content copied
content
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{07CA83F0-DF06-4E67-89DD-E80924A49512}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{0827D883-485C-4D62-BA2C-A332DBF3D4B0}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{1F80F4F0-5D28-40D3-A252-4D3662D5E4BA}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{3A308EFE-656D-46BB-9963-0A41C0D6BCA2}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{52146D8E-DB34-4318-BD40-D061EE9C05C5}\localserver32 -> "NAVER.WIN32_LINEwin8_8ptj331gd3tyt!LINE" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{544c4c52-de0b-4d14-9510-21745381d5ca}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{7AE67172-9863-42B1-8750-2B85084FD8E8}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{9BE266B4-A97C-486E-B993-EAEBAA798D69}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> "C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe" -toastactivated => No File
CustomCLSID: HKU\S-1-5-21-2905601665-34154832-2490742397-1001_Classes\CLSID\{F37369D9-1C22-40A0-A997-0B4D5F7B6637}\localserver32 -> "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\26.035.0222.0002\FileCoAuth.exe" => No File
AlternateDataStreams: C:\Windows\tracing:? [15]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9502]
FirewallRules: [{294F8FAD-1BCF-4C2F-88F6-91A0DC3FB496}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{B188836D-8308-4995-9923-654AF0F366CA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{1D972F37-27D5-4217-8640-BACD11F1A7B6}] => (Allow) D:\SteamLibrary\steamapps\common\Okami\okami.exe => No File
FirewallRules: [{65A4493B-C8CE-40E4-8772-FEF87431F575}] => (Allow) D:\SteamLibrary\steamapps\common\Okami\okami.exe => No File
FirewallRules: [TCP Query User{3DB2F8E0-4156-41CB-9ACA-474A2CB3FF52}E:\downloads\upnpcj133\upnpcj.exe] => (Allow) E:\downloads\upnpcj133\upnpcj.exe => No File
FirewallRules: [UDP Query User{E4B21BEB-B9F8-40E4-849A-703DA566F681}E:\downloads\upnpcj133\upnpcj.exe] => (Allow) E:\downloads\upnpcj133\upnpcj.exe => No File
FirewallRules: [TCP Query User{B994E920-B524-4221-94CD-5B3F994A5F37}C:\program files\ea games\battlefield 4\bf4.exe] => (Allow) C:\program files\ea games\battlefield 4\bf4.exe => No File
FirewallRules: [UDP Query User{3C4FB29D-1ED4-4396-9CD0-00C49756C549}C:\program files\ea games\battlefield 4\bf4.exe] => (Allow) C:\program files\ea games\battlefield 4\bf4.exe => No File
FirewallRules: [TCP Query User{C49671CB-08A9-4233-A683-FD949C4DB3BD}E:\downloads\upnpcj133 (1)\upnpcj.exe] => (Allow) E:\downloads\upnpcj133 (1)\upnpcj.exe => No File
FirewallRules: [UDP Query User{A95B160C-34CE-4DDF-BF4C-9DB8367353D7}E:\downloads\upnpcj133 (1)\upnpcj.exe] => (Allow) E:\downloads\upnpcj133 (1)\upnpcj.exe => No File
FirewallRules: [{9FB6258E-C5E9-4567-BF3F-7110BEF7F6A1}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe => No File
FirewallRules: [{0BCC550D-98E4-4F2A-AECA-49DD7DEBB3C1}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe => No File
FirewallRules: [TCP Query User{701EEBF5-C9D2-4DC4-9023-153104C6460F}C:\users\rikur\desktop\exported games\menu\win64\nw.exe] => (Allow) C:\users\rikur\desktop\exported games\menu\win64\nw.exe => No File
FirewallRules: [UDP Query User{FBA3DE1D-51B5-4B5C-A4F8-7C82236E319A}C:\users\rikur\desktop\exported games\menu\win64\nw.exe] => (Allow) C:\users\rikur\desktop\exported games\menu\win64\nw.exe => No File
FirewallRules: [TCP Query User{4854AE82-8ABB-4472-81FD-9358CF942FFC}C:\program files\electronic arts\ea desktop\ea desktop\eacefsubprocess.exe] => (Allow) C:\program files\electronic arts\ea desktop\ea desktop\eacefsubprocess.exe => No File
FirewallRules: [UDP Query User{DCFB6161-4BAD-4F63-A1F4-2B8DAF5DD437}C:\program files\electronic arts\ea desktop\ea desktop\eacefsubprocess.exe] => (Allow) C:\program files\electronic arts\ea desktop\ea desktop\eacefsubprocess.exe => No File
FirewallRules: [TCP Query User{99B56F31-3454-4141-A39B-F3AEA79A9E38}C:\users\rikur\appdata\local\discord\app-1.0.9201\discord.exe] => (Allow) C:\users\rikur\appdata\local\discord\app-1.0.9201\discord.exe => No File
FirewallRules: [UDP Query User{FC659979-EB92-4EEF-AC53-5FC8F3CC45D7}C:\users\rikur\appdata\local\discord\app-1.0.9201\discord.exe] => (Allow) C:\users\rikur\appdata\local\discord\app-1.0.9201\discord.exe => No File
FirewallRules: [TCP Query User{8818A51B-9D36-4CC6-9270-5387E5BAE4C7}E:\downloads\clickteam fusion developer 2.5\app\mmf2u.exe] => (Allow) E:\downloads\clickteam fusion developer 2.5\app\mmf2u.exe => No File
FirewallRules: [UDP Query User{2C3C0045-D07A-46BE-8296-79B7D38ED6B0}E:\downloads\clickteam fusion developer 2.5\app\mmf2u.exe] => (Allow) E:\downloads\clickteam fusion developer 2.5\app\mmf2u.exe => No File
FirewallRules: [TCP Query User{10B8082C-66A3-4EE7-94C6-915743AEFC5A}D:\steamlibrary\steamapps\common\call of duty ghosts\iw6-mod.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty ghosts\iw6-mod.exe => No File
FirewallRules: [UDP Query User{D734544F-75DC-42DE-83F1-825B41D50680}D:\steamlibrary\steamapps\common\call of duty ghosts\iw6-mod.exe] => (Allow) D:\steamlibrary\steamapps\common\call of duty ghosts\iw6-mod.exe => No File
FirewallRules: [TCP Query User{DC5699A7-D536-41E8-B626-02E5A631210B}E:\downloads\undertale_endless_server_1.8.1\undertale_endless_server.exe] => (Allow) E:\downloads\undertale_endless_server_1.8.1\undertale_endless_server.exe => No File
FirewallRules: [UDP Query User{0C743B05-3820-4620-8A3C-89D9C70B18B8}E:\downloads\undertale_endless_server_1.8.1\undertale_endless_server.exe] => (Allow) E:\downloads\undertale_endless_server_1.8.1\undertale_endless_server.exe => No File
FirewallRules: [TCP Query User{FCB0762F-19E4-4B8C-80E6-B6986CAB8E1E}E:\downloads\upnpcj133 (2)\upnpcj.exe] => (Allow) E:\downloads\upnpcj133 (2)\upnpcj.exe => No File
FirewallRules: [UDP Query User{469C60D2-BCED-4D3C-A232-A716D1B595AA}E:\downloads\upnpcj133 (2)\upnpcj.exe] => (Allow) E:\downloads\upnpcj133 (2)\upnpcj.exe => No File
FirewallRules: [TCP Query User{460727C2-DC46-4D99-809A-D5193927A0FC}E:\downloads\undertale_endless_server_1.8.3 (1)\undertale_endless_server.exe] => (Allow) E:\downloads\undertale_endless_server_1.8.3 (1)\undertale_endless_server.exe => No File
FirewallRules: [UDP Query User{4B169C5C-2BB9-4A1B-820D-89FC5B6DF68D}E:\downloads\undertale_endless_server_1.8.3 (1)\undertale_endless_server.exe] => (Allow) E:\downloads\undertale_endless_server_1.8.3 (1)\undertale_endless_server.exe => No File
FirewallRules: [TCP Query User{B460DB19-F833-430F-B1CF-E5098103F37B}C:\g-menu\g-menu.exe] => (Allow) C:\g-menu\g-menu.exe => No File
FirewallRules: [UDP Query User{216A29A5-60E9-43F3-BBA9-3BB5F07E52B7}C:\g-menu\g-menu.exe] => (Allow) C:\g-menu\g-menu.exe => No File
FirewallRules: [TCP Query User{DA7A7264-3BEA-4D1D-9C07-FCAF3667FA2A}C:\g-menu\resources\bin\g_menu.exe] => (Allow) C:\g-menu\resources\bin\g_menu.exe => No File
FirewallRules: [UDP Query User{F2003BCA-5629-40BE-95D7-3A9138521F86}C:\g-menu\resources\bin\g_menu.exe] => (Allow) C:\g-menu\resources\bin\g_menu.exe => No File
FirewallRules: [TCP Query User{85E6EC4E-17AE-4D36-A718-F05AA14B61A6}C:\users\rikur\desktop\godot_v3.6.1-stable_win64.exe\godot_v3.6.1-stable_win64.exe] => (Allow) C:\users\rikur\desktop\godot_v3.6.1-stable_win64.exe\godot_v3.6.1-stable_win64.exe => No File
FirewallRules: [UDP Query User{E1D2C6A2-6C65-42F7-8FEE-6EC7AEE5FD76}C:\users\rikur\desktop\godot_v3.6.1-stable_win64.exe\godot_v3.6.1-stable_win64.exe] => (Allow) C:\users\rikur\desktop\godot_v3.6.1-stable_win64.exe\godot_v3.6.1-stable_win64.exe => No File
FirewallRules: [TCP Query User{3BF8BA92-E19E-40C3-9CE0-B7D97D3C54FF}C:\program files (x86)\steam\steamapps\common\escapethebackrooms\escapethebackrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\escapethebackrooms\escapethebackrooms\binaries\win64\backrooms-win64-shipping.exe => No File
FirewallRules: [UDP Query User{03C74E60-BDB2-4A71-BAF3-E53E0DD93501}C:\program files (x86)\steam\steamapps\common\escapethebackrooms\escapethebackrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\escapethebackrooms\escapethebackrooms\binaries\win64\backrooms-win64-shipping.exe => No File
FirewallRules: [TCP Query User{DE224C3B-BB54-43B5-B129-D7AA5157B376}C:\users\rikur\appdata\local\discord\app-1.0.9205\discord.exe] => (Allow) C:\users\rikur\appdata\local\discord\app-1.0.9205\discord.exe => No File
FirewallRules: [UDP Query User{F49CA620-8EA8-499E-AC33-8FD07DCD9445}C:\users\rikur\appdata\local\discord\app-1.0.9205\discord.exe] => (Allow) C:\users\rikur\appdata\local\discord\app-1.0.9205\discord.exe => No File
FirewallRules: [TCP Query User{A29C85AD-C295-4233-BCF1-5422CFCFA50B}D:\steamlibrary\steamapps\common\dark hours prologue\darkhours\binaries\win64\darkhours-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\dark hours prologue\darkhours\binaries\win64\darkhours-win64-shipping.exe => No File
FirewallRules: [UDP Query User{7A9500EE-ABF9-4515-B074-B55E3FECA182}D:\steamlibrary\steamapps\common\dark hours prologue\darkhours\binaries\win64\darkhours-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\dark hours prologue\darkhours\binaries\win64\darkhours-win64-shipping.exe => No File
FirewallRules: [{C546C8A4-9F94-4DD5-BC0A-2AE7C8D21710}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe => No File
FirewallRules: [{1F418A68-5FD7-4B59-9E97-3DA8E190240F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe => No File
FirewallRules: [{F2077B12-6D4A-431E-A8F3-1DC54145E775}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe => No File
FirewallRules: [{B61E99DA-C51C-4894-A380-C35BEEAAA267}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe => No File
FirewallRules: [{18740467-870F-4D32-825C-60E2F6EAD66A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe => No File
FirewallRules: [{015C5D5C-FA89-4FBB-8D66-145AEE3EEE5C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe => No File
FirewallRules: [{EF96B998-5C9A-470E-AC51-EEE8F43698E9}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe => No File
FirewallRules: [{B71759C9-9F70-40C4-A755-865EA61C3B23}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe => No File
FirewallRules: [{39F226DF-18AC-4FB8-820A-ED72A7118D58}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe => No File
FirewallRules: [{B5528ACA-1017-423F-AD0C-0684F7B2A605}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe => No File
FirewallRules: [{86E1DC92-2C43-45EA-98F0-85E0D58ED0BD}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe => No File
FirewallRules: [TCP Query User{B8351F99-1FB9-463A-B245-CDAFFA34FD0A}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{743F4AAB-3302-4202-91E7-65190D68D0D3}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{2E22F67B-9499-46FF-9555-3B41611552A3}C:\users\rikur\desktop\godot_v3.5.2-stable_win64.exe\godot_v3.5.2-stable_win64.exe] => (Allow) C:\users\rikur\desktop\godot_v3.5.2-stable_win64.exe\godot_v3.5.2-stable_win64.exe => No File
FirewallRules: [UDP Query User{C45B96DF-9BF4-43AE-924A-23390968C61B}C:\users\rikur\desktop\godot_v3.5.2-stable_win64.exe\godot_v3.5.2-stable_win64.exe] => (Allow) C:\users\rikur\desktop\godot_v3.5.2-stable_win64.exe\godot_v3.5.2-stable_win64.exe => No File
FirewallRules: [TCP Query User{4C3F782D-A4E9-4BB8-95C6-20E9C8C0AC22}C:\users\rikur\desktop\godot_v3.5.3-stable_win64.exe\godot_v3.5.3-stable_win64.exe] => (Allow) C:\users\rikur\desktop\godot_v3.5.3-stable_win64.exe\godot_v3.5.3-stable_win64.exe => No File
FirewallRules: [UDP Query User{3277A475-ADEA-44AB-B9A6-50C98AF0AA5E}C:\users\rikur\desktop\godot_v3.5.3-stable_win64.exe\godot_v3.5.3-stable_win64.exe] => (Allow) C:\users\rikur\desktop\godot_v3.5.3-stable_win64.exe\godot_v3.5.3-stable_win64.exe => No File
FirewallRules: [{B7F3D78D-7DB4-4DE8-87E3-67D2644F778C}] => (Allow) %USERPROFILE%\AppData\Local\Packages\Microsoft.4297127D64EC6_8wekyb3d8bbwe\LocalCache\Local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C3F59E28-0226-4428-A426-A7DF3E9AA270}E:\downloads\upnpcj133_2\upnpcj.exe] => (Allow) E:\downloads\upnpcj133_2\upnpcj.exe => No File
FirewallRules: [UDP Query User{FFC8BBD7-8B05-424D-A448-EFB4408A1262}E:\downloads\upnpcj133_2\upnpcj.exe] => (Allow) E:\downloads\upnpcj133_2\upnpcj.exe => No File
FirewallRules: [TCP Query User{A7DEA3EE-962C-4211-9D16-561F32CD9CF0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{74A76380-019F-4B6A-879B-171A0E418B84}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{AC6263C4-6C68-47F6-BD71-27DBB46E7247}C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [UDP Query User{CAE2EAFA-9F9F-4135-99A1-1F9F343EB33B}C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [{2A422247-7F13-423F-81FF-40943E4F9194}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [TCP Query User{EE998F7A-3A43-4DC4-BAAE-2A47B92C1BD7}C:\users\rikur\appdata\roaming\.minecraft\mods\cinemamod-libraries\jcef_helper.exe] => (Allow) C:\users\rikur\appdata\roaming\.minecraft\mods\cinemamod-libraries\jcef_helper.exe => No File
FirewallRules: [UDP Query User{4B5FEBA4-B8E9-4047-A40E-959DF300B0DE}C:\users\rikur\appdata\roaming\.minecraft\mods\cinemamod-libraries\jcef_helper.exe] => (Allow) C:\users\rikur\appdata\roaming\.minecraft\mods\cinemamod-libraries\jcef_helper.exe => No File
FirewallRules: [TCP Query User{762F571A-F0AA-4A4C-9F8B-091828286254}C:\users\rikur\desktop\poppy playtime - chapter 5\ch5_pro\binaries\win64\ch5_pro-win64-shipping.exe] => (Allow) C:\users\rikur\desktop\poppy playtime - chapter 5\ch5_pro\binaries\win64\ch5_pro-win64-shipping.exe => No File
FirewallRules: [UDP Query User{9686792F-B945-4E46-ACFA-76374B20E131}C:\users\rikur\desktop\poppy playtime - chapter 5\ch5_pro\binaries\win64\ch5_pro-win64-shipping.exe] => (Allow) C:\users\rikur\desktop\poppy playtime - chapter 5\ch5_pro\binaries\win64\ch5_pro-win64-shipping.exe => No File
FirewallRules: [TCP Query User{255AB50A-1D25-4E5E-81BA-E1E4AC69D325}C:\program files\java\jdk-22\bin\java.exe] => (Allow) C:\program files\java\jdk-22\bin\java.exe => No File
FirewallRules: [UDP Query User{CBE2F2BB-BCB5-4F00-8534-31C813DEC4F4}C:\program files\java\jdk-22\bin\java.exe] => (Allow) C:\program files\java\jdk-22\bin\java.exe => No File
FirewallRules: [TCP Query User{C1B3FDB8-CA50-4134-B119-7982B0B97869}D:\1.20.1 forge minecraft\mods\mcef-libraries\windows_amd64\jcef_helper.exe] => (Allow) D:\1.20.1 forge minecraft\mods\mcef-libraries\windows_amd64\jcef_helper.exe => No File
FirewallRules: [UDP Query User{F05337E2-A08B-4E87-93BD-093998A3637F}D:\1.20.1 forge minecraft\mods\mcef-libraries\windows_amd64\jcef_helper.exe] => (Allow) D:\1.20.1 forge minecraft\mods\mcef-libraries\windows_amd64\jcef_helper.exe => No File
FirewallRules: [TCP Query User{A48D3552-8D7A-4897-985A-6AA5D9F6BE2E}D:\steamlibrary\steamapps\common\battlefield v\bfv.exe] => (Allow) D:\steamlibrary\steamapps\common\battlefield v\bfv.exe => No File
FirewallRules: [UDP Query User{AE5F2CE4-FDF2-47EE-A6F7-624B1DE48669}D:\steamlibrary\steamapps\common\battlefield v\bfv.exe] => (Allow) D:\steamlibrary\steamapps\common\battlefield v\bfv.exe => No File
FirewallRules: [{205CDE1B-039D-48BD-B5AF-A257CD99E23A}] => (Allow) D:\Battlefield 4\BFLauncher.exe => No File
FirewallRules: [{E536EC15-77D1-4680-AAED-6E13AC2AB8EE}] => (Allow) D:\Battlefield 4\BFLauncher.exe => No File
FirewallRules: [{46796396-A66E-4857-B2B1-F957B777B769}] => (Allow) D:\Battlefield 4\BFLauncher_x86.exe => No File
FirewallRules: [{41EA9A9B-C05E-4E8A-86AD-B0E01C3F31B9}] => (Allow) D:\Battlefield 4\BFLauncher_x86.exe => No File
FirewallRules: [TCP Query User{48436F28-E6BF-49F5-9850-ED55B9A5E69E}D:\battlefield 4\bf4.exe] => (Allow) D:\battlefield 4\bf4.exe => No File
FirewallRules: [UDP Query User{FAFD9B4B-72CB-4F10-B24E-20A6120651F7}D:\battlefield 4\bf4.exe] => (Allow) D:\battlefield 4\bf4.exe => No File
FirewallRules: [TCP Query User{0D71CFC8-7F87-4B6B-95F7-9E42950CDC6D}C:\users\rikur\appdata\local\discord\app-1.0.9233\discord.exe] => (Allow) C:\users\rikur\appdata\local\discord\app-1.0.9233\discord.exe => No File
FirewallRules: [UDP Query User{0C1EBCFD-C173-4B2A-8E30-92668997A2BC}C:\users\rikur\appdata\local\discord\app-1.0.9233\discord.exe] => (Allow) C:\users\rikur\appdata\local\discord\app-1.0.9233\discord.exe => No File
HKU\S-1-5-21-2905601665-34154832-2490742397-1001\...\Run: [OneDrive] => "C:\Users\rikur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (No File)
HKU\S-1-5-21-2905601665-34154832-2490742397-1001\...\Run: [EADM] => "C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe" -minimized (No File)
HKU\S-1-5-21-2905601665-34154832-2490742397-1001\...\Run: [G-Menu] => C:\G-Menu\G-Menu.exe --openAsHidden (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S3 EABackgroundService; "C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe" (No File)
S2 JusAdmin; "C:\Program Files (x86)\JWord\UpdateCenter\JusAdmin.exe" (No File)
S3 ace-game-0; \SystemRoot\System32\drivers\ace-game-0.sys (No File)
S3 rtwlane601; \SystemRoot\System32\drivers\rtwlane601.sys (No File)
File: C:\ProgramData\Winhance\OpenWebSearch\OpenWebSearchRepair.ps1
File: C:\ProgramData\Winhance\Scripts\OneDriveRemoval.ps1
File: C:\ProgramData\Winhance\Scripts\EdgeRemoval.ps1
File: C:\ProgramData\Winhance\Scripts\BloatRemoval.ps1
File: C:\Users\rikur\AppData\Local\Thorium\Application\thorium.exe
StartPowerShell:
# Enable real-time protection
Set-MpPreference -DisableRealtimeMonitoring $false
# Enable behavioural protection
Set-MpPreference -DisableBehaviorMonitoring $false
# Enable PUP detection
Set-MpPreference -PUAProtection Enabled
# Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default
Set-MpPreference -CloudBlockLevel 4
# Send advanced information about malicious/unwanted software present on your device
Set-MpPreference -MAPSReporting 2
# Send safe samples automatically to Microsoft
Set-MpPreference -SubmitSamplesConsent 1
# Enables inspection of HTTP traffic to detect malicious websites
Set-MpPreference -EnableNetworkProtection Enabled
# Enables block at first seen
Set-MpPreference -DisableBlockAtFirstSeen $false
# Allows scanning of archive files, such as .zip and .cab files for malware/PUP
Set-MpPreference -DisableArchiveScanning $false
# Enables automatic scanning of USB & removal drives
Set-MpPreference -DisableRemovableDriveScanning $false
# Enables scanning of network files
Set-MpPreference -DisableScanningNetworkFiles $false
# Forces signature check before running a scan
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true
# Extends cloud check timer from default 10 to 30 seconds
Set-MpPreference -CloudExtendedTimeout 30
# Enables automatic scanning of all downloaded files and attachments
Set-MpPreference -DisableIOAVProtection $false
# Enables script detection
Set-MpPreference -DisableScriptScanning $false
# Disables automatic exclusions from scanning
Set-MpPreference -DisableAutoExclusions 1
# Enables scanning of mapped network drives
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0
# Enables scanning of email files
Set-MpPreference -DisableEmailScanning 0
# Enables blocking of malicious domains and IP's on DNS level
Set-MpPreference -EnableDnsSinkhole $true
# Enables signature updates every 12 hours
Set-MpPreference -SignatureUpdateInterval 12
# Enables automatic quarantine for threats labelled as high and severe
Set-MpPreference -HighThreatDefaultAction Quarantine
Set-MpPreference -SevereThreatDefaultAction Quarantine
# Updates signatures
Update-MpSignature
EndPowerShell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
CMD: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Warn" /f
CMD: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 1 /f
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.