 (Nessun elemento nocivo rilevato) WMI: 0 (Nessun elemento nocivo rilevato) (end) # ------------------------------- # Malwarebytes AdwCleaner 8.1.0.0 # ------------------------------- # Build: 02-15-2021 # Database: 2021-03-08.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 03-08-2021 # Duration: 00:00:10 # OS: Windows 10 Pro # Scanned: 4916 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [1404 octets] - [07/03/2021 02:17:55] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021 Ran by Utente (administrator) on MAXINE (Micro-Star International Co., Ltd. MS-7B61) (08-03-2021 21:11:12) Running from C:\Users\Utente\Desktop Loaded Profiles: Utente Platform: Windows 10 Pro Version 20H2 19042.804 (X64) Language: Italiano (Italia) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Utente\AppData\Roaming\Dashlane\Dashlane.exe (Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\Utente\AppData\Roaming\Dashlane\DashlanePlugin.exe (Discord Inc. -> Discord Inc.) C:\Users\Utente\AppData\Local\Discord\app-0.0.309\Discord.exe <6> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12> (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_1e5aa28740c131d2\RstMwService.exe (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_62a0e7f4cd3e6c99\aesm_service.exe (Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Privacy\MBVPNService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Privacy\MBVpnTunnelService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Privacy\UI\MBPrivacy.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Utente\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxAccounts.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsstore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (NZXT, Inc. -> ) C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\cam_helper.exe <2> (NZXT, Inc. -> ) C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe <2> (Skutta, Kristjan -> ) D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (Valve -> Valve Corporation) D:\Steam\steam.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe [1201448 2020-10-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3491294169-2899776833-3606377185-1001\...\Run: [Malwarebytes Privacy] => C:\Program Files\Malwarebytes\Privacy\UI\mbprivacy.exe [354672 2021-02-18] (Malwarebytes Inc -> Malwarebytes) HKU\S-1-5-21-3491294169-2899776833-3606377185-1001\...\Run: [Discord] => C:\Users\Utente\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-3491294169-2899776833-3606377185-1001\...\Run: [WallpaperEngine] => D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2769000 2021-03-05] (Skutta, Kristjan -> ) HKLM\...\Print\Monitors\HP CD11 Status Monitor: C:\WINDOWS\system32\hpinkstsCD11LM.dll [391992 2019-03-15] (HP Inc -> HP Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.82\Installer\chrmstp.exe [2021-03-07] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01651F97-BCCF-4E68-A8BD-FCD08A0CBBD5} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {195A968D-5209-4481-8DF1-129AB2FEAEB0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1F45D5E3-19B0-4FBB-8635-A23D722D516E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2D2BD5BA-D660-48FA-9446-DDDC92E4F4E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-07] (Google LLC -> Google LLC) Task: {3AE4D3E7-367B-415C-B717-AC73CA7CFD4D} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3CCDD99A-6403-4247-941C-9CED4FDF704E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-07] (Google LLC -> Google LLC) Task: {3FFD3E72-A138-43EF-BF2E-9B541914FBCC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4C04CD48-90C0-492B-A6ED-2039C8ECDD66} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {5FAC629A-A27B-4C8C-8B99-708B23EEBB90} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {62B2A0E1-0898-4D28-A951-B8C26C0DC932} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9A9EE32E-FD08-4055-8364-5874CD5104C0} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9FACDB33-D008-4203-9DF6-B57362E0587E} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {B160659A-B432-4C62-9CA6-D5B36280E337} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B3797AB4-EDDE-4B3D-8AAC-CEA0AFD758DD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CB417688-93C5-46A9-BD38-082F65284F9E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CF3B527C-ECE8-471C-9762-14D19906120D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {DFE40FAB-65D5-45EF-B820-1B501CF8BB04} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1 Tcpip\..\Interfaces\{c00bc3aa-08b7-42a0-9e00-c422b6488747}: [DhcpNameServer] 192.168.178.1 Edge: ======= Edge Profile: C:\Users\Utente\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-08] FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation) Chrome: ======= CHR Profile: C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default [2021-03-08] CHR HomePage: Default -> hxxp://www.youtube.com/?hl=it&gl=IT CHR DefaultSearchURL: Default -> hxxps://s.ytimg.com/yts/img/favicon-vfl8qSV2F.ico CHR Extension: (Presentazioni) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-07] CHR Extension: (YouTube) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2021-02-07] CHR Extension: (BetterTTV) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2021-02-07] CHR Extension: (Documenti) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-07] CHR Extension: (Google Drive) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-07] CHR Extension: (YouTube) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-07] CHR Extension: (Spotify - Music for every moment) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2021-02-07] CHR Extension: (SoundCloud) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\cogncpmnihfpagflekafgfhbjahhjgee [2021-02-07] CHR Extension: (BlockSite - Rimani concentrato e controlla il tuo tempo) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2021-02-23] CHR Extension: (Fogli) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-07] CHR Extension: (Documenti Google offline) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-24] CHR Extension: (AdBlock: il miglior ad-blocker di sempre) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-26] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-25] CHR Extension: (App) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgnggepjiihbfdbedefdhcffnmhcahbm [2021-02-07] CHR Extension: (Google Avvisi email) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2021-02-07] CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-07] CHR Extension: (Gmail) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-07] CHR Extension: (Chrome Media Router) - C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-07] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 CAMService; C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe [533640 2021-02-17] (NZXT, Inc. -> ) S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-25] (Malwarebytes Inc -> Malwarebytes) R2 MBVpnService; C:\Program Files\Malwarebytes\Privacy\MBVpnService.exe [3272496 2021-02-18] (Malwarebytes Inc -> Malwarebytes) R3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Privacy\MBVpnTunnelService.exe [2235824 2021-02-18] (Malwarebytes Inc -> Malwarebytes) R2 RtkAudioUniversalService; C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe [1201448 2020-10-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2020-09-21] (Microsoft Windows Hardware Compatibility Publisher -> C-MEDIA) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-25] (Malwarebytes Corporation -> Malwarebytes) S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [79872 2018-09-24] (Microsoft Windows Hardware Compatibility Publisher -> FTDI Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-25] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-25] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-25] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-25] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-25] (Malwarebytes Inc -> Malwarebytes) R3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [86680 2021-02-18] (Malwarebytes Inc -> Malwarebytes) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2019-08-13] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated) S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.) S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43648 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 VirtualHID; C:\WINDOWS\System32\drivers\VirtualHID.sys [26768 2020-02-05] (Voyetra Turtle Beach, Inc. -> TurtleBeach) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-08 21:11 - 2021-03-08 21:11 - 000020198 _____ C:\Users\Utente\Desktop\FRST.txt 2021-03-08 21:11 - 2021-03-08 21:10 - 002301440 _____ (Farbar) C:\Users\Utente\Desktop\FRST64.exe 2021-03-08 21:10 - 2021-03-08 21:10 - 002301440 _____ (Farbar) C:\Users\Utente\Downloads\FRST64.exe 2021-03-08 21:07 - 2021-03-08 21:09 - 000002881 _____ C:\Users\Utente\Desktop\Scan.txt 2021-03-08 19:25 - 2021-03-08 19:25 - 000037114 _____ C:\Users\Utente\Downloads\bonificoSct_08_03_2021_19_25_43.pdf 2021-03-07 17:56 - 2021-03-07 17:56 - 000036788 _____ C:\Users\Utente\Downloads\bonificoSct_07_03_2021_17_56_10.pdf 2021-03-07 17:53 - 2021-03-07 17:53 - 000036790 _____ C:\Users\Utente\Downloads\bonificoSct_07_03_2021_17_53_00.pdf 2021-03-07 02:17 - 2021-03-07 02:17 - 008463216 _____ (Malwarebytes) C:\Users\Utente\Downloads\adwcleaner_8.1 (1).exe 2021-03-07 02:17 - 2021-03-07 02:17 - 000000000 ____D C:\AdwCleaner 2021-03-07 02:14 - 2021-03-07 02:14 - 008463216 _____ (Malwarebytes) C:\Users\Utente\Downloads\adwcleaner_8.1.exe 2021-03-04 20:21 - 2021-03-04 20:22 - 205718227 _____ C:\Users\Utente\Downloads\5953 - Professor Layton and the Spectre's Call (E).zip 2021-03-04 19:41 - 2021-03-04 19:41 - 001447178 _____ (Igor Pavlov) C:\Users\Utente\Downloads\7z1900-x64 (1).exe 2021-03-04 19:41 - 2021-03-04 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2021-03-04 19:41 - 2021-03-04 19:41 - 000000000 ____D C:\Program Files\7-Zip 2021-03-04 19:33 - 2021-03-04 19:33 - 001868290 _____ C:\Users\Utente\Downloads\desmume-0.9.11-win64.zip 2021-03-03 15:54 - 2021-03-03 15:54 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2021-03-03 15:53 - 2021-02-24 13:53 - 001855208 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2021-03-03 15:53 - 2021-02-24 13:53 - 001855208 _____ C:\WINDOWS\system32\vulkaninfo.exe 2021-03-03 15:53 - 2021-02-24 13:53 - 001452336 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2021-03-03 15:53 - 2021-02-24 13:53 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2021-03-03 15:53 - 2021-02-24 13:53 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2021-03-03 15:53 - 2021-02-24 13:53 - 001191728 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2021-03-03 15:53 - 2021-02-24 13:53 - 001094888 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2021-03-03 15:53 - 2021-02-24 13:53 - 001094888 _____ C:\WINDOWS\system32\vulkan-1.dll 2021-03-03 15:53 - 2021-02-24 13:53 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2021-03-03 15:53 - 2021-02-24 13:53 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2021-03-03 15:53 - 2021-02-24 13:51 - 000678704 _____ C:\WINDOWS\system32\nvofapi64.dll 2021-03-03 15:53 - 2021-02-24 13:51 - 000546096 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2021-03-03 15:53 - 2021-02-24 13:50 - 002102576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2021-03-03 15:53 - 2021-02-24 13:50 - 001587504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2021-03-03 15:53 - 2021-02-24 13:50 - 001511192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2021-03-03 15:53 - 2021-02-24 13:50 - 001163544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2021-03-03 15:53 - 2021-02-24 13:50 - 000811824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2021-03-03 15:53 - 2021-02-24 13:50 - 000671512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2021-03-03 15:53 - 2021-02-24 13:50 - 000556816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2021-03-03 15:53 - 2021-02-24 13:49 - 008260880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2021-03-03 15:53 - 2021-02-24 13:49 - 007391512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2021-03-03 15:53 - 2021-02-24 13:49 - 004610320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2021-03-03 15:53 - 2021-02-24 13:49 - 002729776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2021-03-03 15:53 - 2021-02-24 13:49 - 001730864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6446172.dll 2021-03-03 15:53 - 2021-02-24 13:49 - 001490200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6446172.dll 2021-02-26 19:45 - 2021-02-26 19:45 - 000036675 _____ C:\Users\Utente\Downloads\bonificoSct_26_02_2021_19_44_58.pdf 2021-02-25 21:36 - 2021-02-25 21:36 - 000392426 _____ C:\Users\Utente\Downloads\wnetwatcher.zip 2021-02-25 20:12 - 2021-02-25 20:12 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-02-25 20:12 - 2021-02-25 20:12 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-02-25 20:12 - 2021-02-25 20:12 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-02-25 20:12 - 2021-02-25 20:12 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-02-25 20:12 - 2021-02-25 20:12 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-02-25 20:12 - 2021-02-25 20:12 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-02-25 20:12 - 2021-02-25 20:12 - 000000000 ____D C:\Users\Utente\AppData\Local\mbam 2021-02-25 20:11 - 2021-02-25 20:11 - 002040904 _____ (Malwarebytes) C:\Users\Utente\Downloads\MBSetup-0009996.0009996-consumer (1).exe 2021-02-25 20:11 - 2021-02-25 20:11 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-02-25 20:11 - 2021-02-25 20:11 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-02-25 20:06 - 2021-03-08 21:11 - 000000000 ____D C:\FRST 2021-02-25 20:01 - 2021-02-25 20:01 - 000000000 ____D C:\ProgramData\mb3migration 2021-02-25 20:00 - 2021-02-25 20:00 - 002301440 _____ (Farbar) C:\Users\Utente\Downloads\FRSTEnglish.exe 2021-02-25 19:25 - 2021-02-25 19:25 - 011636936 _____ C:\Users\Utente\Downloads\mb-support-1.8.3.885.exe 2021-02-25 01:01 - 2021-03-06 18:45 - 000000842 _____ C:\Users\Utente\Desktop\Minecraft Server - collegamento.lnk 2021-02-23 05:17 - 2021-02-23 05:17 - 000002377 _____ C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CacheMonkey.lnk 2021-02-22 17:08 - 2021-02-22 17:08 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-02-21 18:05 - 2021-03-08 17:48 - 000000000 ____D C:\Users\Utente\AppData\Roaming\NZXT CAM 2021-02-21 18:05 - 2021-02-21 18:05 - 000001806 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NZXT CAM.lnk 2021-02-21 18:05 - 2021-02-21 18:05 - 000000000 ____D C:\Users\Utente\AppData\Local\nzxt cam-updater 2021-02-21 18:05 - 2021-02-21 18:05 - 000000000 ____D C:\Program Files\NZXT CAM 2021-02-21 18:04 - 2021-02-21 18:04 - 001478312 _____ C:\Users\Utente\Downloads\NZXT-CAM-Setup.exe 2021-02-20 18:34 - 2021-02-20 18:35 - 028721862 _____ C:\Users\Utente\Downloads\twilightforest-1.12.2-3.11.1021-universal.jar 2021-02-20 18:34 - 2021-02-20 18:34 - 000653210 _____ C:\Users\Utente\Downloads\jei_1.12.2-4.16.1.302.jar 2021-02-18 04:00 - 2021-02-18 04:00 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-02-18 04:00 - 2021-02-18 04:00 - 000000000 ____D C:\Program Files (x86)\SquareEnix 2021-02-18 02:43 - 2021-03-08 16:57 - 000000000 ____D C:\ProgramData\Riot Games 2021-02-18 02:43 - 2021-02-18 02:55 - 000000000 ____D C:\Users\Utente\AppData\Local\Riot Games 2021-02-18 02:42 - 2021-02-18 02:43 - 069423360 _____ (Riot Games, Inc.) C:\Users\Utente\Downloads\Install League of Legends euw.exe 2021-02-18 02:21 - 2021-02-18 02:21 - 000086680 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbtun.sys 2021-02-18 02:21 - 2021-02-18 02:21 - 000000000 ____D C:\Program Files\MBTunnel 2021-02-17 23:17 - 2021-02-17 23:17 - 002669107 _____ C:\Users\Utente\Downloads\OptiFine_1.12.2_HD_U_G5.jar 2021-02-17 23:14 - 2021-02-17 23:15 - 004995270 _____ C:\Users\Utente\Downloads\forge-1.12.2-14.23.5.2847-installer.jar 2021-02-17 23:12 - 2021-02-17 23:19 - 478703526 _____ C:\Users\Utente\Downloads\PixelmonGenerations-1.12.2-8.3.0.jar 2021-02-17 19:50 - 2021-02-17 19:50 - 004077054 _____ C:\Users\Utente\Downloads\Notes_210217_190549.pdf 2021-02-17 19:32 - 2021-02-17 19:32 - 028198952 _____ (SQUARE ENIX CO., LTD.) C:\Users\Utente\Downloads\ffxivsetup.exe 2021-02-17 18:11 - 2021-02-17 18:11 - 000007600 _____ C:\Users\Utente\AppData\Local\Resmon.ResmonCfg 2021-02-17 03:31 - 2021-02-17 03:31 - 1289256905 _____ C:\WINDOWS\MEMORY.DMP 2021-02-17 03:31 - 2021-02-17 03:31 - 002109620 _____ C:\WINDOWS\Minidump\021721-7406-01.dmp 2021-02-17 03:31 - 2021-02-17 03:31 - 000000000 ____D C:\WINDOWS\Minidump 2021-02-17 00:41 - 2021-02-17 00:41 - 118460410 _____ C:\Users\Utente\Downloads\ThePixelmonOST.zip 2021-02-17 00:40 - 2021-02-17 00:41 - 006990968 _____ C:\Users\Utente\Downloads\journeymap-1.12.2-5.7.1.jar 2021-02-17 00:40 - 2021-02-17 00:40 - 004696621 _____ C:\Users\Utente\Downloads\BiomesOPlenty-1.12.2-7.0.1.2441-universal.jar 2021-02-17 00:12 - 2021-02-24 00:56 - 000000000 ____D C:\Minecraft Server 2021-02-17 00:03 - 2021-02-17 00:03 - 008192342 _____ C:\Users\Utente\Downloads\The+Pixelmon+Modpack-8.1.2.zip 2021-02-16 23:50 - 2021-02-16 23:54 - 455675808 _____ C:\Users\Utente\Downloads\Pixelmon-1.12.2-8.1.2-universal.jar 2021-02-16 23:34 - 2021-02-16 23:34 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2021-02-16 23:34 - 2021-02-16 23:34 - 000000000 ____D C:\Users\Utente\AppData\Roaming\Sun 2021-02-16 23:33 - 2021-02-16 23:33 - 083548808 _____ (Oracle Corporation) C:\Users\Utente\Downloads\jre-8u281-windows-x64.exe 2021-02-16 23:33 - 2021-02-16 23:33 - 000000000 ____D C:\ProgramData\Oracle 2021-02-16 23:33 - 2021-02-16 23:33 - 000000000 ____D C:\Program Files\Java 2021-02-16 22:52 - 2021-03-08 03:17 - 000000000 ____D C:\Users\Utente\AppData\Roaming\.minecraft 2021-02-16 22:52 - 2021-02-16 22:53 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher 2021-02-16 22:52 - 2021-02-16 22:52 - 002666496 _____ C:\Users\Utente\Downloads\MinecraftInstaller.msi 2021-02-15 21:46 - 2021-02-15 21:51 - 000000000 ____D C:\Users\Utente\AppData\Roaming\DarkSoulsIII 2021-02-14 22:23 - 2021-02-14 22:23 - 000000000 ____D C:\Users\Utente\AppData\Roaming\NVIDIA 2021-02-12 17:45 - 2021-02-12 17:45 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-02-12 17:45 - 2021-02-12 17:45 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-02-12 17:45 - 2021-02-12 17:45 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-02-12 17:45 - 2021-02-12 17:45 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-02-12 17:45 - 2021-02-12 17:45 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-02-12 03:50 - 2021-03-01 19:47 - 000000000 ____D C:\Users\Utente\AppData\Local\Spotify 2021-02-12 03:50 - 2021-02-12 03:50 - 000001851 _____ C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2021-02-12 03:49 - 2021-03-01 19:45 - 000000000 ____D C:\Users\Utente\AppData\Roaming\Spotify 2021-02-12 03:49 - 2021-02-12 03:49 - 000891344 _____ (Spotify Ltd) C:\Users\Utente\Downloads\SpotifySetup.exe 2021-02-10 21:54 - 2021-02-17 20:45 - 000000000 ____D C:\Users\Utente\AppData\Local\CrashDumps 2021-02-10 01:01 - 2021-02-10 01:01 - 000000000 ____D C:\Users\Utente\AppData\Local\GOG.com 2021-02-10 01:01 - 2021-02-10 01:01 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA 2021-02-09 02:46 - 2021-02-10 02:27 - 000000000 ____D C:\Users\Utente\AppData\Roaming\StardewValley 2021-02-08 03:44 - 2021-02-08 03:44 - 000000000 ____D C:\Users\Utente\AppData\Local\PeerDistRepub 2021-02-07 23:58 - 2021-02-07 23:58 - 000000000 ____D C:\Users\Utente\Documents\NBGI 2021-02-07 23:58 - 2021-02-07 23:58 - 000000000 ____D C:\Users\Utente\Documents\FromSoftware 2021-02-07 23:58 - 2021-02-07 23:58 - 000000000 ____D C:\Users\Utente\AppData\Local\FromSoftware 2021-02-07 18:55 - 2021-03-08 18:30 - 000000000 ____D C:\Users\Utente\AppData\Local\D3DSCache 2021-02-07 18:25 - 2021-03-04 00:07 - 000000000 ____D C:\Users\Utente\AppData\Local\NVIDIA 2021-02-07 18:25 - 2021-02-19 01:34 - 000000000 ____D C:\ProgramData\Package Cache 2021-02-07 18:25 - 2021-02-16 02:31 - 000000000 ____D C:\Users\Utente\AppData\Local\NVIDIA Corporation 2021-02-07 18:25 - 2021-02-07 18:25 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-07 18:25 - 2021-02-07 18:25 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-07 18:25 - 2021-02-07 18:25 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-07 18:25 - 2021-02-07 18:25 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-07 18:25 - 2021-02-07 18:25 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-07 18:25 - 2021-02-07 18:25 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-07 18:25 - 2021-02-07 18:25 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-07 18:25 - 2021-02-07 18:25 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-07 18:25 - 2021-02-07 18:25 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-07 18:25 - 2021-02-07 18:25 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-02-07 18:25 - 2021-01-27 12:17 - 002797808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2021-02-07 18:25 - 2021-01-27 12:17 - 002154224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2021-02-07 18:25 - 2021-01-27 12:17 - 001295088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll 2021-02-07 18:25 - 2021-01-25 04:38 - 000070896 _____ C:\WINDOWS\system32\FvSDK_x64.dll 2021-02-07 18:25 - 2021-01-25 04:38 - 000059632 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll 2021-02-07 18:25 - 2020-12-02 07:48 - 000169272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2021-02-07 18:25 - 2020-12-02 07:48 - 000145208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2021-02-07 17:51 - 2021-02-12 17:41 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-02-07 16:36 - 2021-02-07 18:19 - 127203936 _____ (NVIDIA Corporation New) C:\Users\Utente\Downloads\GeForce_Experience_v3.21.0.36.exe 2021-02-07 16:33 - 2021-03-02 16:17 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2021-02-07 16:23 - 2021-02-07 16:23 - 000000000 ____D C:\Users\Utente\Downloads\MSIAfterburnerSetup 2021-02-07 16:17 - 2021-02-07 16:17 - 050449037 _____ C:\Users\Utente\Downloads\MSIAfterburnerSetup.zip 2021-02-07 16:09 - 2021-02-07 16:09 - 000000000 ____D C:\Users\Utente\AppData\Roaming\DarkSoulsII 2021-02-07 15:58 - 2021-02-07 15:59 - 000000000 ____D C:\Users\Utente\AppData\Local\Steam 2021-02-07 15:58 - 2021-02-07 15:58 - 000000000 ____D C:\Users\Utente\AppData\Local\CEF 2021-02-07 15:53 - 2021-02-07 15:53 - 000000000 ____D C:\Users\Utente\AppData\Local\OneDrive 2021-02-07 15:49 - 2021-03-08 21:10 - 000000000 ____D C:\Users\Utente\AppData\Roaming\discord 2021-02-07 15:49 - 2021-02-07 15:49 - 000000000 ____D C:\Users\Utente\AppData\Local\SquirrelTemp 2021-02-07 15:49 - 2021-02-07 15:49 - 000000000 ____D C:\Users\Utente\AppData\Local\Discord 2021-02-07 15:48 - 2021-02-18 02:21 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Privacy (VPN).lnk 2021-02-07 15:48 - 2021-02-07 15:48 - 001260720 _____ (Malwarebytes) C:\Users\Utente\Downloads\MBPrivacySetup.exe 2021-02-07 15:46 - 2021-02-25 20:01 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-02-07 15:46 - 2021-02-07 15:46 - 068822328 _____ (Discord Inc.) C:\Users\Utente\Downloads\DiscordSetup.exe 2021-02-07 15:45 - 2021-02-25 20:01 - 000000000 ____D C:\Program Files\Malwarebytes 2021-02-07 15:45 - 2021-02-07 15:45 - 002040904 _____ (Malwarebytes) C:\Users\Utente\Downloads\MBSetup-0009996.0009996-consumer.exe 2021-02-07 15:42 - 2021-02-07 15:42 - 000001789 _____ C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane.lnk 2021-02-07 15:42 - 2021-02-07 15:42 - 000000000 ____D C:\Program Files (x86)\Dashlane 2021-02-07 15:41 - 2021-02-10 21:55 - 000000000 ____D C:\Users\Utente\AppData\Roaming\Dashlane 2021-02-07 15:41 - 2021-02-07 15:41 - 000825336 _____ (Dashlane Inc.) C:\Users\Utente\Downloads\DashlaneInst.exe 2021-02-07 15:27 - 2021-03-07 02:16 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-02-07 15:27 - 2021-02-07 15:27 - 000003670 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-02-07 15:27 - 2021-02-07 15:27 - 000003546 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-02-07 15:27 - 2021-02-07 15:27 - 000000000 ____D C:\Program Files\Google 2021-02-07 15:26 - 2021-02-07 15:30 - 000000000 ____D C:\Users\Utente\AppData\Local\Google 2021-02-07 15:26 - 2021-02-07 15:26 - 001304160 _____ (Google LLC) C:\Users\Utente\Downloads\ChromeSetup.exe 2021-02-07 15:26 - 2021-02-07 15:26 - 000000000 ____D C:\Program Files (x86)\Google 2021-02-07 15:23 - 2021-02-07 15:23 - 000000000 ____D C:\Users\Utente\AppData\Local\Comms 2021-02-07 04:01 - 2021-02-07 04:01 - 000000000 ____D C:\Users\Utente\AppData\Local\PlaceholderTileLogoFolder 2021-02-07 04:00 - 2021-02-23 18:54 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3491294169-2899776833-3606377185-1001 2021-02-07 04:00 - 2021-02-07 04:00 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-02-07 03:59 - 2021-03-04 16:03 - 000000000 ____D C:\Users\Utente\AppData\Local\Packages 2021-02-07 03:59 - 2021-02-07 15:25 - 000000000 ____D C:\ProgramData\Packages 2021-02-07 03:59 - 2021-02-07 15:23 - 000000000 ____D C:\Users\Utente\AppData\Local\ConnectedDevicesPlatform 2021-02-07 03:59 - 2021-02-07 03:59 - 000000020 ___SH C:\Users\Utente\ntuser.ini 2021-02-07 03:59 - 2021-02-07 03:59 - 000000000 ____D C:\Users\Utente\AppData\Roaming\Adobe 2021-02-07 03:59 - 2021-02-07 03:59 - 000000000 ____D C:\Users\Utente\AppData\Local\VirtualStore 2021-02-07 03:59 - 2021-02-07 03:59 - 000000000 ____D C:\Users\Utente\AppData\Local\Publishers 2021-02-07 03:35 - 2021-03-06 02:46 - 001755900 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-02-07 03:31 - 2021-02-07 03:31 - 000000000 _SHDL C:\Users\Default\AppData\Local\Dati applicazioni 2021-02-07 03:31 - 2021-02-07 03:31 - 000000000 _SHDL C:\Users\Default\AppData\Local\Cronologia 2021-02-07 03:31 - 2021-02-07 03:31 - 000000000 _SHDL C:\Users\Default User 2021-02-07 03:31 - 2021-02-07 03:31 - 000000000 _SHDL C:\Users\All Users 2021-02-07 03:31 - 2021-02-07 03:31 - 000000000 _SHDL C:\ProgramData\Modelli 2021-02-07 03:31 - 2021-02-07 03:31 - 000000000 _SHDL C:\ProgramData\Menu Avvio 2021-02-07 03:31 - 2021-02-07 03:31 - 000000000 _SHDL C:\ProgramData\Documenti 2021-02-07 03:31 - 2021-02-07 03:31 - 000000000 _SHDL C:\ProgramData\Dati applicazioni 2021-02-07 03:31 - 2021-02-07 03:31 - 000000000 _SHDL C:\Program Files\File comuni 2021-02-07 03:29 - 2021-02-07 03:29 - 000003840 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification 2021-02-07 03:26 - 2021-03-06 04:41 - 000000000 ____D C:\Users\Utente 2021-02-07 03:26 - 2021-02-23 18:54 - 000002438 _____ C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Risorse di stampa 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Risorse di rete 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Recenti 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Modelli 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Menu Avvio 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Impostazioni locali 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Documents\Video 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Documents\Musica 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Documents\Immagini 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Documenti 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\Dati applicazioni 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\AppData\Local\Dati applicazioni 2021-02-07 03:26 - 2021-02-07 03:26 - 000000000 _SHDL C:\Users\Utente\AppData\Local\Cronologia 2021-02-07 03:25 - 2021-03-06 02:26 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-02-07 03:25 - 2021-03-05 02:12 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-02-07 03:25 - 2021-03-05 02:12 - 000003508 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-02-07 03:24 - 2021-03-08 16:20 - 000000000 ____D C:\ProgramData\NVIDIA 2021-02-07 03:24 - 2021-03-06 02:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-02-07 03:24 - 2021-03-06 02:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-02-07 03:24 - 2021-02-23 22:53 - 005627248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2021-02-07 03:24 - 2021-02-23 22:53 - 002635632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2021-02-07 03:24 - 2021-02-23 22:53 - 001758064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2021-02-07 03:24 - 2021-02-23 22:53 - 000990064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2021-02-07 03:24 - 2021-02-23 22:53 - 000120176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2021-02-07 03:24 - 2021-02-23 22:53 - 000082288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2021-02-07 03:24 - 2021-02-07 21:53 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2021-02-07 03:24 - 2021-02-07 18:53 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2021-02-07 03:24 - 2021-02-07 18:53 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2021-02-07 03:24 - 2021-02-07 03:24 - 000000000 ____H C:\ProgramData\DP45977C.lfl 2021-02-07 03:24 - 2021-02-07 03:24 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2021-02-07 03:24 - 2021-02-07 03:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2021-02-07 03:24 - 2021-02-07 03:24 - 000000000 ____D C:\WINDOWS\system32\DAX3 2021-02-07 03:24 - 2021-02-07 03:24 - 000000000 ____D C:\WINDOWS\system32\DAX2 2021-02-07 03:24 - 2021-02-07 03:24 - 000000000 ____D C:\ProgramData\Intel 2021-02-07 03:24 - 2021-02-07 03:24 - 000000000 ____D C:\Program Files\Realtek 2021-02-07 03:24 - 2021-02-07 03:24 - 000000000 _____ C:\WINDOWS\system32\fpfftResultsFile.txt 2021-02-07 03:24 - 2021-02-02 23:30 - 009491917 _____ C:\WINDOWS\system32\nvcoproc.bin 2021-02-07 03:24 - 2021-01-12 10:07 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2021-02-07 03:23 - 2021-03-08 20:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-02-07 03:23 - 2021-02-13 05:15 - 000259280 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-02-07 03:22 - 2021-02-07 03:34 - 000000000 ____D C:\WINDOWS\Panther 2021-02-07 03:21 - 2021-02-09 19:10 - 000000000 ____D C:\Windows.old 2021-02-07 03:20 - 2021-02-07 03:21 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-02-07 03:19 - 2021-02-07 03:34 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2021-02-07 03:19 - 2021-02-07 03:19 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\Setup 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\OCR 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\addins 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\ProgramData\ssh 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\Program Files\Reference Assemblies 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\Program Files\MSBuild 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2021-02-07 03:19 - 2021-02-07 03:19 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-02-07 03:18 - 2021-03-06 02:46 - 000779836 _____ C:\WINDOWS\system32\perfh010.dat 2021-02-07 03:18 - 2021-03-06 02:46 - 000146144 _____ C:\WINDOWS\system32\perfc010.dat 2021-02-07 03:18 - 2021-02-07 03:18 - 000341166 _____ C:\WINDOWS\system32\perfi010.dat 2021-02-07 03:18 - 2021-02-07 03:18 - 000039860 _____ C:\WINDOWS\system32\perfd010.dat 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\it 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\0409 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\winrm 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\WCN 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\slmgr 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\it 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\0409 2021-02-07 03:18 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\DigitalLocker 2021-02-07 03:17 - 2021-03-08 21:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-02-07 03:17 - 2021-03-08 18:30 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-02-07 03:17 - 2021-03-06 02:26 - 000000000 ___HD C:\Program Files\WindowsApps 2021-02-07 03:17 - 2021-02-25 20:11 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-02-07 03:17 - 2021-02-25 20:01 - 000000000 ___RD C:\Program Files (x86) 2021-02-07 03:17 - 2021-02-13 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-02-07 03:17 - 2021-02-13 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-02-07 03:17 - 2021-02-13 05:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-02-07 03:17 - 2021-02-13 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-02-07 03:17 - 2021-02-13 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-02-07 03:17 - 2021-02-13 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-02-07 03:17 - 2021-02-13 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-02-07 03:17 - 2021-02-13 05:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-02-07 03:17 - 2021-02-08 03:19 - 000000000 ____D C:\WINDOWS\appcompat 2021-02-07 03:17 - 2021-02-07 16:08 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-02-07 03:17 - 2021-02-07 15:24 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-02-07 03:17 - 2021-02-07 15:24 - 000000000 ____D C:\WINDOWS\ServiceState 2021-02-07 03:17 - 2021-02-07 15:24 - 000000000 ____D C:\Program Files\Windows Defender 2021-02-07 03:17 - 2021-02-07 03:34 - 000000000 ____D C:\WINDOWS\system32\spool 2021-02-07 03:17 - 2021-02-07 03:34 - 000000000 ____D C:\ProgramData\USOPrivate 2021-02-07 03:17 - 2021-02-07 03:31 - 000000000 ____D C:\Program Files\Windows NT 2021-02-07 03:17 - 2021-02-07 03:23 - 000000000 ____D C:\WINDOWS\system32\config\TxR 2021-02-07 03:17 - 2021-02-07 03:22 - 000000000 ____D C:\WINDOWS\Containers 2021-02-07 03:17 - 2021-02-07 03:21 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-02-07 03:17 - 2021-02-07 03:21 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-02-07 03:17 - 2021-02-07 03:21 - 000000000 ____D C:\WINDOWS\CSC 2021-02-07 03:17 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2021-02-07 03:17 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-02-07 03:17 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\system32\setup 2021-02-07 03:17 - 2021-02-07 03:19 - 000000000 ____D C:\WINDOWS\system32\MUI 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ___SD C:\WINDOWS\system32\dsc 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\system32\Com 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\IME 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\WINDOWS\Help 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\Program Files (x86)\Windows NT 2021-02-07 03:17 - 2021-02-07 03:18 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 __SHD C:\Program Files\Windows Sidebar 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 __RSD C:\WINDOWS\Media 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ___SD C:\WINDOWS\system32\Nui 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ___SD C:\WINDOWS\system32\Configuration 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ___SD C:\WINDOWS\system32\AppV 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ___RD C:\WINDOWS\Offline Web Pages 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\Web 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\WaaS 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\Vss 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\tracing 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\TAPI 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ras 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\IME 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SystemApps 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\winevt 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\ti-et 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\ta-lk 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\ta-in 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\si-lk 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\Sgrm 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\ras 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\ProximityToast 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\PointOfService 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\my-mm 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\Ipmi 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\InputMethod 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\IME 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\icsxml 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\ias 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\Hydrogen 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\DriverState 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\downlevel 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\DDFs 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\config\RegBack 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\config\Journal 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\Bthprops 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\appraiser 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\AppLocker 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\am-et 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\System 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SKB 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\security 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\schemas 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\SchCache 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\Resources 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\rescache 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\RemotePackages 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\Registration 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\Provisioning 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\PLA 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\Performance 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\ModemLogs 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\L2Schemas 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\InputMethod 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\IdentityCRL 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\Globalization 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\Cursors 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\Branding 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\ProgramData\USOShared 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\Program Files\Windows Security 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\Program Files\Windows Portable Devices 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\Program Files\Windows Multimedia Platform 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\Program Files\ModifiableWindowsApps 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\Program Files\Common Files\Services 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices 2021-02-07 03:17 - 2021-02-07 03:17 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2021-02-07 03:17 - 2021-02-07 03:16 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat 2021-02-07 03:17 - 2021-02-07 03:16 - 000215943 _____ C:\WINDOWS\system32\dssec.dat 2021-02-07 03:17 - 2021-02-07 03:16 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2021-02-07 03:17 - 2021-02-07 03:16 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services 2021-02-07 03:17 - 2021-02-07 03:16 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam 2021-02-07 03:17 - 2021-02-07 03:16 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config 2021-02-07 03:17 - 2021-02-07 03:16 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config 2021-02-07 03:17 - 2021-02-07 03:16 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol 2021-02-07 03:17 - 2021-02-07 03:16 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json 2021-02-07 03:17 - 2021-02-07 03:16 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT 2021-02-07 03:17 - 2021-02-07 03:16 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT 2021-02-07 03:17 - 2021-02-07 03:16 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks 2021-02-07 03:17 - 2021-02-07 03:16 - 000000219 _____ C:\WINDOWS\system.ini 2021-02-07 03:17 - 2021-02-07 03:16 - 000000092 _____ C:\WINDOWS\win.ini 2021-02-07 03:16 - 2021-03-06 02:46 - 000000000 ____D C:\WINDOWS\INF 2021-02-07 03:14 - 2021-03-06 02:17 - 076546048 _____ C:\WINDOWS\system32\config\SOFTWARE 2021-02-07 03:14 - 2021-02-20 04:25 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-02-07 03:14 - 2021-02-20 02:54 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-02-07 03:14 - 2021-02-17 03:31 - 002097152 _____ C:\WINDOWS\system32\config\DEFAULT 2021-02-07 03:14 - 2021-02-13 05:15 - 014942208 _____ C:\WINDOWS\system32\config\SYSTEM 2021-02-07 03:14 - 2021-02-13 05:15 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-02-07 03:14 - 2021-02-13 05:15 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY 2021-02-07 03:14 - 2021-02-13 05:14 - 000131072 _____ C:\WINDOWS\system32\config\SAM 2021-02-07 03:14 - 2021-02-13 05:14 - 000000000 ____D C:\WINDOWS\servicing 2021-02-07 03:14 - 2021-02-07 03:17 - 000000000 ____D C:\WINDOWS\system32\SMI 2021-02-06 16:33 - 2021-02-06 16:33 - 000036684 _____ C:\Users\Utente\Downloads\bonificoSct_06_02_2021_16_33_25.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-08 16:17 - 2018-03-23 19:15 - 000000000 ___RD C:\Users\Utente\OneDrive 2021-03-06 02:17 - 2020-09-21 13:50 - 000008192 ___SH C:\DumpStack.log.tmp 2021-02-24 13:50 - 2020-12-09 17:26 - 000655664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2021-02-24 13:42 - 2020-12-09 17:26 - 007117744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2021-02-24 13:42 - 2020-12-09 17:26 - 006072896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2021-02-24 02:51 - 2020-12-09 17:26 - 000061257 _____ C:\WINDOWS\system32\nvinfo.pb 2021-02-18 04:00 - 2019-04-18 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX 2021-02-18 02:44 - 2018-04-19 23:13 - 000000000 ____D C:\Riot Games 2021-02-18 02:43 - 2019-10-18 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games 2021-02-16 23:34 - 2018-03-23 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2021-02-16 22:52 - 2019-07-25 01:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher 2021-02-11 18:22 - 2018-04-19 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2021-02-10 17:12 - 2019-02-09 18:14 - 000000000 ___HD C:\adobeTemp 2021-02-07 18:25 - 2018-05-14 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2021-02-07 16:33 - 2018-06-18 13:39 - 000000000 ____D C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2021-02-07 15:52 - 2020-05-03 03:36 - 000000000 ____D C:\Users\Utente\Documents\Files 2021-02-07 15:51 - 2019-04-28 02:07 - 000000000 ____D C:\Users\Utente\Documents\Cleaning Programs 2021-02-07 15:49 - 2018-03-24 20:50 - 000000000 ____D C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2021-02-07 03:59 - 2018-03-23 19:13 - 000000000 ___RD C:\Users\Utente\3D Objects 2021-02-07 03:30 - 2018-06-18 13:40 - 000000000 ____D C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server 2021-02-07 03:30 - 2018-06-08 18:29 - 000000000 ____D C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2021-02-07 03:21 - 2020-12-07 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.2 2021-02-07 03:21 - 2020-08-14 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GShade 2021-02-07 03:21 - 2019-05-22 14:03 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tavoletta Wacom 2021-02-07 03:21 - 2018-03-25 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2021-02-07 03:21 - 2018-03-25 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2021-02-07 03:21 - 2018-03-23 20:26 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0 2021-02-07 03:21 - 2018-03-23 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2017 2021-02-07 03:21 - 2018-03-23 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2021-02-07 03:21 - 2018-03-23 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safe In Cloud 2021-02-07 03:21 - 2018-03-23 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2021-02-07 03:21 - 2018-03-23 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2021-02-07 03:21 - 2018-03-23 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI 2021-02-07 02:46 - 2018-03-25 14:50 - 000000000 ____D C:\Users\Utente\Documents\.txt files 2021-02-07 02:06 - 2021-01-21 17:34 - 000000000 ____D C:\Users\Utente\Documents\Fatture Pagate ==================== Files in the root of some directories ======== 2021-02-17 18:11 - 2021-02-17 18:11 - 000007600 _____ () C:\Users\Utente\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021 Ran by Utente (08-03-2021 21:12:15) Running from C:\Users\Utente\Desktop Windows 10 Pro Version 20H2 19042.804 (X64) (2021-02-07 02:34:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3491294169-2899776833-3606377185-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3491294169-2899776833-3606377185-503 - Limited - Disabled) Guest (S-1-5-21-3491294169-2899776833-3606377185-501 - Limited - Disabled) Utente (S-1-5-21-3491294169-2899776833-3606377185-1001 - Administrator - Enabled) => C:\Users\Utente WDAGUtilityAccount (S-1-5-21-3491294169-2899776833-3606377185-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Aggiornamenti NVIDIA 38.0.6.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.6.0 - NVIDIA Corporation) Hidden CacheMonkey 1.0.7 (HKU\S-1-5-21-3491294169-2899776833-3606377185-1001\...\f6b5091c-a34d-5b57-8d96-ee63f82ea7c3) (Version: 1.0.7 - Jamie Pine) Dashlane (HKU\S-1-5-21-3491294169-2899776833-3606377185-1001\...\Dashlane) (Version: 6.2105.0.43225 - Dashlane, Inc.) Discord (HKU\S-1-5-21-3491294169-2899776833-3606377185-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) FINAL FANTASY XIV ONLINE (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.82 - Google LLC) Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation) League of Legends (HKU\S-1-5-21-3491294169-2899776833-3606377185-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc) Malwarebytes Privacy version 2.7.0.532 (HKLM\...\{934873BE-C9BC-4F19-B698-9B3E3F8FF07F}_is1) (Version: 2.7.0.532 - Malwarebytes) Malwarebytes Privacy VPN Tunnel Driver (HKLM\...\{FEE4A372-663C-47A0-BD08-A6C34320DC52}) (Version: 1.0.0.0 - Malwarebytes) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - ) Microsoft OneDrive (HKU\S-1-5-21-3491294169-2899776833-3606377185-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{836613A9-879F-427F-8522-52B357801273}) (Version: 1.0.0.0 - Mojang) MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden NVIDIA Driver audio HD 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation) NVIDIA Driver grafico 461.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.72 - NVIDIA Corporation) NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation) NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation) NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden NZXT CAM 4.20.0 (HKLM\...\ac0666ae-ee66-5310-ac01-9d6348133b2d) (Version: 4.20.0 - NZXT, Inc.) Pannello di controllo NVIDIA 461.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 461.72 - NVIDIA Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8746.1 - Realtek Semiconductor Corp.) Spotify (HKU\S-1-5-21-3491294169-2899776833-3606377185-1001\...\Spotify) (Version: 1.1.52.687.gf5565fe5 - Spotify AB) Packages: ========= Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-07] (Microsoft Studios) [MS Ad] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.19.234.0_x64__dt26b99r8h8gj [2021-02-07] (Realtek Semiconductor Corp) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-25] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-25] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-03-04 19:41 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000007168 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.Primitives.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000033280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.Registry.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000039936 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.SystemEvents.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000038400 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\mscorlib.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000065536 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\netstandard.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 003405824 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationCore.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000241664 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationFramework.Aero2.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 005783552 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationFramework.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000007680 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationFramework-SystemData.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000007680 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationFramework-SystemXml.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000034304 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Collections.NonGeneric.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000031744 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Collections.Specialized.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000005120 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000013824 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.EventBasedAsync.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000020992 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.Primitives.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000258560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.TypeConverter.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000365056 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Configuration.ConfigurationManager.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000949248 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Data.Common.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000104960 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Diagnostics.Process.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000403456 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Drawing.Common.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000047104 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Drawing.Primitives.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000085504 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.FileSystem.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000108032 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.Packaging.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000053760 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.Pipes.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000126976 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Linq.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000540672 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Linq.Expressions.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000079360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.Primitives.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000129536 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.Requests.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000056832 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.WebClient.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000025600 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.WebHeaderCollection.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000034816 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ObjectModel.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 003053568 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Private.Xml.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000006144 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Runtime.CompilerServices.VisualC.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000062464 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Runtime.Numerics.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000010240 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Runtime.Serialization.Primitives.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000078336 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.AccessControl.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000038400 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Claims.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000224768 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Cryptography.Algorithms.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000059904 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Principal.Windows.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000136192 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Text.RegularExpressions.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000733696 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Windows.Controls.Ribbon.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000046080 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Windows.Extensions.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 006714880 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Windows.Forms.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000564224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Xaml.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000032256 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\UIAutomationProvider.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000200192 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\UIAutomationTypes.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 001046016 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\WindowsBase.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000085504 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\WindowsFormsIntegration.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000683008 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Newtonsoft.Json.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000126976 _____ (Serilog Contributors) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Serilog.dll 2021-02-07 15:48 - 2021-02-18 02:20 - 000027648 _____ (Serilog Contributors) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Serilog.Sinks.File.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBVpnService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBVpnService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-02-07 03:17 - 2021-02-07 03:16 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common HKU\S-1-5-21-3491294169-2899776833-3606377185-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Utente\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\blade-runner-2049-logo-5k-hn.jpg DNS Servers: 10.64.0.1 - 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A0F6E4B5-44E3-4E73-A68E-5EAC577A7EC3}] => (Allow) D:\Steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{D9E7CDE0-C69A-4B2D-839D-495B5C022D57}] => (Allow) D:\Steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{8B54552F-6B0E-4E75-8D8A-3C39C178869F}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{66A62071-C3FE-4296-8310-D78B95F2B141}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{4F32C9BA-9F8C-49CB-9408-0B460E55BF75}] => (Allow) D:\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe => No File FirewallRules: [{89BDE6E8-DB99-48CC-883B-F585FD1F838C}] => (Allow) D:\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe => No File FirewallRules: [{DB9F3090-0393-475A-9DF1-FF8487E22ACB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C78F5462-CA0C-4340-B322-6E29D0AF5E21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4B850B99-F1BB-400A-8BF1-8C8663A281DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{3A1CDD6C-7042-4374-9394-B737DA1653AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A41A48C6-7B86-43C1-96C5-D36E080CFEBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{908F113C-6A17-4F18-8878-D1C12D53F8C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{6A0EBDC2-D24F-4645-8B56-103E8E30029A}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> ) FirewallRules: [{529E2D57-43A4-45A2-AF8F-E5E87E54E685}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> ) FirewallRules: [{2AD8D222-480B-48D6-B304-4EE29E8DBBF4}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed] FirewallRules: [{FB139BCB-72B8-45D6-A508-AB636CD6F2AA}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed] FirewallRules: [TCP Query User{C9965FC6-350B-4BD9-85A9-AD68CAB48182}C:\users\utente\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\utente\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{843CBAA3-78F6-4C02-8A0C-7AAEF5A1A56E}C:\users\utente\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\utente\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{6B4BBE79-21C5-4FCA-BB80-02D3D751D954}] => (Block) C:\users\utente\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A2AAF531-194E-48EF-8F83-3B454B7B252B}] => (Block) C:\users\utente\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{CE797BE2-2CC5-4186-B42A-A1CEBAD83286}] => (Allow) D:\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [{A913FE86-1049-466D-8A0F-4B1343E9B100}] => (Allow) D:\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [{6ED66AB2-BAB4-44AA-A4B8-D3059B99B3F2}] => (Allow) D:\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed] FirewallRules: [{7C794F21-E166-4E38-96E6-8C006795F297}] => (Allow) D:\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed] FirewallRules: [TCP Query User{959461CC-C824-4173-BF14-811E32922B3A}C:\program files (x86)\common files\oracle\java\javapath_target_289891734\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_289891734\java.exe FirewallRules: [UDP Query User{6B8C4AB2-A49D-4640-8BDF-A18282C09688}C:\program files (x86)\common files\oracle\java\javapath_target_289891734\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_289891734\java.exe FirewallRules: [TCP Query User{8E47B34E-B6F6-473E-B53B-1CD8555FCBFE}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe FirewallRules: [UDP Query User{B6EF4AEF-C585-419B-B986-EF5F347D2C26}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe FirewallRules: [{9F99BF2B-A1CE-4526-8AA7-7FE3906638FE}] => (Allow) C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang AB -> Mojang) FirewallRules: [{630E34CB-9FFC-44B6-AAD7-91F9562A758C}] => (Allow) C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang AB -> Mojang) FirewallRules: [{32B317FC-C283-43CA-9766-5B013D82708E}] => (Allow) C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang AB -> Mojang) FirewallRules: [{371553C9-D618-41B6-8095-E9BA331C6E38}] => (Allow) C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang AB -> Mojang) FirewallRules: [{976A62AE-3084-4F33-B9C8-3EA6B6D99714}] => (Allow) LPort=25565 FirewallRules: [{F122B397-6D83-4486-931E-BBBF6A435A7C}] => (Allow) LPort=25565 FirewallRules: [{52DAFF12-0F9F-4911-B5B8-EBA2F4454205}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.) FirewallRules: [{D22F0172-EEFA-4657-9BEA-27ACC525C678}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.) FirewallRules: [{67A190B8-A7F1-4851-ADE3-186A9855BDB5}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.) FirewallRules: [{7EDBE42C-EBDA-4D1A-8E6D-BDB8941F29AE}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.) FirewallRules: [TCP Query User{82F9F08E-7B84-4C15-9747-3CD182C58DB5}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [UDP Query User{33127C86-C1E4-4040-8F9C-31972AE376D1}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [{3ADBC292-DB70-4DC8-992C-03079EE3C484}] => (Allow) D:\Steam\steamapps\common\tModLoader\tModLoader.exe (Re-Logic) [File not signed] FirewallRules: [{16DA9261-A32A-4B6B-B0B3-8728B0F2D637}] => (Allow) D:\Steam\steamapps\common\tModLoader\tModLoader.exe (Re-Logic) [File not signed] FirewallRules: [{242D3320-C2D3-435E-A33A-4EE990B416CB}] => (Allow) D:\Steam\steamapps\common\Gunfire Reborn\Gunfire Reborn.exe (广州多益网络股份有限公司 -> ) FirewallRules: [{94C4149C-D99B-4258-82DC-F954CD0BF3E8}] => (Allow) D:\Steam\steamapps\common\Gunfire Reborn\Gunfire Reborn.exe (广州多益网络股份有限公司 -> ) FirewallRules: [{0EBC6363-F2EC-4A14-8A9E-528CE1E0CF69}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> ) FirewallRules: [{7B4BF75A-AA93-4A44-81F4-CC42682A28CE}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> ) FirewallRules: [{A6C8697F-387D-4B1D-AA67-33720EEF27DC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{814F9AD0-4718-4445-8D1F-65C675D486D7}] => (Allow) D:\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed] FirewallRules: [{77CB47F9-B3EE-4754-A11C-515816F33E49}] => (Allow) D:\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed] ==================== Restore Points ========================= 20-02-2021 04:25:19 Programma di installazione dei moduli di Windows 02-03-2021 01:06:09 Punto di controllo pianificato ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/08/2021 06:32:14 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: Il motore di ottimizzazione archiviazione non ha potuto completare riottimizzazione in Dati (D:) per il motivo seguente: L'operazione richiesta non è supportata dall'hardware di supporto del volume. (0x8900002A) Error: (03/08/2021 02:35:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Il programma javaw.exe versione 8.0.51.16 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Sicurezza e manutenzione nel Pannello di controllo. ID processo: 1770 Ora di avvio: 01d713b60f92ec98 Ora di chiusura: 32 Percorso applicazione: C:\Program Files (x86)\Minecraft Launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe ID segnalazione: da47f7b3-ff43-44e6-ab79-64b126599d79 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Tipo interruzione: Unknown Error: (03/07/2021 01:20:46 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Il programma javaw.exe versione 8.0.51.16 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Sicurezza e manutenzione nel Pannello di controllo. ID processo: 3d58 Ora di avvio: 01d712e175ee85ff Ora di chiusura: 9 Percorso applicazione: C:\Program Files (x86)\Minecraft Launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe ID segnalazione: c94fa411-a410-447d-b9ff-4ae489715e16 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Tipo interruzione: Unknown Error: (03/06/2021 03:53:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: mbamtray.exe, versione: 4.0.0.897, timestamp: 0x6019d411 Nome del modulo che ha generato l'errore: Qt5Core.dll, versione: 5.14.1.0, timestamp: 0x5f84e8d4 Codice eccezione: 0xc0000005 Offset errore 0x0000000000219dc5 ID processo che ha generato l'errore: 0x30d4 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d7128fc7fc3787 Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Percorso del modulo che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll ID segnalazione: 8692bdcb-3938-4704-b1dc-52aa04fea66b Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (03/04/2021 01:49:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Il programma javaw.exe versione 8.0.51.16 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Sicurezza e manutenzione nel Pannello di controllo. ID processo: 15a8 Ora di avvio: 01d7108e309abdf6 Ora di chiusura: 4 Percorso applicazione: C:\Program Files (x86)\Minecraft Launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe ID segnalazione: 235dee8b-4d5a-4964-9f64-f626edc874d9 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Tipo interruzione: Unknown Error: (03/03/2021 09:12:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: mbamtray.exe, versione: 4.0.0.897, timestamp: 0x6019d411 Nome del modulo che ha generato l'errore: Qt5Core.dll, versione: 5.14.1.0, timestamp: 0x5f84e8d4 Codice eccezione: 0xc0000005 Offset errore 0x0000000000219dc5 ID processo che ha generato l'errore: 0x2988 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d71064441ae55b Percorso dell'applicazione che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Percorso del modulo che ha generato l'errore: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll ID segnalazione: b433cacc-9692-4312-b3ca-b4988c2075e0 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (03/03/2021 03:02:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Il programma javaw.exe versione 8.0.51.16 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Sicurezza e manutenzione nel Pannello di controllo. ID processo: 16a4 Ora di avvio: 01d70fc4eaa1fbc7 Ora di chiusura: 8 Percorso applicazione: C:\Program Files (x86)\Minecraft Launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe ID segnalazione: 4f587a81-764d-4725-a495-0a4c699796ff Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Tipo interruzione: Unknown Error: (03/01/2021 08:34:10 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: Il motore di ottimizzazione archiviazione non ha potuto completare riottimizzazione in Dati (D:) per il motivo seguente: L'operazione richiesta non è supportata dall'hardware di supporto del volume. (0x8900002A) System errors: ============= Error: (03/06/2021 02:17:46 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Precedente arresto del sistema inatteso a 01:53:13 su ‎06/‎03/‎2021. Error: (03/05/2021 07:34:47 PM) (Source: DCOM) (EventID: 10010) (User: MAXINE) Description: Il server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} non ha effettuato la registrazione con DCOM nel tempo richiesto. Error: (03/05/2021 07:34:47 PM) (Source: DCOM) (EventID: 10010) (User: MAXINE) Description: Il server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} non ha effettuato la registrazione con DCOM nel tempo richiesto. Error: (03/05/2021 07:34:45 PM) (Source: DCOM) (EventID: 10010) (User: MAXINE) Description: Il server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} non ha effettuato la registrazione con DCOM nel tempo richiesto. Error: (03/04/2021 04:05:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio Intel® SGX AESM è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 3000 millisecondi: Riavvia il servizio. Error: (03/04/2021 04:05:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Servizio Intel® SGX AESM terminato con l'errore: Errore non specificato. Error: (03/03/2021 03:54:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio NVIDIA LocalSystem Container è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 6000 millisecondi: Riavvia il servizio. Error: (03/03/2021 03:54:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Servizio NVIDIA LocalSystem Container terminato con l'errore: Un comando eseguibile generico ha restituito un risultato indicante un errore. Windows Defender: ================ Date: 2021-03-08 18:30:04 Description: Microsoft Defender Antivirus: analisi interrotta prima del completamento. ID analisi: {5D8D3A1C-523B-46FC-8074-923DC023704D} Tipo analisi: Antimalware Parametri analisi: Analisi veloce Utente: NT AUTHORITY\SYSTEM Date: 2021-03-08 00:05:45 Description: Microsoft Defender Antivirus: analisi interrotta prima del completamento. ID analisi: {92BB4BF7-1CA3-47CA-AEA4-E67744E0267F} Tipo analisi: Antimalware Parametri analisi: Analisi veloce Utente: NT AUTHORITY\SYSTEM Date: 2021-03-04 17:17:44 Description: Microsoft Defender Antivirus: analisi interrotta prima del completamento. ID analisi: {4697D7E1-4278-4500-9B9A-F7CA42194224} Tipo analisi: Antimalware Parametri analisi: Analisi veloce Utente: NT AUTHORITY\SYSTEM Date: 2021-03-03 18:15:14 Description: Microsoft Defender Antivirus: analisi interrotta prima del completamento. ID analisi: {C8963E06-6CB3-4A35-A3D6-8C6143E7DBF3} Tipo analisi: Antimalware Parametri analisi: Analisi veloce Utente: NT AUTHORITY\SYSTEM Date: 2021-03-02 17:00:27 Description: Microsoft Defender Antivirus: analisi interrotta prima del completamento. ID analisi: {71E0DC14-6CC3-4BB0-B138-802D6BF09026} Tipo analisi: Antimalware Parametri analisi: Analisi veloce Utente: NT AUTHORITY\SYSTEM  ==================== Memory info =========================== BIOS: American Megatrends Inc. 1.20 12/20/2017 Motherboard: Micro-Star International Co., Ltd. Z370 GAMING PLUS (MS-7B61) Processor: Intel(R) Core(TM) i5-8600K CPU @ 3.60GHz Percentage of memory in use: 39% Total physical RAM: 16308.56 MB Available physical RAM: 9795.61 MB Total Virtual: 35652.05 MB Available Virtual: 24719.7 MB ==================== Drives ================================ Drive c: (WindowsSSD) (Fixed) (Total:209 GB) (Free:63.22 GB) NTFS Drive d: (Dati) (Fixed) (Total:931.39 GB) (Free:677.99 GB) NTFS \\?\Volume{7cb63587-ee74-4635-8058-ac68f401e584}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS \\?\Volume{aeefd62f-2ab3-4928-8db6-39cf0b4b8883}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================
  25. Hello. A couple of days ago, MBAM blocked an outgoing connection, more specifically a url which is... a local newspaper in Rome, flagging it as trojan. I've had a pc reset a month ago and i've barely installed anything, i've also been using both MBAM premium and Windows Defender (I also ran a scan with Adwcleaner to be sure). I got no threats as results by all of them. The attempt occured only once and has not happened since. I suppose this was an AD on a site i was visiting and the IP they are using has also been used by Trojans. But the notification appeared 30,40 seconds after i've visited some newspapers sites with my adblock turned off. This slightly worried me because i've had notifications appear instantly after visiting a site with flagged ads, but receiving it after a while has never happened to me. Could it be that a scan was going on and MBAM waited the end to tell me they've blocked something ? I find it hard to have a RAT or anything else really, wouldn't a RAT attempt multiple connections ? Feel like i'm overthinking it tbh. Still, i would prefer receiving some advice. I'm pasting the info regarding the block, my system is in italian so i tried to do a little bit of translation, hopefully it's understandable. Thanks a lot. Malwarebytes www.malwarebytes.com -Log Details- Date: 07/03/21 Time: 02:12 Log File: 200cfb5c-7ee2-11eb-a291-309c23835076.json -Software Info- Versione: 4.3.0.98 Versione componenti: 1.0.1173 Aggiorna versione pacchetto: 1.0.37851 Licenza: Premium -System Info- SO: Windows 10 (Build 19041.804) CPU: x64 File system: NTFS Utente: System -Blocked site Info- Sito web nocivo: 1 , C:\Program Files\Google\Chrome\Application\chrome.exe, Bloccato, -1, -1, 0.0.0, , -Site info- Type: Trojan Dominio: www.ilcorrieredellacitta.com Indirizzo IP: 176.9.16.214 Porta: 443 Type: Outgoing File: C:\Program Files\Google\Chrome\Application\chrome.exe (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.