Notifications and pop-up ads on Chrome Browser | #firefox | #chrome | #microsoftedge

Farbar Recovery Scan Tool (FRST) scan result (x64) Version: 05/29/2021 01

Launched with kayir (Admin) on LAPTOP-1DM9NOO4 (ASUSTeK COMPUTER INC. VivoBook_ASUSLaptop X412DA_X412DA) (02-06-2021 01:27:49)

Launched from C: Users kayir Downloads

Loaded profiles: kayir

Platform: Windows 10 Home Version 2004 19041.985 (X64) Language: Russian (Russia)

Default browser: Chrome

Boot Mode: Normal

 

===================== Processes (Whitelisted) ==================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSLinkRemoteAsusLinkRemote.exe

(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSLinkNearAsusLinkNear.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSOptimizationAsusOptimization.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSOptimizationAsusOptimizationStartupTask.exe

(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSOptimizationAsusOSD.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSSoftwareManagerAsusSoftwareManager.exe

(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:WindowsSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSSystemAnalysisAsusSystemAnalysis.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Antivirus Freebdagent.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Antivirus Freebdredline.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Antivirus Freeupdatesrv.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Antivirus Freevsserv.exe

(Bitdefender SRL -> Bitdefender) C:Program FilesBitdefender Antivirus Freevsservppl.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <21>

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.XboxGamingOverlay_5.621.4222.0_x64__8wekyb3d8bbweGameBar.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.XboxGamingOverlay_5.621.4222.0_x64__8wekyb3d8bbweGameBarFTServer.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MsMpEng.exe

(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:Program Files (x86)TeamViewerTeamViewer_Service.exe

(YANDEX LLC -> YANDEX LLC) C:Program Files (x86)YandexYandexBrowser21.5.1.355service_update.exe <2>

 

====================== Windows Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry entry will be reset to default or removed. The file will not be moved.)

 

HKLM-x32…Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)

HKUS-1-5-21-4108118228-1903247603-2699730392-1001…Run: [Adguard] => C:Program Files (x86)AdguardAdguard.exe [5759392 2021-04-24] (Adguard Software Limited -> Adguard Software Ltd)

HKUS-1-5-21-4108118228-1903247603-2699730392-1001…Run: [Wappler] => C:UserskayirAppDataLocalWapplerWappler.exe [2032344 2021-04-29] (Dynamic Zones International BV -> Wappler.io)

HKUS-1-5-21-4108118228-1903247603-2699730392-1001…RunOnce: [Uninstall logsCommon] => C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UserskayirAppDataLocalMicrosoftOneDrivelogsCommon”

HKUS-1-5-21-4108118228-1903247603-2699730392-1001…RunOnce: [Uninstall 21.083.0425.0003amd64] => C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UserskayirAppDataLocalMicrosoftOneDrive21.083.0425.0003amd64”

HKUS-1-5-21-4108118228-1903247603-2699730392-1001…RunOnce: [Uninstall 21.083.0425.0003] => C:WINDOWSsystem32cmd.exe /q /c rmdir /s /q “C:UserskayirAppDataLocalMicrosoftOneDrive21.083.0425.0003”

HKLM…PrintMonitorsCNAB4 Monitor: C:WINDOWSsystem32CNAB4LMD.DLL [58880 2012-10-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication90.0.4430.212Installerchrmstp.exe [2021-05-13] (Google LLC -> Google LLC)

Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupCanon LBP2900 Status Window.lnk [2021-05-17]

ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:WindowsSystem32spooldriversx643CNAB4LAD.EXE (CANON INC. -> CANON INC.)

HKLMSOFTWAREPoliciesMozillaFirefox: Ограничение <==== ВНИМАНИЕ

 

===================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be removed unless specified separately.)

 

Task: {0168FC2A-F5BF-47C7-A030-2A1A3BB056FA} – System32TasksMicrosoftWindowsPLA74C0539-0999-4DA9-9D0D-3D016B62F4E9 => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:WINDOWSsystem32pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: {0E126C37-E432-45E9-9C8D-7ED5FDFADE43} – System32TasksВосстановление сервиса обновлений Яндекс.Браузера => C:Program Files (x86)YandexYandexBrowser21.5.1.355service_update.exe [2529376 2021-05-19] (YANDEX LLC -> YANDEX LLC)

Task: {13F834ED-8992-4DAC-85B2-A4ADDFAF1BF5} – System32TasksСистемное обновление Браузера Яндекс => C:Program Files (x86)YandexYandexBrowser21.5.1.355service_update.exe [2529376 2021-05-19] (YANDEX LLC -> YANDEX LLC)

Task: {2C6C3AFA-E85E-4132-8CC7-EB8DA43A56FE} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {2FD03CA2-0374-4D17-8AA3-A53EB8E1C884} – System32TasksSystem update for Yandex Browser => C:Program Files (x86)YandexYandexBrowser20.2.2.261service_update.exe

Task: {4848BC33-39ED-468B-BB27-7EF30DFCBABA} – System32TasksRepairing Yandex Browser update service => C:Program Files (x86)YandexYandexBrowser20.2.2.261service_update.exe

Task: {6EBBFC15-C9EA-474E-9282-DEC624408ABB} – System32TasksMicrosoftWindowsPLAAsusLinkNear => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:WINDOWSsystem32pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

Task: {7D30E65C-B4FE-4B7E-9FDE-650FA3729DDB} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-07-29] (Google LLC -> Google LLC)

Task: {83CCB184-4E8C-47CB-B81F-8D4040274386} – System32TasksASUS Optimization 36D18D69AFC3 => C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSOptimizationAsusHotkeyExec.exe [231968 2021-05-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

Task: {8833A9BC-EEF0-4D9D-AD8C-8086F434FC0D} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {90881846-4AFD-4B01-A6A6-F059A0449964} – System32TasksAsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSSystemAnalysisAsusSystemAnalysis.exe [2562688 2021-05-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

Task: {92AC7440-499B-4723-AB9D-2198DA2DC808} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23124336 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)

Task: {A3E2ED54-94C6-4255-8357-8F81F1E8D23D} – System32TasksASUS Update Checker 2.0 => C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSSoftwareManagerAsusUpdateChecker.exe [756816 2021-05-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

Task: {B20230D6-D604-4E25-AC4C-65C7EF63E575} – System32TasksMicrosoftVisualStudioUpdatesBackgroundDownload => C:program files (x86)microsoft visual studioinstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceBackgroundDownload.exe [64936 2021-01-13] (Microsoft Corporation -> Microsoft)

Task: {B37255CE-05E2-45A2-ADEB-687537A209C2} – System32TasksMcAfeeMcAfee OOBE Patch Telemetry => C:Program FilesCommon FilesMcAfeeModuleCoreDayZeroOOBEFix_64.exe [3499728 2020-05-16] (McAfee, LLC -> McAfee, LLC)

Task: {B420780C-92E6-4AEE-9F31-DDD9DACC6E4A} – System32TasksOneDrive Standalone Update Task-S-1-5-21-4108118228-1903247603-2699730392-500 => C:UserskayirAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe

Task: {B7648C19-C3D7-46BB-B41F-A62619622E3A} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5275568 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Task: {BCDFE050-AB4B-42C0-BFAF-3E4B96351D43} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-07-29] (Google LLC -> Google LLC)

Task: {C787E75B-9B25-4757-954E-7D38AE234798} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [147288 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Task: {C9F21D83-B910-41F3-BEAD-A7AB03592FF3} – System32TasksОбновление Браузера Яндекс => C:Program Files (x86)YandexYandexBrowserApplicationbrowser.exe [4040800 2021-05-19] (YANDEX LLC -> YANDEX LLC)

Task: {D2554C06-F80E-4CAD-AD9B-5F133489A796} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23124336 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)

Task: {D3E933A3-2486-4504-BA91-F3624E74D75B} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {D48F3856-E81C-41AB-AD53-EBA3FD1AE66A} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5275568 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Task: {DA91299B-B317-4C6E-8598-D61856F40A7A} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [147288 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Task: {E5C3973B-775E-4935-BC9B-B6A399DB6F2A} – System32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:Program FilesBitdefender AgentWatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)

Task: {F3E0F4D5-102E-4E81-98EA-1A63A0109BAC} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MpCmdRun.exe [595288 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

 

(If the entry is included in the fixlist, the task file (.job) will be moved. The file being executed by the task will not be moved.)

 

 

Task: C:WINDOWSTasksRepairing Yandex Browser update service.job => C:Program Files (x86)YandexYandexBrowser20.2.2.261service_update.exe

Task: C:WINDOWSTasksSystem update for Yandex Browser.job => C:Program Files (x86)YandexYandexBrowser20.2.2.261service_update.exe

Task: C:WINDOWSTasksВосстановление сервиса обновлений Яндекс.Браузера.job => C:Program Files (x86)YandexYandexBrowser21.5.1.355service_update.exe

Task: C:WINDOWSTasksОбновление Браузера Яндекс.job => C:Program Files (x86)YandexYandexBrowserApplicationbrowser.exe

Task: C:WINDOWSTasksСистемное обновление Браузера Яндекс.job => C:Program Files (x86)YandexYandexBrowser21.5.1.355service_update.exe

 

================================= Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item, it will be removed or reset to its default value.)

 

TcpipParameters: [DhcpNameServer] 192.168.0.1

Tcpip..Interfaces{b2233f6a-5fbc-4b02-bf02-b21aeb3297e0}: [DhcpNameServer] 192.168.0.1

 

Edge: 

=======

Edge Extension: (No name)) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [не найдено]

Edge Extension: (No name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [не найдено]

Edge Extension: (No name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [не найдено]

Edge Extension: (No name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [не найдено]

Edge DefaultProfile: Default

Edge Profile: C:UserskayirAppDataLocalMicrosoftEdgeUser DataDefault [2021-06-02]

Edge StartupUrls: Default -> “hxxps://go.microsoft.com/fwlink/?LinkId=625119&clcid=0x419”

Edge DefaultSearchURL: Default -> hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627

Edge DefaultSearchKeyword: Default -> yandex.ru

Edge Extension: (Dark Reader) – C:UserskayirAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsifoakfbpdcdoeenechcleahebpibofpc [2021-05-04]

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:Program FilesJavajre1.8.0_281bindtpluginnpDeployJava1.dll [2021-01-29] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:Program FilesJavajre1.8.0_281binplugin2npjp2.dll [2021-01-29] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR Profile: C:UserskayirAppDataLocalGoogleChromeUser DataDefault [2021-06-02]

CHR Extension: (Презентации) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2020-07-29]

CHR Extension: (Документы) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2020-07-29]

CHR Extension: (Диск Google) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-10-21]

CHR Extension: (AdGuard Антибаннер) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsbgnkhhnnamicmpeenaelnjfhikgbkllg [2021-06-01]

CHR Extension: (VPN-free.pro – Бесплатный VPN) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsbibjcjfmgapbfoljiojpipaooddpkpai [2021-05-14]

CHR Extension: (Limit – Set Limits for Distracting Sites) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsblcdfhbibkkjpfdddnmnmhfgjlicebba [2021-05-27]

CHR Extension: (YouTube) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-29]

CHR Extension: (Браузерный помощник AdGuard) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsfbohpolgemkbfphodcfgnpjcmedcjhpn [2021-03-05]

CHR Extension: (Таблицы) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2020-07-29]

CHR Extension: (Google Документы офлайн) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-18]

CHR Extension: (MemoryOptimizer) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsjalpnbnfmmgffippepjbdnpabodfcebk [2021-05-27]

CHR Extension: (Grammarly for Chrome) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionskbfnbcaeplbcioakkpcpgfkobkghlhen [2021-05-20]

CHR Extension: (uBlocker – №1 Блокировщик Рекламы) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionslmiknjkanfacinilblfjegkpajpcpjce [2020-07-29]

CHR Extension: (Super Dark Mode) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsnlgphodeccebbcnkgmokeegopgpnjfkc [2021-05-22]

CHR Extension: (Платежная система Интернет-магазина Chrome) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Extension: (MyBib: Free Citation Generator) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsphidhnmbkbkbkbknhldmpmnacgicphkf [2021-02-03]

CHR Extension: (Gmail) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]

CHR Extension: (Chrome Media Router) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-26]

CHR Extension: (uBlocker – №1 Блокировщик Рекламы) – C:UserskayirAppDataLocalGoogleChromeUser DataDefaultExtensionsppdonaappkjkbgbncmmjencphdclioab [2021-05-31]

CHR Profile: C:UserskayirAppDataLocalGoogleChromeUser DataSystem Profile [2020-07-29]

 

Yandex: 

=======

YAN Profile: C:UserskayirAppDataLocalYandexYandexBrowserUser DataDefault [2021-05-31]

YAN DefaultSearchURL: Default -> hxxps://browser-resources.s3.yandex.net/old/get/browser/launcher_images/windows/yandex/pochta_win.targetsize-256.png

YAN Extension: (Я.Почта) – C:UserskayirAppDataLocalYandexYandexBrowserUser DataDefaultExtensionsbcadigmkecmhhknameopgaidphameinh [2021-01-07]

YAN Extension: (AdGuard Антибаннер) – C:UserskayirAppDataLocalYandexYandexBrowserUser DataDefaultExtensionsbgnkhhnnamicmpeenaelnjfhikgbkllg [2021-05-15]

YAN Extension: (Proxy Unblocker DEEPRISM + Free VPN) – C:UserskayirAppDataLocalYandexYandexBrowserUser DataDefaultExtensionscmbbgnpmmhfnhgepdjmfibhiodnnlhpm [2021-02-23]

YAN Extension: (SwagButton) – C:UserskayirAppDataLocalYandexYandexBrowserUser DataDefaultExtensionsgngocbkfmikdgphklgmmehbjjlfgdemm [2021-05-23]

YAN Extension: (Super Dark Mode) – C:UserskayirAppDataLocalYandexYandexBrowserUser DataDefaultExtensionsnlgphodeccebbcnkgmokeegopgpnjfkc [2021-05-23]

 

===================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be removed unless specified separately.)

 

S2 Adguard Service; C:Program Files (x86)AdguardAdguardSvc.exe [176032 2021-04-24] (Adguard Software Limited -> Adguard Software Ltd)

R2 ASUSLinkNear; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSLinkNearAsusLinkNear.exe [1283224 2021-05-28] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

S2 ASUSLinkNearExt; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSLinkNearAsusLinkNearExt.exe [142272 2021-05-28] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)

R2 ASUSLinkRemote; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSLinkRemoteAsusLinkRemote.exe [793696 2021-05-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)

R2 ASUSOptimization; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSOptimizationAsusOptimization.exe [331336 2021-05-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R2 ASUSSoftwareManager; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSSoftwareManagerAsusSoftwareManager.exe [905288 2021-05-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R2 ASUSSystemAnalysis; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSSystemAnalysisAsusSystemAnalysis.exe [2562688 2021-05-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

S2 ASUSSystemDiagnosis; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSSystemDiagnosisAsusSystemDiagnosis.exe [886160 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)

R2 bdredline; C:Program FilesBitdefender Antivirus Freebdredline.exe [2461792 2019-03-27] (Bitdefender SRL -> Bitdefender)

S2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [11279752 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)

S2 CxAudioSvc; C:WindowsCxSvcCxAudioSvc.exe [74344 2019-09-10] (Synaptics Incorporated -> Conexant Systems LLC.)

S2 CxAudMsg; C:WINDOWSSystem32CxAudMsg64.exe [226408 2019-09-10] (Synaptics Incorporated -> Conexant Systems Inc.)

S2 CxUIUSvc; C:WINDOWSSystem32CxUIUSvc64.exe [114024 2019-09-10] (Synaptics Incorporated -> Conexant Systems, Inc.)

S2 ProductAgentService; C:Program FilesBitdefender AgentProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)

R2 TeamViewer; C:Program Files (x86)TeamViewerTeamViewer_Service.exe [13086224 2020-07-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

R2 updatesrv; C:Program FilesBitdefender Antivirus Freeupdatesrv.exe [236128 2020-11-26] (Bitdefender SRL -> Bitdefender)

R2 vsserv; C:Program FilesBitdefender Antivirus Freevsserv.exe [559200 2021-04-02] (Bitdefender SRL -> Bitdefender)

R2 vsservppl; C:Program FilesBitdefender Antivirus Freevsservppl.exe [240352 2020-11-26] (Bitdefender SRL -> Bitdefender)

S3 VSStandardCollectorService150; C:Program Files (x86)Microsoft Visual StudioSharedCommonDiagnosticsHub.Collection.ServiceStandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0NisSrv.exe [2599328 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2104.14-0MsMpEng.exe [128376 2021-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 YandexBrowserService; C:Program Files (x86)YandexYandexBrowser21.5.1.355service_update.exe [2529376 2021-05-19] (YANDEX LLC -> YANDEX LLC)

 

====================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be removed unless specified separately.)

 

R1 adgnetworkwfpdrv; C:WINDOWSSystem32driversadgnetworkwfpdrv.sys [94720 2021-02-20] (Microsoft Windows Hardware Compatibility Publisher -> Adguard Software Ltd)

S3 AppleLowerFilter; C:WINDOWSSystem32driversAppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

R3 AsusPTPDrv; C:WINDOWSSystem32driversAsusPTPFilter.sys [112336 2019-10-02] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)

R1 ASUSSAIO; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSSystemAnalysisASUSSAIO.sys [39040 2021-05-28] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)

R3 AsusSharedCam; C:WINDOWSSystem32DriverStoreFileRepositoryasussharedcam.inf_amd64_6eea5e80a746db2dAsusSharedCam.sys [132528 2021-05-26] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTeK COMPUTER INC.)

R1 atc; C:WINDOWSSystem32DRIVERSatc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)

R1 ATKWMIACPIIO; C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSOptimizationatkwmiacpi64.sys [44680 2021-05-28] (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.)

R2 BdDci; C:WINDOWSsystem32DRIVERSbddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)

S0 bdelam; C:WINDOWSSystem32driversbdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)

S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Файл не подписан]

S3 edrsensor; C:WINDOWSSystem32DRIVERSedrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)

R1 Gemma; C:WINDOWSSystem32DRIVERSgemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)

R2 trufos; C:WINDOWSSystem32driverstrufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)

R0 vlflt; C:WINDOWSSystem32DRIVERSvlflt.sys [386800 2020-10-20] (Bitdefender SRL -> Bitdefender)

S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [49560 2021-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [421112 2021-05-15] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [73960 2021-05-15] (Microsoft Windows -> Microsoft Corporation)

S3 MpKslc3e28f61; ??C:ProgramDataMicrosoftWindows DefenderDefinition Updates{5F49EB3E-916E-4D1D-9BC0-492AC564DF31}MpKslDrv.sys [X]

 

=========================== NetSvcs (Whitelisted)====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be removed unless specified separately.)

 

 

===================== One month (created) (Whitelisted) =========

 

(If the entry is included in the patch list, the file / folder will be moved.)

 

2021-06-02 03:12 – 2021-06-02 03:12 – 106168320 _____ C:WINDOWSsystem32configSOFTWARE

2021-06-02 01:27 – 2021-06-02 01:30 – 000027860 _____ C:UserskayirDownloadsFRST.txt

2021-06-02 01:27 – 2021-06-02 01:28 – 000000000 ____D C:FRST

2021-06-02 01:23 – 2021-06-02 01:24 – 002299904 _____ (Farbar) C:UserskayirDownloadsFRST64.exe

2021-06-02 01:12 – 2021-06-02 01:13 – 000000000 ____D C:AdwCleaner

2021-06-01 21:47 – 2021-06-01 21:47 – 000001198 _____ C:UserskayirAppDataRoamingMicrosoftWindowsStart MenuProgramsBitdefender Antivirus Free.lnk

2021-06-01 21:47 – 2021-06-01 21:47 – 000000000 ____D C:ProgramData48C4687D-9760-4F5B-BAB3-60351B0841E4

2021-06-01 21:47 – 2020-12-18 01:37 – 000022976 _____ (Bitdefender) C:WINDOWSsystem32Driversbdelam.sys

2021-06-01 21:46 – 2021-06-01 21:46 – 000000000 ____D C:ProgramDataBitdefender

2021-06-01 21:46 – 2021-02-26 17:31 – 000641728 _____ (Bitdefender) C:WINDOWSsystem32Driverstrufos.sys

2021-06-01 21:46 – 2021-02-26 12:40 – 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:WINDOWSsystem32Driversatc.sys

2021-06-01 21:46 – 2021-02-16 14:31 – 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:WINDOWSsystem32Driversgemma.sys

2021-06-01 21:46 – 2020-12-04 14:15 – 000802976 _____ (Bitdefender) C:WINDOWSsystem32Driversbddci.sys

2021-06-01 21:46 – 2020-10-20 13:18 – 000386800 _____ (Bitdefender) C:WINDOWSsystem32Driversvlflt.sys

2021-06-01 21:46 – 2020-02-03 15:53 – 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:WINDOWSsystem32Driversedrsensor.sys

2021-06-01 21:44 – 2021-06-01 21:44 – 000088236 _____ C:ProgramDataagent.update.1622562245.bdinstall.v2.bin

2021-06-01 21:39 – 2021-06-02 01:33 – 000000000 ____D C:Program FilesBitdefender Antivirus Free

2021-06-01 21:33 – 2021-06-01 21:33 – 000003802 _____ C:WINDOWSsystem32TasksBitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864

2021-06-01 21:31 – 2021-06-01 21:44 – 000000000 ____D C:Program FilesBitdefender Agent

2021-06-01 21:31 – 2021-06-01 21:31 – 000117420 _____ C:ProgramDataagent.1622561497.bdinstall.v2.bin

2021-06-01 21:31 – 2021-06-01 21:31 – 000000000 ____D C:ProgramDataBitdefender Agent

2021-06-01 11:23 – 2021-06-01 11:23 – 000000939 _____ C:UserskayirDocumentslol.drawio

2021-06-01 01:58 – 2021-06-02 03:12 – 000000000 ____D C:WINDOWSMicrosoft Antimalware

2021-05-29 20:57 – 2021-05-29 20:57 – 000000000 ____D C:UserskayirAppDataRoamingTelegram Desktop

2021-05-29 20:57 – 2021-05-29 20:57 – 000000000 ____D C:UserskayirAppDataRoamingMicrosoftWindowsStart MenuProgramsTelegram Desktop

2021-05-25 13:27 – 2021-05-25 13:29 – 000000000 ____D C:UserskayirDownloads.idea

2021-05-23 17:29 – 2021-05-23 17:29 – 000002514 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsSkype для бизнеса.lnk

2021-05-23 17:29 – 2021-05-23 17:29 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsСредства Microsoft Office

2021-05-18 22:31 – 2021-05-18 22:31 – 003977944 _____ C:UserskayirDownloadsХабит Перизат Срс1.pdf

2021-05-14 09:31 – 2021-05-14 09:31 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb

2021-05-14 09:31 – 2021-05-14 09:31 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb

2021-05-14 09:31 – 2021-05-14 09:31 – 001687040 _____ C:WINDOWSsystem32libcrypto.dll

2021-05-14 09:31 – 2021-05-14 09:31 – 001314120 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-05-14 09:31 – 2021-05-14 09:31 – 001163776 _____ C:WINDOWSsystem32MBR2GPT.EXE

2021-05-14 09:31 – 2021-05-14 09:31 – 000700928 _____ C:WINDOWSsystem32FsNVSDeviceSource.dll

2021-05-14 09:31 – 2021-05-14 09:31 – 000011351 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-05-14 09:30 – 2021-05-14 09:30 – 001823816 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-05-14 09:30 – 2021-05-14 09:30 – 001393504 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-05-14 09:30 – 2021-05-14 09:30 – 000165888 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe

2021-05-14 09:30 – 2021-05-14 09:30 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe

2021-05-14 09:30 – 2021-05-14 09:30 – 000013312 _____ C:WINDOWSsystem32agentactivationruntimestarter.exe

2021-05-14 02:25 – 2021-05-14 02:25 – 000304693 _____ C:UserskayirDownloadsAppendix A .pptx

2021-05-11 09:34 – 2021-05-11 09:34 – 000695090 _____ C:UserskayirDownloadsa pie chart (1).pptx

2021-05-04 20:14 – 2021-05-04 20:14 – 000000000 ____D C:UserskayirAppDataRoamingMicrosoftWindowsStart MenuProgramsWappler

2021-05-04 20:12 – 2021-05-05 19:34 – 000000000 ____D C:UserskayirAppDataLocalWappler

2021-05-04 14:48 – 2021-05-07 03:23 – 000000000 ____D C:UserskayirAppDataRoamingdiscord

2021-05-04 14:48 – 2021-05-07 00:42 – 000000000 ____D C:UserskayirAppDataLocalDiscord

2021-05-04 14:48 – 2021-05-04 14:48 – 000000000 ____D C:UserskayirAppDataRoamingMicrosoftWindowsStart MenuProgramsDiscord Inc

 

===================== One month (changed) ==================

 

(If the entry is included in the patch list, the file / folder will be moved.)

 

2021-06-02 01:26 – 2021-02-23 11:32 – 000003752 _____ C:WINDOWSsystem32TasksAsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474

2021-06-02 01:25 – 2020-05-16 11:01 – 000000504 _____ C:WINDOWSTasksSystem update Yandex.job Browser Яндекс.job

2021-06-02 01:25 – 2020-05-16 11:01 – 000000464 _____ C:WINDOWSTasksRestore the Yandex Browser update service.job

2021-06-02 01:24 – 2019-12-07 15:13 – 000000000 ____D C:WINDOWSINF

2021-06-02 01:23 – 2021-01-08 01:39 – 000000000 ____D C:ProgramDataAdguard

2021-06-02 01:17 – 2019-12-07 15:03 – 000032768 _____ C:WINDOWSsystem32configELAM

2021-06-02 01:12 – 2019-12-07 15:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-06-02 01:10 – 2020-05-16 11:16 – 000000000 ___RD C:UserskayirOneDrive

2021-06-02 00:37 – 2021-02-23 11:26 – 000000000 ____D C:Userskayir

2021-06-02 00:17 – 2021-02-23 11:34 – 001663222 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-06-02 00:17 – 2019-12-07 20:34 – 000735098 _____ C:WINDOWSsystem32perfh019.dat

2021-06-02 00:17 – 2019-12-07 20:34 – 000144074 _____ C:WINDOWSsystem32perfc019.dat

2021-06-02 00:12 – 2021-02-23 11:32 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-06-02 00:12 – 2021-02-23 11:25 – 000008192 ___SH C:DumpStack.log.tmp

2021-06-02 00:12 – 2020-07-29 16:53 – 000000000 ____D C:Program Files (x86)TeamViewer

2021-06-02 00:11 – 2020-05-16 11:14 – 000000000 ____D C:UserskayirAppDataLocalD3DSCache

2021-06-02 00:11 – 2019-12-07 15:03 – 000786432 _____ C:WINDOWSsystem32configBBI

2021-06-01 22:09 – 2019-12-07 15:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-06-01 22:09 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-06-01 21:47 – 2019-12-07 15:14 – 000000000 ___HD C:WINDOWSELAMBKUP

2021-06-01 21:42 – 2020-09-02 13:00 – 000000000 ____D C:Program FilesDrWeb

2021-06-01 21:42 – 2020-09-02 12:59 – 000000000 ____D C:ProgramDataDoctor Web

2021-06-01 21:42 – 2020-07-29 13:44 – 000000448 _____ C:WINDOWSTasksОбновление Браузера Яндекс.job

2021-06-01 21:41 – 2021-02-23 11:32 – 000000000 ____D C:WINDOWSsystem32TasksDoctor Web

2021-06-01 20:05 – 2021-02-23 11:25 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-06-01 15:54 – 2021-02-23 11:32 – 000004122 _____ C:WINDOWSsystem32TasksASUS Update Checker 2.0

2021-06-01 15:53 – 2021-02-23 11:32 – 000003764 _____ C:WINDOWSsystem32TasksASUS Optimization 36D18D69AFC3

2021-05-31 21:55 – 2020-05-16 11:16 – 000000000 ____D C:UserskayirAppDataLocalPlaceholderTileLogoFolder

2021-05-31 21:51 – 2020-05-16 11:14 – 000000000 ____D C:UserskayirAppDataLocalPackages

2021-05-31 21:36 – 2021-03-04 12:20 – 000000000 ____D C:UserskayirDownloadskaz history

2021-05-31 20:03 – 2021-01-08 01:55 – 000000000 ____D C:Program Files (x86)Adguard

2021-05-30 19:19 – 2021-02-23 11:25 – 000437904 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-05-30 19:16 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSLiveKernelReports

2021-05-29 15:37 – 2019-12-07 15:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared

2021-05-29 15:37 – 2019-10-19 01:50 – 000000000 ____D C:Program FilesMicrosoft Office

2021-05-29 14:46 – 2020-09-07 08:43 – 000002452 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-05-27 12:14 – 2021-02-23 11:32 – 000003678 _____ C:WINDOWSsystem32TasksСистемное обновление Браузера Яндекс

2021-05-27 12:14 – 2021-02-23 11:32 – 000003568 _____ C:WINDOWSsystem32TasksВосстановление сервиса обновлений Яндекс.Браузера

2021-05-27 12:14 – 2020-05-16 09:37 – 000002371 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsYandex.lnk

2021-05-23 17:29 – 2021-01-26 15:33 – 000002454 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAccess.lnk

2021-05-23 17:29 – 2021-01-26 15:33 – 000002439 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOutlook.lnk

2021-05-23 17:29 – 2021-01-26 15:33 – 000002429 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOneNote.lnk

2021-05-23 17:29 – 2020-07-29 17:32 – 000002497 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsExcel.lnk

2021-05-23 17:29 – 2020-07-29 17:32 – 000002469 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsWord.lnk

2021-05-23 17:29 – 2020-07-29 17:32 – 000002442 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPowerPoint.lnk

2021-05-23 17:29 – 2020-07-29 17:32 – 000002405 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPublisher.lnk

2021-05-17 20:58 – 2020-09-01 10:26 – 000000000 ____D C:UserskayirAppDataLocalElevatedDiagnostics

2021-05-15 14:11 – 2019-10-19 01:47 – 000000000 ____D C:WINDOWSsystem32Driverswd

2021-05-15 14:00 – 2019-12-07 15:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-05-15 02:42 – 2021-01-08 01:55 – 000000000 ____D C:ProgramDataPackage Cache

2021-05-15 02:42 – 2021-01-08 01:55 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsAdGuard

2021-05-15 02:41 – 2019-12-07 20:35 – 000000000 ____D C:WINDOWSsystem32OpenSSH

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ___RD C:WINDOWSPrintDialog

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSSysWOW64WinMetadata

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSSysWOW64setup

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSSysWOW64oobe

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSSysWOW64lt-LT

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSSystemResources

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSsystem32WinMetadata

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSsystem32SystemResetPlatform

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSsystem32setup

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSsystem32lt-LT

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSsystem32Dism

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSProvisioning

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSPolicyDefinitions

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSDiagTrack

2021-05-15 02:41 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-05-14 09:36 – 2019-12-07 15:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-05-14 09:35 – 2019-12-07 20:37 – 000023552 _____ (Microsoft Corporation) C:WINDOWSsystem32OEMDefaultAssociations.dll

2021-05-14 09:13 – 2020-07-29 15:22 – 000000000 ____D C:WINDOWSsystem32MRT

2021-05-14 08:56 – 2020-07-29 15:21 – 132732536 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-05-13 01:27 – 2020-07-29 16:58 – 000002299 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-05-12 21:04 – 2020-08-21 11:07 – 000002370 _____ C:UserskayirAppDataRoamingMicrosoftWindowsStart MenuProgramsMicrosoft Teams.lnk

2021-05-05 10:07 – 2019-12-07 15:14 – 000000000 ____D C:WINDOWSsystem32NDF

2021-05-04 22:32 – 2021-01-14 00:23 – 000000000 ____D C:UserskayirAppDataLocal.IdentityService

2021-05-04 14:48 – 2020-08-21 11:07 – 000000000 ____D C:UserskayirAppDataLocalSquirrelTemp

 

===================== Files in the root of directories ========

 

2020-12-26 05:00 – 2020-12-26 05:00 – 000000258 _____ () C:ProgramDatafontcacheev1.dat

 

====================== SigCheck ============================

 

(There is no automatic fix for files that fail validation.)

 

===================== End of FRST.txt =============================

 

 

 

 

*********************************************************Addition.txt*******************************************************************

Farbar Recovery Scan Tool Additional Scan Results (x64) Version: 05/29/2021 01

Started with kayir (02-06-2021 01:36:30)

Launched from C: Users kayir Downloads

Windows 10 Home Version 2004 19041.985 (X64) (2021-02-23 05:32:21)

Boot Mode: Normal

================================================== ========

 

 

=================================================================================================== ==

 

DefaultAccount (S-1-5-21-4108118228-1903247603-2699730392-503 – Limited – Disabled)

kayir (S-1-5-21-4108118228-1903247603-2699730392-1001 – Administrator – Enabled) => C: Users kayir

WDAGUtilityAccount (S-1-5-21-4108118228-1903247603-2699730392-504 – Limited – Disabled)

Administrator (S-1-5-21-4108118228-1903247603-2699730392-500 – Administrator – Disabled)

Guest (S-1-5-21-4108118228-1903247603-2699730392-501 – Limited – Disabled)

 

====================== Security Center ======================================================================================================================================================================================================================================================================

 

(If an entry is included in the fixlist, it will be removed)

 

AV: Bitdefender Antivirus Free Antimalware (Enabled – Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: McAfee VirusScan (Enabled – Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}

FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}

 

===================== Installed programs ===========================================================================================================================================================================================================================================================================

 

(Only adware with the Hidden flag can be added to the fixlist to show it.)

 

7-Zip 20.00 alpha (x64) (HKLM…7-Zip) (Version: 20.00 alpha – Igor Pavlov)

AdGuard (HKLM-x32…{38f147cd-9529-4deb-a946-3525e2b4f8e4}) (Version: 7.6.3583.0 – Adguard Software Ltd)

AdGuard (HKLM-x32…{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.6.3583.0 – Adguard Software Ltd) Hidden

Application Verifier x64 External Package (HKLM…{10CA1677-8F02-3131-F25C-780BAB52E468}) (Version: 10.1.18362.1 – Microsoft) Hidden

Bitdefender Agent (HKLM…Bitdefender Agent) (Version: 25.0.1.177 – Bitdefender)

Bitdefender Antivirus Free (HKLM…{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.21.234 – Bitdefender)

C# to C++ Converter (HKLM-x32…C# to C++ Converter_is1) (Version:  – Tangible Software Solutions)

Canon LBP2900 (HKLM…Canon LBP2900) (Version:  – )

DiagnosticsHub_CollectionService (HKLM…{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 – Microsoft Corporation) Hidden

Discord (HKUS-1-5-21-4108118228-1903247603-2699730392-1001…Discord) (Version: 1.0.9001 – Discord Inc.)

Google Chrome (HKLM-x32…Google Chrome) (Version: 90.0.4430.212 – Google LLC)

icecap_collection_neutral (HKLM-x32…{7C703135-98AC-4EB9-86C0-0C3169C99649}) (Version: 16.8.30509 – Microsoft Corporation) Hidden

icecap_collection_x64 (HKLM…{7C914878-C64B-4CA6-8E41-91308877A586}) (Version: 16.8.30509 – Microsoft Corporation) Hidden

icecap_collectionresources (HKLM-x32…{A6DF6B5A-FC53-4D9C-A4E9-ADB9F83EF816}) (Version: 16.8.30607 – Microsoft Corporation) Hidden

icecap_collectionresourcesx64 (HKLM-x32…{FAA74357-1A5E-4B38-8653-0CDFB9799F5E}) (Version: 16.8.30530 – Microsoft Corporation) Hidden

Java 8 Update 281 (64-bit) (HKLM…{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 – Oracle Corporation)

Java™ SE Development Kit 15.0.2 (64-bit) (HKLM…{2041CF7D-1F63-5C58-9F35-C445251E39C9}) (Version: 15.0.2.0 – Oracle Corporation)

JetBrains ReSharper in Visual Studio Community 2019 (HKUS-1-5-21-4108118228-1903247603-2699730392-1001…{0a8dd090-b31f-5cc8-81be-85f1f6cdbe32}) (Version: 2020.3.2 – JetBrains s.r.o.)

Kits Configuration Installer (HKLM-x32…{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 – Microsoft) Hidden

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 91.0.864.37 – Корпорация Майкрософт)

Microsoft System CLR Types для SQL Server 2019 CTP2.2 (HKLM…{AFACBF07-24D7-4590-BB58-7C6F7B864CA0}) (Version: 15.0.1200.24 – Microsoft Corporation)

Microsoft System CLR Types для SQL Server 2019 CTP2.2 (HKLM-x32…{069EB8DB-4986-4240-96DC-1C643EE804AB}) (Version: 15.0.1200.24 – Microsoft Corporation)

Microsoft Teams (HKUS-1-5-21-4108118228-1903247603-2699730392-1001…Teams) (Version: 1.4.00.11161 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29334 (HKLM-x32…{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.28.29334 (HKLM-x32…{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 – Microsoft Corporation)

Microsoft Visual Studio Installer (HKLM…{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.8.3077.1211 – Microsoft Corporation)

MIT App Inventor Tools 2.3.0 (HKLM-x32…MIT App Inventor Tools) (Version: 2.3.0 – Massachusetts Institute of Technology)

MSI Development Tools (HKLM-x32…{DB4DB790-64DD-1902-4BF2-833B3B6DBCA1}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

Notepad++ (32-bit x86) (HKLM-x32…Notepad++) (Version: 7.9.2 – Notepad++ Team)

Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM…{90160000-008C-0419-1000-0000000FF1CE}) (Version: 16.0.14026.20246 – Microsoft Corporation) Hidden

PhpStorm 2020.3.2 (HKLM-x32…PhpStorm 2020.3.2) (Version: 203.7148.74 – JetBrains s.r.o.)

PyCharm Edu 2020.3.1 (HKLM-x32…PyCharm Edu 2020.3.1) (Version: 203.6682.209 – JetBrains s.r.o.)

Python 3.8.2 (64-bit) (HKUS-1-5-21-4108118228-1903247603-2699730392-1001…{13ee6ab9-4dca-406c-bc3b-5d86391d39a1}) (Version: 3.8.2150.0 – Python Software Foundation)

Python 3.8.2 Add to Path (64-bit) (HKLM…{88AF4D20-BE9D-4CA6-8BD4-5DB380A41CC8}) (Version: 3.8.2150.0 – Python Software Foundation) Hidden

Python 3.8.2 Core Interpreter (64-bit) (HKLM…{AD923240-0ACE-45C9-8749-05BF77AAE101}) (Version: 3.8.2150.0 – Python Software Foundation) Hidden

Python 3.8.2 Development Libraries (64-bit) (HKLM…{BDFB7011-0AB2-440F-8F00-32AF7A9ED1ED}) (Version: 3.8.2150.0 – Python Software Foundation) Hidden

Python 3.8.2 Documentation (64-bit) (HKLM…{65B0F976-5151-427E-95B4-2320DC64F91E}) (Version: 3.8.2150.0 – Python Software Foundation) Hidden

Python 3.8.2 Executables (64-bit) (HKLM…{A36C1168-60E6-42E4-93DB-6BE8C6DD9DD6}) (Version: 3.8.2150.0 – Python Software Foundation) Hidden

Python 3.8.2 pip Bootstrap (64-bit) (HKLM…{8EEE042B-6EAF-4171-BA6E-01319ED99DA8}) (Version: 3.8.2150.0 – Python Software Foundation) Hidden

Python 3.8.2 Standard Library (64-bit) (HKLM…{33F9B46C-EB19-4BB7-ABFA-F8C71B73E9A4}) (Version: 3.8.2150.0 – Python Software Foundation) Hidden

Python 3.8.2 Tcl/Tk Support (64-bit) (HKLM…{FCA1EB7D-2F62-4659-AA5F-42C37CE5D3CB}) (Version: 3.8.2150.0 – Python Software Foundation) Hidden

Python 3.8.2 Test Suite (64-bit) (HKLM…{F6DA05CF-67B5-47D0-ABD4-371C80BA0717}) (Version: 3.8.2150.0 – Python Software Foundation) Hidden

Python 3.8.2 Utility Scripts (64-bit) (HKLM…{52AB506A-EC3C-4060-9EBF-6A975994CB35}) (Version: 3.8.2150.0 – Python Software Foundation) Hidden

Python Launcher (HKLM-x32…{AF12A465-EA47-447D-B6BF-2A82CDBE2F0E}) (Version: 3.8.6994.0 – Python Software Foundation)

SDK ARM Additions (HKLM-x32…{73681F86-CD86-4208-572F-959B45430B04}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

SDK ARM Redistributables (HKLM-x32…{67EE3804-9642-62BA-EBF1-B1561FB4ECBE}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

Teams Machine-Wide Installer (HKLM-x32…{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.28779 – Microsoft Corporation)

TeamViewer (HKLM-x32…TeamViewer) (Version: 15.8.3 – TeamViewer)

Telegram Desktop, версия 2.7.4 (HKUS-1-5-21-4108118228-1903247603-2699730392-1001…{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.4 – Telegram FZ-LLC)

Universal CRT Extension SDK (HKLM-x32…{13952D7A-B7B3-F4F8-5F29-5CD18E8168B7}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

Universal CRT Headers Libraries and Sources (HKLM-x32…{74CBC330-ED16-31B9-E8BE-0C6A8E67DE32}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

Universal CRT Redistributable (HKLM-x32…{847D4DAF-0182-265B-324F-406462E8A90D}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

Universal CRT Tools x64 (HKLM…{54FE4D23-11A2-F1C4-76E9-79C8FB40A4A1}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

Universal CRT Tools x86 (HKLM-x32…{9F7B0D96-881D-8850-C303-43F3A08E6902}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

Universal General MIDI DLS Extension SDK (HKLM-x32…{6F54BF87-2EE6-FA6D-431D-33A665992D49}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

Update for  (KB2504637) (HKLM-x32…{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 – Microsoft Corporation)

vcpp_crt.redist.clickonce (HKLM-x32…{A615798D-3655-4776-A20F-786C49C17E0E}) (Version: 14.28.29334 – Microsoft Corporation) Hidden

Visual Studio Community 2019 (HKLM-x32…1386c8ac) (Version: 16.8.31005.135 – Microsoft Corporation)

VS Immersive Activate Helper (HKLM-x32…{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden

VS JIT Debugger (HKLM…{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden

VS Script Debugging Common (HKLM…{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden

vs_communitymsi (HKLM-x32…{DEB11EB7-B61A-4883-8CB0-99013A4873AB}) (Version: 16.8.30608 – Microsoft Corporation) Hidden

vs_communitymsires (HKLM-x32…{E3358654-0480-49F3-B416-4ABB9A806F4B}) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_devenvmsi (HKLM-x32…{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_filehandler_amd64 (HKLM-x32…{E9439DB7-BF01-4820-8CB1-80957150AB86}) (Version: 16.8.30530 – Microsoft Corporation) Hidden

vs_filehandler_x86 (HKLM-x32…{8990F1B6-F880-4E73-A2D9-7A611F4C38A1}) (Version: 16.8.30530 – Microsoft Corporation) Hidden

vs_FileTracker_Singleton (HKLM-x32…{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 – Microsoft Corporation) Hidden

vs_Graphics_Singletonx64 (HKLM…{2EE7854B-D67F-41D8-94F4-D885FA7C4385}) (Version: 16.8.30608 – Microsoft Corporation) Hidden

vs_Graphics_Singletonx86 (HKLM-x32…{4085E209-B871-4079-B58D-778D5293AFD5}) (Version: 16.8.30608 – Microsoft Corporation) Hidden

vs_minshellinteropmsi (HKLM-x32…{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 – Microsoft Corporation) Hidden

vs_minshellmsi (HKLM-x32…{08AF5DA9-F3BD-4B59-8D99-C47CC4D53CAD}) (Version: 16.8.30530 – Microsoft Corporation) Hidden

vs_minshellmsires (HKLM-x32…{A8BF4161-8589-4BD5-A3E4-36C4AFCCADF3}) (Version: 16.8.30530 – Microsoft Corporation) Hidden

vs_tipsmsi (HKLM-x32…{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_vswebprotocolselectormsi (HKLM-x32…{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 – Microsoft Corporation) Hidden

vs_vswebprotocolselectormsires (HKLM-x32…{20830AE3-4D77-40B0-B096-2EB8A32EE8D0}) (Version: 16.8.30509 – Microsoft Corporation) Hidden

Wappler (HKUS-1-5-21-4108118228-1903247603-2699730392-1001…Wappler) (Version: 3.9.7 – Wappler.io)

WinAppDeploy (HKLM-x32…{8E3AE0EF-D067-700C-BDB4-10D5552155DC}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

Windows SDK AddOn (HKLM-x32…{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 – Microsoft Corporation)

Windows Software Development Kit – Windows 10.0.18362.1 (HKLM-x32…{126dedf0-cc0e-4b48-9ece-806b0e437195}) (Version: 10.1.18362.1 – Microsoft Corporation)

WinRT Intellisense Desktop – en-us (HKLM-x32…{E67F1F03-FB4A-3D61-8999-E6A4C4B26F34}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

WinRT Intellisense Desktop – Other Languages (HKLM-x32…{7EF010FF-7800-28BA-FF49-2D219EC7BA82}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

WinRT Intellisense IoT – en-us (HKLM-x32…{36AE12FB-4349-6EAA-B6E4-5F4E06FA8AE8}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

WinRT Intellisense IoT – Other Languages (HKLM-x32…{6B03A6A4-643C-57CE-CA6F-4E19BF47497A}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

WinRT Intellisense Mobile – en-us (HKLM-x32…{918A448F-59E8-FBF5-B087-D3F07160C7E0}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

WinRT Intellisense PPI – en-us (HKLM-x32…{66483041-F590-EC46-4AF0-EE39C62FB680}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

WinRT Intellisense PPI – Other Languages (HKLM-x32…{9C61E6D2-C43E-6746-B519-6185558C4A24}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

WinRT Intellisense UAP – en-us (HKLM-x32…{6B37CC5B-78DF-5050-2215-68479716A587}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

WinRT Intellisense UAP – Other Languages (HKLM-x32…{250D5341-0879-4016-399C-BBCD87B80E95}) (Version: 10.1.18362.1 – Microsoft Corporation) Hidden

XAMPP (HKLM…xampp) (Version: 8.0.2-0 – Bitnami)

Yandex (All Users) (HKLM-x32…YandexBrowser) (Version: 21.5.1.355 – ООО «ЯНДЕКС»)

Zoom (HKUS-1-5-21-4108118228-1903247603-2699730392-1001…ZoomUMX) (Version: 5.2.2 (45108.0831) – Zoom Video Communications, Inc.)

Microsoft 365 Enterprise Apps – en-us (HKLM … O365ProPlusRetail – en-us) (Version: 16.0.14026.20246 – Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32 … Microsoft EdgeWebView) (Version: 91.0.864.37 – Microsoft)

 

Packages:

=========

AMD Radeon Software -> C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10027.0_x64__0a9344xs7nr4m [2021-05-11] (Advanced Micro Devices Inc.) [Startup Task]

AMD Radeon™ Settings Lite -> C:Program FilesWindowsAppsAdvancedMicroDevicesInc-2.59462344778C5_10.19.10006.0_x64__0a9344xs7nr4m [2021-05-11] (Advanced Micro Devices Inc.)

Lunacy -> C:Program FilesWindowsAppsIcons8LLC.Lunacy_7.0.0.0_x64__7g68zyg4rddyp [2021-06-01] (Icons8 LLC)

McAfee® Personal Security -> C:Program FilesWindowsApps5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy [2021-05-05] (McAfee LLC.)

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-23] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-23] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-22] (Microsoft Studios) [MS Ad]

MyASUS -> C:Program FilesWindowsAppsB9ECED6F.ASUSPCAssistant_3.0.7.0_x64__qmba6cd70vzyy [2021-06-01] (ASUSTeK COMPUTER INC.)

SmartAudio 3 -> C:Program FilesWindowsApps22094SynapticsIncorporate.SmartAudio3_1.0.79.0_x64__qt57b6kdvhcfw [2021-05-26] (Synaptics Hong Kong Limited, Taiwan Branch (H.K.))

Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0 [2021-06-01] (Spotify AB) [Startup Task]

Photos Add-in -> C:Program FilesWindowsAppsMicrosoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)

Photos Application Media Module Add-in -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-06] (Microsoft Corporation)

 

===================== Custom CLSIDs (Whitelisted): ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be removed unless specified separately.)

 

CustomCLSID: HKUS-1-5-21-4108118228-1903247603-2699730392-1001_ClassesCLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}InprocServer32 -> C:UserskayirAppDataLocalMicrosoftTeamsMeetingAddin1.0.21063.3x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-4108118228-1903247603-2699730392-1001_ClassesCLSID{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}InprocServer32 -> C:UserskayirAppDataLocalMicrosoftTeamsMeetingAddin1.0.20244.4x64Microsoft.Teams.AddinLoader.dll => Нет файла

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Нет файла

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2020-02-06] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:Program Files (x86)Notepad++NppShell_06.dll [2021-01-01] (Notepad++ -> )

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2020-02-06] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2020-02-06] (Igor Pavlov) [File not signed]

 

====================== Codecs (Whitelisted) ==================================================================================== Codecs (Whitelisted) ================================================================================== Codecs (Whitelisted) =====================

 

===================================================================================================================================================================================================================================================

 

(Entries can be listed for recovery or deletion.)

 

Shortcut: C:UserskayirAppDataRoamingMicrosoftWindowsStart MenuProgramsTelegram DesktopДеинсталлировать Telegram.lnk -> C:UserskayirAppDataRoamingTelegram Desktopunins000.exe (Telegram FZ-LLC                                             ) <==== Cyrillic

Shortcut: C:UserskayirAppDataRoamingMicrosoftWindowsSendToПередача файлов через Bluetooth.LNK -> C:WindowsSystem32fsquirt.exe (Microsoft Corporation) <==== Cyrillic

Shortcut: C:ProgramDataMicrosoftWindowsStart MenuProgramsSkype для бизнеса.lnk -> C:Program FilesMicrosoft OfficerootOffice16lync.exe (Microsoft Corporation) <==== Cyrillic

ShortcutWithArgument: C:UserskayirAppDataRoamingMicrosoftWindowsSendToПолучатель факса.lnk -> C:WindowsSystem32WFS.exe (Microsoft Corporation) -> /SendTo <==== Cyrillic

 

===================== Loaded Modules (Whitelisted) ==============

 

2020-07-29 17:11 – 2020-02-06 19:00 – 000076800 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll

 

===================== Alternate Data Streams (Whitelisted) ========

 

===================== Safe Mode (Whitelisted) ================================================================================================ Safe Mode (Whitelisted) ============================================================================================== Safe Mode (Whitelisted) ===================

 

===================== Association (Whitelisted) =================

 

===================== Internet Explorer (Whitelisted) ==========

 

HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

HKUS-1-5-21-4108118228-1903247603-2699730392-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

HKUS-1-5-21-4108118228-1903247603-2699730392-1001SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://www.msn.com/?pc=ASTE

SearchScopes: HKUS-1-5-21-4108118228-1903247603-2699730392-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627

SearchScopes: HKUS-1-5-21-4108118228-1903247603-2699730392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKUS-1-5-21-4108118228-1903247603-2699730392-1001 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootOffice16OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program FilesJavajre1.8.0_281binssv.dll [2021-01-29] (Oracle America, Inc. -> Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program FilesJavajre1.8.0_281binjp2ssv.dll [2021-01-29] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU S-1-5-21-4108118228-1903247603-2699730392-1001 … sharepoint.com -> hxxps: //mailedu-files.sharepoint.com

 

===================== Hosts content: ==============================================================================

 

(Optionally, the Hosts: directive can be included in the fixlist to reset the Hosts file)

 

2019-03-19 10:49 – 2019-03-19 10:49 – 000000824 _____ C:WINDOWSsystem32driversetchosts

 

===================== Other areas ===============================================================================================================================

 

(There is currently no automatic fix for this section.)

 

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program FilesPython38Scripts;C:Program FilesPython38;C:Program FilesCommon FilesOracleJavajavapath;C:Program Files (x86)Common FilesOracleJavajavapath;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH

HKUS-1-5-21-4108118228-1903247603-2699730392-1001Control PanelDesktop\Wallpaper -> C:UserskayirDownloads1754609 (1).jpg

DNS Servers: 192.168.0.1

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows firewall is on

 

===================== MSCONFIG / TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed)

 

HKU S-1-5-21-4108118228-1903247603-2699730392-1001 … StartupApproved Run: => “OneDrive”

HKU S-1-5-21-4108118228-1903247603-2699730392-1001 … StartupApproved Run: => “GoogleChromeAutoLaunch_8B4C6590B91841D8493E8E7E1F4125BE”

 

===================== Firewall Rules (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be removed unless specified separately.)

 

FirewallRules: [{1138AD26-1489-4B4F-BE95-C994E648638E}] => (Block) C:program filesjetbrainsphpstorm 2020.3.2binphpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)

FirewallRules: [{1CACB72C-69B6-4D29-A23C-ED858337E6B5}] => (Block) C:program filesjetbrainsphpstorm 2020.3.2binphpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)

FirewallRules: [UDP Query User{96CFFC64-0F97-483F-BCCD-23B915F00C87}C:program filesjetbrainsphpstorm 2020.3.2binphpstorm64.exe] => (Allow) C:program filesjetbrainsphpstorm 2020.3.2binphpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)

FirewallRules: [TCP Query User{E8EC5DD8-533B-4C10-81BC-6E10CA7FA71E}C:program filesjetbrainsphpstorm 2020.3.2binphpstorm64.exe] => (Allow) C:program filesjetbrainsphpstorm 2020.3.2binphpstorm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.)

FirewallRules: [{87614A95-E881-471A-A1E9-2FB317272A0D}] => (Block) C:xamppmysqlbinmysqld.exe (MariaDB Corporation Ab -> )

FirewallRules: [{AC36D6DD-AAEB-4CB9-8817-2E640EC232C2}] => (Block) C:xamppmysqlbinmysqld.exe (MariaDB Corporation Ab -> )

FirewallRules: [UDP Query User{1586A644-CF0C-4FC3-B1FC-1E3998F706E1}C:xamppmysqlbinmysqld.exe] => (Allow) C:xamppmysqlbinmysqld.exe (MariaDB Corporation Ab -> )

FirewallRules: [TCP Query User{76A4C502-62A3-4896-A867-C08CD1815062}C:xamppmysqlbinmysqld.exe] => (Allow) C:xamppmysqlbinmysqld.exe (MariaDB Corporation Ab -> )

FirewallRules: [{9FC0D0C5-0281-45F8-A1C4-0525EE6BFD59}] => (Block) C:xamppapachebinhttpd.exe (Apache Software Foundation) [Файл не подписан]

FirewallRules: [{6BF2C2B2-18D6-44E2-ADC1-58F0A024B914}] => (Block) C:xamppapachebinhttpd.exe (Apache Software Foundation) [Файл не подписан]

FirewallRules: [UDP Query User{0D472541-D98C-4081-9CB7-8835D5F40A84}C:xamppapachebinhttpd.exe] => (Allow) C:xamppapachebinhttpd.exe (Apache Software Foundation) [Файл не подписан]

FirewallRules: [TCP Query User{AB49F980-050F-4E6F-98E5-F24F04D7E8AD}C:xamppapachebinhttpd.exe] => (Allow) C:xamppapachebinhttpd.exe (Apache Software Foundation) [Файл не подписан]

FirewallRules: [{23A6F207-77FD-42DA-BBB0-522D21929971}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{1FA8CE67-C563-4E4A-A913-CF09642500E8}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{D7E91FC6-87AC-4DA1-8BFC-FD49374A841D}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{4A6FBF59-DE74-436E-BD64-EC6835B6B77E}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{DD7DC7AD-FC17-4971-AEBD-7CCA7D137A37}] => (Allow) C:Program Files (x86)AdguardAdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)

FirewallRules: [UDP Query User{F37156CD-CF52-4991-B7DC-D81F1E67C036}C:userskayirappdatalocalmicrosoftteamscurrentteams.exe] => (Block) C:userskayirappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{CFBFE0C4-6D2E-489E-8E9D-4DF3FF6DA3A1}C:userskayirappdatalocalmicrosoftteamscurrentteams.exe] => (Block) C:userskayirappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [UDP Query User{F702B248-87ED-40A8-8A07-417D3AAA8C63}C:userskayirappdatalocalmicrosoftteamscurrentteams.exe] => (Block) C:userskayirappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{577A3EC9-D218-44CE-B9A4-C0CD2033E2C4}C:userskayirappdatalocalmicrosoftteamscurrentteams.exe] => (Block) C:userskayirappdatalocalmicrosoftteamscurrentteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{F24D5F49-A0BC-411C-B9BC-4AC0340DED96}] => (Allow) C:WindowsSystem32CNAB4RPD.EXE (CANON INC. -> CANON INC.)

FirewallRules: [{3B9540F1-F0C6-4E3C-8D2A-05B963A8C33E}] => (Allow) C:WindowsSystem32CNAB4RPD.EXE (CANON INC. -> CANON INC.)

FirewallRules: [{7C475542-A719-40F4-8C19-91841BDB3E81}] => (Allow) C:UserskayirAppDataRoamingZoombinairhost.exe => Нет файла

FirewallRules: [{B3C25783-58BC-491C-B3DE-7507A8F23499}] => (Allow) C:UserskayirAppDataRoamingZoombinairhost.exe => Нет файла

FirewallRules: [{D7FEA4F2-06A9-4572-A10E-3AF3EC1F665A}] => (Allow) C:UserskayirAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{F94E6D45-884D-4A1D-9163-A53172147BF1}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{FCFC5EE1-B679-4448-93D6-0AE5C946D3EB}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{9DDD5BAC-1615-41D7-B6DB-671D9EB7BE0C}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{3B3D669D-0191-4BD8-A15F-DC85C8C0A49F}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{0E40DF57-B1BA-4005-8E7B-D0F07C981171}] => (Allow) C:Program Files (x86)YandexYandexBrowserApplicationbrowser.exe (YANDEX LLC -> YANDEX LLC)

FirewallRules: [TCP Query User{BFCA1EEC-A60E-4739-90A3-5938D0C1B2CF}C:program files (x86)microsoft visual studio2019communitycommon7ideextensionsmicrosoftliveshareagentvsls-agent.exe] => (Block) C:program files (x86)microsoft visual studio2019communitycommon7ideextensionsmicrosoftliveshareagentvsls-agent.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [UDP Query User{FDC26683-8076-4906-88EE-655A23DF141F}C:program files (x86)microsoft visual studio2019communitycommon7ideextensionsmicrosoftliveshareagentvsls-agent.exe] => (Block) C:program files (x86)microsoft visual studio2019communitycommon7ideextensionsmicrosoftliveshareagentvsls-agent.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{F6D7E45B-F929-4AE7-979B-6F6BCFD3B521}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{233F964A-6F88-48DB-BDF7-D34E3EDAF0E1}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{D6A52497-DB51-4C59-B4CC-BF5F1AA6409E}C:userskayirappdatalocalwapplerwappler.exe] => (Allow) C:userskayirappdatalocalwapplerwappler.exe (Dynamic Zones International BV -> Wappler.io)

FirewallRules: [UDP Query User{7529F12E-42B0-4B4A-83DC-5513C0DE44D7}C:userskayirappdatalocalwapplerwappler.exe] => (Allow) C:userskayirappdatalocalwapplerwappler.exe (Dynamic Zones International BV -> Wappler.io)

FirewallRules: [{84177984-6B50-4F8C-B2E8-AC449FA75509}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [TCP Query User{82AB7C3E-E73D-4712-8CE3-FF72DFDC025F}C:userskayirappdatalocalwapplerwappler.exe] => (Block) C:userskayirappdatalocalwapplerwappler.exe (Dynamic Zones International BV -> Wappler.io)

FirewallRules: [UDP Query User{75322241-ABB2-4581-AC65-47A73D7320AC}C:userskayirappdatalocalwapplerwappler.exe] => (Block) C:userskayirappdatalocalwapplerwappler.exe (Dynamic Zones International BV -> Wappler.io)

FirewallRules: [{A26187BD-2305-4DF6-AF13-FA9328519A62}] => (Allow) C:Program Files (x86)YandexYandexBrowserApplicationbrowser.exe (YANDEX LLC -> YANDEX LLC)

FirewallRules: [{D8B40DEA-CC0C-4D2E-B2B5-E1C4F66C13FF}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication91.0.864.37msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{948CE597-90A2-4F76-8697-D3B60F731DC2}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{16B65A96-BE97-4B0E-8B86-B981380CC9A0}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{72B41665-79B2-4D3E-8A40-9E1824727C83}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{715B6701-29BF-4643-ABA1-EE7336BB5556}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{8BA7047E-1718-409E-A2D8-3351E3B19BE0}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{44FC8212-2C13-41A7-A05A-E990465DFBB8}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{668E3D90-41C8-4733-B2BB-FF445F08C34E}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{840689D8-6880-4108-AB0A-FEE22C7E04C0}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{5EE1698A-8A4E-4B76-BE58-9F283C9242E0}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{F9EA627D-73D3-40A5-A7ED-A7905BB844A1}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{66F2A4F2-282A-4B7C-AF99-7545B5D1386B}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{D6C92D88-8191-4E83-A91E-4ACBD0BFC063}] => (Allow) C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSLinkRemoteAsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)

FirewallRules: [{CB5F343E-75AD-4E68-9C3C-25C8AA91D9DF}] => (Allow) C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSLinkRemoteAsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)

FirewallRules: [{1E62C196-7A68-4E5F-81F0-E151B04BE1DA}] => (Allow) C:WINDOWSSystem32DriverStoreFileRepositoryasussci2.inf_amd64_01fd3efad471825cASUSLinkNearAsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)

 

====================== Recovery points ======================================================================================================================================

 

22-05-2021 18:12:37 Scheduled counterempty point

30-05-2021 21:49:42 Scheduled checkpoint

01-06-2021 21:41:34 Dr.Web Security Space uninstallation

 

===================== Defective Device in Device Manager ============

 

 

===================== Event log errors: ===========================================================================================================================================================================================================================

 

Application errors:

==================

Error: (02/06/2021 12:12:28 AM) (Source: Application Error) (EventID: 1000) (User:)

Description: Faulting application name: taskhostw.exe, version: 10.0.19041.906, timestamp: 0xd1ac4c39

Faulting module name: pla.dll, version: 10.0.19041.1, time stamp: 0xb08eebc4

Exception code: 0xc0000005

Error offset: 0x00000000000fd9db

Faulting Process ID: 0xf88

Faulting application start time: 0x01d75711aa4df7ec

Faulting Application Path: C: WINDOWS system32 taskhostw.exe

Faulting module path: C: WINDOWS system32 pla.dll

Report ID: 6a48a9bf-0fbc-4e8c-af91-16610aefbf55

Bad package full name:

Application code associated with the failing package:

 

Error: (01/06/2021 09:47:51 PM) (Source: SecurityCenter) (EventID: 16) (User:)

Description: Error when changing state to SECURITY_PRODUCT_STATE_ON.

 

Error: (01/06/2021 09:43:07 PM) (Source: Application Error) (EventID: 1000) (User:)

Description: Faulting application name: taskhostw.exe, version: 10.0.19041.906, timestamp: 0xd1ac4c39

Faulting module name: pla.dll, version: 10.0.19041.1, time stamp: 0xb08eebc4

Exception code: 0xc0000005

Error offset: 0x00000000000fd9db

Faulting Process ID: 0xfc8

Faulting application start time: 0x01d756fcccf0bb82

Faulting Application Path: C: WINDOWS system32 taskhostw.exe

Faulting module path: C: WINDOWS system32 pla.dll

Report ID: f3d4fa2d-d787-4975-afef-2f371ecef69b

Bad package full name:

Application code associated with the failing package:

 

Error: (05/31/2021 10:59:01 PM) (Source: Application Error) (EventID: 1000) (User:)

Description: Faulting application name: taskhostw.exe, version: 10.0.19041.906, timestamp: 0xd1ac4c39

Faulting module name: pla.dll, version: 10.0.19041.1, time stamp: 0xb08eebc4

Exception code: 0xc0000005

Error offset: 0x00000000000fd9db

Faulting Process ID: 0xcc4

Faulting application start time: 0x01d7563e3fc9c609

Faulting Application Path: C: WINDOWS system32 taskhostw.exe

Faulting module path: C: WINDOWS system32 pla.dll

Report ID: d7f8d090-3e1b-4a8c-949c-21980c4da171

Bad package full name:

Application code associated with the failing package:

 

Error: (05/31/2021 07:15:59 PM) (Source: Application Error) (EventID: 1000) (User:)

Description: Faulting application name: CxUIUSvc64.exe, version: 1.0.0.49, timestamp: 0x5cf0dcde

Faulting module name: ntdll.dll, version: 10.0.19041.964, timestamp: 0xbd2c3c23

Exception code: 0xc000070a

Error offset: 0x000000000011210d

Faulting Process ID: 0xc8c

Faulting application start time: 0x01d755566cf486f3

Faulting Application Path: C: WINDOWS System32 CxUIUSvc64.exe

Faulting module path: C: WINDOWS SYSTEM32 ntdll.dll

Report ID: 159ab4cb-d84a-44c4-adb9-eeffe9a09b57

Bad package full name:

Application code associated with the failing package:

 

Error: (05/30/2021 07:19:38 PM) (Source: Application Error) (EventID: 1000) (User:)

Description: Faulting application name: taskhostw.exe, version: 10.0.19041.906, timestamp: 0xd1ac4c39

Faulting module name: pla.dll, version: 10.0.19041.1, time stamp: 0xb08eebc4

Exception code: 0xc0000005

Error offset: 0x00000000000fd9db

Faulting Process ID: 0x748

Faulting application start time: 0x01d755566c07c094

Faulting Application Path: C: WINDOWS system32 taskhostw.exe

Faulting module path: C: WINDOWS system32 pla.dll

Report ID: 5930e530-a48e-46ab-a319-0e3f667eded7

Bad package full name:

Application code associated with the failing package:

 

Error: (05/18/2021 03:37:21 PM) (Source: Application Error) (EventID: 1000) (User:)

Description: Faulting application name: AvastUI.exe, version: 20.6.5495.0, timestamp: 0x5f201c47

Faulting module name: KERNELBASE.dll, version: 10.0.19041.964, timestamp: 0x812662a7

Exception code: 0xe06d7363

Error offset: 0x0000000000034b89

Faulting Process ID: 0x4ba8

Faulting application start time: 0x01d74bc94040c8d1

Faulting Application Path: C: Program Files Avast Software Avast AvastUI.exe

Faulting module path: C: WINDOWS System32 KERNELBASE.dll

Report ID: 83f646c6-acf1-4ca6-ac28-48a529fcf13a

Bad package full name:

Application code associated with the failing package:

 

Error: (05/18/2021 11:52:49 AM) (Source: Application Error) (EventID: 1000) (User:)

Description: Faulting Application Name: CxUIUSvc64.exe, Version: 1.0.0.49, Timestamp: 0x5cf0dcde

Faulting module name: ntdll.dll, version: 10.0.19041.964, timestamp: 0xbd2c3c23

Exception code: 0xc000070a

Error offset: 0x000000000011210d

Faulting Process ID: 0xdc8

Faulting application start time: 0x01d74b8f2df36814

Faulting Application Path: C: WINDOWS System32 CxUIUSvc64.exe

Path failuremodule: C: WINDOWS SYSTEM32 ntdll.dll

Report ID: 153e22e6-ab08-4c41-8472-f9325ee7077b

Bad package full name:

Application code associated with the failing package:

 

 

System errors:

=============

Error: (02/06/2021 01:24:19 AM) (Source: Service Control Manager) (EventID: 7034) (User:)

Description: The “Adguard Service” service terminated unexpectedly. It happened (times): 3.

 

Error: (02/06/2021 01:24:19 AM) (Source: Service Control Manager) (EventID: 7034) (User:)

Description: Microsoft Office Click-to-Run Service terminated unexpectedly. It happened (times): 3.

 

Error: (02/06/2021 01:24:19 AM) (Source: Service Control Manager) (EventID: 7031) (User:)

Description: The ASUS Software Manager service terminated unexpectedly. This happened 3 times. The next corrective action will be taken after 0ms: Restart the service.

 

Error: (02/06/2021 01:24:19 AM) (Source: Service Control Manager) (EventID: 7031) (User:)

Description: ASUS Optimization service terminated unexpectedly. This happened 3 times. The next corrective action will be taken after 0ms: Restart the service.

 

Error: (02/06/2021 01:24:19 AM) (Source: Service Control Manager) (EventID: 7031) (User:)

Description: The Yandex.Browser Update Service terminated unexpectedly. This happened 3 times. The next corrective action will be taken after 60,000 milliseconds: Restart the service.

 

Error: (02/06/2021 01:24:19 AM) (Source: Service Control Manager) (EventID: 7031) (User:)

Description: ASUS Link Near service terminated unexpectedly. This happened 3 times. The next corrective action will be taken in 0ms: Restart the service.

 

Error: (02/06/2021 01:24:12 AM) (Source: Service Control Manager) (EventID: 7031) (User:)

Description: ASUS System Analysis service terminated unexpectedly. This happened 3 times. The next corrective action will be taken after 0ms: Restart the service.

 

Error: (02/06/2021 01:24:12 AM) (Source: Service Control Manager) (EventID: 7031) (User:)

Description: ASUS Link Remote service terminated unexpectedly. This happened 3 times. The next corrective action will be taken after 0ms: Restart the service.

 

 

Windows Defender:

================

Date: 2021-06-01 15:47:40

Description:

The scan being performed by Microsoft Defender Antivirus was stopped before it was completed.

Verification ID: {74613D0C-EDCB-4B77-B746-5898AB5DB93A}

Scan type: Antimalware

Check options: Quick check

User: NT AUTHORITY SYSTEM

 

Date: 2021-05-31 22:32:34

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

To find out more, see the information below.

Name: HackTool: Win32 / AutoKMS

ID: 2147685180

Severity: High

Category: Software tool

Path: containerfile: _C: Users kayir Downloads Office.2016-2019.b1904.x86-x64.RU-EN.iso; containerfile: _D: oinstall.exe; file: _C: Users kayir Downloads Office.2016-2019.b1904.x86-x64.RU-EN.iso -> OInstall.exe -> (UPX); file: _D: oinstall.exe -> (UPX)

Start detection: Local computer

Detection Type: Specific

Detection Source: System

User: NT AUTHORITY SYSTEM

Process name: C: Windows explorer.exe

Security Analysis Service version: AV: 1.339.1684.0, AS: 1.339.1684.0, NIS: 1.339.1684.0

Subsystem version: AM: 1.1.18100.6, NIS: 1.1.18100.6

 

Date: 2021-05-31 22:28:46

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

To find out more, see the information below.

Name: HackTool: Win32 / AutoKMS

ID: 2147685180

Severity: High

Category: Software tool

Path: containerfile: _C: Users kayir Downloads Office.2016-2019.b1904.x86-x64.RU-EN.iso; containerfile: _D: oinstall.exe; file: _C: Users kayir Downloads Office.2016-2019.b1904.x86-x64.RU-EN.iso -> OInstall.exe -> (UPX); file: _D: oinstall.exe -> (UPX)

Start detection: Local computer

Detection Type: Specific

Detection Source: System

User: NT AUTHORITY SYSTEM

Process name: C: Windows explorer.exe

Security Analysis Service version: AV: 1.339.1684.0, AS: 1.339.1684.0, NIS: 1.339.1684.0

Subsystem version: AM: 1.1.18100.6, NIS: 1.1.18100.6

 

Date: 2021-05-31 22:28:20

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

To find out more, see the information below.

Name: HackTool: Win32 / AutoKMS

ID: 2147685180

Severity: High

Category: Software tool

Path: containerfile: _C: Users kayir Downloads Office.2016-2019.b1904.x86-x64.RU-EN.iso; file: _C: Users kayir Downloads Office.2016-2019.b1904.x86-x64.RU-EN.iso -> OInstall.exe -> (UPX); file: _D: oinstall.exe -> (UPX)

Start detection: Local computer

Detection Type: Specific

Detection Source: System

User: NT AUTHORITY SYSTEM

Process name: C: Windows explorer.exe

Security Analysis Service version: AV: 1.339.1684.0, AS: 1.339.1684.0, NIS: 1.339.1684.0

Subsystem version: AM: 1.1.18100.6, NIS: 1.1.18100.6

 

Date: 2021-05-31 22:27:07

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

To find out more, see the information below.

Name: HackTool: Win32 / AutoKMS

ID: 2147685180

Severity: High

Category: Software tool

Path: containerfile: _C: Users kayir Downloads Office.2016-2019.b1904.x86-x64.RU-EN.iso; file: _C: Users kayir Downloads Office.2016-2019.b1904.x86-x64.RU-EN.iso -> OInstall.exe -> (UPX)

Start detection: Local computer

Detection Type: Specific

Detection Source: System

User: NT AUTHORITY SYSTEM

Process name: Unknown

Security Analysis Service version: AV: 1.339.1684.0, AS: 1.339.1684.0, NIS: 1.339.1684.0

Subsystem version: AM: 1.1.18100.6, NIS: 1.1.18100.6

 

CodeIntegrity:

===============

Date: 2021-06-02 00:33:02

Description:

Code Integrity determined that a process ( Device HarddiskVolume3 Windows System32 SecurityHealthService.exe) attempted to load Device HarddiskVolume3 Program Files Bitdefender Antivirus Free bdamsi 265231548547332704 antimalware_provider64.dll that did not meet the Windows signing level requirements.

 

 

========================================================

 

BIOS: American Megatrends Inc. X412DA.310 11/05/2019

Motherboard: ASUSTeK COMPUTER INC. X412DA

Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx

Percentage of used memory: 79%

Total physical RAM: 6091.62 MB

Available physical RAM: 1225.54 MB

Total Virtual: 15819.62 MB

Available Virtual: 9995.89 MB

 

===================== Disks ====================================================================================================================================================================================================================================== ===

 

Drive c: (OS) (Fixed) (Total: 237.42 GB) (Free: 119.66 GB) NTFS

 

\? Volume {ebec8a91-c155-417f-84e6-d4693ea43659} (RECOVERY) (Fixed) (Total: 0.78 GB) (Free: 0.31 GB) NTFS

\? Volume {7ede8ef4-f116-47a8-a377-2bd5c4a62939} (SYSTEM) (Fixed) (Total: 0.25 GB) (Free: 0.22 GB) FAT32

 

====================== MBR & Partition Table ================================================================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: 8117DEFB)

 

Partition: GPT.

 

===================== End of Addition.txt =======================

 

 

Thank you in advance!




Original Source by [author_name]

Leave a Reply

Your email address will not be published. Required fields are marked *

eighteen − = 10