Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.04.2024 01 Ran by 30pingu (06-04-2024 20:24:17) Running from C:\Users\miete\Desktop Microsoft Windows 11 Home Version 23H2 22631.3374 (X64) (2024-02-13 17:35:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) 30pingu (S-1-5-21-3294184972-935576208-774461254-1001 - Administrator - Enabled) => C:\Users\miete Administrator (S-1-5-21-3294184972-935576208-774461254-500 - Administrator - Disabled) Gość (S-1-5-21-3294184972-935576208-774461254-501 - Limited - Disabled) Konto domyślne (S-1-5-21-3294184972-935576208-774461254-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3294184972-935576208-774461254-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Free (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Canva (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\3d0ba22d-e02b-5c6d-93a1-4e2a9af9c1f2) (Version: 1.82.0 - Canva Pty Ltd) CapCut (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\CapCut) (Version: 3.4.0.1211 - Bytedance Pte. Ltd.) CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1651.5 - Piriform Software) Hidden CodeBlocks (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\CodeBlocks) (Version: 20.03 - The Code::Blocks Team) Discord (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\Discord) (Version: 1.0.9037 - Discord Inc.) EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.166.0.5679 - Electronic Arts) Hidden EA app (HKLM-x32\...\{3bab924e-2b1f-41cd-8129-e12d483170f8}) (Version: 13.166.0.5679 - Electronic Arts) Epic Games Launcher (HKLM-x32\...\{2903C323-896A-4129-A163-27DAC73A32B9}) (Version: 1.3.23.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.) Feather Launcher (HKLM\...\cb3d390f-61d8-588c-9dbc-20097422bee3) (Version: 1.6.0 - Digital Ingot, Inc.) GDLauncher 2.0.6 (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\916a734d-6952-56dd-9bc1-8fe0631126cf) (Version: 2.0.6 - GorillaDevs Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden Java 8 Update 401 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation) Kaspersky Free (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden Kaspersky Free (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Kaspersky VPN (HKLM-x32\...\{69513344-0E15-3C30-9BDC-04C3706E6CE9}) (Version: 21.16.6.467 - Kaspersky) Hidden Kaspersky VPN (HKLM-x32\...\InstallWIX_{69513344-0E15-3C30-9BDC-04C3706E6CE9}) (Version: 21.16.6.467 - Kaspersky) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden liquidlauncher (HKLM\...\{5DD087FD-D007-452C-B5DA-E7C18D08CAC3}) (Version: 0.2.5 - CCBlueX) Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2024.2.534136 - Logitech) Malwarebytes version 5.1.2.109 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.2.109 - Malwarebytes) Medal (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\Medal) (Version: 4.2324.0 - Medal B.V.) Messenger (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 206.0.570891462 - Facebook, Inc.) Microsoft .NET Host - 6.0.6 (x64) (HKLM\...\{F48FB46C-3334-47AA-98ED-D5A47DED33F1}) (Version: 48.27.42327 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.6 (x64) (HKLM\...\{089493D9-430B-4210-8A47-8F611288F461}) (Version: 48.27.42327 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.6 (x64) (HKLM\...\{00478901-CD97-4A20-8FF3-3276865A2B44}) (Version: 48.27.42327 - Microsoft Corporation) Hidden Microsoft OneDrive (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\OneDriveSetup.exe) (Version: 24.050.0310.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649 (HKLM\...\{20C1086D-C843-36B1-B678-990089D1BD44}) (Version: 12.0.40649 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649 (HKLM\...\{ABB19BB4-838D-3082-BDA4-87C6604181A2}) (Version: 12.0.40649 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.6 (x64) (HKLM\...\{B9E46F95-AC34-4943-AFE2-B72EFD56C6C0}) (Version: 48.27.42342 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.6 (x64) (HKLM-x32\...\{aad3b888-fde2-48c0-95c2-2f7a729283fb}) (Version: 6.0.6.31318 - Microsoft Corporation) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation) NVIDIA GeForce NOW 2.0.58.134 (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeForceNOW) (Version: 2.0.58.134 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation) NVIDIA Sterownik graficzny 552.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 552.12 - NVIDIA Corporation) NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.1.1 - OBS Project) Opera GX Stable 107.0.5045.86 (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\Opera GX 107.0.5045.86) (Version: 107.0.5045.86 - Opera Software) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.243.0.9 - Overwolf Ltd.) REDlauncher (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - CD Projekt RED) Riot Client (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Środowisko uruchomieniowe Microsoft Edge WebView2 (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.65 - Microsoft Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.6.2 - TeamSpeak Systems GmbH) Thunderstore Mod Manager (HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\Overwolf_ahpflogoookodlegojjphcjpjaejgghjnfcdjdmi) (Version: 1.42.0 - Overwolf app) TP-Link Archer T4U Plus Driver (HKLM-x32\...\{E826A7DA-B4C8-436C-ABD2-43B3A1511866}) (Version: 2.1.0 - TP-Link) TreeSize Free V4.7.1 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.7.1 - JAM Software) WinRAR 6.24 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 6.24.0 - win.rar GmbH) Packages: ========= Dev Home (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1201.442.0_x64__8wekyb3d8bbwe [2024-03-27] (Microsoft Corporation) Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-02-15] (Microsoft Corp.) Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-15] (Microsoft Corporation) Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation) Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-02] (Microsoft Corporation) MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24022.90.0_x64__cw5n1h2txyewy [2024-03-27] (Microsoft Windows) [Startup Task] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.965.0_x64__56jybvy8sckqj [2024-04-04] (NVIDIA Corp.) Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2403.237.0_x64__8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation) [Startup Task] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2024-02-10] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0 [2024-03-27] (Spotify AB) [Startup Task] TranslucentTB -> C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_2024.1.0.0_x64__v826wp6bftszj [2024-03-05] (Charles Milette) [Startup Task] Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-02] (Microsoft Corporation) WinRAR -> C:\Program Files\WinRAR [2024-02-14] (win.rar GmbH) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3294184972-935576208-774461254-1001_Classes\CLSID\{23B3E3D8-C162-4A8B-AB0C-0905DCB1DF19}\InprocServer32 -> C:\Users\miete\AppData\Local\Packages\Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe\TempState\RDP\DVCPlugin\x64\Microsoft.Flow.RPA.Desktop.UIAutomation.RDP.DVC.Plugin.dll => No File CustomCLSID: HKU\S-1-5-21-3294184972-935576208-774461254-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 21.3\x64\shellex.dll [2024-03-30] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 21.3\x64\shellex.dll [2024-03-30] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-01] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 21.3\x64\shellex.dll [2024-03-30] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_268e85175aa9e991\nvshext.dll [2024-04-03] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 21.3\x64\shellex.dll [2024-03-30] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-01] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\miete\Desktop\adwcleaner.exe:MBAM.Zone.Identifier [140] AlternateDataStreams: C:\Users\miete\Desktop\fabric-installer-1.0.0.exe:MBAM.Zone.Identifier [160] AlternateDataStreams: C:\Users\miete\Desktop\mb-support-1.9.10.1005.exe:MBAM.Zone.Identifier [205] AlternateDataStreams: C:\Users\miete\Desktop\sysinspector_nt64.exe:MBAM.Zone.Identifier [292] AlternateDataStreams: C:\Users\miete\Downloads\fabric-installer-1.0.0.exe:MBAM.Zone.Identifier [160] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2022-05-07 07:24 - 2022-05-07 07:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\ HKU\S-1-5-21-3294184972-935576208-774461254-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\miete\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\10423027257193126993\133568962593391401.jpg DNS Servers: 192.168.100.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_A3C3FB257536D14D62F8CAF9141C9971" HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\StartupApproved\Run: => "Voicemod" HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\StartupApproved\Run: => "Medal" HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\StartupApproved\Run: => "CanvaAutoLaunchAvailabilityCheckAgent" HKU\S-1-5-21-3294184972-935576208-774461254-1001\...\StartupApproved\Run: => "com.messenger" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{C0439C38-5E38-40DE-A2EA-29A77765BE1B}C:\users\miete\appdata\roaming\crystal-launcher\runtime\64\jdk-17.0.1+12\bin\javaw.exe] => (Allow) C:\users\miete\appdata\roaming\crystal-launcher\runtime\64\jdk-17.0.1+12\bin\javaw.exe FirewallRules: [TCP Query User{63999D6A-17A4-44CC-A4DB-8CF3BE626CF8}C:\users\miete\appdata\roaming\crystal-launcher\runtime\64\jdk-17.0.1+12\bin\javaw.exe] => (Allow) C:\users\miete\appdata\roaming\crystal-launcher\runtime\64\jdk-17.0.1+12\bin\javaw.exe FirewallRules: [UDP Query User{3DD5F5EB-5ED8-44F9-8425-C786F1736B7E}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [TCP Query User{9A9213BC-CD72-4ADE-8F5D-5EBBD93158E0}C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [{49136307-58BF-45CF-911D-32B60A01DE3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Diablo IV\Diablo IV.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{541E0853-0FBF-4874-9F57-4D682E6F31B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Diablo IV\Diablo IV.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [UDP Query User{51272F88-4B4C-4AE2-81F7-AC796370BA0C}C:\users\miete\appdata\roaming\.minecraft\jre\openjdk17u-jre_x64_windows_hotspot_17.0.3_7\bin\javaw.exe] => (Allow) C:\users\miete\appdata\roaming\.minecraft\jre\openjdk17u-jre_x64_windows_hotspot_17.0.3_7\bin\javaw.exe FirewallRules: [TCP Query User{32BC7A19-1DA3-477D-A0A3-4B6F2EED09F1}C:\users\miete\appdata\roaming\.minecraft\jre\openjdk17u-jre_x64_windows_hotspot_17.0.3_7\bin\javaw.exe] => (Allow) C:\users\miete\appdata\roaming\.minecraft\jre\openjdk17u-jre_x64_windows_hotspot_17.0.3_7\bin\javaw.exe FirewallRules: [{F5908668-7158-462A-81A7-5AC464C439E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B4AADDAF-2F6C-4EE7-9007-A97345286656}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{842D501D-FE4F-4C5F-9EF1-368F225C0192}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2511656F-5CF5-41FE-ACC0-4037A11231D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{0796103D-713D-4903-BCA2-577AB6CA4FBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7722415C-926C-45EE-BC14-AA95F8E2715E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [UDP Query User{2B23D8F3-B521-462B-9CC5-2583C6744646}C:\users\miete\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\miete\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [TCP Query User{3F0B8C7B-E4BC-4105-BB63-86C27315AA2C}C:\users\miete\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\miete\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [{93588A5D-CAE2-4B6E-97D2-FFC001B4E729}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lethal Company\Lethal Company.exe () [File not signed] FirewallRules: [{8FA9332F-FD67-4BDF-9E38-ECCEAB6A3C7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lethal Company\Lethal Company.exe () [File not signed] FirewallRules: [{BC28BD07-DB6C-4C6B-81F6-56433DB0AA2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> ) FirewallRules: [{A96743F1-52E8-4C17-886D-E15BCDE75736}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> ) FirewallRules: [{9B3FF958-DA40-436B-8ECD-28C67F132763}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{3D7777AB-B2EC-4FC8-A596-145FE18A448F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{6FFE4DED-5A73-4D7A-9B5A-63A1CEBD98C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{E1A4A581-7F66-4B19-BE69-1838DF87EEB9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{A3393B7F-C4F3-4F75-B702-A086EAA14681}C:\users\miete\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\miete\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe => No File FirewallRules: [UDP Query User{FCC49BED-3FD1-4B46-886D-78F4D9B92844}C:\users\miete\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\miete\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe => No File FirewallRules: [{D2AC9661-1818-4859-94B9-19237673EC47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{01216090-D1DD-4A18-B021-54F19F86E783}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed] FirewallRules: [TCP Query User{5DBE58E9-7AC3-4058-9D53-7699D06481D4}C:\users\miete\appdata\local\medal\app-4.2324.0\medal.exe] => (Allow) C:\users\miete\appdata\local\medal\app-4.2324.0\medal.exe (Ferox Games B.V. -> Medal B.V.) FirewallRules: [UDP Query User{3E4B65EE-8246-4FBB-B858-48E60D0F8008}C:\users\miete\appdata\local\medal\app-4.2324.0\medal.exe] => (Allow) C:\users\miete\appdata\local\medal\app-4.2324.0\medal.exe (Ferox Games B.V. -> Medal B.V.) FirewallRules: [TCP Query User{ADB645D3-D625-41D3-8CED-715B43262132}C:\users\miete\appdata\local\capcut\apps\3.4.0.1211\capcut.exe] => (Block) C:\users\miete\appdata\local\capcut\apps\3.4.0.1211\capcut.exe (Bytedance Pte. Ltd. -> ByteDance) FirewallRules: [UDP Query User{100975BA-72F5-4B89-88CB-BB7C8D149DD9}C:\users\miete\appdata\local\capcut\apps\3.4.0.1211\capcut.exe] => (Block) C:\users\miete\appdata\local\capcut\apps\3.4.0.1211\capcut.exe (Bytedance Pte. Ltd. -> ByteDance) FirewallRules: [{6F046EE4-8113-4878-AD9E-28375200409E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe () [File not signed] FirewallRules: [{EEA06A52-6FB5-4ED3-9CD7-35FBC2990447}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe () [File not signed] FirewallRules: [{29A77758-27DD-4573-A688-994CE83239AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta Software GmbH -> ) FirewallRules: [{BFDC6A9C-A4BB-4D0A-8C7C-C7BBE13E547A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta Software GmbH -> ) FirewallRules: [{098B07EF-37E3-4E61-8053-23199AD63BA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe (Facepunch Studios Ltd) [File not signed] FirewallRules: [{DD0D5125-CBC9-45C3-AC91-EEF9BC5ACF80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe (Facepunch Studios Ltd) [File not signed] FirewallRules: [{679B1532-1454-456A-9862-1103B9051F7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One-armed robber\OAR.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{00E2523C-A2CF-41C3-9647-D44D2D771DCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One-armed robber\OAR.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{D543F6DD-22E8-4BB9-87FA-326FA7EC63E7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24047.202.2704.38_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F122D90E-5036-4F8F-BC74-C1A743FCE4E9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24047.202.2704.38_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F1F94CB1-5D05-4BB9-A2EB-B541165D87AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG sp. z o.o -> GOG.com) FirewallRules: [{CD2DDDE3-44F1-45EC-842A-CA6F97FB8081}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG sp. z o.o -> GOG.com) FirewallRules: [{FD230153-4672-4094-8023-5953613D25F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forts\Forts.exe (EarthWork Games Pty Ltd -> ) FirewallRules: [{BAA7DEE1-3414-48BB-A08B-09DF005DB4A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Forts\Forts.exe (EarthWork Games Pty Ltd -> ) FirewallRules: [TCP Query User{DC434491-C629-4491-9832-7EBDD4EFFBD7}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.) FirewallRules: [UDP Query User{0F28092D-38A1-4F6D-B922-005FAB762F52}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.) FirewallRules: [TCP Query User{DE330F73-118A-4795-AFD7-C880FFBFB621}C:\users\miete\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\miete\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [UDP Query User{C6A37D9D-54F2-4460-9D6A-D11B7B80DAA0}C:\users\miete\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\miete\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [TCP Query User{78562C47-1781-44E8-97D6-46762218CF43}C:\program files (x86)\steam\steamapps\common\excalibur\needforspeedunbound.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\excalibur\needforspeedunbound.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [UDP Query User{51896843-F71B-4836-B243-BDACD2C08801}C:\program files (x86)\steam\steamapps\common\excalibur\needforspeedunbound.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\excalibur\needforspeedunbound.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{95A30209-2876-4CDF-9C05-9EDCAE239037}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{BBAB2BC3-544E-43ED-99F6-10AFB5FD9E5E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{318C0D22-B2A6-4577-A7BF-0E80601E85E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3ACBDBD9-E502-44FB-9688-AA4D3B5F0155}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{4FAB6B5B-2FCF-47C9-B218-8A221EDC38C5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{0698C4DB-8E62-49E8-8CFA-95F64A2EAAAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{C6EE661B-2501-4FF4-8FE5-6FC23DC06AA9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{A8559801-940C-4318-AC92-59B775818A44}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{2F60D4E8-1B7B-4A95-8FE2-EF9FAC8D3209}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{33F7989B-D683-464E-BEE7-15EDA93F3C03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [TCP Query User{BAAF55E6-A3A6-4DD6-9F2B-78A5889044C3}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File FirewallRules: [UDP Query User{16456803-D7CB-47B0-909A-0F4A64789BC5}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File FirewallRules: [{14E897B8-0B9A-41EA-AF79-1AFFD0BE20CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed] FirewallRules: [{91473F81-D529-4220-8F8E-867F1DF6E792}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed] FirewallRules: [{B43955AA-9401-4FE8-AFFA-DF560CF633BE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{223A5CBD-AAA5-403B-9F3A-77DBBFCE5E52}] => (Allow) C:\Program Files (x86)\Overwolf\0.242.1.6\OverwolfBrowser.exe => No File FirewallRules: [{BDA762CB-4DDD-483D-9AB9-FCBA8E7B0877}] => (Allow) C:\Program Files (x86)\Overwolf\0.242.1.6\OverwolfBrowser.exe => No File FirewallRules: [{EF6CD8E2-45A9-4323-91D2-4706FA73C8CA}] => (Block) C:\Program Files (x86)\Overwolf\0.242.1.6\OverwolfBrowser.exe => No File FirewallRules: [{45CEC296-41DD-4BFF-A657-E45588745D86}] => (Block) C:\Program Files (x86)\Overwolf\0.242.1.6\OverwolfBrowser.exe => No File FirewallRules: [{4F052AE7-1FFE-41C8-92E8-4931AE87D2C0}] => (Allow) C:\Program Files (x86)\Overwolf\0.241.0.10\OverwolfBrowser.exe => No File FirewallRules: [{4FCABA63-AF92-4631-B696-82960271118E}] => (Allow) C:\Program Files (x86)\Overwolf\0.241.0.10\OverwolfBrowser.exe => No File FirewallRules: [{887B48A3-5CD1-474E-B12A-5F17C69EEBFA}] => (Block) C:\Program Files (x86)\Overwolf\0.241.0.10\OverwolfBrowser.exe => No File FirewallRules: [{EB75655C-9628-4967-B3BC-DDDFACE87C06}] => (Block) C:\Program Files (x86)\Overwolf\0.241.0.10\OverwolfBrowser.exe => No File FirewallRules: [{E32ED36E-3C8D-42D9-9DA3-09E36C7BB70F}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.0.9\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{722E5BE4-63C7-47A8-947F-FE4340A015DE}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.0.9\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [TCP Query User{8EAC4FCD-E973-4618-BEC5-FCD424AD82C2}C:\users\miete\appdata\roaming\ccbluex\liquidlauncher\data\runtimes\temurin_17\jdk-17.0.10+7-jre\bin\javaw.exe] => (Allow) C:\users\miete\appdata\roaming\ccbluex\liquidlauncher\data\runtimes\temurin_17\jdk-17.0.10+7-jre\bin\javaw.exe FirewallRules: [UDP Query User{14F1F798-0FEE-4593-92E1-20CEE36784B8}C:\users\miete\appdata\roaming\ccbluex\liquidlauncher\data\runtimes\temurin_17\jdk-17.0.10+7-jre\bin\javaw.exe] => (Allow) C:\users\miete\appdata\roaming\ccbluex\liquidlauncher\data\runtimes\temurin_17\jdk-17.0.10+7-jre\bin\javaw.exe FirewallRules: [TCP Query User{A0BB170F-422A-4888-9BA1-5C4B7BBE3AF0}C:\users\miete\downloads\celestal\jdk\bin\java.exe] => (Allow) C:\users\miete\downloads\celestal\jdk\bin\java.exe => No File FirewallRules: [UDP Query User{51FD23B2-90D1-41A5-B7FE-F29AC01C0F5D}C:\users\miete\downloads\celestal\jdk\bin\java.exe] => (Allow) C:\users\miete\downloads\celestal\jdk\bin\java.exe => No File FirewallRules: [{BDBA6109-6344-43EB-BD78-340B41C1746F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{BF2C02AB-430D-4172-8FD4-E8EC7DCA7B7C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{C97AEABB-436E-45A5-B0DB-C63A584C936E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{134DFF60-5D76-4DD0-92D7-76AFEB87B73D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{4E349712-25AB-4DE3-A7E6-19F749704C00}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{1F720682-33F2-4BA2-939B-E3B3199EC0A4}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{376FA12C-FD55-4F3D-91A0-807EDCE95172}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{3A20AC1A-396D-4B62-93D9-D0899DFF29F4}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{3A95BB03-F82E-435E-AB9B-E5EDB6A9B7CC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{F602D0D1-BC2E-4381-9521-6EA7268E0C1E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{DBF86EE9-6B9E-4BA1-AA57-AE362152E7F1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts) ==================== Restore Points ========================= 28-03-2024 21:58:03 Zainstalowany program DirectX 04-04-2024 23:04:58 Installed liquidlauncher 06-04-2024 12:39:37 Zainstalowany program DirectX ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/06/2024 07:49:56 PM) (Source: CertEnroll) (EventID: 86) (User: ZARZĄDZANIE NT) Description: Inicjowanie rejestracji certyfikatu SCEP dla elementu WORKGROUP\PINGU$ za pośrednictwem elementu https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep nie powiodło się: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 17:49:58 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: dccd88c8-50d2-4feb-93f2-a1d320aace2b Metoda: GET(422ms) Etap: GetCACaps Nieznaleziony (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (04/06/2024 07:49:55 PM) (Source: CertEnroll) (EventID: 86) (User: ZARZĄDZANIE NT) Description: Inicjowanie rejestracji certyfikatu SCEP dla elementu System lokalny za pośrednictwem elementu https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep nie powiodło się: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 17:49:57 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: b252781f-cffb-4fc9-b083-88421ef2a176 Metoda: GET(672ms) Etap: GetCACaps Nieznaleziony (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (04/06/2024 07:21:50 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury CoCreateInstance. hr = 0x8007045b, Trwa proces zamykania systemu.. Error: (04/06/2024 07:21:49 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} i nazwą CEventSystem. [0x8007045b, Trwa proces zamykania systemu.] Error: (04/06/2024 01:42:42 PM) (Source: CertEnroll) (EventID: 86) (User: ZARZĄDZANIE NT) Description: Inicjowanie rejestracji certyfikatu SCEP dla elementu WORKGROUP\PINGU$ za pośrednictwem elementu https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep nie powiodło się: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 11:42:44 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 008a74b0-acb7-48c9-800c-de4995502077 Metoda: GET(375ms) Etap: GetCACaps Nieznaleziony (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (04/06/2024 01:42:42 PM) (Source: CertEnroll) (EventID: 86) (User: ZARZĄDZANIE NT) Description: Inicjowanie rejestracji certyfikatu SCEP dla elementu System lokalny za pośrednictwem elementu https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep nie powiodło się: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 06 Apr 2024 11:42:44 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 5a966cd0-bbdd-47ca-b0ef-2857c461f422 Metoda: GET(422ms) Etap: GetCACaps Nieznaleziony (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (04/06/2024 01:42:10 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury CoCreateInstance. hr = 0x8007045b, Trwa proces zamykania systemu.. Error: (04/06/2024 01:42:10 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} i nazwą CEventSystem. [0x8007045b, Trwa proces zamykania systemu.] System errors: ============= Error: (04/06/2024 07:51:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu następującego błędu: Nie można odnaleźć określonego pliku. Error: (04/06/2024 07:21:40 PM) (Source: DCOM) (EventID: 10010) (User: PINGU) Description: Serwer {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (04/06/2024 07:21:40 PM) (Source: DCOM) (EventID: 10010) (User: PINGU) Description: Serwer {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (04/06/2024 07:21:39 PM) (Source: DCOM) (EventID: 10010) (User: PINGU) Description: Serwer {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (04/06/2024 07:21:39 PM) (Source: DCOM) (EventID: 10010) (User: PINGU) Description: Serwer {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (04/06/2024 07:21:39 PM) (Source: DCOM) (EventID: 10010) (User: PINGU) Description: Serwer {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (04/06/2024 07:21:39 PM) (Source: DCOM) (EventID: 10010) (User: PINGU) Description: Serwer {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (04/06/2024 07:21:39 PM) (Source: DCOM) (EventID: 10010) (User: PINGU) Description: Serwer {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} nie zarejestrował się w modelu DCOM w wymaganym czasie. Windows Defender: ================ Date: 2024-03-30 08:45:51 Description: Skanowanie produktu Program antywirusowy Microsoft Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {3D08E7F0-53C8-48A1-B5AF-D772CF54152E} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2024-03-28 17:44:28 Description: Skanowanie produktu Program antywirusowy Microsoft Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {7AE8E6F5-DF98-4854-A01A-32C9EB07B882} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2024-03-21 21:09:06 Description: Produkt Program antywirusowy Microsoft Defender wykrył złośliwe oprogramowanie lub inne potencjalnie niechciane oprogramowanie. Aby uzyskać więcej informacji, zobacz: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Phonzy.B!ml&threatid=2147772963&enterprise=0 Nazwa: Trojan:Win32/Phonzy.B!ml Identyfikator: 2147772963 Ważność: Poważny Kategoria: Koń trojański Ścieżka: file:_C:\Users\miete\Downloads\Ocean.exe; process:_pid:3432,ProcessStart:133555182794016522 Pochodzenie wykrycia: Komputer lokalny Typ wykrycia: FastPath Źródło wykrycia: System Użytkownik: ZARZĄDZANIE NT\SYSTEM Nazwa procesu: C:\Users\miete\Downloads\Ocean.exe Wersja analizy zabezpieczeń: AV: 1.407.600.0, AS: 1.407.600.0, NIS: 1.407.600.0 Wersja aparatu: AM: 1.1.24020.9, NIS: 1.1.24020.9 Date: 2024-03-21 19:06:56 Description: Skanowanie produktu Program antywirusowy Microsoft Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {BC97E6A8-0C82-45D2-95A4-403D8E89FD95} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Date: 2024-03-16 20:13:35 Description: Skanowanie produktu Program antywirusowy Microsoft Defender zostało zatrzymane przed ukończeniem. Identyfikator skanowania: {AB6EC3EC-6092-462C-BB51-3E0AF6326DE9} Typ skanowania: Narzędzia chroniące przed złośliwym oprogramowaniem Parametry skanowania: Szybkie skanowanie Użytkownik: ZARZĄDZANIE NT\SYSTEM Event[0] Date: 2024-04-05 22:52:34 Description: Produkt Program antywirusowy Microsoft Defender napotkał błąd podczas próby aktualizacji analizy zabezpieczeń. Nowa wersja analizy zabezpieczeń: Poprzednia wersja analizy zabezpieczeń: 1.409.55.0 Źródło aktualizacji: Serwer usługi Microsoft Update Typ analizy zabezpieczeń: Oprogramowanie antywirusowe Typ aktualizacji: Pełne Użytkownik: ZARZĄDZANIE NT\SYSTEM Bieżąca wersja aparatu: Poprzednia wersja aparatu: 1.1.24030.4 Kod błędu: 0x8007045b Opis błędu: Trwa proces zamykania systemu. CodeIntegrity: =============== Date: 2024-04-06 20:01:31 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Free 21.3\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends International, LLC. F63a 02/17/2022 Motherboard: Gigabyte Technology Co., Ltd. B450 AORUS PRO-CF Processor: AMD Ryzen 5 5500 Percentage of memory in use: 55% Total physical RAM: 16251.44 MB Available physical RAM: 7269.16 MB Total Virtual: 31611.44 MB Available Virtual: 18971.04 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:757.64 GB) (Free:247.97 GB) (Model: IR-SSDPR-P34B-01T-80) NTFS \\?\Volume{3d4ac4cf-0468-4b03-96ac-2ecd43c0d334}\ () (Fixed) (Total:0.8 GB) (Free:0.08 GB) NTFS \\?\Volume{6c042dd1-ec36-4ca6-aadc-c59b702f493a}\ () (Fixed) (Total:0 GB) (Free:0 GB) \\?\Volume{0af4db1a-163a-4fda-b511-e4b3f22451e5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================