CloseProcesses: SystemRestore: On CreateRestorePoint: File: C:\Program Files\WinRAR\Rar64.exe; C:\Program Files\Internet Explorer\CrashReporter.exe C:\Program Files\WinRAR\Rar64.exe C:\Program Files\Internet Explorer\CrashReporter.exe HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2169239335-2534296709-3254851885-1001\...\Run: [utweb] => "C:\Users\luigi\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File) HKU\S-1-5-21-2169239335-2534296709-3254851885-1001\...\Run: [] => [X] HKU\S-1-5-21-2169239335-2534296709-3254851885-1001\...\Run: [UFLLauncher] => "C:\Users\luigi\AppData\Local\UFL\launcher.exe" (No File) HKU\S-1-5-21-2169239335-2534296709-3254851885-1001\...\Run: [YandexBrowserAutoLaunch_13ED6833E69A6DE41A4B3B27379A23FA] => "C:\Program Files\Yandex\YandexBrowser\Application\browser.exe" --shutdown-if-not-closed-by-system-restart (No File) HKU\S-1-5-21-2169239335-2534296709-3254851885-1001\...\Policies\system: [shell] explorer.exe <==== ATTENTION HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install (No File) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install (No File) GroupPolicy-Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION Task: {F13FBDA5-46EF-4023-AE5A-DD2C1CBAE2E4} - \Opera scheduled assistant Autoupdate 1740762635 -> No File <==== ATTENTION Task: {5046BE15-1B94-4D2C-91D6-B0129E43A8AE} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --sapCode=PHSP --productVersion=26.10 --productPlatform=win64 --appletID=AppsPanel_BL --appletVersion=1.0 --appMode=Uninstall (No File) Task: {3A2D2899-2904-414A-B368-B78BBC8A66F7} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files\WinRAR\Rar64.exe [22528 2025-04-01] (Alexander Roshal) [File not signed] <==== ATTENTION Task: {D1D8382D-F518-425A-8122-F043D38D99C3} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Program Files\Internet Explorer\CrashReporter.exe [26112 2025-07-29] (Microsoft Corporation) [File not signed] <==== ATTENTION Task: {C218592A-6623-4178-B68B-68B6B4BA7E4D} - System32\Tasks\IECrashReporter => C:\Program Files\Internet Explorer\CrashReporter.exe [26112 2025-07-29] (Microsoft Corporation) [File not signed] <==== ATTENTION Task: {868E4BE5-C124-47D8-A313-C6E7B1673107} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File) Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) Task: {EEB076E5-D34E-4CD9-B980-FF48A1612D0F} - System32\Tasks\Opera scheduled Autoupdate 1673224351 => C:\Users\luigi\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) Task: {8BE807CC-F932-4DA7-BFFC-0E8EAFA9BA9F} - System32\Tasks\SystemOptimizerTemp => C:\Users\luigi\AppData\Local\Temp\HP\SystemOptimizerTemp\SystemOptimizer.exe -update (No File) <==== ATTENTION Task: {DD0E7917-DA44-4CE1-B189-CCD575936D57} - System32\Tasks\WinRAR => C:\Program Files\WinRAR\Rar64.exe [22528 2025-04-01] (Alexander Roshal) [File not signed] <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION CHR Extension: (AnyLoader) - C:\Users\luigi\Downloads\anyloader-1.10\dist [2024-10-05] [UpdateUrl:0] <==== ATTENTION CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok] CHR HKU\S-1-5-21-2169239335-2534296709-3254851885-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok] CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok] BRA Extension: (Online Security) - C:\Users\luigi\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok [2026-02-27] S3 tapnordvpn; \SystemRoot\System32\drivers\tapnordvpn.sys (No File) 2025-07-29 23:13 - 2025-07-29 23:13 - 000000015 _____ () C:\Users\luigi\AppData\Local\1ce19ec78cbc.tmp 2025-07-30 11:31 - 2025-07-30 11:31 - 000000014 _____ () C:\Users\luigi\AppData\Local\5531af54d4.tmp 2025-07-29 23:13 - 2025-07-29 23:13 - 000000014 _____ () C:\Users\luigi\AppData\Local\59e4360ded.tmp 2025-07-30 11:32 - 2025-07-30 11:32 - 000000015 _____ () C:\Users\luigi\AppData\Local\611653df31a1.tmp CustomCLSID: HKU\S-1-5-21-2169239335-2534296709-3254851885-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-2169239335-2534296709-3254851885-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File cmd: del "%LocalAppData%\Temp\*.*" /s /q StartPowerShell: Remove-Item -Path "HKLM:SOFTWARE\Policies\Microsoft\Windows Defender" -recurse -verbose Remove-Item -Path "HKLM:SOFTWARE\Microsoft\Windows Defender\Exclusions" -recurse -verbose Remove-Item -Path "HKLM:SOFTWARE\Microsoft\Windows Defender\Threats" -recurse -verbose Remove-Item -Path "HKLM:SOFTWARE\Policies\Microsoft\Windows Defender Security Center" -recurse -verbose EndPowerShell: Reboot: