Jump to content

Roboot64.exe (Windows 10) Malicious or not?


Go to solution Solved by kevinf80,

Recommended Posts

Hiya nalex91 and welcome to Malwarebytes,

Roboot64.exe is malicious and need to be removed asap... Continue as follows.

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Rename FRST.exe to FRSTEnglish.exe. Run FRST one more, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

user posted image

Thank you,

Kevin

 

Link to post
Share on other sites

Hello Kevin,
this is the Malwarebytes' log after the cleaning process:


Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 07/12/20
Ora scansione: 22:40
File di log: e0b45354-38d4-11eb-a469-bc5ff4c7b967.json

-Informazioni software-
Versione: 3.7.1.2839
Versione componenti: 1.0.538
Aggiorna versione pacchetto: 1.0.19278
Licenza: Trial

-Informazioni sistema-
SO: Windows 10 (Build 18362.1198)
CPU: x64
File system: NTFS
Utente: CLAUDIO-PC\Claudio

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 287291
Minacce rilevate: 1
Minacce messe in quarantena: 1
Tempo impiegato: 2 min, 47 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 1
PUP.Optional.SysTweak, C:\WINDOWS\SYSTEM32\ROBOOT64.EXE, In quarantena, [831], [395666],1.0.19278

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)


(end)


And this is the MB Adwcleaner's log after the cleaning process:
 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-07-2020
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  6
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mytransitguide.dl.myway.com
Deleted       HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mytransitguide.dl.tb.ask.com
Deleted       HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ak.staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com

***** [ Chromium (and derivatives) ] *****

Deleted       Amazon Assistant per Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1961 octets] - [07/12/2020 22:52:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


This is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by Claudio (administrator) on CLAUDIO-PC (07-12-2020 23:01:33)
Running from C:\Users\Claudio\Desktop
Loaded Profiles: Claudio
Platform: Windows 10 Pro Version 1909 18363.1198 (X64) Language: Italiano (Italia)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\IPROSetMonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Claudio\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2015-05-30] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1383695700-1847625372-2000665172-1000\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1938296 2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1383695700-1847625372-2000665172-1000\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3515120 2020-11-18] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1383695700-1847625372-2000665172-1000\...\Run: [BingWallpaperApp] => C:\Users\Claudio\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [11466632 2020-11-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3515120 2020-11-18] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2009-07-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\EPSON Stylus DX3800 Series 64MonitorBE: C:\Windows\system32\E_ILMACE.DLL [119808 2005-06-09] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Startup: C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AORUS ENGINE.lnk [2019-10-02]
ShortcutTarget: AORUS ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\autorun.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06F6AACD-168C-4B7B-94FE-44B8E131E550} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {08F3C041-9E53-4B70-BDA0-3B997D89AC48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {160D503E-E9FA-4FBA-ABF9-7D72502368C5} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {177135A1-30DF-4836-B671-73CB40D7C502} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {1D9A63A9-9812-4639-B1F4-7DDFDF4B5A2E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {27350449-F381-43F1-8815-814D877074DF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2775053F-ACF9-4BC2-BC64-E27FB8218598} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2EA3C404-CA4A-4B3A-92FA-BDC97D5B8A67} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {3A271176-EC3D-4D5B-AA46-71A04B3E8709} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-02] (Google LLC -> Google LLC)
Task: {4179CED0-2361-44A2-928F-39AD91C6D4AE} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {419D4FB3-A843-44E2-9A43-CC83AB708209} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4318CE65-FEEB-43E4-9D38-30A96E4AC21C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {5129E4D4-29A8-438A-86E4-64AA8CDCC277} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {58082AB3-BA78-48C5-8DAD-D09D0F34E45A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5AA3FB5A-507F-46E7-BFDE-28BD2E2A6F64} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5C9AFD23-677C-428B-B3EE-323EDCDD7DBE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5D6F81FF-722A-480F-BA12-A8DCC0603E30} - System32\Tasks\{64473F41-CAF7-4FA3-B1BA-AEB27307F528} => C:\Program Files (x86)\Activision\Call of Duty 2\CoD2MP_s.exe
Task: {612268EF-8865-4BEC-B013-CDBF6EDC6036} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {651E85E4-917C-4317-9CE1-BBC8CFF11F3D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6543C703-F5EA-49D3-8A37-E0A7803E4F00} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6C41F7F9-55B8-4D87-8478-D8A94C4B6D93} - System32\Tasks\{60765B03-D9FB-4B2F-A439-E53B5C7F93AE} => C:\Windows\system32\pcalua.exe -a C:\Users\Claudio\Desktop\win64_15.36.36.5067.exe -d C:\Users\Claudio\Desktop
Task: {6FF55896-69AD-4194-BC80-61DAB3D407EE} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {75A5FD65-8F40-4B2D-B495-E5FA9F6112C7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {790BB4EF-4CFA-4B01-9E4A-827E481B609D} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {7944A7BA-690B-4A84-A9EB-EA73446E9A5F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7C0D2135-19F4-4EC1-9D37-9BACD0E4D3CF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F10FED8-EF67-42C0-B407-AC15368DCC01} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8083652C-7E7F-46B1-A5A7-E4CC0485F2A8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {89713696-5E84-48BC-ACC2-6DBA6FA7E544} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe [32859056 2019-09-19] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)
Task: {951BC83D-F7BF-4598-BFE7-0245074E4A1A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9A561929-07B9-4C9F-B8CD-3E45A14374D6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A2810E51-90E3-455D-B2F9-064CCD9341C9} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A33D788E-10E4-4F8C-A301-B54FEF8E7861} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {A5A23EC8-771D-415A-ACE1-7DBA32AA5E57} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A67150BA-DFB9-49CE-9C75-D41F4457C7CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
Task: {A92F9290-D97C-4F3C-8766-86E34C3E7741} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {BBAB1716-2477-4AF9-8020-2D137D298CA4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C076EA1F-8726-462B-AAC2-3101F0A96274} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {C12CC779-501B-4CC8-966D-0B62B438585A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3C8B9C6-B5A8-493D-8F61-462C33AF924B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {C829870A-99EF-4396-BA4D-1BB75878C3DC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D182975F-5151-4180-98E3-2249623B96B1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DC3DC87E-633F-4A4B-93E3-0EB4D399B432} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2774904 2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDDEF513-2230-457D-ADE9-8DCD10D0352C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [781808 2019-04-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {EE2C0A1C-54BE-49DF-A184-0A70988D2874} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD08C0A5-8047-4630-BF1F-B18B7DFC6975} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-02] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FFD8BCD1-0951-468A-89D6-75187FB836B9}: [DhcpNameServer] 192.168.0.1

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Claudio\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-07]
Edge HomePage: Default -> hxxp://www.google.com/
Edge Extension: (Amazon Assistant) - C:\Users\Claudio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2020-09-25]
Edge Extension: (All Video Downloader professional) - C:\Users\Claudio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbpnbnogejaolbhfpfgagldkeahefbhd [2020-08-15]
Edge Extension: (AdBlock: il miglior ad-blocker di sempre) - C:\Users\Claudio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2020-11-28]

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default [2020-12-07]
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Presentazioni) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Just Black) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2020-08-01]
CHR Extension: (Documenti) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (TV) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-06-01]
CHR Extension: (YouTube) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-20]
CHR Extension: (Video Downloader professional) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-07-24]
CHR Extension: (Fogli) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documenti Google offline) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-11]
CHR Extension: (AdBlock: il miglior ad-blocker di sempre) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-28]
CHR Extension: (World Time Buddy) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2015-06-01]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Amazon Assistant per Chrome) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2020-12-07]
CHR Extension: (Gmail) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-28]
CHR Profile: C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-04-01]
CHR Profile: C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [249104 2016-07-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\FileSyncHelper.exe [2188664 2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [21421728 2020-12-02] (Mail.Ru LLC -> LLC Mail.Ru)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\OneDriveUpdaterService.exe [2553200 2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2523448 2020-12-05] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3478336 2020-12-05] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-09-02] (Even Balance, Inc. -> )
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [981080 2020-09-23] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [307800 2020-09-23] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-06-24] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294640 2020-11-17] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2020-09-23] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6153048 2020-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2020-04-12] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-09] (Microsoft Corporation) [File not signed]
S3 cpuz148; C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [44648 2020-12-05] (CPUID S.A.R.L.U. -> CPUID)
R1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2019-10-01] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 HWiNFO_152; C:\Users\Claudio\AppData\Local\Temp\HWiNFO64A_152.SYS [63208 2020-11-28] (Martin Malik - REALiX -> REALiX(tm)) <==== ATTENTION
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [20658448 2020-12-02] (Mail.Ru LLC -> LLC Mail.Ru)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [51776 2020-02-17] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_005c; C:\WINDOWS\System32\drivers\RzDev_005c.sys [52496 2020-02-17] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0C00; C:\WINDOWS\System32\drivers\RzDev_0C00.sys [52496 2020-02-17] (Razer USA Ltd. -> Razer Inc)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-07 23:01 - 2020-12-07 23:01 - 000027368 _____ C:\Users\Claudio\Desktop\FRST.txt
2020-12-07 22:51 - 2020-12-07 22:54 - 000000000 ____D C:\AdwCleaner
2020-12-07 22:42 - 2020-12-07 22:42 - 008447152 _____ (Malwarebytes) C:\Users\Claudio\Desktop\adwcleaner_8.0.8.exe
2020-12-07 01:09 - 2020-12-07 23:01 - 000000000 ____D C:\FRST
2020-12-07 01:06 - 2020-12-07 01:06 - 002288640 _____ (Farbar) C:\Users\Claudio\Desktop\FRST64English.exe
2020-12-07 00:39 - 2020-12-07 00:39 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-12-07 00:21 - 2020-12-07 00:21 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-07 00:21 - 2020-12-07 00:21 - 000001912 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-07 00:21 - 2020-12-07 00:21 - 000000000 ____D C:\Users\Claudio\AppData\Local\mbamtray
2020-12-07 00:21 - 2020-12-07 00:21 - 000000000 ____D C:\Users\Claudio\AppData\Local\mbam
2020-12-07 00:21 - 2020-12-07 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-12-07 00:21 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-06 02:09 - 2020-12-06 02:09 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2020-12-06 02:09 - 2020-11-23 15:40 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-12-06 02:09 - 2020-11-23 15:40 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-12-06 02:09 - 2020-11-23 15:40 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-12-06 02:09 - 2020-11-23 15:40 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-12-06 02:09 - 2020-11-23 15:40 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-12-06 02:09 - 2020-11-23 15:40 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-12-06 02:09 - 2020-11-23 15:40 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-12-06 02:09 - 2020-11-23 15:40 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-12-06 02:09 - 2020-11-23 15:40 - 000456600 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-12-06 02:09 - 2020-11-23 15:40 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-12-06 02:09 - 2020-11-23 15:38 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-12-06 02:09 - 2020-11-23 15:37 - 007706352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-12-06 02:09 - 2020-11-23 15:37 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-12-06 02:09 - 2020-11-23 15:37 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-12-06 02:09 - 2020-11-23 15:37 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-12-06 02:09 - 2020-11-23 15:37 - 001733016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445751.dll
2020-12-06 02:09 - 2020-11-23 15:37 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445751.dll
2020-12-06 02:09 - 2020-11-22 14:29 - 001682368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2020-12-06 02:09 - 2020-11-22 14:29 - 000222112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2020-12-06 02:09 - 2020-11-22 14:29 - 000038816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2020-12-05 22:42 - 2020-12-05 22:42 - 000000000 ____D C:\Users\Claudio\AppData\Local\cache
2020-12-05 18:19 - 2020-12-05 18:19 - 000000000 ____D C:\Program Files (x86)\Origin Games
2020-12-05 18:12 - 2020-12-05 18:12 - 000001066 _____ C:\Users\Public\Desktop\Origin.lnk
2020-12-05 18:12 - 2020-12-05 18:12 - 000001066 _____ C:\ProgramData\Desktop\Origin.lnk
2020-12-05 18:12 - 2020-12-05 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2020-12-05 18:12 - 2020-12-05 18:12 - 000000000 ____D C:\Program Files (x86)\Origin
2020-12-05 18:09 - 2020-12-05 18:22 - 000000000 ____D C:\Users\Claudio\AppData\Roaming\Origin
2020-12-05 18:09 - 2020-12-05 18:20 - 000000000 ____D C:\Users\Claudio\AppData\Local\Origin
2020-12-05 18:09 - 2020-12-05 18:09 - 000000000 ____D C:\Users\Claudio\.Origin
2020-12-03 17:44 - 2020-12-04 20:37 - 000853267 _____ C:\Users\Claudio\Desktop\Resoconto ore DICEMBRE 2020 di Nalesso Claudio.xlsx
2020-11-29 00:15 - 2020-11-30 16:22 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2020-11-29 00:15 - 2020-11-29 00:15 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2020-11-29 00:15 - 2020-11-29 00:15 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-11-29 00:15 - 2020-11-29 00:15 - 000000000 ___RD C:\Users\Default\OneDrive
2020-11-29 00:15 - 2020-11-29 00:15 - 000000000 ___RD C:\Users\Default User\OneDrive
2020-11-29 00:12 - 2020-11-29 00:12 - 000000000 ____D C:\Users\Claudio\AppData\Local\OneDrive
2020-11-29 00:06 - 2020-11-29 00:06 - 000000000 ____D C:\Users\Claudio\Documents\MAXON
2020-11-28 15:09 - 2020-11-28 15:09 - 000000000 ____D C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper
2020-11-12 18:02 - 2020-11-12 18:02 - 000006977 _____ C:\Users\Claudio\Desktop\050A00920026614.pdf
2020-11-12 13:09 - 2020-11-12 13:09 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-12 13:09 - 2020-11-12 13:09 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-11-12 13:09 - 2020-11-12 13:09 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-12 13:09 - 2020-11-12 13:09 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-12 13:09 - 2020-11-12 13:09 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-11 14:22 - 2020-11-07 23:25 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445730.dll
2020-11-11 14:22 - 2020-11-07 23:25 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445730.dll
2020-11-07 01:52 - 2020-11-07 01:52 - 000000000 ___HD C:\$SysReset

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-07 23:00 - 2020-07-01 21:33 - 001973848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-07 23:00 - 2019-03-19 13:33 - 000853308 _____ C:\WINDOWS\system32\perfh010.dat
2020-12-07 23:00 - 2019-03-19 13:33 - 000179750 _____ C:\WINDOWS\system32\perfc010.dat
2020-12-07 23:00 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-12-07 22:58 - 2019-10-01 17:33 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-07 22:57 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-07 22:54 - 2020-07-01 21:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-07 22:54 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-07 22:44 - 2020-07-01 21:35 - 000003136 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2020-12-07 22:44 - 2020-07-01 21:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-07 22:36 - 2018-12-04 17:54 - 000000000 ____D C:\Users\Claudio\AppData\Local\CrashDumps
2020-12-07 01:10 - 2015-05-30 21:03 - 001201032 _____ C:\WINDOWS\ntbtlog.txt
2020-12-07 00:21 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-07 00:21 - 2015-09-02 20:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-06 23:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-06 02:10 - 2020-07-01 21:33 - 000000000 ____D C:\Users\Claudio
2020-12-06 02:10 - 2016-03-04 22:45 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-05 23:23 - 2020-03-25 15:29 - 000000000 ____D C:\Users\Claudio\AppData\Local\Battle.net
2020-12-05 23:23 - 2018-01-15 20:52 - 000000000 ____D C:\Users\Claudio\AppData\Roaming\discord
2020-12-05 22:43 - 2020-07-01 21:47 - 000000000 ____D C:\Users\Claudio\AppData\Local\D3DSCache
2020-12-05 22:03 - 2015-08-13 17:38 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2020-12-05 18:22 - 2015-12-20 23:46 - 000000000 ____D C:\ProgramData\Origin
2020-12-05 17:49 - 2020-07-20 17:32 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-05 17:49 - 2020-07-20 17:32 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-05 17:49 - 2020-07-20 17:32 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-04 20:42 - 2020-07-01 21:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-03 23:10 - 2020-07-01 21:35 - 000003670 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 23:10 - 2020-07-01 21:35 - 000003546 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-03 18:20 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-03 17:44 - 2020-06-02 18:39 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-03 17:44 - 2020-06-02 18:39 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-03 17:44 - 2020-06-02 18:39 - 000002258 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-02 18:18 - 2020-06-09 18:08 - 020658448 _____ (LLC Mail.Ru) C:\WINDOWS\system32\Drivers\mracdrv1.sys
2020-12-02 18:18 - 2017-10-13 17:23 - 021421728 _____ (LLC Mail.Ru) C:\WINDOWS\system32\mracsvc.exe
2020-12-02 18:04 - 2015-08-19 20:42 - 000007607 _____ C:\Users\Claudio\AppData\Local\Resmon.ResmonCfg
2020-11-30 17:18 - 2020-07-20 17:32 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-30 17:18 - 2020-07-20 17:32 - 000003508 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-30 16:22 - 2020-07-01 21:44 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-11-30 15:55 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-11-29 22:04 - 2018-11-28 17:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2020-11-29 02:20 - 2020-07-01 21:45 - 000000000 ___RD C:\Users\Claudio\OneDrive
2020-11-29 00:12 - 2020-07-01 21:41 - 000000000 ____D C:\Users\Claudio\AppData\Local\Packages
2020-11-29 00:06 - 2020-07-05 17:47 - 000000000 ____D C:\Users\Claudio\AppData\Local\PlaceholderTileLogoFolder
2020-11-29 00:06 - 2020-07-01 21:57 - 000000000 ____D C:\ProgramData\Packages
2020-11-29 00:06 - 2015-12-19 20:16 - 000000000 ____D C:\Users\Claudio\AppData\Roaming\MAXON
2020-11-28 23:36 - 2017-07-13 18:03 - 000000000 ____D C:\Users\Claudio\AppData\Local\ElevatedDiagnostics
2020-11-28 17:14 - 2020-09-30 23:13 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-28 17:14 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-28 15:37 - 2020-07-01 21:35 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-28 15:37 - 2015-06-16 16:58 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-23 15:32 - 2019-10-04 15:51 - 007006712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-11-23 15:32 - 2019-10-04 15:51 - 005978008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-11-22 14:29 - 2019-10-04 15:32 - 000058620 _____ C:\WINDOWS\system32\nvinfo.pb
2020-11-22 10:45 - 2019-12-08 00:28 - 005510968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-11-22 10:45 - 2019-12-08 00:28 - 002636264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2020-11-22 10:45 - 2019-12-08 00:28 - 001759032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2020-11-22 10:45 - 2019-12-08 00:28 - 000991032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2020-11-22 10:45 - 2019-12-08 00:28 - 000194360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2020-11-22 10:45 - 2019-12-08 00:28 - 000121144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2020-11-22 10:45 - 2019-12-08 00:28 - 000084456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2020-11-12 15:36 - 2020-07-01 21:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-12 15:36 - 2020-07-01 21:41 - 000000000 ___RD C:\Users\Claudio\3D Objects
2020-11-12 15:35 - 2020-07-01 21:31 - 000348912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-12 15:34 - 2019-03-19 13:35 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-12 15:34 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-12 15:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-12 15:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-12 15:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-12 15:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-12 15:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-12 15:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-12 15:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-12 15:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-12 15:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-12 13:15 - 2015-05-31 01:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-12 13:12 - 2015-05-31 01:08 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-12 13:09 - 2020-07-01 21:34 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-12 11:00 - 2020-09-30 23:13 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-09-30 23:13 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-11-07 01:55 - 2020-07-01 21:41 - 000000000 ____D C:\Users\Claudio\AppData\Local\ConnectedDevicesPlatform
2020-11-07 01:54 - 2019-12-07 17:09 - 000000000 ___HD C:\$WINDOWS.~BT
2020-11-07 01:53 - 2020-07-02 19:17 - 000000000 ____D C:\Program Files\UNP
2020-11-07 01:53 - 2020-06-20 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare
2020-11-07 01:53 - 2020-03-25 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2020-11-07 01:53 - 2019-10-01 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2020-11-07 01:53 - 2019-10-01 17:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-11-07 01:53 - 2019-03-19 13:33 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 __SHD C:\Program Files\Windows Sidebar
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\spool
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\IME
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ServiceState
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\schemas
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Registration
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Help
2020-11-07 01:53 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-11-07 01:53 - 2018-11-28 17:56 - 000000000 ____D C:\Program Files (x86)\Razer
2020-11-07 01:53 - 2018-01-15 20:52 - 000000000 ____D C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-11-07 01:53 - 2017-07-13 18:37 - 000000000 ____D C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultracopier
2020-11-07 01:53 - 2016-08-28 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2020-11-07 01:53 - 2016-05-15 17:53 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2020-11-07 01:53 - 2016-03-04 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-11-07 01:53 - 2015-08-31 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alice
2020-11-07 01:53 - 2015-08-19 23:28 - 000000000 ____D C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2020-11-07 01:53 - 2015-08-13 17:38 - 000000000 ____D C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2020-11-07 01:53 - 2015-07-26 12:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2020-11-07 01:53 - 2015-07-17 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2020-11-07 01:53 - 2015-07-05 19:03 - 000000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2020-11-07 01:53 - 2015-06-21 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2020-11-07 01:53 - 2015-06-02 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2020-11-07 01:53 - 2015-06-02 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2020-11-07 01:53 - 2015-05-31 18:27 - 000000000 ____D C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2020-11-07 01:53 - 2015-05-30 21:55 - 000000000 ____D C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-11-07 01:53 - 2015-05-30 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-11-07 01:53 - 2015-05-30 19:49 - 000000000 ____D C:\WINDOWS\SysWOW64\vbox
2020-11-07 01:53 - 2015-05-30 19:49 - 000000000 ____D C:\WINDOWS\system32\vbox
2020-11-07 01:53 - 2015-05-30 18:01 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2020-11-07 01:53 - 2015-05-30 12:09 - 000000000 ____D C:\Program Files\Intel
2020-11-07 01:53 - 2010-11-21 16:41 - 000000000 ____D C:\WINDOWS\ShellNew
2020-11-07 01:53 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-11-07 01:53 - 2009-07-14 04:20 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-11-07 01:40 - 2020-11-06 04:36 - 000008192 ___SH C:\DumpStack.log.tmp
2020-11-07 01:36 - 2020-07-01 20:52 - 000000000 ___DC C:\WINDOWS\Panther
2020-11-07 01:35 - 2020-07-01 21:35 - 000064773 _____ C:\WINDOWS\diagwrn.xml
2020-11-07 01:35 - 2020-07-01 21:35 - 000064773 _____ C:\WINDOWS\diagerr.xml

==================== Files in the root of some directories ========

2015-10-05 18:15 - 2015-10-05 18:15 - 000000095 _____ () C:\Users\Claudio\AppData\Local\fusioncache.dat
2015-08-19 20:42 - 2020-12-02 18:04 - 000007607 _____ () C:\Users\Claudio\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

This is the Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2020
Ran by Claudio (07-12-2020 23:02:38)
Running from C:\Users\Claudio\Desktop
Windows 10 Pro Version 1909 18363.1198 (X64) (2020-07-01 20:36:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1383695700-1847625372-2000665172-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1383695700-1847625372-2000665172-1004 - Limited - Enabled)
Claudio (S-1-5-21-1383695700-1847625372-2000665172-1000 - Administrator - Enabled) => C:\Users\Claudio
DefaultAccount (S-1-5-21-1383695700-1847625372-2000665172-503 - Limited - Disabled)
Guest (S-1-5-21-1383695700-1847625372-2000665172-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1383695700-1847625372-2000665172-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1383695700-1847625372-2000665172-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Aggiornamenti NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 1.7.3.0 - GIGABYTE Technology Co.,Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.4.1.000 - Asmedia Technology)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1 (HKLM-x32\...\Battlefield 1_is1) (Version:  - )
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.59.24655 - Electronic Arts)
Bing Wallpaper (HKLM-x32\...\{799980CA-D5C6-49C0-95F4-8CA8C48ACBE7}) (Version: 1.0.7.9 - Microsoft Corporation)
Black Mesa (HKLM-x32\...\Black Mesa_is1) (Version:  - )
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version:  - Blizzard Entertainment)
Call of Duty(R) - World at War(TM) 1.2 Patch (HKLM-x32\...\InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}) (Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (HKLM-x32\...\InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}) (Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (HKLM-x32\...\InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}) (Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (HKLM-x32\...\InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}) (Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (HKLM-x32\...\InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}) (Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (HKLM-x32\...\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (HKLM-x32\...\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version:  - ) Hidden
Call of Duty: Infinite Warfare Update v20161118 (HKLM\...\Y2FsbG9mZHV0eWluZmluaXRld2FyZmFyZQ_is1) (Version: 1 - )
Call of Duty: WWII (HKLM\...\Y2FsbG9mZHV0eXd3aWk_is1) (Version: 1 - )
CPUID CPU-Z OC Formula 1.88 (HKLM\...\CPUID CPU-Z OC Formula_is1) (Version: 1.88 - CPUID, Inc.)
CPUID HWMonitor 1.19 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Discord (HKU\S-1-5-21-1383695700-1847625372-2000665172-1000\...\Discord) (Version: 0.0.308 - Discord Inc.)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Grand Theft Auto V Update v1.36 (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
GRAPHISOFT BIMx Desktop Viewer (HKLM\...\BIMx Viewer 23.0 GEN FULL R1 1) (Version: 2019.2.2328.0 - GRAPHISOFT SE)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Installazione Guidata Alice ADSL (HKLM-x32\...\{DDC5AF8D-A320-4A8C-805D-9063C6352127}) (Version:  - )
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Malwarebytes versione 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.55 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{F03CB3EF-DC16-35CE-B3C1-C68EA09E5E97}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
MSI Afterburner 4.6.1 (HKLM-x32\...\Afterburner) (Version: 4.6.1 - MSI Co., LTD)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA Driver audio HD 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA Driver grafico 457.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.51 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.89.45622 - Electronic Arts, Inc.)
Pannello di controllo NVIDIA 457.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 457.51 - NVIDIA Corporation) Hidden
Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.00 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{0edb50a3-501b-40f9-b197-0d143fdef576}) (Version: 1.00.00 - Patriot Memory)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.5.1130.111812 - Razer Inc.)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.19.0917.1 - GIGABYTE)
RivaTuner Statistics Server 7.1.0 (HKLM-x32\...\RTSS) (Version: 7.1.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Ultracopier 1.2.3.6 (HKLM-x32\...\Ultracopier) (Version: 1.2.3.6 - Ultracopier)
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0-2) (Version: 1.0.54.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Warface My.Com (HKU\S-1-5-21-1383695700-1847625372-2000665172-1000\...\Warface My.Com) (Version: 1.48 - My.com B.V.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

Packages:
=========
Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.39.0_x64__pwbj9vvecjh7j [2020-12-03] (Amazon Development Centre (London) Ltd)
Componente aggiuntivo motore dei supporti Foto -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-28] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-07-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-07-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1383695700-1847625372-2000665172-1000_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\20.169.0823.0008\MicrosoftListSync.exe => No File
CustomCLSID: HKU\S-1-5-21-1383695700-1847625372-2000665172-1000_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\20.169.0823.0008\MicrosoftListSync.exe => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2011-08-08] (SysProgs.org) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2011-08-08] (SysProgs.org) [File not signed]
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.169.0823.0008\amd64\FileSyncShell64.dll [2020-11-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-11-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-28] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [180224 2010-08-03] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2019-04-21 09:33 - 2019-04-21 09:33 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-04-21 09:32 - 2019-04-21 09:32 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-04-21 09:33 - 2019-04-21 09:33 - 000649216 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-04-21 09:32 - 2019-04-21 09:32 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-04-21 09:33 - 2019-04-21 09:33 - 000367104 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2018-03-15 10:31 - 2018-03-15 10:31 - 000055808 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2018-03-15 10:31 - 2018-03-15 10:31 - 000072704 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2018-03-15 10:31 - 2018-03-15 10:31 - 000353792 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2013-08-07 13:24 - 2013-08-07 13:24 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-05-30 18:01 - 2015-05-30 18:00 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2013-08-07 13:24 - 2013-08-07 13:24 - 000514048 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2019-05-09 17:20 - 2005-06-09 00:02 - 000119808 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_ILMACE.DLL
2009-07-14 02:20 - 2009-07-14 02:40 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\EP0SLM01.DLL
2011-06-04 21:14 - 2011-08-08 19:11 - 000202752 _____ (SysProgs.org) [File not signed] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll
2020-12-05 18:12 - 2020-12-05 18:12 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-12-05 18:12 - 2020-12-05 18:12 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-12-05 18:12 - 2020-12-05 18:12 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-12-05 18:12 - 2020-12-05 18:12 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-12-05 18:12 - 2020-12-05 18:12 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-12-05 18:12 - 2020-12-05 18:12 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-12-05 18:12 - 2020-12-05 18:12 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-12-05 18:12 - 2020-12-05 18:12 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-12-05 18:12 - 2020-12-05 18:12 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-11-29 22:04 - 2020-09-23 01:27 - 000050976 _____ (WDKTestCert jenkins,132209371768038986 -> Razer Inc) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\15320C00-00FF-FFFF-0000-81B2410B8000.mod
2020-11-29 22:04 - 2020-09-23 01:27 - 000090400 _____ (WDKTestCert jenkins,132209371768038986 -> Razer Inc.) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\1532005C-00FF-FFFF-0000-813B1AB02000.mod

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

DownloadDir: C:\Users\Claudio\Desktop
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2020-07-01 19:50 - 000000912 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\Claudio\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-1383695700-1847625372-2000665172-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudio\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20201207.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^Users^Claudio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Moongamers Patch Switcher.lnk => C:\Windows\pss\Moongamers Patch Switcher.lnk.Startup
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-1383695700-1847625372-2000665172-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{7F3AD67F-C069-4152-90AE-5E04B6ABF300}G:\pc games\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\pc games\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{3685C690-8CAC-4421-9E13-F14337C35DAC}G:\pc games\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\pc games\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{79C101AF-5CB7-4F47-B31E-1D35364EC854}C:\program files (x86)\steam\steamapps\common\warface\13_2000076\bin64release\game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\13_2000076\bin64release\game.exe (warface -> Crytek GmbH)
FirewallRules: [TCP Query User{44AB2B73-04A6-4D0F-B6B8-80DCF3515F98}C:\program files (x86)\steam\steamapps\common\warface\13_2000076\bin64release\game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\13_2000076\bin64release\game.exe (warface -> Crytek GmbH)
FirewallRules: [UDP Query User{A596901D-E854-48B7-8B03-CC830B497EA5}F:\programmi\sierra\swat 4\contentexpansion\system\swat4x.exe] => (Allow) F:\programmi\sierra\swat 4\contentexpansion\system\swat4x.exe => No File
FirewallRules: [TCP Query User{B7EA6995-5892-4B0F-9C92-90740F0D78FD}F:\programmi\sierra\swat 4\contentexpansion\system\swat4x.exe] => (Allow) F:\programmi\sierra\swat 4\contentexpansion\system\swat4x.exe => No File
FirewallRules: [UDP Query User{98804F61-BF4D-45F7-85AA-24185F0EA689}C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe (Mail.Ru LLC -> )
FirewallRules: [TCP Query User{9CA6A7D2-9931-47FD-A663-CF84E7E05071}C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe (Mail.Ru LLC -> )
FirewallRules: [UDP Query User{D6EF555E-BD8D-4714-9D73-1D30A255FA1A}G:\pc games\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) G:\pc games\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe => No File
FirewallRules: [TCP Query User{F2D68FF0-8C8F-4A6B-8695-F96027117299}G:\pc games\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) G:\pc games\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe => No File
FirewallRules: [{E380B37A-3DC3-40A4-B5AC-29C52F8B5F0F}] => (Allow) G:\PC Games\SteamLibrary\steamapps\common\Source SDK Base 2007\hl2.exe => No File
FirewallRules: [{0FDA60A3-00F2-4D7F-A1A2-2C75ECBCA2D6}] => (Allow) G:\PC Games\SteamLibrary\steamapps\common\Source SDK Base 2007\hl2.exe => No File
FirewallRules: [{A6D69026-F6EB-406F-8250-059F7E75F268}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\Warface\Bin32Release\Game.exe => No File
FirewallRules: [{59369DEF-DDA8-40F2-B766-29BB23E3D3A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\Warface\Bin32Release\Game.exe => No File
FirewallRules: [{728CAFC0-CB93-41A1-B675-F977C29A698E}] => (Allow) G:\PC Games\bfv.exe => No File
FirewallRules: [{2C42487D-DC0A-4A9E-817A-300A2F4E0713}] => (Allow) G:\PC Games\bfv.exe => No File
FirewallRules: [{3543B233-B815-4F3E-94E0-1AA0DE191A0B}] => (Allow) G:\PC Games\bfvTrial.exe => No File
FirewallRules: [{1201EC12-516C-49A5-A254-F2CABFC9CF11}] => (Allow) G:\PC Games\bfvTrial.exe => No File
FirewallRules: [UDP Query User{99CDFD73-E3C7-4A29-8978-CE97BD9F89C4}C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe => No File
FirewallRules: [TCP Query User{3EE91818-48E5-46A1-AF25-EAE42377C6C8}C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\warface\bin64release\game.exe => No File
FirewallRules: [{2FBAAAE6-3667-4578-84F7-378F68993B36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3936FBFA-D4B1-4582-B20B-73E11627F06A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{9B5DD3B6-E7D0-47F7-A254-08DDAA3EAF4F}C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe (Mail.Ru LLC -> )
FirewallRules: [TCP Query User{C46E9B3B-B595-4B28-9518-4AB9F1D1A44F}C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\gamecenter\gamecenter.exe (Mail.Ru LLC -> )
FirewallRules: [{838597BB-4DEA-4640-87D6-532D91B1E7B1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8FEAAC08-BA7D-40FA-9298-CE4D769B1254}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{550AC600-C432-4276-9016-D9B4A2647705}C:\users\claudio\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\claudio\appdata\local\gamecenter\gamecenter.exe => No File
FirewallRules: [TCP Query User{89E63931-8643-48DE-B927-8A17257AD465}C:\users\claudio\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\claudio\appdata\local\gamecenter\gamecenter.exe => No File
FirewallRules: [UDP Query User{0857DBD5-0D9A-43F8-AF0A-F2A7C78CBACA}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [TCP Query User{A67DBCDF-2E11-44EE-B837-AA1435036B4C}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\gamecenter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [UDP Query User{FA467AAC-B28C-4936-B426-4760C2981A08}G:\pc games\call of duty infinite warfare\iw7_ship.exe] => (Allow) G:\pc games\call of duty infinite warfare\iw7_ship.exe (Activision Publishing -> Activision)
FirewallRules: [TCP Query User{F853801F-E1A7-4587-99A0-A76229541E48}G:\pc games\call of duty infinite warfare\iw7_ship.exe] => (Allow) G:\pc games\call of duty infinite warfare\iw7_ship.exe (Activision Publishing -> Activision)
FirewallRules: [UDP Query User{405D19E6-D6E2-42E4-BE4F-0D2B98FDA3B9}G:\pc games\call of duty infinite warfare\iw7_ship.exe] => (Allow) G:\pc games\call of duty infinite warfare\iw7_ship.exe (Activision Publishing -> Activision)
FirewallRules: [TCP Query User{F258D646-44A5-45EF-B415-7D2F01C40573}G:\pc games\call of duty infinite warfare\iw7_ship.exe] => (Allow) G:\pc games\call of duty infinite warfare\iw7_ship.exe (Activision Publishing -> Activision)
FirewallRules: [UDP Query User{542CE3F8-F2B7-4D9E-A0B2-2990F61B5ADD}G:\pc games\battlefield 1\bf1.exe] => (Allow) G:\pc games\battlefield 1\bf1.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [TCP Query User{81EA9F55-67B7-4B56-AD88-20AF0DB944D1}G:\pc games\battlefield 1\bf1.exe] => (Allow) G:\pc games\battlefield 1\bf1.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [UDP Query User{480F27E8-0B33-48A9-BB92-09D91A712BE0}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> )
FirewallRules: [TCP Query User{048B567A-CEEB-4003-8AD2-F24B9FC11C9E}C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> )
FirewallRules: [{F59AA3C5-E92B-444E-8A8E-6B01881709D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\Warface\Bin32Release\Game.exe => No File
FirewallRules: [{78F3A1BA-A53F-472A-BC89-52C226828132}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\Warface\Bin32Release\Game.exe => No File
FirewallRules: [{FE961EE3-E991-49E7-8762-F8699EA21671}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{F5BD70BC-DE58-4449-998D-06B05E3ABC27}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{CDAFBDB2-7EBF-44EB-99F3-9FC42BDF37E9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{EDDC1245-9656-4D78-AF60-D89EDFC5CE16}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [UDP Query User{F8E60D6C-6D2A-40A8-B037-89280D5257DC}C:\users\claudio\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\claudio\appdata\local\mycomgames\mycomgames.exe => No File
FirewallRules: [TCP Query User{B8E6669E-74A0-4D9B-AC03-FD3DA1CEEE1F}C:\users\claudio\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\claudio\appdata\local\mycomgames\mycomgames.exe => No File
FirewallRules: [{36092DC3-D223-4292-BD9C-0B44C4213AB9}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed]
FirewallRules: [{D4E4E972-21FF-4A48-B553-7CAA59D9E55F}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed]
FirewallRules: [{5C47997D-75E6-45A8-B2F4-DE92238DEE64}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe => No File
FirewallRules: [{3E797524-9E32-4477-88AB-AEF4A3A7884B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe => No File
FirewallRules: [{678E79EF-3842-499A-9C43-AFC6A16C0278}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe (Mail.Ru LLC -> )
FirewallRules: [{1EEC753F-54C9-441C-8EB8-AB193789E8D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe (Mail.Ru LLC -> )
FirewallRules: [UDP Query User{7D1D1039-5003-4A55-A98B-A6D5CDF3847B}C:\users\claudio\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\claudio\appdata\local\mycomgames\mycomgames.exe => No File
FirewallRules: [TCP Query User{A83D3400-8BFA-4715-9C90-EC72D8C062A6}C:\users\claudio\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\claudio\appdata\local\mycomgames\mycomgames.exe => No File
FirewallRules: [{91EA3725-6F0B-4E22-BE77-5583E5B2D6CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe => No File
FirewallRules: [{2CED271A-E6C4-469A-A1C0-711439DB2E41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe => No File
FirewallRules: [{C6BE77D3-3629-4781-B3BE-7F8A747A46FC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{221BFA43-2177-4C70-BA9C-464FE3FE1535}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{495662A4-6F25-4C2A-8170-D53BF51569D7}C:\program files (x86)\activision\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Block) C:\program files (x86)\activision\call of duty modern warfare remastered\h1_sp64_ship.exe => No File
FirewallRules: [TCP Query User{870B8C7B-96B9-4871-B0C0-BEEACF870A92}C:\program files (x86)\activision\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Block) C:\program files (x86)\activision\call of duty modern warfare remastered\h1_sp64_ship.exe => No File
FirewallRules: [UDP Query User{3B3B1FD7-3FD7-4912-801C-1C520F10914B}C:\program files (x86)\activision\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Block) C:\program files (x86)\activision\call of duty modern warfare remastered\h1_sp64_ship.exe => No File
FirewallRules: [TCP Query User{F69ACFBF-44D0-4440-8E42-F9671E8A122E}C:\program files (x86)\activision\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Block) C:\program files (x86)\activision\call of duty modern warfare remastered\h1_sp64_ship.exe => No File
FirewallRules: [{D6F2BE44-96F9-4630-9D7F-1A85E12E14B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe => No File
FirewallRules: [{92535385-5D20-4E5F-826A-B20AC33C6FDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe => No File
FirewallRules: [{01A2B7F0-8B8E-4179-96D0-4DE6483F2CD1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe => No File
FirewallRules: [{56A0FD02-96EC-4D98-B5A9-80C6923537E5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe => No File
FirewallRules: [{7E9C06DC-D811-4736-9866-CBBEAA7F2123}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe => No File
FirewallRules: [{663476C7-F9F8-49D2-BE67-04F249748FB3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe => No File
FirewallRules: [UDP Query User{BC56D461-AFA9-4A86-BE76-50ED87A89BCD}C:\program files (x86)\activision\call of duty black ops iii\blackops3.exe] => (Block) C:\program files (x86)\activision\call of duty black ops iii\blackops3.exe => No File
FirewallRules: [TCP Query User{108D921A-7947-41B7-AE67-1FB6BDE3E271}C:\program files (x86)\activision\call of duty black ops iii\blackops3.exe] => (Block) C:\program files (x86)\activision\call of duty black ops iii\blackops3.exe => No File
FirewallRules: [UDP Query User{86896568-78F9-4DB4-BBF8-99A168873C19}C:\program files (x86)\activision\call of duty black ops iii\blackops3.exe] => (Block) C:\program files (x86)\activision\call of duty black ops iii\blackops3.exe => No File
FirewallRules: [TCP Query User{8CD46721-AB89-421A-BD58-C129952DDFFB}C:\program files (x86)\activision\call of duty black ops iii\blackops3.exe] => (Block) C:\program files (x86)\activision\call of duty black ops iii\blackops3.exe => No File
FirewallRules: [{EA3322B8-6295-44D9-A593-73D04C5A7949}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SKILL\Binaries\Win32\sf2.exe => No File
FirewallRules: [{3C2B4969-DA8E-4E02-BFEB-FD895A8B4754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SKILL\Binaries\Win32\sf2.exe => No File
FirewallRules: [UDP Query User{A28BAD43-A077-451C-9853-4D05235984B6}C:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe => No File
FirewallRules: [TCP Query User{5CCC3226-202D-487C-91F0-DF0227502776}C:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw lanfixed.exe => No File
FirewallRules: [{832DDACA-F675-4197-8BC9-705AF89E8926}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoD 5 1.7 Privat Client Patch.exe => No File
FirewallRules: [{A6FA5ECE-6862-44B0-AEB0-656D50855107}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoD 5 1.7 Privat Client Patch.exe => No File
FirewallRules: [{C3EDA4EB-70E4-4732-8863-0F3DED95C81E}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoD 5 1.7 Privat Client Patch.exe => No File
FirewallRules: [{088DB75A-E968-4961-B23D-0B969E3C5AE2}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty - World at War\CoD 5 1.7 Privat Client Patch.exe => No File
FirewallRules: [UDP Query User{30A5FE32-9FDA-4D60-ADD4-B58768A1F1E1}C:\program files (x86)\activision\call of duty black ops 2\t6sp.exe] => (Block) C:\program files (x86)\activision\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [TCP Query User{E6039E56-EC2D-4F27-B848-FA0455F4A503}C:\program files (x86)\activision\call of duty black ops 2\t6sp.exe] => (Block) C:\program files (x86)\activision\call of duty black ops 2\t6sp.exe => No File
FirewallRules: [UDP Query User{E21DE62A-5191-42A6-A9AB-F42358F90E37}C:\program files (x86)\farming simulator 15\x64\farmingsimulator2015game.exe] => (Block) C:\program files (x86)\farming simulator 15\x64\farmingsimulator2015game.exe => No File
FirewallRules: [TCP Query User{36BB2951-5D0D-4037-B558-9EAD5B893145}C:\program files (x86)\farming simulator 15\x64\farmingsimulator2015game.exe] => (Block) C:\program files (x86)\farming simulator 15\x64\farmingsimulator2015game.exe => No File
FirewallRules: [UDP Query User{F59A9F82-2B03-45F0-AD26-17797D70C040}C:\program files\tixati\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [TCP Query User{9F6DBCEE-FB23-4DEF-AD38-7765D60868D3}C:\program files\tixati\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{FF29D624-8CEE-42D0-9198-2B3A0641E96F}C:\program files (x86)\activision\call of duty black ops 1\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty black ops 1\blackops.exe => No File
FirewallRules: [TCP Query User{BD86D1C9-43C1-473E-B5AE-884A27EE009B}C:\program files (x86)\activision\call of duty black ops 1\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty black ops 1\blackops.exe => No File
FirewallRules: [UDP Query User{15C2A671-31D3-4518-9857-2822A0AC5936}C:\program files (x86)\activision\call of duty black ops 1\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty black ops 1\blackops.exe => No File
FirewallRules: [TCP Query User{AFBDCD63-E4D1-4F45-A948-02F47C31517C}C:\program files (x86)\activision\call of duty black ops 1\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty black ops 1\blackops.exe => No File
FirewallRules: [{76C46F22-293A-488E-97C1-51F27CCD172E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{8597B547-CBA6-4EA6-86AD-DAB6F3113438}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{556EFD8B-9021-4BCB-A190-CE2BDBEB46A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A6AEC18C-E51D-4D29-9D6D-DCB062DFB56D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{A3251756-CDD2-4D7F-94D6-132D2EDA9C97}C:\users\claudio\desktop\asd\bin32\crysis3.exe] => (Block) C:\users\claudio\desktop\asd\bin32\crysis3.exe => No File
FirewallRules: [TCP Query User{15928312-EC69-4D01-B112-C1B99370B421}C:\users\claudio\desktop\asd\bin32\crysis3.exe] => (Block) C:\users\claudio\desktop\asd\bin32\crysis3.exe => No File
FirewallRules: [{5C21AD36-0EA4-4F43-92F8-BF1310C1F3EE}] => (Block) %USERPROFILE%\Desktop\asd\Bin32\Crysis3.exe => No File
FirewallRules: [UDP Query User{D9883A42-18EF-47B2-8707-B06D67AC5047}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe => No File
FirewallRules: [TCP Query User{194D8A1E-983B-4E7A-8330-DA9C85AE2734}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe => No File
FirewallRules: [{C4CED3E4-0E9B-490B-87EB-C4B0B588258D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe => No File
FirewallRules: [{67C58939-DB0A-4147-9047-D58869CFFE1F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe => No File
FirewallRules: [{E7B2E7D4-3C2F-43F6-B884-50E1B99D6440}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe => No File
FirewallRules: [{1CEED03A-D046-495F-9437-3674A1D60FAD}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe => No File
FirewallRules: [UDP Query User{3F3BA617-0495-4980-9FCB-8FDAB34EFABA}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.) [File not signed]
FirewallRules: [TCP Query User{5D68E376-E4DC-4412-B39F-41735A9D5753}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.) [File not signed]
FirewallRules: [UDP Query User{BE5308FD-DC2A-4BA5-BFFD-30DD83B3F7AB}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw.exe => No File
FirewallRules: [TCP Query User{2EF79F95-ADA3-40D7-95CD-CE013CE74D32}C:\program files (x86)\activision\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\activision\call of duty - world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{8F2E4779-F7DE-48C7-BED3-23DA88302CFF}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.) [File not signed]
FirewallRules: [TCP Query User{C466D57A-8FBD-4DA0-A241-F5F482AA8968}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.) [File not signed]
FirewallRules: [{F880E3F4-4D85-4FA3-9CE9-D8E50FA3DF53}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{C13F5897-0610-4DCF-BD9B-C373665143A7}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{DB56F530-B1D4-48EE-A6F3-181070BC4219}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{0C36616E-EEDD-4091-90B2-5445AB478CA6}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{23369249-D802-49D2-8AD2-FEF5D464213A}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games) [File not signed]
FirewallRules: [{16EF0CD7-A62F-4BDC-848D-EDCFF860D64D}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games) [File not signed]
FirewallRules: [{358534EB-6EF4-4541-ADDF-346EF420602E}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games) [File not signed]
FirewallRules: [{BAAF1C94-5CFE-4EBE-A4B7-61C86325F2FF}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games) [File not signed]
FirewallRules: [{0D7F1FD8-F31E-409F-AD21-3442E5956092}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed]
FirewallRules: [{A5E9C405-FB91-4C32-ACBD-7FCE0CAF5E73}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed]
FirewallRules: [{9869E130-9F9E-4776-89DE-132C0FB165B6}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed]
FirewallRules: [{4834E711-4FE5-422D-811D-A464AF386388}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed]
FirewallRules: [{3B86E401-6C59-4422-B63F-7595E8EBF5FF}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\Launcher.exe => No File
FirewallRules: [{6A36CD1F-0804-4561-BB14-845BF6A99B01}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\Launcher.exe => No File
FirewallRules: [{12762E6A-C28A-42DB-881E-39EBD172F05B}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\Launcher.exe => No File
FirewallRules: [{CD091F94-FE8A-4326-A1A7-DB8E446741F8}] => (Allow) C:\Program Files (x86)\Grand Theft Auto V\Launcher.exe => No File
FirewallRules: [{C28D56D2-C328-45F3-8B6D-CAAC17C0CF9F}] => (Block) C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe => No File
FirewallRules: [{4A38AF68-32D8-4F02-AF72-8B2A0413691F}] => (Block) C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe => No File
FirewallRules: [UDP Query User{E15F50A3-FD16-49C1-B15C-F15A3592F800}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe => No File
FirewallRules: [TCP Query User{03AC8097-E36D-4F51-A468-BF01F5430588}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe => No File
FirewallRules: [UDP Query User{2EC086F9-0438-4880-82D3-A7DB8540646A}F:\programmi\sierra\swat 4\contentexpansion\system\swat4xdedicatedserver.exe] => (Allow) F:\programmi\sierra\swat 4\contentexpansion\system\swat4xdedicatedserver.exe => No File
FirewallRules: [TCP Query User{89E226DE-5E5C-4D0E-BFAD-F7D4B2F367A3}F:\programmi\sierra\swat 4\contentexpansion\system\swat4xdedicatedserver.exe] => (Allow) F:\programmi\sierra\swat 4\contentexpansion\system\swat4xdedicatedserver.exe => No File
FirewallRules: [{109389EE-C65D-4A72-947F-32DAB12E54CD}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe => No File
FirewallRules: [{53CC238D-7F5A-4EE5-9237-53EE81D06A0B}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe => No File
FirewallRules: [UDP Query User{3DB6BEB5-9B6F-4AFD-924E-95FDD589B37C}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Block) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe => No File
FirewallRules: [TCP Query User{BB1E3215-FD64-489F-AFF6-29F321E7A89D}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Block) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe => No File
FirewallRules: [UDP Query User{79F92AD1-F147-4FF9-9BAA-6FFCF4D948A0}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe => No File
FirewallRules: [TCP Query User{2F93E85D-36A9-498E-A2C6-7D0E6E73D2A3}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe => No File
FirewallRules: [{2AA02014-A47F-45F9-9FA2-6A2CC424EF59}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe => No File
FirewallRules: [{A591DE29-508E-4E2E-B675-F0D88E3E1C45}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe => No File
FirewallRules: [{67E75086-02FE-4AC3-8A04-E61F1665D123}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe => No File
FirewallRules: [{9E6EF7A6-559D-45FB-B36C-1D42D54D4345}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe => No File
FirewallRules: [{92BD0BFB-D4CE-4BA1-B216-41C609990964}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe => No File
FirewallRules: [{A31DB357-8804-4992-9336-D51437541398}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe => No File
FirewallRules: [{6B667074-46EA-455D-A612-0FAB36348D69}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe => No File
FirewallRules: [{342D0A55-7400-4EAD-AA00-5055D851BB45}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe => No File
FirewallRules: [UDP Query User{80A1C5BE-C09F-4D41-8DB5-8DA95388B878}C:\program files (x86)\r.g. mechanics\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\r.g. mechanics\battlefield 4\bf4.exe => No File
FirewallRules: [TCP Query User{F00FE32D-ABA8-4F25-9EE0-C5F90ABDD379}C:\program files (x86)\r.g. mechanics\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\r.g. mechanics\battlefield 4\bf4.exe => No File
FirewallRules: [UDP Query User{C9F698A8-5BE1-45C5-9E20-D6640F9A34AD}C:\program files (x86)\r.g. mechanics\battlefield 4\bf4_x86.exe] => (Block) C:\program files (x86)\r.g. mechanics\battlefield 4\bf4_x86.exe => No File
FirewallRules: [TCP Query User{2E8515F6-E2DD-4EC9-BE2A-9A6F431E98D2}C:\program files (x86)\r.g. mechanics\battlefield 4\bf4_x86.exe] => (Block) C:\program files (x86)\r.g. mechanics\battlefield 4\bf4_x86.exe => No File
FirewallRules: [UDP Query User{523B93C9-DDA7-420C-97D1-25B40D068D05}C:\users\claudio\desktop\assetto corsa\acs.exe] => (Block) C:\users\claudio\desktop\assetto corsa\acs.exe => No File
FirewallRules: [TCP Query User{A323FF39-290B-4851-9180-F00FD9AD9727}C:\users\claudio\desktop\assetto corsa\acs.exe] => (Block) C:\users\claudio\desktop\assetto corsa\acs.exe => No File
FirewallRules: [{46F77384-3C7D-425E-97B7-352C43E5334C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [{B02A4359-82A0-4FE7-9B14-7320DC3C88C2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe => No File
FirewallRules: [TCP Query User{6B4E34E5-2F04-4988-A3E6-FC77535A67FE}G:\pc games\call of duty black ops cold war beta\blackopscoldwar.exe] => (Allow) G:\pc games\call of duty black ops cold war beta\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [UDP Query User{96518166-B18B-487A-A447-783344C26F97}G:\pc games\call of duty black ops cold war beta\blackopscoldwar.exe] => (Allow) G:\pc games\call of duty black ops cold war beta\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [{9FCB1BE6-21F9-433B-8EE8-0E41BB77A86F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5267F819-AB54-4485-859D-A4020EE124B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F23F0E1B-D4ED-44F5-89CF-C9931498C5E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F396336B-258E-4577-AA08-F76B7031B3C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E881D62-7214-49E0-A6DF-2C54BCF189A3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4DE5356D-D503-49A1-8A71-0B997ADCC911}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B1BE1883-C695-439F-81F3-1B8D3F226947}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{14072449-F476-47A8-9200-728B458564A1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{B04D7069-7EB9-456C-A03B-3F09CCB51B08}C:\program files (x86)\steam\steamapps\common\warface\13_2000076\bin64release\gamedx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\13_2000076\bin64release\gamedx11.exe (warface -> Crytek GmbH)
FirewallRules: [UDP Query User{859274A0-FC46-4882-8573-0D32CB7DB729}C:\program files (x86)\steam\steamapps\common\warface\13_2000076\bin64release\gamedx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\warface\13_2000076\bin64release\gamedx11.exe (warface -> Crytek GmbH)
FirewallRules: [{AEC893D4-ADC8-43B6-8BA4-B22957C0785A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-11-2020 18:52:20 Windows Update
28-11-2020 15:19:10 Punto di controllo pianificato

==================== Faulty Device Manager Devices ============

Name: Dispositivo PCI
Description: Dispositivo PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/07/2020 10:53:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5920,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/07/2020 10:43:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6024,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/07/2020 10:36:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: WinStore.App.exe, versione: 12011.1001.1.0, timestamp: 0x5fa0879b
Nome del modulo che ha generato l'errore: twinapi.appcore.dll, versione: 10.0.18362.1171, timestamp: 0x3e66f34f
Codice eccezione: 0xc0000005
Offset errore 0x000000000003a860
ID processo che ha generato l'errore: 0x316c
Ora di avvio dell'applicazione che ha generato l'errore: 0x01d6cce0f6915917
Percorso dell'applicazione che ha generato l'errore: C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
Percorso del modulo che ha generato l'errore: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
ID segnalazione: 8f5efdd9-65f9-4538-a8f8-712ef126751f
Nome completo pacchetto che ha generato l'errore: Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe
ID applicazione relativo al pacchetto che ha generato l'errore: App

Error: (12/07/2020 12:27:30 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12128,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/06/2020 11:44:50 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9672,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/06/2020 12:42:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2716,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/06/2020 12:05:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14688,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/05/2020 11:49:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15208,R,98) TILEREPOSITORYS-1-5-18: Si è verificato l'errore -1023 (0xfffffc01) durante l'apertura del file di log C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (12/07/2020 10:56:01 PM) (Source: DCOM) (EventID: 10010) (User: CLAUDIO-PC)
Description: Il server Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca non ha effettuato la registrazione con DCOM nel tempo richiesto.

Error: (12/07/2020 10:54:30 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Il servizio Malwarebytes Service non è stato arrestato correttamente dopo la ricezione di un controllo di pre-arresto del sistema.

Error: (12/07/2020 10:54:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Razer Synapse Service. Questo evento si è già verificato 1 volta(e).

Error: (12/07/2020 10:54:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Razer Game Manager. Questo evento si è già verificato 1 volta(e).

Error: (12/07/2020 10:54:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Origin Web Helper Service. Questo evento si è già verificato 1 volta(e).

Error: (12/07/2020 10:54:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Razer Central Service. Questo evento si è già verificato 1 volta(e).

Error: (12/07/2020 10:54:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio SAMSUNG Mobile Connectivity Service. Questo evento si è già verificato 1 volta(e).

Error: (12/07/2020 10:54:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio NVIDIA LocalSystem Container è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 6000 millisecondi: Riavvia il servizio.


Windows Defender:
===================================
Date: 2020-12-03 19:51:41.416
Description: 
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {8C2CCD25-272A-4F14-9F72-3B46242AAD35}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2020-12-02 19:26:02.585
Description: 
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {BE6D4A0C-9AAC-4645-A307-797645F6A79C}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SERVIZIO DI RETE

Date: 2020-11-30 22:13:53.609
Description: 
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {FD925E88-E53A-4E22-A9C5-DFC5B94FF0E8}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2020-11-29 20:51:00.415
Description: 
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {27208E55-43AA-41CC-875C-DE30FC47369D}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2020-11-28 15:13:19.514
Description: 
Windows Defender Antivirus: analisi interrotta prima del completamento.
ID analisi: {B9C7B697-3C92-4F2C-9649-3C518DA72532}
Tipo analisi: Antimalware
Parametri analisi: Analisi veloce
Utente: NT AUTHORITY\SYSTEM

Date: 2020-12-04 20:42:40.826
Description: 
Windows Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 1.327.2074.0
Versione intelligence sulla sicurezza precedente: 1.327.1999.0
Origine aggiornamento: Utente
Tipo intelligence sulla sicurezza: Antispyware
Tipo aggiornamento: Delta
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente: 1.1.17600.5
Versione motore precedente: 1.1.17600.5
Codice errore: 0x80509004
Descrizione errore: Problema imprevisto. Installare tutti gli aggiornamenti disponibili, quindi provare di nuovo ad avviare il programma. Per informazioni sull'installazione degli aggiornamenti, consultare Guida e supporto tecnico. 

Date: 2020-12-04 20:42:40.826
Description: 
Windows Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 1.327.2074.0
Versione intelligence sulla sicurezza precedente: 1.327.1999.0
Origine aggiornamento: Utente
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Delta
Utente: NT AUTHORITY\SYSTEM
Versione motore corrente: 1.1.17600.5
Versione motore precedente: 1.1.17600.5
Codice errore: 0x80509004
Descrizione errore: Problema imprevisto. Installare tutti gli aggiornamenti disponibili, quindi provare di nuovo ad avviare il programma. Per informazioni sull'installazione degli aggiornamenti, consultare Guida e supporto tecnico. 

Date: 2020-11-11 11:40:43.327
Description: 
Windows Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 
Versione intelligence sulla sicurezza precedente: 1.327.571.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente: 
Versione motore precedente: 1.1.17600.5
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione 

Date: 2020-11-11 11:40:43.324
Description: 
Windows Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 
Versione intelligence sulla sicurezza precedente: 1.327.571.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo intelligence sulla sicurezza: Antispyware
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente: 
Versione motore precedente: 1.1.17600.5
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione 

Date: 2020-11-11 11:40:43.322
Description: 
Windows Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza.
Nuova versione intelligence sulla sicurezza: 
Versione intelligence sulla sicurezza precedente: 1.327.571.0
Origine aggiornamento: Microsoft Malware Protection Center
Tipo intelligence sulla sicurezza: Antivirus
Tipo aggiornamento: Completo
Utente: NT AUTHORITY\SERVIZIO DI RETE
Versione motore corrente: 
Versione motore precedente: 1.1.17600.5
Codice errore: 0x80072ee2
Descrizione errore: Timeout dell'operazione 

CodeIntegrity:
===================================

Date: 2020-12-07 22:37:11.402
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-07 22:37:11.383
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-07 00:21:27.038
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLL.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-12-07 00:21:26.552
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\Actions.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-11-29 20:52:55.061
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-29 20:52:55.015
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-29 20:52:54.941
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-29 20:52:54.527
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. P2.10 07/17/2014
Motherboard: ASRock Z87 OC Formula
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 35%
Total physical RAM: 12214.55 MB
Available physical RAM: 7938.93 MB
Total Virtual: 24502.55 MB
Available Virtual: 18333.33 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:232.23 GB) (Free:54.65 GB) NTFS
Drive g: (SSD Programmi) (Fixed) (Total:465.63 GB) (Free:96.71 GB) NTFS

\\?\Volume{2939ab8e-06b6-11e5-9a21-806e6f6e6963}\ (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{fce61318-0000-0000-0000-30153a000000}\ () (Fixed) (Total:0.55 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: FCE61318)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=566 MB) - (Type=27)

==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================


I hope everything is correct.
I'm pending for new instructions and/or good news.
Best regards, thanks in advance,

nalex91

Link to post
Share on other sites

  • Solution

Hiya nalex91,

Thanks for those logs, continue please:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Let me see those logs in your reply, also give an update on any remaining issues or concerns...

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Hello,
Here's the continuation of the process:

Fixlog.txt


SophosVirusRemovalTool.log

No issues detected by Sophos.

Doubts and concerns:

  • Where Could I have got that Roboot64.exe from?
  • What are its malicious actions?
  • Could it have affected my removable storage units where I store only data (images, videos, .pdf, microsoft office's files, music, iso files) ?

Thanks, best regards, 
nalex91

Link to post
Share on other sites

Hiya nalex91,

Roboot64.exe may have landed on your system via System Optimizer software, bundled with free software or possibly a browser hijacker. I believe it has also been known to sneak in via an exploited browser addon. It is not a virus or that kind of infection, its mainly classed as adware. These are very annoying at best in that they cause pop-ups, redirect your browser home page, and other behaviour that may slow down your PC and/or direct ads your way, but they are not actually doing anything bad like damaging files or stealing banking or credit card information and such like.

Can you run another scan with Mawarebytes, see if the nuisance has returned...

Thank you,

Kevin..

 

 

 

Link to post
Share on other sites

Hello, I ran AdwCleaner and:


# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-09-29.1 (Local)
# Support:
https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-12-2020
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted       Amazon Assistant per Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1961 octets] - [07/12/2020 22:52:47]
AdwCleaner[C00].txt - [2039 octets] - [07/12/2020 22:54:02]
AdwCleaner[S01].txt - [1585 octets] - [12/12/2020 20:34:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

I let it clean and reboot. Then I removed Amazon assistant from my chrome browser. I ran Adwcleaner again and no more issues were found.

Then I ran Malwarebytes and:


Defrag tool.txt

It detected a defrag tool I installed this week. I had uninstalled it (not cleaned via Malwarebytes) and then did another scan with Malwarebytes. No issues were found.
 

Link to post
Share on other sites

Thanks for the update nalex91, good to hear your issues have cleared. Continue to finish up:

Uninstall the following program (unless you prefer to keepit):

Sophos AV

http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Also delete this folder if still present: C:\ProgramData\Sophos

Next,

Right click on FRST here: C:\Users\Claudio\Desktop\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.