Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-02-2025 Ran by GM (10-02-2025 17:34:33) Running from C:\Users\GM\Downloads Microsoft Windows 11 Home Version 23H2 22631.4751 (X64) (2022-11-14 16:53:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3456956220-2948792545-3662343290-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3456956220-2948792545-3662343290-503 - Limited - Disabled) GM (S-1-5-21-3456956220-2948792545-3662343290-1002 - Administrator - Enabled) => C:\Users\GM Guest (S-1-5-21-3456956220-2948792545-3662343290-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3456956220-2948792545-3662343290-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Microsoft 365“ - lt-lt (HKLM\...\O365HomePremRetail - lt-lt) (Version: 16.0.18429.20132 - Microsoft Corporation) „Microsoft OneNote“ - lt-lt (HKLM\...\OneNoteFreeRetail - lt-lt) (Version: 16.0.18429.20132 - Microsoft Corporation) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1040-1033-7760-BC15014EA700}) (Version: 24.005.20399 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Anaconda3 2024.02-1 (Python 3.11.7 64-bit) (HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\Anaconda3 2024.02-1 (Python 3.11.7 64-bit)) (Version: 2024.02-1 - Anaconda, Inc.) Applicazioni disponibili di Autodesk (HKLM-x32\...\{46EA8955-D629-4B3E-AAF0-D136031D7C95}) (Version: 3.2.1 - Autodesk) ArcGIS AppStudio (HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\{4e5c4c0f-4f6f-4be8-b1e6-7e0168a30b54}) (Version: 5.5 - Environmental Systems Research Institute, Inc.) ArcGIS Desktop 10.8.2 (HKLM-x32\...\ArcGIS Desktop 10.8.2) (Version: 10.8.28388 - Environmental Systems Research Institute, Inc.) AWS Command Line Interface v2 (HKLM\...\{1626C807-9D8E-43C7-BE5C-B77160694670}) (Version: 2.17.24.0 - Amazon Web Services) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 133.0.6943.59 - Google LLC) Google Earth Pro (HKLM\...\{AE3261A9-F9D9-4410-BB38-7FA1D6B54BDE}) (Version: 7.3.6.10201 - Google) Intel(R) Chipset Device Software (HKLM\...\{783DBEAB-DC48-436C-A8C7-C0E33F240DD4}) (Version: 10.1.18793.8276 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{8fd77154-9595-4dc2-9a8d-145cd53b5105}) (Version: 10.1.18793.8276 - Intel(R) Corporation) InVEST 3.14.0 Workbench (HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\aaa4b523-3063-556e-b685-fdc2182b9a59) (Version: 3.14.0 - Natural Capital Project) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0.1 - AppWork GmbH) Malwarebytes version 5.2.5.158 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.5.158 - Malwarebytes) Microsoft .NET Core Host - 3.1.10 (x64) (HKLM\...\{52B42932-15C1-45D4-8904-FC3117EEE69B}) (Version: 24.104.29419 - Microsoft Corporation) Hidden Microsoft .NET Core Host FX Resolver - 3.1.10 (x64) (HKLM\...\{752B4412-A129-4CB2-AD96-B6D97EAD3090}) (Version: 24.104.29419 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM\...\{396D7BC8-E3C8-4B3E-8C60-D50D94FDF09D}) (Version: 24.104.29419 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM-x32\...\{4714dd0a-ebab-4f59-a708-f8d7a793b3f5}) (Version: 3.1.10.29419 - Microsoft Corporation) Microsoft 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.18429.20132 - Microsoft Corporation) Microsoft 365 Apps for enterprise - it-it (HKLM\...\O365ProPlusRetail - it-it) (Version: 16.0.18429.20132 - Microsoft Corporation) Microsoft ASP.NET Core 3.1.10 - Shared Framework (HKLM-x32\...\{6efe3294-03d8-4977-9c67-9f57ab075130}) (Version: 3.1.10.20520 - Microsoft Corporation) Microsoft ASP.NET Core 3.1.10 Shared Framework (x64) (HKLM\...\{7BEAA207-E3EB-3948-BBB3-336B04D8A2F1}) (Version: 3.1.10.20520 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 132.0.2957.140 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 132.0.2957.140 - Microsoft Corporation) Hidden Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{7E425BFB-1DEB-499F-8F3F-3522A6E98754}) (Version: 13.1.4414.46 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.005.0112.0003 - Microsoft Corporation) Microsoft OneNote - it-it (HKLM\...\OneNoteFreeRetail - it-it) (Version: 16.0.18429.20132 - Microsoft Corporation) Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.13006 - Microsoft) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.96.4 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.10.2154.60269 - Microsoft Corporation) MSI App Player (HKLM\...\BlueStacks_msi2) (Version: 4.280.1.6306 - BlueStack Systems, Inc.) MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2021.1224.01 - MSI) MSI NBFoundation Service (HKLM-x32\...\{640EFA76-B899-476B-B2DF-D0CCF11D6083}}_is1) (Version: 2.0.2112.2301 - MSI) NVIDIA Driver grafico 555.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 555.99 - NVIDIA Corporation) NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation) NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation) NVIDIA PhysX System Software 9.20.0221 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18429.20044 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18429.20132 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0410-1000-0000000FF1CE}) (Version: 16.0.18429.20044 - Microsoft Corporation) Hidden QGIS 3.34.8 'Prizren' (HKLM\...\{F0201950-7383-1014-8939-CB3384D42583}) (Version: 3.34.8 - QGIS.org) R for Windows 4.3.1 (HKLM\...\R for Windows 4.3.1_is1) (Version: 4.3.1 - R Core Team) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9238.1 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 11.1.0714.2021 - Realtek) Sky Go 24.2.3.0 (HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\com.bskyb.skygoplayer_is1) (Version: 24.2.3.0 - Sky) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.85.5 - Safer-Networking Ltd.) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.32771 - Microsoft Corporation) Telegram Desktop (HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.10.7 - Telegram FZ-LLC) vs_CoreEditorFonts (HKLM-x32\...\{1851460E-0E63-4117-B5BA-25A2F045801B}) (Version: 17.7.40001 - Microsoft Corporation) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) Wise Registry Cleaner (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 11.1.9 - Lespeed Technology Co., Ltd.) Chrome apps: ============ ChatGPT (HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\2b2cf2c8555f6dd795833825dcef6cd2) (Version: 1.0 - Google\Chrome) Google Maps (HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\08a5635bc9009f98e67efbb2a6999442) (Version: 1.0 - Google\Chrome) Packages: ========= AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-09] (INTEL CORP) [Startup Task] Componente aggiuntivo motore dei supporti Foto -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-03-29] (Microsoft Corporation) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2025-02-10] (Instagram) LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.41.0_x64__w1wdnht996qgy [2024-12-11] (LinkedIn) [Startup Task] Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-14] (Microsoft Corp.) Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.235.0_x64__8wekyb3d8bbwe [2025-01-27] (Microsoft Corporation) MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.47.0_x64__kzh8wxbdkxb8p [2025-01-03] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task] Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2022-03-14] (MAGIX) Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.10.4.0_x64__w2gh52qy24etm [2025-01-13] (A-Volute) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2025-02-10] (Netflix, Inc.) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2025-01-10] (NVIDIA Corp.) Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.171.0_x64__pwbj9vvecjh7j [2025-01-03] (Amazon Development Centre (London) Ltd) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.52.354.0_x64__dt26b99r8h8gj [2025-02-04] (Realtek Semiconductor Corp) SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0 [2025-02-05] (Spotify AB) [Startup Task] Traduttore -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2025-01-31] (Microsoft Corporation) WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe [2025-01-29] (Microsoft Corp.) WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_6000.373.1641.0_x64__8wekyb3d8bbwe [2025-01-29] (Microsoft Corp.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3456956220-2948792545-3662343290-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-3456956220-2948792545-3662343290-1002_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\GM\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (SteelSeries France SASU -> A-Volute) CustomCLSID: HKU\S-1-5-21-3456956220-2948792545-3662343290-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> no filepath ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> ) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> ) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-10] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmi.inf_amd64_b6b1d2d04ed098a2\nvshext.dll [2024-06-17] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-10] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\GM\Desktop\ChatGPT.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fdaklkkpfdfonopeakobbnidhpebknjc ShortcutWithArgument: C:\Users\GM\Desktop\Google Maps.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aohoeepbnfpjbnbjklfdkckldpciegjg ShortcutWithArgument: C:\Users\GM\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\GM\Desktop\Persona 1 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\GM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\ChatGPT.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fdaklkkpfdfonopeakobbnidhpebknjc ShortcutWithArgument: C:\Users\GM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Google Maps.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aohoeepbnfpjbnbjklfdkckldpciegjg ShortcutWithArgument: C:\Users\GM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\GM\anaconda3\Scripts\activate.bat C:\Users\GM\anaconda3 ==================== Loaded Modules (Whitelisted) ============= 2022-03-16 09:39 - 2019-07-02 15:07 - 000014632 _____ (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\MSI\MSI NBFoundation Service\UEFIVaribleDll.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupremoService => ""="Service" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\Software\Classes\.scr: AutoCADScriptFile => ==================== Internet Explorer (Whitelisted) ============= BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-02-06] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\sharepoint.com -> hxxps://iuavit-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. Network Binding: ============= Wi-Fi: Intel(R) Wi-Fi 6 AX201 160MHz -> Netwtw10.sys Connessione di rete Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys Ethernet: Realtek PCIe GbE Family Controller -> rt68cx21x64.sys ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "Autodesk Access" HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App" HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service " HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3456956220-2948792545-3662343290-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_965161F202F14D7BCD89CB1DBB81A31D" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FAA0CE29-5438-4762-8985-30F77A9326D6}] => (Allow) C:\Program Files\BlueStacks_msi2\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems, Inc.) FirewallRules: [{81D12AEE-A8D3-4EE8-BFA6-F0E2CE7FD1C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{1F9144D1-D81E-4C32-BB72-8E315C866D76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{FF40E023-D3CF-4FD5-8577-23EF7A782379}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{42EE7BB4-53B3-4BA8-84B8-2FF9F8DB2036}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7A91669A-AC3D-4ADE-8836-020A2383CE92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{1246E1CC-F2CD-4FEB-9156-5976523B5196}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2B3FB9CE-C288-41CF-803B-547140EFCD38}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9A81601D-FF6E-4E82-86CD-C2D470187036}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B68EB657-646F-487E-8A1A-891D17926D1D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D2F304B9-BC69-4A46-B930-A86D94D01C0B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{FE004869-15B2-4AE9-B11A-3DE3974DA230}C:\users\gm\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\gm\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{7C6240F9-348A-403A-8E22-463124B091DF}C:\users\gm\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\gm\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C0AA4CD5-DC6C-4148-91EC-CFC9E1E90292}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24165.1306.2986.9504_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C8831228-8F3C-4B6C-A7F9-A13D8F0FF2C7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24165.1306.2986.9504_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{AE20A270-C409-4543-B1D0-9CC7A0893CDD}C:\users\gm\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\gm\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) FirewallRules: [UDP Query User{03C883AF-3A43-4F54-9FFB-401171B3D12B}C:\users\gm\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\gm\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) FirewallRules: [{1FA28FF8-805C-4214-8FBB-47EE7ED6522B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{C87666F6-6184-4BA3-8466-CDEE48FB1D70}C:\users\gm\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\gm\appdata\roaming\sky\sky go\sky go.exe (Sky International AG -> Sky Italia Srl) FirewallRules: [UDP Query User{54391EA9-72E5-4FD5-A933-3F327F7B0957}C:\users\gm\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\gm\appdata\roaming\sky\sky go\sky go.exe (Sky International AG -> Sky Italia Srl) FirewallRules: [{DAB74100-5CCA-4A09-9962-5FB688ED2E45}] => (Allow) C => No File FirewallRules: [{15E800E6-7CF7-480C-94E9-B9A3E350EA9D}] => (Allow) C => No File FirewallRules: [{3842FAC2-4DEE-4A8E-9E62-D63C8E261A3F}] => (Allow) C => No File FirewallRules: [{6F33918B-F0B9-41F8-9570-ADDC46012E40}] => (Allow) C => No File FirewallRules: [{F808E8F8-C5EC-4401-A33D-27C2E0830C67}] => (Allow) C => No File FirewallRules: [{D95D8110-678C-4402-80E8-B76975CC8487}] => (Allow) C => No File FirewallRules: [{1B3CE226-657D-45E0-BEC1-CBB25132C508}] => (Allow) C => No File FirewallRules: [{BB4F3A2F-B10C-48FC-8803-13A02ACF7929}] => (Allow) C => No File FirewallRules: [{9FB95B71-24BD-4489-8847-C171ADD4A8F9}] => (Allow) C => No File FirewallRules: [{FADA7919-3F1A-478F-98D8-BD9404D2BFC4}] => (Allow) C => No File FirewallRules: [{84D910F0-2E5E-4D75-9B55-704BB377120D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{54D30706-4D63-48E0-9231-D6A9E14C72CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{482FE9A2-AB10-4489-AB35-C1136FD8B0A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{1597D92B-F955-4778-9B99-D355FBCFC662}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{7E58246C-C276-40C6-BA1B-8B7C2F5C7CB4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{ECA4902E-7119-4BF3-8412-D45B37D54717}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{36C7008A-A8A3-4AF4-9B59-CA8F0B5951E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{CA99985C-2187-49AE-9E14-5ADC7A1DBB88}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{DDD33C48-F1CF-4BF4-8AB4-04D5A48D7D51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E80DC1BE-62BD-4240-A49A-50BC5CBF8791}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.256.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{84404A99-6AB1-4244-815D-057571ED5AB2}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25007.607.3371.8436_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{72E382F9-FB33-42BA-999C-08CA58EAA253}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25007.607.3371.8436_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4D9ACFCB-42F5-42D8-B069-B1B140C9E825}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1EEEF6D6-9FDA-4130-8E02-41B5BB2F9B7F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{95299A36-2FA1-45A8-A6D1-2122AEADF56B}] => (Allow) LPort=32682 FirewallRules: [{DD2FFB12-DA3D-4A33-B585-272036D95FA6}] => (Allow) LPort=26822 ==================== Restore Points ========================= 10-02-2025 16:07:42 Created by Wise Registry Cleaner ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (02/10/2025 05:35:24 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY) Description: Nome dell'applicazione che ha generato l'errore: SDFSSvc.exe, versione: 2.9.85.231, timestamp: 0x63ebb1a4 Nome del modulo che ha generato l'errore: KERNELBASE.dll, versione: 10.0.22621.4751, timestamp: 0x53a79838 Codice eccezione: 0x0eedfade Offset errore 0x0014b4c2 ID processo che ha generato l'errore: 0x0xedc Ora di avvio dell'applicazione che ha generato l'errore: 0x0x1db7bd7c301e08a Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe Percorso del modulo che ha generato l'errore: C:\WINDOWS\System32\KERNELBASE.dll ID segnalazione: 4d44468e-c2fd-401b-9980-a391d04cbfdb Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (02/10/2025 05:20:31 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY) Description: Nome dell'applicazione che ha generato l'errore: SDFSSvc.exe, versione: 2.9.85.231, timestamp: 0x63ebb1a4 Nome del modulo che ha generato l'errore: KERNELBASE.dll, versione: 10.0.22621.4751, timestamp: 0x53a79838 Codice eccezione: 0x0eedfade Offset errore 0x0014b4c2 ID processo che ha generato l'errore: 0x0x2a38 Ora di avvio dell'applicazione che ha generato l'errore: 0x0x1db7bd7ad1cfb31 Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe Percorso del modulo che ha generato l'errore: C:\WINDOWS\System32\KERNELBASE.dll ID segnalazione: 1eb9847b-4595-47ab-bc44-14371e5d619c Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (02/10/2025 04:40:36 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: È in corso l'interruzione del servizio Windows Search. Problema dell'indicizzatore, Fase di ripristino non riuscita. Contesto: applicazione , catalogo SystemIndex Dettagli: 0x%08x (0x80040d23 - Chiusura del servizio Gatherer in corso. (HRESULT : 0x80040d23)) Error: (02/10/2025 04:40:36 PM) (Source: Windows Search Service) (EventID: 3602) (User: ) Description: L'ID errore 1 si è verificato nella fese di recupero di Windows Search. Riavviare il servizio. Se l'errore persiste, ricreare l'indice. Contesto: applicazione , catalogo SystemIndex Dettagli: 0x%08x (0x80040d23 - Chiusura del servizio Gatherer in corso. (HRESULT : 0x80040d23)) Error: (02/10/2025 04:20:21 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: È in corso l'interruzione del servizio Windows Search. Problema dell'indicizzatore, Fase di ripristino non riuscita. Contesto: applicazione , catalogo SystemIndex Dettagli: 0x%08x (0x80040d23 - Chiusura del servizio Gatherer in corso. (HRESULT : 0x80040d23)) Error: (02/10/2025 04:20:21 PM) (Source: Windows Search Service) (EventID: 3602) (User: ) Description: L'ID errore 1 si è verificato nella fese di recupero di Windows Search. Riavviare il servizio. Se l'errore persiste, ricreare l'indice. Contesto: applicazione , catalogo SystemIndex Dettagli: 0x%08x (0x80040d23 - Chiusura del servizio Gatherer in corso. (HRESULT : 0x80040d23)) Error: (02/10/2025 03:55:35 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY) Description: Impossibile caricare la DLL dei contatori flessibili "C:\WINDOWS\system32\sysmain.dll" (codice di errore Win32 126). Error: (02/10/2025 03:55:23 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: È in corso l'interruzione del servizio Windows Search. Problema dell'indicizzatore, Fase di ripristino non riuscita. Contesto: applicazione , catalogo SystemIndex Dettagli: 0x%08x (0x80040d23 - Chiusura del servizio Gatherer in corso. (HRESULT : 0x80040d23)) System errors: ============= Error: (02/10/2025 05:22:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Il servizio Servizio Google Update (gupdate) non è stato avviato per il seguente errore: Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto. Error: (02/10/2025 05:22:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Servizio Google Update (gupdate). Error: (02/10/2025 04:42:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Il servizio Servizio Google Update (gupdate) non è stato avviato per il seguente errore: Il servizio non ha risposto alla richiesta di avvio o controllo nel tempo previsto. Error: (02/10/2025 04:42:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Servizio Google Update (gupdate). Error: (02/10/2025 04:40:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio. Error: (02/10/2025 04:40:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Servizio Windows Search terminato con l'errore: Una sessione di accesso specificata non esiste. Potrebbe essere già stata terminata. Error: (02/10/2025 04:40:20 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : il controller integrato (EC) non ha risposto entro il periodo di timeout specificato. È possibile che si sia verificato un errore hardware o firmware dell'EC o che l'accesso all'EC da parte del BIOS non sia corretto. È consigliabile richiedere una versione aggiornata del BIOS al produttore del computer. In alcuni casi, questo errore può impedire il funzionamento corretto del computer. Error: (02/10/2025 04:39:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: La chiamata ScRegSetValueExW per DeleteFlag non è riuscita con l'errore È stato superato il numero massimo di segreti che possono essere memorizzati in un singolo sistema.. Windows Defender: ================ Date: 2025-02-06 08:21:54 Description: Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato. Ulteriori informazioni sono riportate di seguito: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Rugmi&threatid=2147878560&enterprise=1 Nome: Trojan:Win32/Rugmi Gravità: Grave Categoria: Trojan Percorso: file:_C:\Users\GM\AppData\Roaming\intune\psiphon.exe; file:_C:\WINDOWS\System32\Tasks\psiphon->(UTF-16LE); regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4895469D-F2CC-49BC-8CF1-209DEFC3AAEB}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psiphon; taskscheduler:_C:\WINDOWS\System32\Tasks\psiphon Origine rilevamento: Computer locale Tipo rilevamento: Concreta Origine rilevamento: Protezione in tempo reale Utente: MSI\GM Nome processo: C:\Windows\System32\svchost.exe Versione intelligence sulla sicurezza: AV: 1.421.1722.0, AS: 1.421.1722.0, NIS: 1.421.1722.0 Versione motore: AM: 1.1.24090.11, NIS: 1.1.24090.11 Date: 2025-02-06 08:21:25 Description: Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato. Ulteriori informazioni sono riportate di seguito: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Rugmi&threatid=2147878560&enterprise=1 Nome: Trojan:Win32/Rugmi Gravità: Grave Categoria: Trojan Percorso: file:_C:\Users\GM\AppData\Roaming\intune\psiphon.exe Origine rilevamento: Computer locale Tipo rilevamento: Concreta Origine rilevamento: Protezione in tempo reale Utente: MSI\GM Nome processo: C:\Windows\System32\svchost.exe Versione intelligence sulla sicurezza: AV: 1.421.1722.0, AS: 1.421.1722.0, NIS: 1.421.1722.0 Versione motore: AM: 1.1.24090.11, NIS: 1.1.24090.11 Date: 2025-02-02 11:20:48 Description: Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato. Ulteriori informazioni sono riportate di seguito: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/BlackWidow.MKZ!MTB&threatid=2147932214&enterprise=1 Nome: Trojan:Win64/BlackWidow.MKZ!MTB Gravità: Grave Categoria: Trojan Percorso: file:_C:\Users\GM\AppData\Roaming\Custom_update\Update_5beb69e9.dll; file:_C:\WINDOWS\System32\Tasks\Updater->(UTF-16LE); process:_pid:20180,ProcessStart:133827062915565734; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8C70E8C-1F4B-4BE8-A1C9-B940596344BF}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater; taskscheduler:_C:\WINDOWS\System32\Tasks\Updater Origine rilevamento: Computer locale Tipo rilevamento: Concreta Origine rilevamento: Sistema Utente: NT AUTHORITY\SYSTEM Nome processo: C:\Windows\System32\rundll32.exe Versione intelligence sulla sicurezza: AV: 1.421.1656.0, AS: 1.421.1656.0, NIS: 1.421.1656.0 Versione motore: AM: 1.1.24090.11, NIS: 1.1.24090.11 Date: 2025-02-02 11:20:31 Description: Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato. Ulteriori informazioni sono riportate di seguito: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/BlackWidow.MKZ!MTB&threatid=2147932214&enterprise=1 Nome: Trojan:Win64/BlackWidow.MKZ!MTB Gravità: Grave Categoria: Trojan Percorso: file:_C:\Users\GM\AppData\Roaming\Custom_update\Update_5beb69e9.dll; process:_pid:20180,ProcessStart:133827062915565734 Origine rilevamento: Computer locale Tipo rilevamento: Concreta Origine rilevamento: Sistema Utente: NT AUTHORITY\SYSTEM Nome processo: C:\Windows\System32\rundll32.exe Versione intelligence sulla sicurezza: AV: 1.421.1656.0, AS: 1.421.1656.0, NIS: 1.421.1656.0 Versione motore: AM: 1.1.24090.11, NIS: 1.1.24090.11 Date: 2025-01-30 00:00:45 Description: Microsoft Defender Antivirus: rilevato malware o altro software potenzialmente indesiderato. Ulteriori informazioni sono riportate di seguito: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bearfoos.A!ml&threatid=2147731250&enterprise=1 Nome: Trojan:Win32/Bearfoos.A!ml Gravità: Grave Categoria: Trojan Percorso: file:_C:\Users\GM\AppData\Local\bevin.exe; file:_C:\WINDOWS\System32\Tasks\vji82z\s0px8m\m1gsb8\hg5j5q\yh98fe\fujthj\3kct4u\teqzzz\f8al05\d3ukaw\lk8y9c\hly0wc\1cupue\rm4gne\goa4vf\gmfbfp\sc7t27->(UTF-16LE); regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72B82B13-48F0-4B1D-9509-62B83618FF1D}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vji82z\s0px8m\m1gsb8\hg5j5q\yh98fe\fujthj\3kct4u\teqzzz\f8al05\d3ukaw\lk8y9c\hly0wc\1cupue\rm4gne\goa4vf\gmfbfp\sc7t27; taskscheduler:_C:\WINDOWS\System32\Tasks\vji82z\s0px8m\m1gsb8\hg5j5q\yh98fe\fujthj\3kct4u\teqzzz\f8al05\d3ukaw\lk8y9c\hly0wc\1cupue\rm4gne\goa4vf\gmfbfp\sc7t27 Origine rilevamento: Computer locale Tipo rilevamento: Percorso rapido Origine rilevamento: Sistema Utente: NT AUTHORITY\SYSTEM Nome processo: Unknown Versione intelligence sulla sicurezza: AV: 1.421.1592.0, AS: 1.421.1592.0, NIS: 1.421.1592.0 Versione motore: AM: 1.1.24090.11, NIS: 1.1.24090.11 Event[0] Date: 2024-08-30 10:48:38 Description: Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza. Nuova versione intelligence sulla sicurezza: Versione intelligence sulla sicurezza precedente: 1.417.373.0 Origine aggiornamento: Server Microsoft Update Tipo intelligence sulla sicurezza: Antivirus Tipo aggiornamento: Completo Utente: NT AUTHORITY\SYSTEM Versione motore corrente: Versione motore precedente: 1.1.24070.3 Codice errore: 0x8024402c Descrizione errore: Problema imprevisto durante la ricerca degli aggiornamenti. Per informazioni sull'installazione degli aggiornamenti o la risoluzione dei problemi relativi, consultare Guida e supporto tecnico. Date: 2023-12-04 16:35:16 Description: Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza. Nuova versione intelligence sulla sicurezza: Versione intelligence sulla sicurezza precedente: 1.401.1491.0 Origine aggiornamento: Server Microsoft Update Tipo intelligence sulla sicurezza: Antivirus Tipo aggiornamento: Completo Utente: NT AUTHORITY\SYSTEM Versione motore corrente: Versione motore precedente: 1.1.23100.2009 Codice errore: 0x80072efe Descrizione errore: Connessione al server interrotta in modo anomalo Date: 2023-12-01 16:00:28 Description: Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza. Nuova versione intelligence sulla sicurezza: Versione intelligence sulla sicurezza precedente: 1.401.1491.0 Origine aggiornamento: Server Microsoft Update Tipo intelligence sulla sicurezza: Antivirus Tipo aggiornamento: Completo Utente: NT AUTHORITY\SYSTEM Versione motore corrente: Versione motore precedente: 1.1.23100.2009 Codice errore: 0x80240438 Descrizione errore: Problema imprevisto durante la ricerca degli aggiornamenti. Per informazioni sull'installazione degli aggiornamenti o la risoluzione dei problemi relativi, consultare Guida e supporto tecnico. Date: 2023-03-15 17:32:31 Description: Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza. Nuova versione intelligence sulla sicurezza: Versione intelligence sulla sicurezza precedente: 1.385.68.0 Origine aggiornamento: Server Microsoft Update Tipo intelligence sulla sicurezza: Antivirus Tipo aggiornamento: Completo Utente: NT AUTHORITY\SYSTEM Versione motore corrente: Versione motore precedente: 1.1.20100.6 Codice errore: 0x80070102 Descrizione errore: Tempo di attesa scaduto. Date: 2023-03-15 17:32:31 Description: Microsoft Defender Antivirus: errore durante il tentativo di aggiornare l'intelligence sulla sicurezza. Nuova versione intelligence sulla sicurezza: Versione intelligence sulla sicurezza precedente: 1.385.68.0 Origine aggiornamento: Server Microsoft Update Tipo intelligence sulla sicurezza: Antivirus Tipo aggiornamento: Completo Utente: NT AUTHORITY\SYSTEM Versione motore corrente: Versione motore precedente: 1.1.20100.6 Codice errore: 0x80070102 Descrizione errore: Tempo di attesa scaduto. CodeIntegrity: =============== Date: 2025-02-10 17:31:30 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. Date: 2025-02-10 17:26:22 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements. Date: 2025-02-10 17:23:58 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends International, LLC. E16R6IMS.10B 12/30/2021 Motherboard: Micro-Star International Co., Ltd. MS-16R6 Processor: 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz Percentage of memory in use: 43% Total physical RAM: 16085.51 MB Available physical RAM: 9093.95 MB Total Virtual: 17493.51 MB Available Virtual: 9874.03 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:453.63 GB) (Free:156.06 GB) (Model: KINGSTON OM8PCP3512F-AI1) NTFS \\?\Volume{7bf5cd0b-7163-4070-af09-498c341a4907}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.1 GB) NTFS \\?\Volume{a7bf8194-2128-41e5-9b19-e8185334b3fe}\ (BIOS_RVY) (Fixed) (Total:22.01 GB) (Free:0.65 GB) NTFS \\?\Volume{954740dd-deaa-45f0-b2a8-2485a4c6d962}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: C52342EA) Partition: GPT. ==================== End of Addition.txt =======================