|
Log-Analyse und Auswertung: Windows 10:Trojan:Win32/Ymacco.AA84Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.02.2021, 23:42 | #1 |
| Windows 10:Trojan:Win32/Ymacco.AA84 Hey. Jemand hat mir Link zu einem Torrent geschickt mit einem Spiel und meinte ich soll es mir mal ausprobieren..normalerweise halte ich mich ja von solchem Kram fern, ich hab das nur damals in meiner Jugend vielleicht hier und da mal gemacht (sonst wäre mein Steamaccount mittlerweile ein wenig Geldverschwendung). Nun ja kommen wir mal zum Punkt. .exe ausgeführt, Windows blockiert wegen Trojaner..ich denke mir Windows irrt sich einfach und erlaube es trotzdem..nichts passiert außer eine Meldung von GIMP irgendetwas nicht richtig installiert (in diesem Moment hab ich erfahren das die Person scheinbar einfach den erst besten Link rausgesucht hat und sich die Dateien gar nicht angeschaut hat..). Danach hab ich das ganze mal auf Virustotal geworfen, wo folgendes rauskam: Link von VirusTotal: https://www.virustotal.com/gui/file/843aaa8076501d2ad8dba88525640162f4b9bb96312f0937472c75d8543393f1/behavior Nach dem Löschen der Dateien findet Windows & Malwarebytes hat Windows nichts mehr gefunden. Das einzige was ich bisher getan habe (außer Malwarebytes & Windows Scan) war nur die IP-Adressen-Bereich (1-255) die damit verbunden waren zu sperren. Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021 Ran by **** (02-02-2021 22:54:33) Running from C:\Users\****\Desktop Windows 10 Pro Version 20H2 19042.746 (X64) (2020-12-11 01:52:42) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-629832801-3061168427-1117579530-500 - Administrator - Disabled) **** (S-1-5-21-629832801-3061168427-1117579530-1001 - Administrator - Enabled) => C:\Users\**** DefaultAccount (S-1-5-21-629832801-3061168427-1117579530-503 - Limited - Disabled) Guest (S-1-5-21-629832801-3061168427-1117579530-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-629832801-3061168427-1117579530-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AI Noise-Canceling Microphone (HKLM\...\AI Noise-Canceling Microphone) (Version: 1.0.1.9 - ASUSTek Computer Inc.) AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.59 - ASUSTeK Computer Inc.) Amazon WorkSpaces (HKLM-x32\...\{6DDE53C5-D069-4273-9770-F9B013FB381E}) (Version: 3.1.2.1844 - Amazon Web Services, Inc) AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.6.0.1702 - Advanced Micro Devices, Inc.) Anaconda3 2020.11 (Python 3.8.5 64-bit) (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Anaconda3 2020.11 (Python 3.8.5 64-bit)) (Version: 2020.11 - Anaconda, Inc.) ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 3.3.7 - ASUS) Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft) Assassin's Creed Origins (HKLM-x32\...\Uplay Install 3539) (Version: - Ubisoft) ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.15.0 - ASUSTek COMPUTER INC.) Hidden ASUS AIOFan HAL (HKLM-x32\...\{c6059da6-7c2c-4aff-99e6-a524262404ad}) (Version: 1.1.15.0 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Extension Card HAL (HKLM-x32\...\{a75323e1-f1a4-4aff-a7ce-3858cbc1c0d2}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.69.0 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM-x32\...\{1ed19b57-ef0e-474d-946f-aac911f8b0e3}) (Version: 1.0.69.0 - ASUSTeK COMPUTER INC.) Hidden ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.03 - ASUSTek COMPUTER INC.) Hidden ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA VGA Component (HKLM-x32\...\{4e2ab86c-b539-4b1d-bacd-a434371143fb}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden ASUS Framework Service (HKLM-x32\...\{161cc9f2-e50c-4561-a999-15cf3133a1d3}) (Version: 2.0.1.3 - ASUSTek COMPUTER INC.) ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.0.1.3 - ASUSTek COMPUTER INC.) Hidden ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden ASUS GPU TweakII (HKLM-x32\...\{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.2.7.0 - ASUSTek COMPUTER INC.) Hidden ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.2.7.0 - ASUSTek COMPUTER INC.) ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 1.04.21 - ASUSTek Computer Inc.) ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.39 - ASUSTeK Computer Inc.) Hidden Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team) AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.54 - ASUS) Hidden AURA DRAM Component (HKLM-x32\...\{db73e7a9-d4ff-4857-a29c-4f6414eb8aca}) (Version: 1.0.54 - ASUS) Hidden AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.14 - ASUS) AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.14 - ASUS) AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.32 - ASUSTeK Computer Inc.) Hidden AURA Service (HKLM-x32\...\{1dd27167-f40c-47db-9e8f-b2f5d210f173}) (Version: 3.04.32 - ASUSTeK Computer Inc.) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) Battlestate Games Launcher 10.4.4.1239 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 10.4.4.1239 - Battlestate Games) BeamMP Launcher (HKLM\...\{0D8B7A7C-5EA7-41FF-8736-FEF9CF648661}) (Version: 1.80.5 - BeamMP) Hidden BeamMP Launcher (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\BeamMP Launcher 1.80.5) (Version: 1.80.5 - BeamMP) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU) CORSAIR iCUE Software (HKLM-x32\...\{74AF4222-AABF-462F-B0CC-59A4BF827F8C}) (Version: 3.36.125 - Corsair) CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.) CPUID ROG CPU-Z 1.93 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.93 - CPUID, Inc.) CrystalDiskMark 7.0.0h (HKLM\...\CrystalDiskMark7_is1) (Version: 7.0.0h - Crystal Dew World) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.13.0.1387 - Disc Soft Ltd) Dashlane (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Dashlane) (Version: 6.2103.0.42861 - Dashlane, Inc.) DB Browser for SQLite (HKLM\...\{05578DF5-8497-4177-970D-702309C5D897}) (Version: 3.12.1 - DB Browser for SQLite Team) DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Docker Desktop (HKLM\...\Docker Desktop) (Version: 3.1.0 - Docker Inc.) ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.3.0 - ENE TECHNOLOGY INC.) Hidden ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{07D9F8F3-EC99-4133-919D-DA341C62937C}) (Version: 1.1.298.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.9.10519 - Battlestate Games) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Excel (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel) Folding@home (HKLM-x32\...\FAHClient) (Version: 7.6.21 - Folding@home.org) FTB App (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Overwolf_cmogmmciplgmocnhikmphehmeecmpaggknkjlbag) (Version: 1.0.12 - Overwolf app) Futuremark SystemInfo (HKLM-x32\...\{F608ED5F-3818-4F87-A277-E52E8790C039}) (Version: 5.35.871.0 - Futuremark) Git version 2.29.2.3 (HKLM\...\Git_is1) (Version: 2.29.2.3 - The Git Development Community) Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2189.0 - Rockstar Games) HexChat (HKLM\...\HexChat_is1) (Version: 2.14.3 - HexChat) HxD Hex Editor 2.4 (HKLM\...\HxD_is1) (Version: 2.4 - Maël Hörz) icecap_collection_neutral (HKLM-x32\...\{7C703135-98AC-4EB9-86C0-0C3169C99649}) (Version: 16.8.30509 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{7C914878-C64B-4CA6-8E41-91308877A586}) (Version: 16.8.30509 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{C28C9D95-66E3-48A9-8CC4-A517661DD132}) (Version: 16.8.30607 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{D3B94F9C-CBFC-4571-B30B-7665B3A9DB4F}) (Version: 16.8.30530 - Microsoft Corporation) Hidden Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{10764165-E41B-4A08-B2B0-950EA48A27AC}) (Version: 19.0.281 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden Kingston AURA DRAM Component (HKLM-x32\...\{511a62a9-1ff0-4cc5-adfe-4a5bd044a3c0}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{E1F68FC9-F23C-4F44-8092-CAC55E43A80B}) (Version: 4.8.03761 - Microsoft Corporation) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lily (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Lily) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Microsoft .NET SDK 5.0.101 (x64) from Visual Studio (HKLM\...\{D623A466-38A7-4E39-9D69-7B07951D3406}) (Version: 5.1.120.60105 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - ) Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.13530.20440 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.8.3077.1211 - Microsoft Corporation) Microsoft-System-CLR-Typen für SQL Server 2019 CTP2.2 (HKLM\...\{0AF3B52A-F38D-4D63-9F72-73623C601CD9}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft-System-CLR-Typen für SQL Server 2019 CTP2.2 (HKLM-x32\...\{BF16A1DB-06A6-4A8E-B7A8-61F1F9C9FBA3}) (Version: 15.0.1200.24 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang) MySQL Connector Net 8.0.22 (HKLM-x32\...\{F7CB561A-E6E8-4B53-887B-DE2215BCA4C4}) (Version: 8.0.22 - Oracle) NeoFly (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\2eedfbc2cc1a251c) (Version: 2.33.0.4 - NeoFly) Node.js (HKLM\...\{7667E0D6-09E5-4146-94B0-F8918EC5A692}) (Version: 15.4.0 - Node.js Foundation) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation) NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation) NVIDIA Grafiktreiber 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation) NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera GX Stable 72.0.3815.487 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Opera GX 72.0.3815.487) (Version: 72.0.3815.487 - Opera Software) Oracle VM VirtualBox 6.1.16 (HKLM\...\{6BC7BBCE-9202-4698-B866-F02AACB838C7}) (Version: 6.1.16 - Oracle Corporation) Origin (HKLM-x32\...\Origin) (Version: 10.5.91.46291 - Electronic Arts, Inc.) Outlook (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.162.0.13 - Overwolf Ltd.) Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf) Overwolf.Setup.VC100CRTx86.Dist (HKLM-x32\...\{8989DBC1-E87B-448F-9147-57EEEC5A24A5}) (Version: 1.0.0 - Overwolf) Hidden Paket zur Festlegung von Zielversionen von Microsoft .NET Framework 4.7.2 (Deutsch) (HKLM-x32\...\{98FE7C2A-22A4-401A-B45B-2AA107C06DD7}) (Version: 4.7.03062 - Microsoft Corporation) Hidden Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive) Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.1 - Patriot Memory) Hidden Patriot Viper DRAM RGB (HKLM-x32\...\{e38442c0-a433-48c2-84e2-51ac0b30c3ab}) (Version: 1.0.9.1 - Patriot Memory) Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.3 - Patriot Memory) Hidden Patriot Viper M2 SSD RGB (HKLM-x32\...\{8839fbd5-69f9-41c5-a1cf-cdfbec966d66}) (Version: 1.0.6.3 - Patriot Memory) PDF24 Creator 10.0.7 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 10.0.7 - PDF24.org) PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden PowerPoint (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project) RAGE Multiplayer (HKLM-x32\...\RAGE Multiplayer) (Version: 0.0.1.1 - ) RamCache III (HKLM-x32\...\RamCache III) (Version: 1.01.08 - ASUSTeKcomputer Inc) Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1355.18 - Rockstar Games) REDlauncher (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com) RetroArch 1.9.0 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\RetroArch) (Version: 1.9.0 - libretro) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games) ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.1.16.0 - ASUSTek COMPUTER INC.) Sandboxie 5.46.5 (64-bit) (HKLM\...\Sandboxie) (Version: 5.46.5 - sandboxie-plus.com) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH) The Alchemyst Tale version 0.9.2a (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{ED583D84-DF75-4411-80DB-7FE5AD2F07F7}_is1) (Version: 0.9.2a - Night Games) Twine 2.3.9 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\09757d2a-5a16-578f-a64f-297ed0213ec0) (Version: 2.3.9 - Chris Klimas) TyperSolver (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\TyperSolver) (Version: 2.1.2 - ProTypers) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 118.0.10358 - Ubisoft) UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) vcpp_crt.redist.clickonce (HKLM-x32\...\{21928C37-911F-4FC7-936F-720AB8739C0E}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Visual Studio Community 2019 (HKLM-x32\...\00cf5edf) (Version: 16.8.30804.86 - Microsoft Corporation) VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{78696386-A4B6-4F69-B558-2667CD3A579D}) (Version: 16.8.30530 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{DEB11EB7-B61A-4883-8CB0-99013A4873AB}) (Version: 16.8.30608 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{A90E107F-D024-4EEC-A6F4-9E2858B4E506}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{E9439DB7-BF01-4820-8CB1-80957150AB86}) (Version: 16.8.30530 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{8990F1B6-F880-4E73-A2D9-7A611F4C38A1}) (Version: 16.8.30530 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{08AF5DA9-F3BD-4B59-8D99-C47CC4D53CAD}) (Version: 16.8.30530 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6013F369-D916-4C44-A79F-B1A35AEDAEBB}) (Version: 16.8.30530 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{E1FD1D9D-0611-4DE5-826F-37FAC17706AC}) (Version: 16.8.30615 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_vswebprotocolselectormsi (HKLM-x32\...\{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 - Microsoft Corporation) Hidden vs_vswebprotocolselectormsires (HKLM-x32\...\{0F772F74-D1D4-4D63-B37D-FBBC3D9581C7}) (Version: 16.8.30509 - Microsoft Corporation) Hidden War Thunder Launcher 1.0.3.260 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network) WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WeMod (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\WeMod) (Version: 6.3.12 - WeMod) WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH) XAMPP (HKLM\...\xampp) (Version: 8.0.0-2 - Bitnami) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.5) (Version: 1.3.5 - Xvid Team) Packages: ========= ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_3.3.7.0_x64__qmba6cd70vzyy [2021-01-21] (ASUSTeK COMPUTER INC.) Bridge Constructor Portal -> C:\Program Files\WindowsApps\HeadupGames.BridgeConstructorPortal_5.0.173.2_x64__zedvb25zy7eke [2021-02-02] (Headup Games) Control PCGP -> C:\Program Files\WindowsApps\505GAMESS.P.A.ControlPCGP_1.0.5.0_x64__tefn33qh9azfc [2021-01-22] (505 GAMES S.P.A.) Kali Linux -> C:\Program Files\WindowsApps\KaliLinux.54290C8133FEE_1.6.0.0_x64__ey8k8hqnwqnmg [2021-01-15] (Kali Linux) Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.12.13.0_x64__8wekyb3d8bbwe [2020-12-23] (Microsoft Studios) Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2020-12-11] (Microsoft Studios) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad] Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4251.0_x64__8wekyb3d8bbwe [2021-01-26] (Microsoft Corporation) [Startup Task] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21056.0_x64__8wekyb3d8bbwe [2021-01-21] (Microsoft Studios) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-21] (NVIDIA Corp.) Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64__qbz5n2kfra8p0 [2020-12-26] (Python Software Foundation) Sea of Thieves -> C:\Program Files\WindowsApps\Microsoft.SeaofThieves_2.98.921.2_x64__8wekyb3d8bbwe [2021-01-30] (ms-resource:PublisherDisplayName) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-30] (Spotify AB) [Startup Task] Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_2004.2020.812.0_x64__79rhkp1fndgsc [2021-01-31] (Canonical Group Limited) Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.0_neutral__jc2kecmnkxwqc [2021-02-01] (word.office.com) XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52 [2021-01-21] (New Work SE) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-02] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-02] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed] HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189440 2019-12-07] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS) HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\****\anaconda3\Scripts\activate.bat C:\Users\****\anaconda3 ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda32).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\****\anaconda32\Scripts\activate.bat C:\Users\****\anaconda32 ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\cf42999f6561ff23\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/ ==================== Loaded Modules (Whitelisted) ============= 2020-07-08 18:42 - 2020-07-08 18:42 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node 2020-07-08 18:42 - 2020-07-08 18:42 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node 2020-07-14 18:16 - 2020-07-14 18:16 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node 2020-12-10 23:51 - 2020-01-08 13:33 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 000884224 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 000999936 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 000987648 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 000950784 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll 2020-12-11 00:03 - 2020-02-20 10:02 - 001063424 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FanInfofromProtocol.dll 2020-12-10 23:51 - 2020-03-31 10:32 - 001164800 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll 2020-12-10 23:51 - 2020-03-31 10:31 - 005844612 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll 2020-12-10 23:51 - 2019-05-13 17:44 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll 2020-12-10 23:51 - 2019-05-13 17:44 - 000681984 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll 2020-12-10 18:59 - 2019-12-23 19:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll 2020-04-22 16:35 - 2020-04-22 16:35 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll 2020-12-10 23:51 - 2020-02-11 16:02 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\libprotobufd.dll 2020-12-10 23:51 - 2020-02-11 16:05 - 000069632 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.05\Exeio.dll 2020-11-23 18:42 - 2020-11-23 18:42 - 000356352 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll 2020-11-23 18:04 - 2020-11-23 18:04 - 000759808 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll 2020-11-23 18:04 - 2020-11-23 18:04 - 000743936 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll 2020-11-23 18:03 - 2020-11-23 18:03 - 000658944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll 2020-11-23 18:04 - 2020-11-23 18:04 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll 2020-11-23 18:03 - 2020-11-23 18:03 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll 2020-11-23 18:02 - 2020-11-23 18:02 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll 2020-05-26 18:08 - 2020-05-26 18:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll 2020-12-10 18:59 - 2019-10-24 12:15 - 002676736 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\AURAChecker.dll 2021-01-26 21:44 - 2021-01-26 21:44 - 000684544 _____ (sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SbieDll.dll 2021-01-26 21:48 - 2021-01-26 21:48 - 000121344 _____ (sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SboxHostDll.dll 2020-10-21 10:59 - 2020-10-21 10:59 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll 2020-12-10 18:59 - 2019-06-26 17:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll 2020-12-10 18:59 - 2019-06-26 17:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll 2020-12-10 19:00 - 2020-05-14 16:15 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libcrypto-1_1-x64.dll 2020-12-10 19:00 - 2020-05-14 16:15 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libssl-1_1-x64.dll 2020-12-15 19:28 - 2020-12-15 19:28 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll 2020-12-15 19:28 - 2020-12-15 19:28 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll 2020-11-23 18:02 - 2020-11-23 18:02 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll 2020-11-23 18:02 - 2020-11-23 18:02 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll 2020-12-15 19:28 - 2020-12-15 19:28 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll 2020-12-10 23:51 - 2020-02-11 16:05 - 000362496 _____ (TODO: <Company name>) [File not signed] [File is in use] C:\Program Files (x86)\ASUS\VGA COM\2.00.05\AsusGpuTweak.dll 2020-12-10 18:59 - 2019-07-31 15:48 - 000072704 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Protocol\Interrupt\InterruptTransfer.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== SearchScopes: HKU\S-1-5-21-629832801-3061168427-1117579530-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-01-11] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-01-11] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 10:14 - 2021-01-24 10:14 - 000000273 _____ C:\Windows\system32\drivers\etc\hosts 192.168.0.194 host.docker.internal 192.168.0.194 gateway.docker.internal 127.0.0.1 kubernetes.docker.internal ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\FAHClient;C:\Program Files\Git\cmd;C:\Program Files\nodejs\;C:\Program Files\dotnet\;C:\xampp\php;C:\composer;C:\Program Files\Docker\Docker\resources\bin;C:\ProgramData\DockerDesktop\version-bin HKU\S-1-5-21-629832801-3061168427-1117579530-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\****\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\****-wallpaper.png DNS Servers: 172.18.0.24 - 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Hamachi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "RamCache III " HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7786DD0F-901A-45AA-AE81-45B7F72AA411}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS) FirewallRules: [{F10D5C2E-C3F9-4448-B969-4095E26396E6}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS) FirewallRules: [{D3A95F79-C63F-44D1-9C8F-00D19B09A2CC}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) FirewallRules: [{474D76C7-C620-4D70-B4E1-CF116A2571A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{1A2A2F1E-2F38-44E1-A11F-9BBE5CA5FA4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{3213FC6A-A6BD-4291-9525-1063D682644D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{19113434-D2A4-47D4-99F6-9BF78374FB44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C0849312-FD2B-4BF5-ADA6-0F703CBD5A08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7B7683A1-BA79-43A9-9988-82C0B0C105DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{412B0D32-7ABD-4606-A9A0-A877DE3357B6}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{1995FB57-FD38-4F25-833D-4CD96B8DEF99}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{E9BCDA8E-A437-4074-903F-4F921C687CCC}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{84AC9DB7-30FC-4D2A-A13C-27F6DA69041D}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{BB4A39DA-6781-4442-869E-BC1B7F9E4A28}] => (Allow) D:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC -> Futuremark) FirewallRules: [{00FD46F9-7C32-4C6E-A7A1-DC224C32C4B4}] => (Allow) D:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC -> Futuremark) FirewallRules: [{831400C1-070D-4D5A-8421-22A3C024D9CF}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{336FD182-5415-43A4-8DFB-6C0F4B18B2B2}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{A55265F5-EE31-4421-A122-70F513EA914D}] => (Allow) D:\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com) FirewallRules: [{499377E4-3773-44C1-82DD-D3684F211E50}] => (Allow) D:\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com) FirewallRules: [TCP Query User{51C398C0-B335-4D53-B5A1-0BBD0E120918}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe FirewallRules: [UDP Query User{A16DC63B-5F41-451B-ADB5-8EC54713DA13}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe FirewallRules: [{9554AB16-9EB5-4FBE-AB6A-FF0DE4943E95}] => (Allow) D:\Steam\steamapps\common\ShareX\ShareX_Launcher.exe (ShareX Team) [File not signed] FirewallRules: [{25C6BB4E-5AB3-4246-A1A8-8EC2741F136E}] => (Allow) D:\Steam\steamapps\common\ShareX\ShareX_Launcher.exe (ShareX Team) [File not signed] FirewallRules: [TCP Query User{F9E2DB17-1EE1-40E9-A826-F3B9A92A010A}D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.) FirewallRules: [UDP Query User{AFBBD0E6-565D-41E7-94FF-D12C364215CE}D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.) FirewallRules: [TCP Query User{D230BDB9-482A-410B-AC4E-1447E96645CA}C:\users\****\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\****\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [UDP Query User{1F603E99-38C5-4350-AFE4-85B2B154BD38}C:\users\****\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\****\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{6A9D2A4E-2F28-4A2F-8219-D4233D0AAAE4}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{054648CF-7FE8-430A-BC67-CE3431597C9A}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{42165231-AF21-492D-A4F0-39B02FCA4D09}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive) FirewallRules: [{282F9C6F-4A8B-4640-8F00-16C0481EE1C0}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive) FirewallRules: [{7F9A4066-51C4-4E3D-8844-AE8F2C9343C1}] => (Allow) D:\Steam\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{C96188AD-7F9C-4230-92D8-B5CC4C6832B6}] => (Allow) D:\Steam\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [TCP Query User{94635BB5-A463-4037-A57C-1DF43CC4E909}D:\steam\steamapps\common\hearts of iron iv\hoi4.exe] => (Allow) D:\steam\steamapps\common\hearts of iron iv\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive) FirewallRules: [UDP Query User{CDB7843D-4FB1-4313-AA0B-DD9EA494E596}D:\steam\steamapps\common\hearts of iron iv\hoi4.exe] => (Allow) D:\steam\steamapps\common\hearts of iron iv\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive) FirewallRules: [TCP Query User{E865A4D0-D228-42C2-9453-F18E35C50686}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe () [File not signed] FirewallRules: [UDP Query User{9BFC10C2-6200-4051-9563-588EAF38F5D5}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe () [File not signed] FirewallRules: [TCP Query User{95739962-7F64-4842-A9CD-08B68DF68D1E}C:\users\****\appdata\local\programs\opera gx\71.0.3770.456\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\71.0.3770.456\opera.exe => No File FirewallRules: [UDP Query User{51931B1C-BD0E-4879-9603-8F61EBEAAA20}C:\users\****\appdata\local\programs\opera gx\71.0.3770.456\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\71.0.3770.456\opera.exe => No File FirewallRules: [{406D285E-5DA8-4BAE-ABD0-F77FD572EEA8}] => (Allow) D:\Rockstar\Grand Theft Auto V\GTA5.exe => No File FirewallRules: [{0CFA5555-0FCC-4404-9CDD-06E502AFCA3B}] => (Allow) D:\Rockstar\Grand Theft Auto V\GTA5.exe => No File FirewallRules: [TCP Query User{166AD9F8-1415-498C-AE06-F35A2A742EEC}C:\users\****\onedrive\desktop\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe] => (Block) C:\users\****\onedrive\desktop\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe => No File FirewallRules: [UDP Query User{5580287B-1474-4B39-BA59-92E7DD7A618C}C:\users\****\onedrive\desktop\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe] => (Block) C:\users\****\onedrive\desktop\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe => No File FirewallRules: [{D70D9065-BE58-4813-B6A8-A73677EE5DAF}] => (Allow) D:\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe (Cryptic Studios Inc. -> ) FirewallRules: [{D62F28AC-2F62-4DA5-9DE6-26172A0C3975}] => (Allow) D:\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe (Cryptic Studios Inc. -> ) FirewallRules: [{22518677-D12D-4129-9868-4E9906270B95}] => (Allow) D:\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{89E95977-8915-41DE-B595-3901B85E1B0C}] => (Allow) D:\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{40F36952-9114-4C22-9DAD-94EB719F3D54}] => (Allow) D:\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{3A3BF618-4960-4E62-9151-87C4CB8F633C}] => (Allow) D:\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{3FA11582-1CC3-4929-9BB1-666DADC52E0D}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> ) FirewallRules: [{1FAF6E54-8FA0-4977-81A0-0C61670026C7}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> ) FirewallRules: [TCP Query User{94347F4B-493C-481E-BEDA-5E0FCDD86E93}D:\steam\steamapps\common\star trek online\star trek online\live\x64\gameclient.exe] => (Allow) D:\steam\steamapps\common\star trek online\star trek online\live\x64\gameclient.exe (Cryptic Studios Inc. -> ) FirewallRules: [UDP Query User{AE952A3F-F52E-4073-9FD5-ADB728359A47}D:\steam\steamapps\common\star trek online\star trek online\live\x64\gameclient.exe] => (Allow) D:\steam\steamapps\common\star trek online\star trek online\live\x64\gameclient.exe (Cryptic Studios Inc. -> ) FirewallRules: [{1245A28D-07DE-416A-81F6-8F82D03C15AB}] => (Allow) D:\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe (2K Games) [File not signed] FirewallRules: [{90A01042-0DBA-4BA6-9D2C-FFB9F74C87DA}] => (Allow) D:\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe (2K Games) [File not signed] FirewallRules: [TCP Query User{5A879F7D-F01A-44F1-899F-1688AD6E09E0}C:\users\****\onedrive\desktop\spiele\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe] => (Block) C:\users\****\onedrive\desktop\spiele\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe => No File FirewallRules: [UDP Query User{1FF7308B-6CD9-4699-8E6E-34D13FC334F9}C:\users\****\onedrive\desktop\spiele\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe] => (Block) C:\users\****\onedrive\desktop\spiele\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe => No File FirewallRules: [TCP Query User{1AD4DB97-1BD4-46CD-89D8-B27E0D2A7413}C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.11\jdk-11.0.8+10-jre\bin\java.exe] => (Allow) C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.11\jdk-11.0.8+10-jre\bin\java.exe FirewallRules: [UDP Query User{A070B82E-1D43-464E-AC83-15514DF493C6}C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.11\jdk-11.0.8+10-jre\bin\java.exe] => (Allow) C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.11\jdk-11.0.8+10-jre\bin\java.exe FirewallRules: [TCP Query User{1A22BDD7-28D4-47E1-A81B-1E2B4F802F71}C:\users\****\appdata\local\.ftba\bin\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\****\appdata\local\.ftba\bin\runtime\jre-x64\bin\javaw.exe FirewallRules: [UDP Query User{303BB5BC-A377-4787-8499-E847DF78BA1C}C:\users\****\appdata\local\.ftba\bin\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\****\appdata\local\.ftba\bin\runtime\jre-x64\bin\javaw.exe FirewallRules: [{9592B8B5-A223-43B8-B8E7-D5BCC4AAC381}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{332CB269-CFEF-4435-B54B-83BD0B99079D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{624D2D14-49E5-4AE3-A490-06120B845E01}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{69D8FC93-AF16-4B9F-9A84-94C2F7C1A653}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{84732AD0-A17E-4817-8DD3-D6D9B3CF8F23}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB) FirewallRules: [{5D90172E-8199-4B9F-809B-759830BBEEBA}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB) FirewallRules: [{3C7BBC2C-CF43-4FB4-B749-FF37B74D0619}] => (Allow) D:\Origin\Battlefield 4\BFLauncher.exe (Electronic Arts -> EA Digital Illusions CE AB) FirewallRules: [{0E0FCC45-A427-44FC-8466-17EC8629B934}] => (Allow) D:\Origin\Battlefield 4\BFLauncher.exe (Electronic Arts -> EA Digital Illusions CE AB) FirewallRules: [{AA8B6ABA-05C6-4374-8412-549E1E725838}] => (Allow) D:\Origin\Battlefield 4\BFLauncher_x86.exe (Electronic Arts -> EA Digital Illusions CE AB) FirewallRules: [{C95A0B3A-B8C0-48CE-BAEF-C744073EE960}] => (Allow) D:\Origin\Battlefield 4\BFLauncher_x86.exe (Electronic Arts -> EA Digital Illusions CE AB) FirewallRules: [TCP Query User{EA2880DA-29EB-4903-9F97-A37B51DEEC98}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe (Electronic Arts -> EA Digital Illusions CE AB) FirewallRules: [UDP Query User{6EFE9B51-5A34-48C3-A2BA-D30DFD1B0851}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe (Electronic Arts -> EA Digital Illusions CE AB) FirewallRules: [TCP Query User{A7EA33A7-03A5-435E-BB94-8EDF1E53A516}D:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive) FirewallRules: [UDP Query User{7A550BA4-690D-4407-8521-3F3F73EECB8E}D:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive) FirewallRules: [{7F306528-E40A-445B-A96B-0368BAB831FA}] => (Allow) D:\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{0E291CBA-3687-4FBC-9227-1EDB8E4C2C5B}] => (Allow) D:\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{9E11AFDD-DD24-42E0-90BA-61DBE2073B0D}C:\ragemp\server-files\ragemp-server.exe] => (Allow) C:\ragemp\server-files\ragemp-server.exe () [File not signed] FirewallRules: [UDP Query User{0C2DB987-86DE-4665-AFB5-DD1CB430C565}C:\ragemp\server-files\ragemp-server.exe] => (Allow) C:\ragemp\server-files\ragemp-server.exe () [File not signed] FirewallRules: [{5F1BF152-9703-4BF6-8F57-24E095A38B9A}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed] FirewallRules: [{3C4D73EE-C904-4A5B-B5C8-6D72E2EE2F51}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed] FirewallRules: [{A780C78D-BFF2-4396-A087-B2D69D114B55}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release_vr.exe () [File not signed] FirewallRules: [{09827B56-1359-48A0-BF24-58D23790F53A}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release_vr.exe () [File not signed] FirewallRules: [{3CAA5F39-A6F6-4103-B307-870DB52C6AB4}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{D21C719B-10B8-4778-9D1A-3009B38F1086}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{9B29F212-0056-4E1B-9110-88C2C86B612C}] => (Allow) D:\Steam\steamapps\common\sandstorm\Insurgency.exe (New World Interactive LLC -> Epic Games, Inc.) FirewallRules: [{153268C0-40E1-4F80-BFAA-EB5CCF5322BA}] => (Allow) D:\Steam\steamapps\common\sandstorm\Insurgency.exe (New World Interactive LLC -> Epic Games, Inc.) FirewallRules: [{D24A86A9-8D24-48ED-9919-548103CF5063}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{345D5BF1-2A21-4EB0-857F-DD4FD7101D8C}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{DCE16A07-30E9-4C74-8204-084CB569A4DD}C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.12\jdk-11.0.8+10-jre\bin\java.exe] => (Allow) C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.12\jdk-11.0.8+10-jre\bin\java.exe FirewallRules: [UDP Query User{9AD0786B-892A-4147-AF69-F7100FD0A106}C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.12\jdk-11.0.8+10-jre\bin\java.exe] => (Allow) C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.12\jdk-11.0.8+10-jre\bin\java.exe FirewallRules: [TCP Query User{966CEF76-64C6-4F3A-9E60-8C76FDC55AFB}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [UDP Query User{13735AF7-D183-4194-B491-6485B2A076A3}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [TCP Query User{E7661DDB-CD0A-4087-8168-FC912425AAEC}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> ) FirewallRules: [UDP Query User{D94B103C-36AE-4A63-9F93-5C4E9174CFD0}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> ) FirewallRules: [{8D43245A-C887-44DB-A1C2-13EE5C3CE5A4}] => (Allow) D:\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe () [File not signed] FirewallRules: [{797BBE4A-FEFA-456D-BE06-B8267842454F}] => (Allow) D:\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe () [File not signed] FirewallRules: [{371BE193-E022-433E-A5D3-27FBA109BE71}] => (Allow) D:\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe () [File not signed] FirewallRules: [{C418BA58-2C79-43E7-9D4B-2FEDBAD6DEE9}] => (Allow) D:\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe () [File not signed] FirewallRules: [{F6A83E72-3170-4370-99DB-B0DB481FA27F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A1232AA7-ED53-498F-8022-EE56693B66A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4B80CBDC-97FB-486E-9D31-5C9EFCD67AD4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C89FE7B5-298C-4AC2-83C0-5F1448886F30}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B33A1487-0CAB-45FE-A39E-0882CC2E481A}] => (Allow) D:\Steam\steamapps\common\Power & Revolution 2019 Edition\_start.exe (Eversim -> ) FirewallRules: [{C8AE3775-02FA-47BF-8ABD-66014FC6294D}] => (Allow) D:\Steam\steamapps\common\Power & Revolution 2019 Edition\_start.exe (Eversim -> ) FirewallRules: [TCP Query User{28AC1266-FB3F-4D6B-921F-FC2BBA356A5A}C:\users\****\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\****\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{B0844071-20B1-4DDF-90C6-FC0AB5D05B33}C:\users\****\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\****\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2F52CA12-41E9-482C-B931-D309A66B9FE8}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe (Koch Media GmbH) [File not signed] FirewallRules: [{1978891A-89B8-4010-B707-DFBB77E438EF}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe (Koch Media GmbH) [File not signed] FirewallRules: [{F5035D1D-FD1F-4B29-A690-3A4422EDF8A5}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed] FirewallRules: [{21FA39B0-BD4B-41D5-AA28-2854ABEEB6D5}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed] FirewallRules: [{85688EF7-68C5-49FB-8263-77FA3F8FCB3E}] => (Allow) D:\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games) FirewallRules: [{DF96DE28-DF88-4EC0-A3A0-8EAB38A053BE}] => (Allow) D:\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games) FirewallRules: [{7809E508-9246-4A22-8E23-223A3AAC814C}] => (Allow) D:\Steam\steamapps\common\Sherlock Holmes - Crimes and Punishments\Binaries\Win32\Sherlock.exe (Frogwares, Inc.) [File not signed] FirewallRules: [{A14B39F2-4D15-4E12-A62C-1953BEBD413D}] => (Allow) D:\Steam\steamapps\common\Sherlock Holmes - Crimes and Punishments\Binaries\Win32\Sherlock.exe (Frogwares, Inc.) [File not signed] FirewallRules: [TCP Query User{C102D219-355A-448A-9234-827CBD0BE4B2}C:\users\****\appdata\local\programs\opera gx\72.0.3815.459\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\72.0.3815.459\opera.exe => No File FirewallRules: [UDP Query User{CDBE280C-CF6F-4564-A0C6-15AEFBE04BE2}C:\users\****\appdata\local\programs\opera gx\72.0.3815.459\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\72.0.3815.459\opera.exe => No File FirewallRules: [{B4846605-08DC-4BFE-B0FC-76805D0418E3}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed] FirewallRules: [{4CB9E398-D92D-48F9-9609-91930FF8F0D6}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed] FirewallRules: [{C5582861-2B08-44C9-A37B-99D1D0210B29}] => (Allow) D:\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe (Hubert Moszka Northwood -> ) FirewallRules: [{D723BE69-5D29-4512-B5E1-3E4F0C9C6E38}] => (Allow) D:\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe (Hubert Moszka Northwood -> ) FirewallRules: [{EA5547FF-0ADC-4FD2-98C2-61D977414CBE}] => (Allow) D:\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed] FirewallRules: [{B97A796C-0AB0-450C-B139-4EE907D740E2}] => (Allow) D:\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed] FirewallRules: [{3692566E-2E64-496D-B9D1-66BDE7235CF7}] => (Allow) D:\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe (BeamNG GmbH) [File not signed] FirewallRules: [{FEEF6682-6CE5-4E29-BAE0-AAA83F893855}] => (Allow) D:\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe (BeamNG GmbH) [File not signed] FirewallRules: [{59AD863D-ABA4-485B-9556-CC5E8415DAE3}] => (Allow) D:\Steam\steamapps\common\Squad\squad_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{AC2654B1-6C22-453F-8D0A-D52F6824813B}] => (Allow) D:\Steam\steamapps\common\Squad\squad_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{8CFCBF1F-0A9C-44DF-82A3-3BA19FF53858}] => (Allow) D:\Steam\steamapps\common\Stormworks\stormworks64.exe () [File not signed] FirewallRules: [{9FA6DCB8-2046-43C1-B0E2-B571D59FC31B}] => (Allow) D:\Steam\steamapps\common\Stormworks\stormworks64.exe () [File not signed] FirewallRules: [{8FFEE9D6-F4EF-49EB-B8B7-B51B684D9963}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3EFB3A07-6D04-4113-89A7-C063BC077B32}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{FE0FBA9A-CC97-454F-A9F0-4919A2DBE44A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3C351192-3414-4215-93DC-63472BF382DB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3D0CEEC3-1CB2-437D-8785-DF63E6211CDF}] => (Allow) D:\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{2EEE3475-9418-4721-A0BF-5D302F7CB649}] => (Allow) D:\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{8EBF74FD-8D9A-493B-A786-0EFF3549C4FB}] => (Allow) D:\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{BB141690-CC14-46E1-83C0-33AC4262082E}] => (Allow) D:\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{DDC91E8E-A45E-4243-8479-8B2BC3F4368A}] => (Allow) D:\Steam\steamapps\common\Galimulator\galimulator-windows-64bit.exe () [File not signed] FirewallRules: [{6049F9CC-1032-485C-87C8-F2EC324710FB}] => (Allow) D:\Steam\steamapps\common\Galimulator\galimulator-windows-64bit.exe () [File not signed] FirewallRules: [{1A4F1C4E-72AA-4241-9CA7-AE3981D99224}] => (Allow) D:\Steam\steamapps\common\I Am Your President Prologue\I Am Your President Prologue.exe () [File not signed] FirewallRules: [{7249E6E2-275F-4B48-8DE5-82032814C5DF}] => (Allow) D:\Steam\steamapps\common\I Am Your President Prologue\I Am Your President Prologue.exe () [File not signed] FirewallRules: [{9B7EF771-D034-46AD-BE5C-4AE09A02B49E}] => (Allow) D:\Steam\steamapps\common\Command - Modern Operations\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.) FirewallRules: [{E8E09B16-488A-4271-A1E9-07B31CE1752C}] => (Allow) D:\Steam\steamapps\common\Command - Modern Operations\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.) FirewallRules: [{206BFC6D-1B37-46D4-86A6-3FF0C054B6AD}] => (Allow) D:\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe (Frontier Developments Plc -> Frontier Developments) FirewallRules: [{ED3C82DD-DEAB-42C9-BEAA-2A2D64ADEFCA}] => (Allow) D:\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe (Frontier Developments Plc -> Frontier Developments) FirewallRules: [{20A8D4AF-45C3-4CA3-9293-114BE875352E}] => (Allow) D:\Steam\steamapps\common\DCSWorld\bin\DCS.exe (Eagle Dynamics) [File not signed] FirewallRules: [{A7AB282D-DF36-46AF-80E2-F291AED14406}] => (Allow) D:\Steam\steamapps\common\DCSWorld\bin\DCS.exe (Eagle Dynamics) [File not signed] FirewallRules: [{4DD0A5A4-940D-40BB-95B3-FFD09645BC07}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{6BA58C74-E3BD-4D9C-81FA-D4920989184C}D:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe (BeamNG GmbH) [File not signed] FirewallRules: [UDP Query User{847DF0BD-CED7-45EA-B078-9072BD20BCEE}D:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe (BeamNG GmbH) [File not signed] FirewallRules: [TCP Query User{8BD13A21-C5B7-453B-915F-3867ECAD2632}C:\users\****\appdata\roaming\beammp launcher\beammp-launcher.exe] => (Allow) C:\users\****\appdata\roaming\beammp launcher\beammp-launcher.exe (BeamMP Mod Team -> BeamMP Mod Team) [File not signed] FirewallRules: [UDP Query User{97BE7F60-9BD0-466C-BD35-EA8F1ADFAB99}C:\users\****\appdata\roaming\beammp launcher\beammp-launcher.exe] => (Allow) C:\users\****\appdata\roaming\beammp launcher\beammp-launcher.exe (BeamMP Mod Team -> BeamMP Mod Team) [File not signed] FirewallRules: [{24EA48E0-8C9E-4BAF-ACE5-6D171A204D15}] => (Allow) D:\Steam\steamapps\common\X4 Foundations\X4.exe (EGOSOFT GmbH) [File not signed] FirewallRules: [{34E06D68-F5CB-4DFF-97D9-BCEEB7CE0E61}] => (Allow) D:\Steam\steamapps\common\X4 Foundations\X4.exe (EGOSOFT GmbH) [File not signed] FirewallRules: [{4242AF25-D681-487A-990C-9F0C50579C66}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> ) FirewallRules: [{5FF49F82-0628-47B6-82B1-519EB06E0B41}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> ) FirewallRules: [TCP Query User{9D5F1208-E85D-441C-98E7-FD15D38062B1}C:\program files (x86)\amazon web services, inc\amazon workspaces\workspaces.exe] => (Allow) C:\program files (x86)\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces) FirewallRules: [UDP Query User{1A182303-BC64-457C-BB25-5434706C3D80}C:\program files (x86)\amazon web services, inc\amazon workspaces\workspaces.exe] => (Allow) C:\program files (x86)\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces) FirewallRules: [TCP Query User{1E4E019F-631E-478E-82E0-0CF99A4F74CB}C:\users\****\appdata\local\programs\opera gx\72.0.3815.465\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\72.0.3815.465\opera.exe => No File FirewallRules: [UDP Query User{93437765-8BD6-4187-BD02-DB5BFD8E92C0}C:\users\****\appdata\local\programs\opera gx\72.0.3815.465\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\72.0.3815.465\opera.exe => No File FirewallRules: [TCP Query User{9E808824-FC73-4727-B494-FBACC1228DE5}D:\rockstar\red dead redemption 2\rdr2.exe] => (Allow) D:\rockstar\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{DEC69C25-F3BF-4FB2-A427-3E474029A2B7}D:\rockstar\red dead redemption 2\rdr2.exe] => (Allow) D:\rockstar\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{F966FB8B-4743-4027-8C9D-1FFAEE885B4D}C:\users\****\appdata\local\temp\rar$exa29036.626\eveefangamepackage2\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Block) C:\users\****\appdata\local\temp\rar$exa29036.626\eveefangamepackage2\windowsnoeditor\engine\binaries\win64\ue4game.exe => No File FirewallRules: [UDP Query User{19E9AC38-4DF3-4A7E-95A8-8640ED6D471A}C:\users\****\appdata\local\temp\rar$exa29036.626\eveefangamepackage2\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Block) C:\users\****\appdata\local\temp\rar$exa29036.626\eveefangamepackage2\windowsnoeditor\engine\binaries\win64\ue4game.exe => No File FirewallRules: [{C92232C7-777A-41EC-8CE2-F898809484C1}] => (Allow) D:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.) FirewallRules: [{B49BC408-60AD-442C-BBEA-302EE9D1C3D3}] => (Allow) D:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.) FirewallRules: [{34822F08-29B8-4996-B9E2-4EDEA3D12E3F}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe (Digitalmindsoft) [File not signed] FirewallRules: [{2257886E-413D-4371-AC19-DD2305B376ED}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe (Digitalmindsoft) [File not signed] FirewallRules: [{603F4D89-790A-40F6-AF78-5B944FFBFDC2}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe (Digitalmindsoft) [File not signed] FirewallRules: [{C894250D-0AF0-457D-BB84-F165A5852CBE}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe (Digitalmindsoft) [File not signed] FirewallRules: [{7151AD8A-D9F7-4112-BC27-7E1DC2F13391}] => (Allow) C:\Program Files (x86)\Overwolf\0.162.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{A624A33C-D72D-48DB-90A5-06C4930767D9}] => (Allow) C:\Program Files (x86)\Overwolf\0.162.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{30B2A513-ABFA-42C0-9DC7-E6210E92BBEF}] => (Block) C:\Program Files (x86)\Overwolf\0.162.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{0CE0E98F-0DFB-4804-873E-4D1D8B1E6A60}] => (Block) C:\Program Files (x86)\Overwolf\0.162.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{04BCA418-C4E9-4793-9E19-DC3FA16798AF}] => (Allow) D:\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox x64.exe () [File not signed] FirewallRules: [{86AD0881-AD66-4A94-B0C9-7032C2066ECD}] => (Allow) D:\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox x64.exe () [File not signed] FirewallRules: [{09035372-09CC-4124-AFD4-286B534CE8E8}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) FirewallRules: [{BA7621F0-36DF-4FDF-B97F-FD952DEAFB4A}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) FirewallRules: [{3B1BA7BD-24E1-4092-89A1-55F83503A4E4}] => (Allow) D:\Steam\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin) FirewallRules: [{29C571B8-4048-4B6B-ABF1-5160425EB580}] => (Allow) D:\Steam\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin) FirewallRules: [{94C83A05-0D5A-465C-98EE-2E3EC6669924}] => (Allow) D:\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed] FirewallRules: [{EE584920-A999-4E50-BB70-61FA9C46B91A}] => (Allow) D:\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed] FirewallRules: [{723699F8-837D-445D-A7C5-1FB2331C0B58}] => (Allow) D:\Steam\steamapps\common\Forts\Forts.exe (EarthWork Games Pty Ltd -> ) FirewallRules: [{0E7D230F-5C92-4C27-886E-93440E60580C}] => (Allow) D:\Steam\steamapps\common\Forts\Forts.exe (EarthWork Games Pty Ltd -> ) FirewallRules: [TCP Query User{68BEA085-2FB6-41BE-B585-2CAB29E58A96}C:\users\****\appdata\local\programs\opera gx\72.0.3815.473\opera.exe] => (Block) C:\users\****\appdata\local\programs\opera gx\72.0.3815.473\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{6BB373BE-D811-453F-8A9E-0632058D00F9}C:\users\****\appdata\local\programs\opera gx\72.0.3815.473\opera.exe] => (Block) C:\users\****\appdata\local\programs\opera gx\72.0.3815.473\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{C52C4944-1ECF-4C90-BA65-B9CCEBCB66B9}D:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [UDP Query User{A9212FFD-DD7C-4344-8F79-98B96D490422}D:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment) FirewallRules: [{0EDF318D-05E6-4776-A6B6-B536B1ED799A}] => (Allow) D:\Steam\steamapps\common\Eve Online\eve.exe (CCP ehf -> ) FirewallRules: [{7B8A7DFF-51F3-4D57-8E71-DFB77E7EAC40}] => (Allow) D:\Steam\steamapps\common\Eve Online\eve.exe (CCP ehf -> ) FirewallRules: [{30725E42-5266-49F2-B8C7-69B4B051D454}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{512F6FFA-BF16-4D30-81E6-8494940E2B71}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{C5E7DB74-9F53-42FA-AFB0-44F7A21EEEF1}] => (Allow) D:\Steam\steamapps\common\World of Warships\WorldOfWarships.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{3F01911F-2A5F-4190-A4FF-4BE6EC357D9C}] => (Allow) D:\Steam\steamapps\common\World of Warships\WorldOfWarships.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{6E7ECF0B-4187-4B6F-A70D-2BF6ECF64A71}] => (Allow) D:\Steam\steamapps\common\CookingSimulator\CookingSim.exe () [File not signed] FirewallRules: [{BA979165-556B-4B62-88AE-EA899C0AF410}] => (Allow) D:\Steam\steamapps\common\CookingSimulator\CookingSim.exe () [File not signed] FirewallRules: [{FE9FB094-8CBF-4CFF-AE6A-8D79A69CA5C3}] => (Allow) D:\Steam\steamapps\common\Mr. Prepper Demo\MrPrepperDemo.exe () [File not signed] FirewallRules: [{117D89A2-A4EE-4540-8417-EE9B657EEC69}] => (Allow) D:\Steam\steamapps\common\Mr. Prepper Demo\MrPrepperDemo.exe () [File not signed] FirewallRules: [{86B8C81B-93D6-406F-BACB-5E1F15A1C265}] => (Allow) D:\Steam\steamapps\common\Train Station Renovation Demo\TrainStationRenovation.exe () [File not signed] FirewallRules: [{FE8E0FB0-3D96-480B-A00F-2A8325852047}] => (Allow) D:\Steam\steamapps\common\Train Station Renovation Demo\TrainStationRenovation.exe () [File not signed] FirewallRules: [{9BFC84D0-50C5-4B64-8795-0E7591EAF8FC}] => (Allow) D:\Steam\steamapps\common\POWER\POWER.exe (Jia Hao) [File not signed] FirewallRules: [{6FC9F053-815A-4283-AADF-FE324AB27381}] => (Allow) D:\Steam\steamapps\common\POWER\POWER.exe (Jia Hao) [File not signed] FirewallRules: [{BF004823-BE87-46DB-8C81-07922F8BDE75}] => (Allow) D:\Steam\steamapps\common\SCP Escape Together\SCP_ET.exe () [File not signed] FirewallRules: [{57176285-680F-492B-91D2-509648A8A46F}] => (Allow) D:\Steam\steamapps\common\SCP Escape Together\SCP_ET.exe () [File not signed] FirewallRules: [{71673450-8B16-45DA-9763-E26728363E9C}] => (Allow) D:\Steam\steamapps\common\Mr. Prepper Prologue\MrPrepperPrologue.exe () [File not signed] FirewallRules: [{C989F6E4-39EC-43D9-9F37-140A96529AFB}] => (Allow) D:\Steam\steamapps\common\Mr. Prepper Prologue\MrPrepperPrologue.exe () [File not signed] FirewallRules: [{B21726FF-231E-44A2-B9B6-55C6BA648CA1}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFSP.exe (Ubisoft Entertainment -> ) FirewallRules: [{59549946-5754-45FB-BE74-5087241ADA9D}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFSP.exe (Ubisoft Entertainment -> ) FirewallRules: [{2FB6E3F8-E3C2-4367-8C83-1EFB5851268D}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFMP.exe (Ubisoft Entertainment SA -> ) FirewallRules: [{3FF39816-0320-492C-A24D-F80676342442}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFMP.exe (Ubisoft Entertainment SA -> ) FirewallRules: [{0A76F963-81D6-42AF-82DD-C1C76B267A06}] => (Allow) D:\Assassin's Creed Origins\ACOrigins_plus.exe (UBISOFT ENTERTAINMENT INC. -> ) FirewallRules: [{5EB552C0-672F-462D-A1E5-9A01B8D012D5}] => (Allow) D:\Assassin's Creed Origins\ACOrigins_plus.exe (UBISOFT ENTERTAINMENT INC. -> ) FirewallRules: [{AB832C05-2E69-4500-87A2-9A993078E26C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{ACD1A008-E0D5-40EE-ADBF-D42FA2CBB4AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{864F31BC-D827-4D25-A290-013E017B2728}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F70643DB-802C-4D16-A8F1-7AC3B9DB1211}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D0823587-D208-43D5-8013-E737B718C06F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{13DC820E-BF38-4DA2-BD82-10EC91E4AE0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E2A9D566-1CB3-49ED-8457-9B9A541979EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E192947C-8C71-48F6-BCA2-5DE598965020}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C44B6CA5-CB22-4698-99B5-B0C116792D3C}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (FUTUREMARK INC -> ) FirewallRules: [{87E156FC-1608-4010-BF4F-6218120B8FB5}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (FUTUREMARK INC -> ) FirewallRules: [{90C041FB-C1F8-4C0F-879A-2EBA2D84C9B8}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (FUTUREMARK INC -> ) FirewallRules: [{E2D247D8-8554-46B7-89D5-D244358EC266}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (FUTUREMARK INC -> ) FirewallRules: [{1AF727B1-574D-4051-BEA4-6058882B6FFF}] => (Allow) D:\Steam\steamapps\common\Ultimate Epic Battle Simulator\UEBS.exe () [File not signed] FirewallRules: [{C56077D3-6B41-4479-985C-BCA55F06C13B}] => (Allow) D:\Steam\steamapps\common\Ultimate Epic Battle Simulator\UEBS.exe () [File not signed] FirewallRules: [TCP Query User{D48F0460-79D5-4D21-9B22-191357C01F53}C:\users\****\appdata\local\programs\opera gx\72.0.3815.487\opera.exe] => (Block) C:\users\****\appdata\local\programs\opera gx\72.0.3815.487\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [UDP Query User{103AA09B-D17A-4344-A893-021B238448D2}C:\users\****\appdata\local\programs\opera gx\72.0.3815.487\opera.exe] => (Block) C:\users\****\appdata\local\programs\opera gx\72.0.3815.487\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{46B2C95A-FB7D-4F4C-8BBA-6B600A5E27BB}] => (Allow) D:\Steam\steamapps\common\Plane Mechanic Simulator\PMS_build.exe () [File not signed] FirewallRules: [{2E880344-D27C-4DB3-A092-CF6E4C18AAA8}] => (Allow) D:\Steam\steamapps\common\Plane Mechanic Simulator\PMS_build.exe () [File not signed] FirewallRules: [{FF0DB466-0ABC-4E40-8540-A8C0740FD70A}] => (Allow) D:\Steam\steamapps\common\Ryse Son of Rome\Bin64\Ryse.exe (Crytek GmbH) [File not signed] FirewallRules: [{5FD56690-D163-455E-9516-543E32BD0423}] => (Allow) D:\Steam\steamapps\common\Ryse Son of Rome\Bin64\Ryse.exe (Crytek GmbH) [File not signed] ==================== Restore Points ========================= 19-01-2021 20:24:25 Scheduled Checkpoint 21-01-2021 17:27:42 AURA Service 29-01-2021 15:25:44 DirectX wurde installiert ==================== Faulty Device Manager Devices ============ Name: PCI-Ver-/Entschlüsselungscontroller Description: PCI-Ver-/Entschlüsselungscontroller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: LogMeIn Hamachi Virtual Ethernet Adapter Description: LogMeIn Hamachi Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn Inc. Service: Hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: PCI-Gerät Description: PCI-Gerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI-Gerät Description: PCI-Gerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Error: (02/02/2021 08:03:21 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-GVB5PET) Description: C:\Users\****\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCacheMicrosoft.MicrosoftOfficeHub_8wekyb3d8bbwe-2147024809 Error: (02/02/2021 07:48:21 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-GVB5PET) Description: C:\Users\****\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCacheMicrosoft.MicrosoftOfficeHub_8wekyb3d8bbwe-2147024809 Error: (02/02/2021 01:46:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wallpaper32.exe, Version: 1.0.0.0, Zeitstempel: 0x5fdea204 Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 27.21.14.6089, Zeitstempel: 0x5fd40049 Ausnahmecode: 0xc0000005 Fehleroffset: 0x004f957c ID des fehlerhaften Prozesses: 0x48d0 Startzeit der fehlerhaften Anwendung: 0x01d6f9590ac458df Pfad der fehlerhaften Anwendung: D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\nvwgf2um.dll Berichtskennung: 195a8d5e-2f88-4c64-821d-4367a61252cc Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (02/01/2021 08:39:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ArmourySwAgent.exe, Version: 1.0.0.13, Zeitstempel: 0x5f88fa47 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.746, Zeitstempel: 0x197b16c5 Ausnahmecode: 0xc000041d Fehleroffset: 0x0012a842 ID des fehlerhaften Prozesses: 0x1d50 Startzeit der fehlerhaften Anwendung: 0x01d6f8d1e73cd65a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll Berichtskennung: 91181e98-3c12-46c8-a025-676c77eda975 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (02/01/2021 08:39:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ArmourySwAgent.exe, Version: 1.0.0.13, Zeitstempel: 0x5f88fa47 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.746, Zeitstempel: 0x197b16c5 Ausnahmecode: 0xc0020001 Fehleroffset: 0x0012a842 ID des fehlerhaften Prozesses: 0x1d50 Startzeit der fehlerhaften Anwendung: 0x01d6f8d1e73cd65a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll Berichtskennung: fffc4bbb-a7d2-4780-85bf-4f54edd27e0f Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (02/01/2021 08:39:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: ArmourySwAgent.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: Ausnahmecode c0020001, Ausnahmeadresse 7549A842 Stapel: System errors: ============= Error: (02/02/2021 10:55:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/02/2021 12:46:26 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden. Error: (02/01/2021 07:18:44 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden. Error: (02/01/2021 07:18:48 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 01/02/2021 um 08:07:50 unerwartet heruntergefahren. Error: (01/31/2021 11:24:35 AM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden. Error: (01/30/2021 08:11:00 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden. Error: (01/29/2021 07:28:01 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden. Error: (01/29/2021 07:28:06 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 29/01/2021 um 19:27:18 unerwartet heruntergefahren. Windows Defender: =================================== Date: 2021-02-02 22:37:14.1070000Z Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {5F8DBCF3-6305-4395-903A-DB02AC057A5A} Überprüfungstyp: Antimalware Überprüfungsparameter: Full Scan Benutzer: DESKTOP-GVB5PET\**** Date: 2021-02-02 22:18:58.4770000Z Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AA84&threatid=2147757276&enterprise=0 Name: Trojan:Win32/Ymacco.AA84 ID: 2147757276 Schweregrad: Severe Kategorie: Trojan Pfad: file:_C:\Users\****\Downloads\Poly Bridge 2 v1.23\Poly Bridge 2 v1.23.exe Erkennungsursprung: Local machine Erkennungstype: FastPath Erkennungsquelle: Real-Time Protection Benutzer: DESKTOP-GVB5PET\**** Prozessname: C:\Program Files\qBittorrent\qbittorrent.exe Sicherheitsversion: AV: 1.331.67.0, AS: 1.331.67.0, NIS: 1.331.67.0 Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5 CodeIntegrity: =================================== Date: 2021-02-02 22:37:12.2590000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Users\****\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-02 22:37:12.2530000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Users\****\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2021-01-31 11:24:58.3850000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-01-31 11:24:58.3670000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-01-25 21:53:36.4470000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-01-25 21:53:36.4340000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-01-19 04:17:42.4170000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-01-19 04:17:42.4030000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== ---------------------------------------------------------- ==================== Drives ================================ Drive a: (****) (Fixed) (Total:14.65 GB) (Free:14.37 GB) NTFS Drive c: (Windows) (Fixed) (Total:450.5 GB) (Free:92.14 GB) NTFS Drive d: (Spiele) (Fixed) (Total:3726 GB) (Free:2140.28 GB) NTFS \\?\Volume{a50c4c6e-c1c5-4737-b5d1-c330d2935c82}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS \\?\Volume{04457ac2-27bd-80ff-f2fe-af428262d882}\ () (Fixed) (Total:49.88 GB) (Free:0 GB) NTFS \\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS \\?\Volume{28e62878-b101-a079-8951-5885c200adfd}\ () (Fixed) (Total:1.39 GB) (Free:0 GB) NTFS \\?\Volume{53c9a71f-9fe8-42a1-98f9-89888f15923a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 3. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 4. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 5. ==================== End of Addition.txt ======================= FRST.txt ist zu lang und folgt im nächstem Beitrag. |
02.02.2021, 23:43 | #2 |
| Windows 10:Trojan:Win32/Ymacco.AA84 FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021 Ran by **** (administrator) on DESKTOP-GVB5PET (ASUS System Product Name) (02-02-2021 22:53:12) Running from C:\Users\****\Desktop Loaded Profiles: **** Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: Englisch (Großbritannien) Default browser: Opera Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe (AnchorFree Inc -> The OpenVPN Project) C:\Users\****\AppData\Local\Temp\Dashlane Vpn Service\openvpn.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2> (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\AsusFanControlService.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe (ASUSTeK Computer Inc. -> TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe (Dashlane USA, Inc. -> AnchorFree Inc.) C:\Program Files (x86)\Dashlane\VPN\Service\VpnService.exe (Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\****\AppData\Roaming\Dashlane\Dashlane.exe (Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\****\AppData\Roaming\Dashlane\DashlanePlugin.exe (Discord Inc. -> Discord Inc.) C:\Users\****\AppData\Local\Discord\app-0.0.309\Discord.exe <6> (Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\com.docker.service (Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\Docker Desktop.exe (Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\resources\com.docker.backend.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2> (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe (Gaijin Network LTD -> Gaijin) C:\Users\****\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2> (Kristjan Skutta -> ) D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2101.1002.1.0_x64__8wekyb3d8bbwe\XboxAppServices.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2101.1002.1.0_x64__8wekyb3d8bbwe\XboxPcApp.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\NVDisplay.Container.exe <2> (Opera Software AS -> Opera Software) C:\Users\****\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe <49> (Opera Software AS -> Opera Software) C:\Users\****\AppData\Local\Programs\Opera GX\72.0.3815.487\opera_crashreporter.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SbieSvc.exe (ShareX Team) [File not signed] D:\Steam\steamapps\common\ShareX\ShareX\ShareX.exe (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (Valve -> Valve Corporation) D:\Steam\steam.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [558144 2020-12-15] (geek software GmbH -> geek software GmbH) HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [RamCache III ] => C:\Program Files (x86)\RamCache III\RamCache.exe [5416728 2020-12-11] (FNet Co., Ltd. -> FNet Co., Ltd) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Steam] => D:\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365512 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Discord] => C:\Users\****\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-27] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [2566064 2021-01-21] (Docker Inc -> Docker Inc.) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Gaijin.Net Updater] => C:\Users\****\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin) HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\Windows\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-12-12] ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () [File not signed] ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0143656C-1352-43B2-B3D2-E90EFFDCE983} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe [56784 2020-08-27] (ASUSTeK Computer Inc. -> ) Task: {0473DF70-B202-483D-A1D0-DF63E551836D} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4329008 2020-02-11] (ASUSTeK Computer Inc. -> TODO: <Company name>) Task: {04BAB218-20CA-4007-B360-AD3169E32E05} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {05F1CCCF-0B67-4A82-9DEB-B72B32A88D6F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2488664 2021-01-11] (Overwolf Ltd -> Overwolf LTD) Task: {1E0696C9-442B-4188-94A0-8F8F2395AF9A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {291C4142-B057-4AB8-914F-A9665F47A111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-25] (Google LLC -> Google LLC) Task: {31624867-8633-444C-836B-D496805855BC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-26] (Microsoft Corporation -> Microsoft Corporation) Task: {347FA865-78DC-448F-982C-4DC2C0F86FDF} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d6cf1e5114a45 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {365FC414-245A-454E-8C39-61AD4AAD9E1A} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64936 2021-01-13] (Microsoft Corporation -> Microsoft) Task: {42AA9FFD-20F4-4123-8122-A72BC0CC921A} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1891432 2020-10-16] (ASUSTeK Computer Inc. -> ASUS) Task: {478B7906-24BE-41E4-B4BE-95A34C89CDB7} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4A340641-FDA6-4604-AD27-6D8B00F37F83} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {58E8BC50-CF24-495A-8E62-7BB0343DE640} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {665F9586-578E-466C-9833-78B59D89123C} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1469288 2020-02-25] (ASUSTeK Computer Inc. -> ) Task: {66B1C6A7-9BDE-492C-AA6C-D122E83CEAAC} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> ) Task: {6F523221-F284-421D-A673-B21791BD48B4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-26] (Microsoft Corporation -> Microsoft Corporation) Task: {73CAFB4B-9668-4DF9-A860-CAB19131984D} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2112560 2020-01-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {75BC2A88-3584-48A7-9D16-B3D48B90AD95} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7B1D328E-0A12-4F30-8B2D-184D34665D12} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [1039360 2020-11-10] (TODO: <Company name>) [File not signed] Task: {7DF44678-13DD-4D10-A2B6-769A16641ED5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23062920 2021-01-26] (Microsoft Corporation -> Microsoft Corporation) Task: {91051D95-4C90-4F8F-BA99-31A8B0C85573} - System32\Tasks\ASUS\NoiseCancelingEngine.exe => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1232904 2020-08-13] (ASUSTeK Computer Inc. -> ASUS) Task: {91357CAD-AF0C-4C04-A189-550307E41780} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4071336 2021-01-26] (Microsoft Corporation -> Microsoft Corporation) Task: {91B3B63C-FC75-43C4-9E04-BB89455FC08D} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1509424 2020-03-31] (ASUSTeK Computer Inc. -> ) Task: {A2B1786A-58EC-4541-8F66-0BB1B2745C06} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {AD12E4D2-D3A7-42E3-BF14-CE4BE7A365DF} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [12933600 2020-12-02] (ASUSTEK COMPUTER INC. -> ASUSTeK COMPUTER INC.) Task: {B1F6C1A0-E3B6-4FE2-933B-C4632890E469} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-25] (Google LLC -> Google LLC) Task: {B934DC97-970E-4EFB-B96B-25B20E172DE8} - System32\Tasks\Opera GX scheduled Autoupdate 1607692819 => C:\Users\****\AppData\Local\Programs\Opera GX\launcher.exe [1664664 2021-01-26] (Opera Software AS -> Opera Software) Task: {C14FF1BC-FB0E-4E69-8E72-E50E4FB16E77} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4071336 2021-01-26] (Microsoft Corporation -> Microsoft Corporation) Task: {D24DD9FE-C9EA-4666-B989-42A57C3620BE} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {DCEC519B-4ED9-4E14-850B-2053D0133529} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E1ABEDE4-F6A8-47EE-935E-76328A73D5E1} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [45278736 2020-09-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {E3099887-C4B3-4973-BA83-1EF28F3B362B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E4937235-A4D5-4C1E-9381-18337C8E8EA3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {F2CA5E44-910A-471C-8EFE-B81EFB0488BB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-629832801-3061168427-1117579530-500 => C:\Users\****\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {F8BA9A0B-C67C-4AF2-AC0C-249677CD4738} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23062920 2021-01-26] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 172.18.0.24 Tcpip\..\Interfaces\{39db88fc-71f6-40ec-99ce-b07a3187949c}: [DhcpNameServer] 172.18.0.24 Tcpip\..\Interfaces\{89036400-ea9f-4c33-a062-f311870e9c6c}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\****\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-02] Edge Extension: (Outlook) - C:\Users\****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-12-11] Edge Extension: (Word) - C:\Users\****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-12-11] Edge Extension: (Excel) - C:\Users\****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-12-11] Edge Extension: (PowerPoint) - C:\Users\****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-12-11] FireFox: ======== FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed] FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-11] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-12-24] (Microsoft Corporation -> Microsoft Corporation) Opera: ======= StartMenuInternet: (HKU\S-1-5-21-629832801-3061168427-1117579530-1001) Opera GXStable - "C:\Users\****\AppData\Local\Programs\Opera GX\Launcher.exe" ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [344184 2021-01-21] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe [442416 2020-09-28] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\AsusFanControlService.exe [2070576 2020-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1122840 2021-02-01] (ASUSTeK Computer Inc. -> ) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8895512 2020-12-10] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-26] (Microsoft Corporation -> Microsoft Corporation) R2 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [16336 2021-01-21] (Docker Inc -> Docker Inc.) R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.) R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.) R3 Dashlane Vpn Service; C:\Program Files (x86)\Dashlane\VPN\Service\VpnService.exe [3403264 2020-12-07] (Dashlane USA, Inc. -> AnchorFree Inc.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4581320 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-12-18] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2020-12-08] (FUTUREMARK INC -> Futuremark) S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.) R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3053656 2021-01-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-02] (Malwarebytes Inc -> Malwarebytes) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2488664 2021-01-11] (Overwolf Ltd -> Overwolf LTD) R2 PDF24; C:\Program Files\PDF24\pdf24.exe [558144 2020-12-15] (geek software GmbH -> geek software GmbH) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2020-12-17] (Even Balance, Inc. -> ) S3 Rockstar Service; D:\Rockstar\Launcher\RockstarService.exe [1631360 2020-12-02] (Rockstar Games, Inc. -> Rockstar Games) R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [5463128 2021-01-18] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [323584 2021-01-26] (sandboxie-plus.com) [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation) S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-10-16] (Oracle Corporation -> Oracle Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation) R2 Wallpaper Engine Service; D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [514552 2020-12-14] (Kristjan Skutta -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-11] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-11] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2020-02-19] (AnchorFree Inc -> The OpenVPN Project) S3 ALSysIO; C:\Users\****\AppData\Local\Temp\ALSysIO64.sys [47240 2020-12-12] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [34112 2019-07-02] (ASUSTeK Computer Inc. -> ) R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> ) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45984 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21920 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 cpuz149; C:\Windows\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-01] (CPUID S.A.R.L.U. -> CPUID) S3 cpuz150; C:\Windows\temp\cpuz150\cpuz150_x64.sys [44832 2020-12-13] (CPUID S.A.R.L.U. -> CPUID) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-02-02] (Malwarebytes Corporation -> Malwarebytes) R0 FNETHYRAMAS; C:\Windows\System32\drivers\FNETHYRAMAS.SYS [56496 2020-12-11] (FNet Co., Ltd. -> FNet Co., Ltd.) R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> ) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.) R3 IGO_VSD; C:\Windows\system32\drivers\igovsd.sys [40224 2020-07-07] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelli-go) R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [35344 2020-11-03] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220600 2021-02-02] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-02-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-02-02] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-02-02] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-02] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142440 2021-02-02] (Malwarebytes Inc -> Malwarebytes) R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [182160 2021-01-26] (NGO -> sandboxie-plus.com) R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249344 2020-10-16] (Oracle Corporation -> Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-11] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-02 22:49 - 2021-02-02 22:50 - 000000000 ____D C:\AdwCleaner 2021-02-02 22:48 - 2021-02-02 22:53 - 000000000 ____D C:\FRST 2021-02-02 22:47 - 2021-02-02 22:47 - 000055387 _____ C:\Users\****\Downloads\FRST.txt 2021-02-02 22:41 - 2021-02-02 22:41 - 000000000 ____D C:\Users\****\AppData\LocalLow\IGDump 2021-02-02 22:37 - 2021-02-02 22:37 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2021-02-02 22:37 - 2021-02-02 22:37 - 000142440 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2021-02-02 22:37 - 2021-02-02 22:37 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2021-02-02 22:36 - 2021-02-02 22:36 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-02-02 22:36 - 2021-02-02 22:36 - 000220600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-02-02 22:36 - 2021-02-02 22:36 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2021-02-02 22:36 - 2021-02-02 22:36 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys 2021-02-02 22:36 - 2021-02-02 22:36 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-02-02 22:36 - 2021-02-02 22:36 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-02-02 22:36 - 2021-02-02 22:36 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-02-02 22:36 - 2021-02-02 22:36 - 000000000 ____D C:\Users\****\AppData\Local\mbam 2021-02-02 22:36 - 2021-02-02 22:36 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-02-02 22:35 - 2021-02-02 22:35 - 000000000 ____D C:\Program Files\Malwarebytes 2021-02-02 22:34 - 2021-02-02 22:34 - 000000000 ____D C:\Users\****\Downloads\Poly.Bridge.2.v1.23 2021-02-02 22:31 - 2021-02-02 22:34 - 350368881 _____ C:\Users\****\Downloads\Poly.Bridge.2.v1.23.rar 2021-02-02 22:26 - 2021-02-02 22:26 - 000000015 _____ C:\ProgramData\krosqm.txt 2021-02-02 19:42 - 2021-02-02 19:42 - 000000000 ____D C:\Users\****\AppData\Local\gtk-3.0 2021-02-02 18:20 - 2021-02-02 18:20 - 000000000 ____D C:\Users\****\AppData\Local\ElevatedDiagnostics 2021-02-02 15:22 - 2021-02-02 15:22 - 000000000 ____D C:\var 2021-02-02 15:22 - 2021-02-02 15:22 - 000000000 ____D C:\Users\****\AppData\LocalLow\Blackbird Interactive 2021-02-01 01:08 - 2021-02-01 01:23 - 000000000 ____D C:\Users\****\OneDrive\Documents\Audacity 2021-02-01 01:01 - 2021-02-01 01:01 - 002652579 _____ C:\Users\****\Downloads\****_EXM_02.m4a 2021-02-01 00:54 - 2021-02-01 06:30 - 000000000 ____D C:\Users\****\AppData\Roaming\audacity 2021-02-01 00:54 - 2021-02-01 00:54 - 000001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2021-02-01 00:54 - 2021-02-01 00:54 - 000001083 _____ C:\Users\Public\Desktop\Audacity.lnk 2021-02-01 00:54 - 2021-02-01 00:54 - 000001083 _____ C:\ProgramData\Desktop\Audacity.lnk 2021-02-01 00:54 - 2021-02-01 00:54 - 000000000 ____D C:\Users\****\AppData\Local\Audacity 2021-02-01 00:54 - 2021-02-01 00:54 - 000000000 ____D C:\Program Files (x86)\Audacity 2021-01-31 19:34 - 2021-01-31 19:34 - 000000000 ___RD C:\Sandbox 2021-01-31 19:33 - 2021-01-31 19:43 - 000001488 _____ C:\Windows\Sandboxie.ini 2021-01-31 19:33 - 2021-01-31 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2021-01-31 19:33 - 2021-01-31 19:33 - 000000000 ____D C:\Program Files\Sandboxie 2021-01-31 19:32 - 2021-01-31 19:33 - 005240143 _____ C:\Users\****\Downloads\Sandboxie-Classic-v5.46.5.zip 2021-01-31 19:23 - 2021-01-31 19:23 - 000077538 _____ C:\Users\****\Downloads\WhatsApp Image 2021-01-31 at 19.21.42.jpeg 2021-01-31 17:48 - 2021-01-31 17:48 - 000034005 _____ C:\Users\****\Downloads\Badeordnung.pdf 2021-01-31 11:38 - 2021-01-31 11:38 - 000000000 ____D C:\Users\****\AppData\LocalLow\DefaultCompany 2021-01-29 19:15 - 2021-01-29 19:19 - 000000000 ____D C:\Users\****\OneDrive\Documents\Assassin's Creed Origins 2021-01-29 18:41 - 2021-01-29 18:41 - 000000000 ____D C:\Users\****\AppData\Roaming\LoCity3D 2021-01-29 15:26 - 2021-01-29 15:27 - 000000000 ____D C:\Users\****\OneDrive\Documents\Assassin's Creed IV Black Flag 2021-01-29 15:15 - 2021-01-29 15:15 - 000006277 _____ C:\Users\****\Downloads\message (5).txt 2021-01-29 14:43 - 2021-01-29 14:43 - 003094193 _____ C:\Users\****\Downloads\APA_-_AstraZeneca.pdf.pdf 2021-01-29 14:42 - 2021-01-29 14:42 - 000032056 _____ C:\Users\****\Downloads\Vaccines__contract_between_European_Commission_and_AstraZeneca_now_published.pdf 2021-01-28 23:01 - 2021-01-28 23:01 - 000173067 _____ C:\Users\****\Downloads\Teilnahmebescheinigung.pdf 2021-01-28 23:00 - 2021-01-28 23:00 - 000174646 _____ C:\Users\****\Downloads\Leistungsnachweis (3).pdf 2021-01-28 19:07 - 2021-01-28 19:07 - 000000000 ____D C:\Users\****\AppData\LocalLow\Rejected Games 2021-01-28 19:03 - 2021-01-28 19:03 - 000000000 ____D C:\Users\****\AppData\LocalLow\VirtualBrightPlayz 2021-01-28 18:23 - 2021-02-02 21:39 - 000000000 ____D C:\Users\****\AppData\Roaming\power-nativefier-adf79a 2021-01-28 17:38 - 2021-01-29 19:15 - 000000000 ____D C:\Users\****\AppData\Local\Ubisoft Game Launcher 2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\ProgramData\Ubisoft 2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\Program Files (x86)\Ubisoft 2021-01-28 16:25 - 2021-01-28 16:25 - 000000000 ____D C:\Users\****\AppData\LocalLow\Wastelands Interactive 2021-01-28 16:16 - 2021-01-28 16:16 - 000000000 ____D C:\Users\****\OneDrive\Documents\Train Station Renovation 2021-01-28 16:16 - 2021-01-28 16:16 - 000000000 ____D C:\Users\****\AppData\LocalLow\Live Motion Games 2021-01-28 15:59 - 2021-01-28 15:59 - 000000000 ____D C:\Users\****\OneDrive\Documents\Wastelands-Interactive 2021-01-27 20:42 - 2021-01-27 20:42 - 000461912 _____ C:\Users\****\Downloads\11174_Kontenrahmen DATEV SKR 03.pdf 2021-01-27 20:41 - 2021-01-27 20:41 - 009229367 _____ C:\Users\****\Downloads\HHPL_2021_Onlineversion_14_01_2021 (1).pdf 2021-01-27 20:39 - 2021-01-27 20:39 - 009229367 _____ C:\Users\****\Downloads\HHPL_2021_Onlineversion_14_01_2021.pdf 2021-01-27 19:46 - 2021-01-27 19:48 - 000000000 ____D C:\Users\****\AppData\Roaming\Docker Desktop 2021-01-26 00:58 - 2021-01-26 00:58 - 000000423 _____ C:\Users\****\Downloads\jsonformatter (2).txt 2021-01-26 00:56 - 2021-01-26 00:56 - 000000479 _____ C:\Users\****\Downloads\jsonformatter (1).txt 2021-01-26 00:49 - 2021-01-26 00:49 - 000000015 _____ C:\Users\****\Downloads\jsonformatter.txt 2021-01-25 23:29 - 2021-01-25 23:29 - 000000204 _____ C:\Users\****\.gitconfig 2021-01-25 13:58 - 2021-01-25 13:58 - 000000000 ____D C:\Users\****\AppData\Roaming\com.lilithsthrone.main.Main 2021-01-25 13:56 - 2021-01-25 13:56 - 051169217 _____ C:\Users\****\Downloads\Lilith's Throne v0.3.1.8.zip 2021-01-25 04:50 - 2021-01-25 04:50 - 156422624 _____ C:\Users\****\Downloads\PSST-pc.rar 2021-01-24 21:59 - 2021-01-24 21:59 - 000392398 _____ C:\Users\****\Downloads\Boyagio Chapter 2 - 2020.pdf 2021-01-24 21:53 - 2021-01-24 21:53 - 000151928 _____ C:\Users\****\Downloads\Boyagio Chapter 1 - 2020.pdf 2021-01-24 01:04 - 2021-01-24 01:06 - 000000031 _____ C:\Users\****\.node_repl_history 2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\****\Downloads\twd (3).pdf 2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\****\Downloads\twd (2).pdf 2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\****\Downloads\twd (1).pdf 2021-01-23 21:19 - 2021-01-23 21:19 - 000111490 _____ C:\Users\****\Downloads\twd.pdf 2021-01-23 20:23 - 2021-01-23 20:23 - 000000000 ____D C:\Users\****\AppData\Local\IO Interactive 2021-01-23 20:19 - 2021-01-23 20:19 - 000000000 ____D C:\Users\****\AppData\Roaming\IO Interactive 2021-01-23 20:19 - 2021-01-23 20:19 - 000000000 ____D C:\Users\****\AppData\Local\Epic Games 2021-01-23 20:09 - 2021-01-23 20:09 - 000159421 _____ C:\Users\****\Downloads\WhatsApp Image 2021-01-23 at 20.05.11.jpeg 2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\Users\****\AppData\Local\qBittorrent 2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\Program Files\qBittorrent 2021-01-23 15:56 - 2021-01-23 15:56 - 000027012 _____ C:\Users\****\Downloads\b64c886ef8004f8ee33f4c6c7732bfedc4057c0b (1).dlc 2021-01-23 15:55 - 2021-01-23 15:55 - 000027012 _____ C:\Users\****\Downloads\b64c886ef8004f8ee33f4c6c7732bfedc4057c0b.dlc 2021-01-23 15:49 - 2021-01-23 15:49 - 000029360 _____ C:\Users\****\Downloads\d62857db3247a973c56b1e6b8646baabc5d5b5c1.dlc 2021-01-23 14:05 - 2021-01-23 14:05 - 000000000 ____D C:\Users\****\OneDrive\Documents\EVE 2021-01-23 13:55 - 2021-01-23 13:55 - 000000000 ____D C:\Users\****\AppData\Local\LauncherCrashes 2021-01-23 13:55 - 2021-01-23 13:55 - 000000000 ____D C:\Users\****\AppData\Local\CCP 2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder 2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\Users\****\AppData\Local\Gaijin 2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\ProgramData\Gaijin 2021-01-21 16:41 - 2021-01-21 16:41 - 000097854 _____ C:\Users\****\Downloads\WhatsApp Image 2021-01-21 at 10.49.26.jpeg 2021-01-21 09:29 - 2021-01-21 09:29 - 000059627 _____ C:\Users\****\Downloads\Sozialversicherungen.pdf 2021-01-21 04:47 - 2021-01-21 04:52 - 000000000 ____D C:\Users\****\OneDrive\Documents\Universe Sandbox 2021-01-21 04:47 - 2021-01-21 04:47 - 000000000 ____D C:\Users\****\AppData\LocalLow\Giant Army 2021-01-21 04:30 - 2021-01-21 04:30 - 000002149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Docker Desktop.lnk 2021-01-19 14:03 - 2021-01-19 14:03 - 000174645 _____ C:\Users\****\Downloads\Leistungsnachweis (2).pdf 2021-01-19 11:31 - 2021-01-21 04:26 - 000000000 ____D C:\Users\****\AppData\Local\Docker Desktop Installer 2021-01-19 01:31 - 2021-01-19 01:31 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProTypers 2021-01-19 01:31 - 2021-01-19 01:31 - 000000000 ____D C:\Users\****\AppData\Local\TyperSolver 2021-01-18 21:00 - 2021-01-18 21:00 - 000174645 _____ C:\Users\****\Downloads\Leistungsnachweis (1).pdf 2021-01-18 20:40 - 2021-01-18 20:40 - 000776707 _____ C:\Users\****\Downloads\PIR00_K02 (1).pdf 2021-01-18 20:39 - 2021-01-18 20:39 - 000776707 _____ C:\Users\****\Downloads\PIR00_K02.pdf 2021-01-15 15:57 - 2021-01-15 15:57 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 002254336 _____ C:\Windows\system32\dwmscene.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE 2021-01-15 15:57 - 2021-01-15 15:57 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx 2021-01-15 15:57 - 2021-01-15 15:57 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr 2021-01-15 15:57 - 2021-01-15 15:57 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx 2021-01-15 15:57 - 2021-01-15 15:57 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2021-01-15 15:57 - 2021-01-15 15:57 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr 2021-01-15 15:57 - 2021-01-15 15:57 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000467968 _____ C:\Windows\system32\AssignedAccessCsp.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000455168 _____ C:\Windows\system32\ssdm.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2021-01-15 15:57 - 2021-01-15 15:57 - 000374072 _____ C:\Windows\system32\vp9fs.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000306688 _____ C:\Windows\system32\HeatCore.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2021-01-15 15:57 - 2021-01-15 15:57 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2021-01-15 15:57 - 2021-01-15 15:57 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax 2021-01-15 15:57 - 2021-01-15 15:57 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe 2021-01-15 15:57 - 2021-01-15 15:57 - 000157184 _____ C:\Windows\system32\uwfcsp.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe 2021-01-15 15:57 - 2021-01-15 15:57 - 000138056 _____ C:\Windows\system32\HvsiManagementApi.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax 2021-01-15 15:57 - 2021-01-15 15:57 - 000101704 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2021-01-15 15:57 - 2021-01-15 15:57 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2021-01-15 15:57 - 2021-01-15 15:57 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000010894 _____ C:\Windows\system32\DrtmAuthTxt.wim 2021-01-15 03:38 - 2021-01-15 03:38 - 000000000 ____D C:\Users\****\AppData\Local\Teradici 2021-01-15 03:37 - 2021-01-15 03:37 - 000000000 ____D C:\Users\****\AppData\Local\Amazon Web Services 2021-01-15 03:36 - 2021-01-15 03:36 - 000001369 _____ C:\Users\Public\Desktop\Amazon WorkSpaces.lnk 2021-01-15 03:36 - 2021-01-15 03:36 - 000001369 _____ C:\ProgramData\Desktop\Amazon WorkSpaces.lnk 2021-01-15 03:36 - 2021-01-15 03:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon WorkSpaces 2021-01-15 03:36 - 2021-01-15 03:36 - 000000000 ____D C:\Program Files (x86)\Amazon Web Services, Inc 2021-01-15 01:54 - 2021-01-15 01:54 - 011145670 _____ C:\Users\****\Downloads\Oracle_VM_VirtualBox_Extension_Pack-6.1.16.vbox-extpack 2021-01-15 01:34 - 2021-01-15 01:34 - 000001780 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane.lnk 2021-01-15 01:34 - 2021-01-15 01:34 - 000000000 ____D C:\Users\****\AppData\LocalLow\Dashlane 2021-01-15 01:33 - 2021-01-23 17:17 - 000000000 ____D C:\Users\****\AppData\Roaming\Dashlane 2021-01-15 01:33 - 2021-01-15 01:33 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane 2021-01-14 22:27 - 2021-01-14 22:27 - 000000365 _____ C:\Users\****\Downloads\user-minus.svg 2021-01-14 21:51 - 2021-01-14 21:51 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2021-01-14 20:29 - 2021-01-14 20:31 - 080338394 _____ C:\Users\****\Downloads\Juvisu 0.1.0.zip 2021-01-14 20:27 - 2021-01-14 20:27 - 000158013 _____ C:\Users\****\Downloads\BrothersKeeper0.4.zip 2021-01-14 17:48 - 2021-01-14 17:48 - 000505278 _____ C:\Users\****\Downloads\BeamMP_Server.zip 2021-01-14 15:38 - 2021-01-14 15:38 - 000000334 _____ C:\Users\****\Downloads\dollar-sign (2).svg 2021-01-14 15:38 - 2021-01-14 15:38 - 000000334 _____ C:\Users\****\Downloads\dollar-sign (1).svg 2021-01-14 02:59 - 2021-01-14 02:59 - 000000918 _____ C:\Users\****\package-lock.json 2021-01-14 02:59 - 2021-01-14 02:59 - 000000404 _____ C:\Users\****\Downloads\user-x.svg 2021-01-14 02:59 - 2021-01-14 02:59 - 000000000 ____D C:\Users\****\node_modules 2021-01-14 00:26 - 2021-01-14 00:26 - 000000373 _____ C:\Users\****\Downloads\plus-square.svg 2021-01-14 00:26 - 2021-01-14 00:26 - 000000351 _____ C:\Users\****\Downloads\plus-circle.svg 2021-01-14 00:25 - 2021-01-14 00:25 - 000000334 _____ C:\Users\****\Downloads\dollar-sign.svg 2021-01-14 00:22 - 2021-01-14 00:22 - 000000315 _____ C:\Users\****\Downloads\pie-chart.svg 2021-01-14 00:11 - 2021-01-14 00:11 - 000000428 _____ C:\Users\****\Downloads\message-circle.svg 2021-01-14 00:11 - 2021-01-14 00:11 - 000000314 _____ C:\Users\****\Downloads\send.svg 2021-01-14 00:10 - 2021-01-14 00:10 - 000000408 _____ C:\Users\****\Downloads\user-plus.svg 2021-01-14 00:10 - 2021-01-14 00:10 - 000000386 _____ C:\Users\****\Downloads\tool.svg 2021-01-13 21:36 - 2021-01-13 21:36 - 000000000 ____D C:\Users\****\OneDrive\Documents\Egosoft 2021-01-13 18:38 - 2021-01-13 19:10 - 000000000 ____D C:\Users\****\AppData\Roaming\BeamMP Launcher 2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamMP Launcher 2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\****\AppData\Roaming\BeamMP 2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\****\AppData\Local\Caphyon 2021-01-13 18:37 - 2021-01-13 18:37 - 015464292 _____ C:\Users\****\Downloads\BeamMP_Installer.zip 2021-01-13 16:49 - 2021-01-13 16:49 - 000000000 ____D C:\Users\****\AppData\Roaming\Skype 2021-01-13 06:22 - 2021-01-13 06:22 - 000000000 ____D C:\Users\****\.matplotlib 2021-01-13 06:14 - 2021-01-13 06:14 - 001740714 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\Users\****\AppData\Local\NuGet 2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL 2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\Program Files (x86)\MySQL 2021-01-13 05:59 - 2021-01-13 05:59 - 000000000 ____D C:\Users\****\AppData\Roaming\NuGet 2021-01-13 05:56 - 2021-01-13 05:56 - 000000000 ____D C:\Users\****\.templateengine 2021-01-13 04:21 - 2021-01-13 06:38 - 000156498 _____ C:\Users\****\Untitled2.ipynb 2021-01-13 02:51 - 2021-01-13 02:51 - 001507766 _____ C:\Users\****\Downloads\CAREtaker v0.5.4.1.1-bugfixed.html 2021-01-12 14:28 - 2021-01-18 14:32 - 000000000 ___SD C:\Windows\system32\lxss 2021-01-12 14:28 - 2021-01-12 14:28 - 000001162 _____ C:\Windows\system32\config\VSMIDK 2021-01-12 14:28 - 2021-01-12 14:28 - 000000000 ___SD C:\Windows\SysWOW64\lxss 2021-01-12 02:33 - 2021-01-12 02:33 - 016528923 _____ C:\Users\****\Downloads\wordpress-5.6 (1).zip 2021-01-12 02:24 - 2021-01-12 02:25 - 016528923 _____ C:\Users\****\Downloads\wordpress-5.6.zip 2021-01-12 02:07 - 2021-01-12 02:09 - 000000838 _____ C:\Users\****\Untitled1.ipynb 2021-01-12 01:32 - 2021-01-13 06:17 - 000000000 ____D C:\Users\****\.keras 2021-01-12 01:31 - 2021-01-13 06:36 - 000000000 ____D C:\Users\****\AppData\Roaming\jupyter 2021-01-12 01:31 - 2021-01-13 04:21 - 000000000 ____D C:\Users\****\.ipynb_checkpoints 2021-01-12 01:31 - 2021-01-12 01:35 - 000000618 _____ C:\Users\****\Untitled.ipynb 2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\Users\****\AppData\Local\Yarn 2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\Users\****\.jupyter 2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\ProgramData\jupyter 2021-01-12 01:18 - 2021-01-12 01:18 - 000000000 ____D C:\Users\****\.conda 2021-01-12 01:10 - 2021-01-12 01:25 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit) 2021-01-12 01:10 - 2021-01-12 01:10 - 000000000 ____D C:\Users\****\OneDrive\Documents\Python Scripts 2021-01-12 01:09 - 2021-01-12 01:20 - 000000000 ____D C:\Users\****\anaconda3 2021-01-12 01:03 - 2021-01-12 01:03 - 063128149 _____ C:\Users\****\Downloads\tensorflow-1.13.1-cp35-cp35m-win_amd64.whl 2021-01-11 16:46 - 2021-01-11 16:46 - 000000000 ____D C:\Users\****\AppData\Roaming\PsySH 2021-01-10 06:02 - 2021-01-10 06:02 - 000000000 ____D C:\Users\****\AppData\Local\Composer 2021-01-10 06:01 - 2021-01-10 06:02 - 000000000 ____D C:\Users\****\AppData\Roaming\Composer 2021-01-10 06:01 - 2021-01-10 06:01 - 000000000 ____D C:\composer 2021-01-10 06:00 - 2021-01-10 06:00 - 002200574 _____ C:\Users\****\Downloads\composer.phar 2021-01-10 06:00 - 2021-01-10 06:00 - 002200574 _____ C:\Users\****\Downloads\composer (1).phar 2021-01-10 05:53 - 2021-01-10 05:57 - 000000000 ____D C:\Users\****\.docker 2021-01-10 05:52 - 2021-02-01 19:18 - 000000000 ____D C:\ProgramData\DockerDesktop 2021-01-10 05:52 - 2021-01-21 04:30 - 000000000 ____D C:\ProgramData\Docker 2021-01-10 05:51 - 2021-02-02 18:46 - 000000000 ____D C:\Users\****\AppData\Local\Docker 2021-01-10 05:51 - 2021-01-10 05:57 - 000000000 ____D C:\Users\****\AppData\Roaming\Docker 2021-01-10 05:51 - 2021-01-10 05:51 - 000000000 ____D C:\Program Files\Docker 2021-01-10 04:18 - 2021-01-10 04:19 - 000000000 ____D C:\Users\****\AppData\Local\tyranoscript 2021-01-10 03:24 - 2021-01-10 03:24 - 000016565 _____ C:\Users\****\Downloads\discipline.zip 2021-01-09 22:05 - 2021-01-09 22:05 - 000000000 ____D C:\Users\****\AppData\Local\enchant 2021-01-09 01:21 - 2021-01-09 01:21 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Alchemyst Tale 2021-01-08 22:31 - 2021-01-08 22:31 - 604110848 _____ C:\Users\****\OneDrive\Documents\Windows.iso 2021-01-08 22:18 - 2021-01-08 22:38 - 000000000 ____D C:\ESD 2021-01-08 22:18 - 2021-01-08 22:18 - 000000000 ___HD C:\$Windows.~WS 2021-01-08 22:17 - 2021-01-08 22:17 - 000000000 ____D C:\$WINDOWS.~BT 2021-01-08 22:15 - 2021-01-09 22:05 - 000000000 ____D C:\Users\****\AppData\Roaming\HexChat 2021-01-08 22:14 - 2021-01-08 22:14 - 010471352 _____ (HexChat ) C:\Users\****\Downloads\HexChat 2.14.3 x64.exe 2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Users\****\source 2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Users\****\AppData\Local\IdentityNexusIntegration 2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat 2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Program Files\HexChat 2021-01-08 22:13 - 2021-01-13 06:04 - 000000000 ____D C:\Users\****\AppData\Local\.IdentityService 2021-01-08 22:13 - 2021-01-08 22:14 - 000000000 ____D C:\Users\****\OneDrive\Documents\Visual Studio 2019 2021-01-08 22:13 - 2021-01-08 22:13 - 000001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2019.lnk 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\3082 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\2052 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1055 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1049 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1046 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1045 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1042 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1041 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1040 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1036 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1033 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1031 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1029 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1028 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\3082 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\2052 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1055 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1049 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1046 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1045 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1042 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1041 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1040 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1036 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1033 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1031 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1029 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1028 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Users\****\.dotnet 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files\Microsoft SQL Server 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\NuGet 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2021-01-08 22:11 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files\dotnet 2021-01-08 22:11 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\dotnet 2021-01-08 22:11 - 2021-01-08 22:11 - 000001802 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk 2021-01-08 22:11 - 2021-01-08 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019 2021-01-08 22:10 - 2021-01-13 06:15 - 000000000 ____D C:\Users\****\AppData\Roaming\Visual Studio Setup 2021-01-08 22:10 - 2021-01-13 06:03 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2021-01-08 22:10 - 2021-01-13 06:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\****\AppData\Roaming\vstelemetry 2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft Visual Studio 2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\****\AppData\Local\ServiceHub 2021-01-08 22:09 - 2021-01-08 22:09 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio 2021-01-08 14:05 - 2021-01-08 14:05 - 000000000 ____D C:\Users\****\AppData\Local\INetHistory 2021-01-08 04:00 - 2021-01-08 04:00 - 001184178 _____ C:\Users\****\Downloads\Kml Military bases.kml 2021-01-08 00:09 - 2021-01-08 00:10 - 006865541 _____ C:\Users\****\Downloads\Git Compiled (10-21-2020) (1).rar 2021-01-07 23:07 - 2021-01-07 23:07 - 000000000 ____D C:\Users\****\.prefs 2021-01-05 17:53 - 2021-01-05 18:43 - 000000000 ____D C:\Users\****\OneDrive\Documents\Mount and Blade II Bannerlord 2021-01-04 19:40 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-02 22:53 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-02-02 22:50 - 2020-12-19 17:43 - 000000000 ____D C:\Users\****\AppData\Roaming\discord 2021-02-02 22:50 - 2020-12-10 19:11 - 000000000 ____D C:\Users\****\AppData\Roaming\TS3Client 2021-02-02 22:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2021-02-02 22:23 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness 2021-02-02 21:53 - 2020-12-10 22:12 - 000000000 ____D C:\Users\****\AppData\Local\CrashDumps 2021-02-02 21:44 - 2020-12-11 02:57 - 000000000 ____D C:\Users\****\AppData\Local\Packages 2021-02-02 21:44 - 2020-12-10 19:03 - 000000000 ____D C:\Users\****\AppData\Local\PlaceholderTileLogoFolder 2021-02-02 21:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-02-02 21:33 - 2021-01-01 19:53 - 000000000 ____D C:\Users\****\AppData\Roaming\Stormworks 2021-02-02 20:46 - 2021-01-02 14:08 - 000000000 ____D C:\Users\****\AppData\Local\LogMeIn Hamachi 2021-02-02 19:37 - 2020-12-10 19:36 - 000000000 ____D C:\ProgramData\NVIDIA 2021-02-02 16:44 - 2020-12-10 23:07 - 000000000 ____D C:\Users\****\OneDrive\Documents\ShareX 2021-02-02 14:54 - 2020-12-12 06:23 - 000000000 ____D C:\Users\****\OneDrive\Documents\Paradox Interactive 2021-02-02 14:06 - 2020-12-10 19:57 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2021-02-02 12:46 - 2020-12-12 07:41 - 000000000 ____D C:\ProgramData\FAHClient 2021-02-02 12:46 - 2020-12-11 20:15 - 000003092 _____ C:\Windows\system32\Tasks\GPU Tweak II 2021-02-02 12:46 - 2020-12-11 02:51 - 000000000 ____D C:\ProgramData\ASUS 2021-02-01 20:39 - 2020-12-11 02:56 - 000000000 ____D C:\Users\**** 2021-02-01 19:25 - 2020-12-11 02:57 - 001724774 _____ C:\Windows\system32\PerfStringBackup.INI 2021-02-01 19:25 - 2020-12-11 01:33 - 000746378 _____ C:\Windows\system32\perfh007.dat 2021-02-01 19:25 - 2020-12-11 01:33 - 000154146 _____ C:\Windows\system32\perfc007.dat 2021-02-01 19:25 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF 2021-02-01 19:18 - 2020-12-11 02:51 - 001162008 _____ C:\Windows\system32\wpbbin.exe 2021-02-01 19:18 - 2020-12-11 02:51 - 001122840 _____ C:\Windows\system32\AsusUpdateCheck.exe 2021-02-01 19:18 - 2020-12-11 02:51 - 000008192 ___SH C:\DumpStack.log.tmp 2021-02-01 19:18 - 2020-11-19 00:41 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-02-01 19:18 - 2020-11-19 00:41 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-02-01 05:22 - 2020-12-12 11:16 - 000000000 ____D C:\Users\****\AppData\Roaming\Code 2021-01-31 19:39 - 2020-11-19 00:45 - 000000000 ____D C:\ProgramData\Packages 2021-01-31 16:08 - 2020-12-22 16:45 - 000000000 ____D C:\Users\****\AppData\Roaming\npm-cache 2021-01-30 20:11 - 2020-11-19 00:44 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-01-29 19:15 - 2020-12-10 19:18 - 000000000 ____D C:\Users\****\AppData\Local\D3DSCache 2021-01-29 19:04 - 2020-12-29 23:46 - 000000000 ____D C:\Users\****\OneDrive\Documents\Twine 2021-01-29 19:04 - 2020-12-29 23:46 - 000000000 ____D C:\Users\****\AppData\Roaming\Twine 2021-01-28 18:45 - 2020-12-11 14:20 - 000004232 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1607692819 2021-01-28 18:45 - 2020-12-11 14:20 - 000001438 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk 2021-01-28 18:43 - 2020-12-10 22:13 - 000000000 ____D C:\Users\****\AppData\Roaming\.minecraft 2021-01-27 20:17 - 2020-12-15 19:28 - 000000000 ____D C:\ProgramData\Origin 2021-01-27 20:17 - 2020-12-15 19:28 - 000000000 ____D C:\Program Files (x86)\Origin 2021-01-26 22:16 - 2020-12-17 21:52 - 000000000 ____D C:\Users\****\AppData\Local\Arma 3 Launcher 2021-01-26 22:02 - 2020-12-17 22:02 - 000000000 ____D C:\Users\****\AppData\Local\Arma 3 2021-01-26 10:59 - 2020-12-24 15:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-01-25 20:33 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI 2021-01-25 04:50 - 2020-12-12 00:17 - 000000000 ____D C:\Users\****\AppData\Roaming\RenPy 2021-01-24 15:56 - 2020-12-13 06:59 - 000000000 ____D C:\Users\****\AppData\Local\JDownloader 2.0 2021-01-23 21:33 - 2020-12-18 13:09 - 000000000 ____D C:\RAGEMP 2021-01-23 19:57 - 2020-12-11 02:52 - 000000000 ____D C:\Users\****\AppData\Local\Disc_Soft_Ltd 2021-01-22 10:49 - 2020-12-10 18:58 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2021-01-21 23:18 - 2020-12-10 19:36 - 000000000 ____D C:\Users\****\AppData\Local\NVIDIA Corporation 2021-01-21 21:37 - 2020-12-14 16:54 - 000000000 ____D C:\Users\****\OneDrive\Documents\My Games 2021-01-21 17:28 - 2020-12-10 19:00 - 000000000 ____D C:\Program Files (x86)\LightingService 2021-01-21 17:28 - 2020-12-10 18:59 - 000000000 ____D C:\Program Files\ASUS 2021-01-21 17:28 - 2020-12-10 18:57 - 000000000 ____D C:\ProgramData\Package Cache 2021-01-21 17:28 - 2020-12-10 18:57 - 000000000 ____D C:\Program Files (x86)\ASUS 2021-01-19 21:49 - 2020-11-19 00:44 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-01-19 21:49 - 2020-11-19 00:44 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-01-19 20:04 - 2020-12-11 00:03 - 000000000 ____D C:\Program Files (x86)\Overwolf 2021-01-19 01:31 - 2020-12-19 17:43 - 000000000 ____D C:\Users\****\AppData\Local\SquirrelTemp 2021-01-18 14:34 - 2020-11-19 00:41 - 000440880 _____ C:\Windows\system32\FNTCACHE.DAT 2021-01-18 14:32 - 2020-12-26 04:08 - 000000000 ____D C:\Program Files\Hyper-V 2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-01-18 14:32 - 2019-12-07 15:45 - 000000000 ____D C:\Windows\system32\Drivers\en-GB 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-01-16 20:15 - 2020-12-13 13:15 - 000000000 ____D C:\Users\****\OneDrive\Documents\Rockstar Games 2021-01-16 20:14 - 2020-12-13 13:15 - 000000000 ____D C:\Users\****\AppData\Local\Rockstar Games 2021-01-15 15:58 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp 2021-01-15 15:56 - 2020-11-19 00:43 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2021-01-15 15:53 - 2020-12-13 18:08 - 000000000 ____D C:\Windows\system32\MRT 2021-01-15 03:37 - 2020-12-26 04:05 - 000000000 ____D C:\Users\****\.VirtualBox 2021-01-15 02:11 - 2020-12-26 04:05 - 000000000 ____D C:\Users\****\VirtualBox VMs 2021-01-15 01:49 - 2020-12-26 04:05 - 000000000 ____D C:\ProgramData\VirtualBox 2021-01-14 21:51 - 2020-12-13 13:15 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2021-01-14 19:58 - 2020-12-20 19:45 - 000025342 _____ C:\Users\****\Downloads\verdi.pdf 2021-01-14 16:46 - 2020-12-31 22:07 - 000000000 ____D C:\Users\****\OneDrive\Documents\BeamNG.drive 2021-01-12 00:00 - 2020-12-13 06:02 - 000000000 ____D C:\ProgramData\AMD AutoUpdate 2021-01-11 12:47 - 2020-12-24 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-01-10 23:50 - 2020-12-11 02:58 - 000000000 ___RD C:\Users\****\OneDrive 2021-01-10 23:50 - 2020-12-10 20:00 - 000000000 ____D C:\Users\****\OneDrive\Documents\3DMark 2021-01-10 05:52 - 2020-11-19 03:50 - 001499136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vfpext.sys 2021-01-10 05:52 - 2020-11-19 03:50 - 001115448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lxcore.sys 2021-01-10 05:52 - 2020-11-19 03:50 - 000405824 _____ (Microsoft Corporation) C:\Windows\system32\vmprox.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\vmvpci.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000320000 _____ (Microsoft Corporation) C:\Windows\system32\vfpctrl.exe 2021-01-10 05:52 - 2020-11-19 03:50 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\wsl.exe 2021-01-10 05:52 - 2020-11-19 03:50 - 000158208 _____ (Microsoft Corporation) C:\Windows\system32\hnsdiag.exe 2021-01-10 05:52 - 2020-11-19 03:50 - 000122168 _____ (Microsoft Corporation) C:\Windows\system32\vmsifcore.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000109384 _____ (Microsoft Corporation) C:\Windows\system32\vmwpevents.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\wslconfig.exe 2021-01-10 05:52 - 2020-11-19 03:50 - 000079168 _____ (Microsoft Corporation) C:\Windows\system32\vmwpctrl.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\bash.exe 2021-01-10 05:52 - 2020-11-19 03:50 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\vfpapi.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000027960 _____ (Microsoft Corporation) C:\Windows\system32\vmsifproxystub.dll 2021-01-10 05:52 - 2020-11-19 03:49 - 000206152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys 2021-01-10 05:52 - 2020-11-19 03:49 - 000175416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000260616 _____ (Microsoft Corporation) C:\Windows\system32\hcsdiag.exe 2021-01-10 05:52 - 2019-12-07 10:09 - 000222008 _____ (Microsoft Corporation) C:\Windows\system32\NetMgmtIF.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000151352 _____ C:\Windows\system32\nmscrub.exe 2021-01-10 05:52 - 2019-12-07 10:09 - 000142648 _____ (Microsoft Corporation) C:\Windows\system32\nmbind.exe 2021-01-10 05:52 - 2019-12-07 10:09 - 000129336 _____ (Microsoft Corporation) C:\Windows\system32\vmvirtio.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000123704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000107048 _____ (Microsoft Corporation) C:\Windows\system32\p9np.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000091152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\p9rdr.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000081208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\p9np.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000061240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pvhdparser.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000058888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\l2bridge.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000049192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdparser.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000041784 _____ (Microsoft Corporation) C:\Windows\system32\NvAgent.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000039440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\passthruparser.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000037112 _____ (Microsoft Corporation) C:\Windows\system32\sbresources.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocketcontrol.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000031544 _____ (Microsoft Corporation) C:\Windows\system32\vmcomputeeventlog.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000027448 _____ (Microsoft Corporation) C:\Windows\system32\VrdUmed.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000021304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hnswfpdriver.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000015880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lxss.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000012816 _____ (Microsoft Corporation) C:\Windows\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\Windows\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\Windows\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000012304 _____ (Microsoft Corporation) C:\Windows\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll 2021-01-09 22:05 - 2021-01-01 15:31 - 000000000 ____D C:\ProgramData\NeoFly 2021-01-09 21:45 - 2021-01-01 15:28 - 000000000 ____D C:\Users\****\AppData\Local\Deployment 2021-01-08 22:38 - 2020-12-11 02:50 - 000000000 ____D C:\Windows\Panther 2021-01-08 22:13 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-01-08 22:11 - 2020-12-13 14:12 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-01-08 14:01 - 2020-12-10 19:01 - 000000000 ____D C:\Users\****\AppData\Local\Comms 2021-01-05 17:24 - 2021-01-02 20:44 - 000000000 ____D C:\Users\****\AppData\Local\FlightSimulator 2021-01-03 21:04 - 2020-12-17 22:02 - 000000000 ____D C:\Users\****\OneDrive\Documents\Arma 3 ==================== Files in the root of some directories ======== 2021-02-02 20:04 - 2021-02-02 20:04 - 000000757 _____ () C:\Users\****\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== |
03.02.2021, 12:16 | #3 |
/// TB-Ausbilder | Windows 10:Trojan:Win32/Ymacco.AA84Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen. Du hast MBAM ausgeführt? Dann poste doch bitte die dazugehörige Logdatei. |
03.02.2021, 13:59 | #4 |
| Windows 10:Trojan:Win32/Ymacco.AA84 Hallo, danke für die Antwort. Ist es das hier was du brauchst? Code:
ATTFilter 9600572DEF9717C1EAB149A367542C70E33907F9DA63E9328399A2D9C123E2D9 { "applicationVersion" : "4.3.0.98", "chromeSyncResetQueryRequested" : false, "chromeSyncResetQueryResult" : false, "clientID" : "MbamUI", "clientType" : "fullUIScan", "componentsUpdatePackageVersion" : "1.0.1157", "coreDllFileVersion" : "3.0.0.1103", "cpu" : "x64", "dbSDKUpdatePackageVersion" : "1.0.36627", "detectionDateTime" : "2021-02-02T21:37:11Z", "fileSystem" : "NTFS", "id" : "cf2631ce-659e-11eb-9587-244bfee0e3a6", "isUserAdmin" : true, "licenseState" : "trial", "linkagePhaseComplete" : true, "loggedOnUserName" : "DESKTOP-GVB5PET\\****", "machineID" : "", "os" : "Windows 10 (Build 19041.746)", "schemaVersion" : 18, "sourceDetails" : { "aggressiveMode" : false, "clientMetadata" : { "jobId" : "", "scheduleId" : "", "scheduleTag" : "" }, "ddsigEnabled" : true, "filesScannedByIG" : 7, "objectsScanned" : 346866, "scanEndTime" : "2021-02-02T21:39:33Z", "scanOnlineStatus" : "online", "scanOptions" : { "pumHandling" : "detect", "pupHandling" : "detect", "scanArchives" : true, "scanFileSystem" : true, "scanMemoryObjects" : true, "scanPUMs" : true, "scanPUPs" : true, "scanRookits" : false, "scanStartupAndRegistry" : true, "scanType" : "threat", "useHeuristics" : true }, "scanResult" : "completed", "scanStartTime" : "2021-02-02T21:37:11Z", "scanState" : "completed", "shurikenEnabled" : true, "type" : "scan" }, "threats" : [ { "ddsSigFileVersion" : "01099226", "linkedTraces" : [ ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { }, "cleanResult" : "notStarted", "cleanResultErrorCode" : 0, "cleanTime" : "", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : 0, "id" : "fd2d067e-659e-11eb-a062-244bfee0e3a6", "igExitCode" : "", "isPEFile" : true, "isPEFileValid" : true, "linkType" : "none", "objectMD5" : "91FCEA45B122C6581A5725CE34F04C7F", "objectPath" : "C:\\$RECYCLE.BIN\\S-1-5-21-629832801-3061168427-1117579530-1001\\$RZND0WV.23\\POLY BRIDGE 2 V1.23.EXE", "objectSha256" : "843AAA8076501D2AD8DBA88525640162F4B9BB96312F0937472C75D8543393F1", "objectSize" : 1313792, "objectType" : "file", "resolvedPath" : "C:\\$Recycle.Bin\\S-1-5-21-629832801-3061168427-1117579530-1001\\$RZND0WV.23\\Poly Bridge 2 v1.23.exe", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : true, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : true, "whitelistCheckError" : false }, "winVerifyTrustResult" : { "expectedError" : true, "lastErrorCode" : -2146762496, "wvtCalled" : true, "wvtResult" : -2146762496 } }, "ruleID" : 901746, "ruleString" : "EE3F2D9D962F6475FE8ED801", "rulesVersion" : "1.0.36627", "srcEngineComponent" : "dds", "srcEngineThreatNames" : [ "Malware.AI.4270774273", "Malware.Heuristic.1001" ], "threatID" : 74, "threatName" : "Trojan.Crypt" }, { "ddsSigFileVersion" : "01099226", "linkedTraces" : [ ], } ], "threatsDetected" : 1 } |
03.02.2021, 14:44 | #5 | |||
/// TB-Ausbilder | Windows 10:Trojan:Win32/Ymacco.AA84 Das genügt auch, danke. Zitat:
Zitat:
Zitat:
Schritt 1
Schritt 2
Bitte poste mit deiner nächsten Antwort:
|
03.02.2021, 15:53 | #6 |
| Windows 10:Trojan:Win32/Ymacco.AA84 Bin leider zu doof für zitieren. Wofür benötigst du diese Software? Brauche Node.js für die Entwicklung in Typescript/Javascript Über diverse Torrent-Systeme wird oft Malware verbreitet. Du solltest dir gut überlegen, so etwas weiter zu verwenden, zudem du bei derartiger Software ganz schnell im illegalen Bereich bist. Oder sind diese Informationen neu für dich? Nein, ist keine neue Information, in der Tat benutze ich Torrents meist für das downloaden von Systemabbildern (ISO Datein), da sind Torrents in der Regel praktischer weil eben keine Downloadfehler gibt (ja, ist das gleiche als ob man den Hash vom Download vergleicht aber man hat ja nicht immer von Seiten des Uploaders den Hash. AdwCleaner hast du auch ausgeführt. Die Logdatei möchtest du nicht posten? Sorry, hab ich vergessen. Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 8.0.9.1 # ------------------------------- # Build: 01-20-2021 # Database: 2021-01-11.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 02-02-2021 # Duration: 00:00:15 # OS: Windows 10 Pro # Scanned: 31956 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 03-02-2021 Ran by **** (03-02-2021 15:35:25) Run:1 Running from C:\Users\****\OneDrive\Desktop Loaded Profiles: **** Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: C:\Users\****\Downloads\Poly Bridge 2 v1.23 C:\Users\Default\Downloads\Poly Bridge 2 v1.23 C:\Users\****\Downloads\Poly.Bridge.2.v1.23.rar C:\Users\Default\Downloads\Poly.Bridge.2.v1.23.rar C:\ProgramData\krosqm.txt CMD: ipconfig /flushdns CMD: netsh winsock reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: Bitsadmin /Reset /Allusers powershell: Set-MpPreference -PUAProtection Enabled powershell: Set-MpPreference -DisableScanningNetworkFiles 0 Hosts: RemoveProxy: SystemRestore: On EmptyTemp: ***************** Processes closed successfully. "C:\Users\****\Downloads\Poly Bridge 2 v1.23" => not found "C:\Users\Default\Downloads\Poly Bridge 2 v1.23" => not found C:\Users\****\Downloads\Poly.Bridge.2.v1.23.rar => moved successfully "C:\Users\Default\Downloads\Poly.Bridge.2.v1.23.rar" => not found C:\ProgramData\krosqm.txt => moved successfully ========= ipconfig /flushdns ========= Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. ========= End of CMD: ========= ========= netsh winsock reset ========= Der Winsock-Katalog wurde zurckgesetzt. Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen. ========= End of CMD: ========= ========= netsh advfirewall reset ========= OK. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= OK. ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright Microsoft Corp. {1ED14D3D-4595-4152-BAEA-9550F051DBCA} canceled. {A254A23E-5760-410D-BE54-BEA19654CEA1} canceled. 2 out of 2 jobs canceled. ========= End of CMD: ========= ========= Set-MpPreference -PUAProtection Enabled ========= Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist. In C:\FRST\tmp.ps1:1 Zeichen:1 + Set-MpPreference -PUAProtection Enabled + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], CimException + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference ========= End of Powershell: ========= ========= Set-MpPreference -DisableScanningNetworkFiles 0 ========= Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist. In C:\FRST\tmp.ps1:1 Zeichen:1 + Set-MpPreference -DisableScanningNetworkFiles 0 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference], CimException + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference ========= End of Powershell: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-629832801-3061168427-1117579530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-629832801-3061168427-1117579530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= SystemRestore: On => completed =========== EmptyTemp: ========== BITS transfer queue => 9461760 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39109690 B Java, Flash, Steam htmlcache => 94518319 B Windows/system/drivers => 24183840 B Edge => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 432 B LocalService => 29058 B NetworkService => 179650 B **** => 997633719 B RecycleBin => 11753594255 B EmptyTemp: => 12 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:38:21 ==== Addition.txt [CODE] Sir.FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-02-2021 Ran by *** (03-02-2021 15:44:40) Running from C:\Users\***\Desktop\Logs Windows 10 Pro Version 20H2 19042.746 (X64) (2020-12-11 01:52:42) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-629832801-3061168427-1117579530-500 - Administrator - Disabled) *** (S-1-5-21-629832801-3061168427-1117579530-1001 - Administrator - Enabled) => C:\Users\*** DefaultAccount (S-1-5-21-629832801-3061168427-1117579530-503 - Limited - Disabled) Guest (S-1-5-21-629832801-3061168427-1117579530-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-629832801-3061168427-1117579530-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AI Noise-Canceling Microphone (HKLM\...\AI Noise-Canceling Microphone) (Version: 1.0.1.9 - ASUSTek Computer Inc.) AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.59 - ASUSTeK Computer Inc.) Amazon WorkSpaces (HKLM-x32\...\{6DDE53C5-D069-4273-9770-F9B013FB381E}) (Version: 3.1.2.1844 - Amazon Web Services, Inc) AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.6.0.1702 - Advanced Micro Devices, Inc.) Anaconda3 2020.11 (Python 3.8.5 64-bit) (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Anaconda3 2020.11 (Python 3.8.5 64-bit)) (Version: 2020.11 - Anaconda, Inc.) ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 3.3.7 - ASUS) Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft) Assassin's Creed Origins (HKLM-x32\...\Uplay Install 3539) (Version: - Ubisoft) ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.15.0 - ASUSTek COMPUTER INC.) Hidden ASUS AIOFan HAL (HKLM-x32\...\{c6059da6-7c2c-4aff-99e6-a524262404ad}) (Version: 1.1.15.0 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Extension Card HAL (HKLM-x32\...\{a75323e1-f1a4-4aff-a7ce-3858cbc1c0d2}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.69.0 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM-x32\...\{1ed19b57-ef0e-474d-946f-aac911f8b0e3}) (Version: 1.0.69.0 - ASUSTeK COMPUTER INC.) Hidden ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.03 - ASUSTek COMPUTER INC.) Hidden ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA VGA Component (HKLM-x32\...\{4e2ab86c-b539-4b1d-bacd-a434371143fb}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden ASUS Framework Service (HKLM-x32\...\{161cc9f2-e50c-4561-a999-15cf3133a1d3}) (Version: 2.0.1.3 - ASUSTek COMPUTER INC.) ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.0.1.3 - ASUSTek COMPUTER INC.) Hidden ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden ASUS GPU TweakII (HKLM-x32\...\{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.2.7.0 - ASUSTek COMPUTER INC.) Hidden ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.2.7.0 - ASUSTek COMPUTER INC.) ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 1.04.21 - ASUSTek Computer Inc.) ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.39 - ASUSTeK Computer Inc.) Hidden Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team) AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.54 - ASUS) Hidden AURA DRAM Component (HKLM-x32\...\{db73e7a9-d4ff-4857-a29c-4f6414eb8aca}) (Version: 1.0.54 - ASUS) Hidden AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.14 - ASUS) AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.14 - ASUS) AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.32 - ASUSTeK Computer Inc.) Hidden AURA Service (HKLM-x32\...\{1dd27167-f40c-47db-9e8f-b2f5d210f173}) (Version: 3.04.32 - ASUSTeK Computer Inc.) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) Battlestate Games Launcher 10.4.4.1239 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 10.4.4.1239 - Battlestate Games) BeamMP Launcher (HKLM\...\{0D8B7A7C-5EA7-41FF-8736-FEF9CF648661}) (Version: 1.80.5 - BeamMP) Hidden BeamMP Launcher (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\BeamMP Launcher 1.80.5) (Version: 1.80.5 - BeamMP) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU) CORSAIR iCUE Software (HKLM-x32\...\{74AF4222-AABF-462F-B0CC-59A4BF827F8C}) (Version: 3.36.125 - Corsair) CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.) CPUID ROG CPU-Z 1.93 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.93 - CPUID, Inc.) CrystalDiskMark 7.0.0h (HKLM\...\CrystalDiskMark7_is1) (Version: 7.0.0h - Crystal Dew World) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.13.0.1387 - Disc Soft Ltd) Dashlane (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Dashlane) (Version: 6.2103.0.42861 - Dashlane, Inc.) DB Browser for SQLite (HKLM\...\{05578DF5-8497-4177-970D-702309C5D897}) (Version: 3.12.1 - DB Browser for SQLite Team) DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Docker Desktop (HKLM\...\Docker Desktop) (Version: 3.1.0 - Docker Inc.) ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.3.0 - ENE TECHNOLOGY INC.) Hidden ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{07D9F8F3-EC99-4133-919D-DA341C62937C}) (Version: 1.1.298.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.9.10519 - Battlestate Games) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Excel (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel) Folding@home (HKLM-x32\...\FAHClient) (Version: 7.6.21 - Folding@home.org) FTB App (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Overwolf_cmogmmciplgmocnhikmphehmeecmpaggknkjlbag) (Version: 1.0.12 - Overwolf app) Futuremark SystemInfo (HKLM-x32\...\{F608ED5F-3818-4F87-A277-E52E8790C039}) (Version: 5.35.871.0 - Futuremark) Git version 2.29.2.3 (HKLM\...\Git_is1) (Version: 2.29.2.3 - The Git Development Community) Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2189.0 - Rockstar Games) HexChat (HKLM\...\HexChat_is1) (Version: 2.14.3 - HexChat) Hitman 3 (HKLM-x32\...\Hitman 3_is1) (Version: - ) HxD Hex Editor 2.4 (HKLM\...\HxD_is1) (Version: 2.4 - Maël Hörz) icecap_collection_neutral (HKLM-x32\...\{7C703135-98AC-4EB9-86C0-0C3169C99649}) (Version: 16.8.30509 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{7C914878-C64B-4CA6-8E41-91308877A586}) (Version: 16.8.30509 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{C28C9D95-66E3-48A9-8CC4-A517661DD132}) (Version: 16.8.30607 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{D3B94F9C-CBFC-4571-B30B-7665B3A9DB4F}) (Version: 16.8.30530 - Microsoft Corporation) Hidden Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{10764165-E41B-4A08-B2B0-950EA48A27AC}) (Version: 19.0.281 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden Kingston AURA DRAM Component (HKLM-x32\...\{511a62a9-1ff0-4cc5-adfe-4a5bd044a3c0}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{E1F68FC9-F23C-4F44-8092-CAC55E43A80B}) (Version: 4.8.03761 - Microsoft Corporation) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lily (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Lily) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Microsoft .NET SDK 5.0.101 (x64) from Visual Studio (HKLM\...\{D623A466-38A7-4E39-9D69-7B07951D3406}) (Version: 5.1.120.60105 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - ) Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.13628.20274 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.8.3077.1211 - Microsoft Corporation) Microsoft-System-CLR-Typen für SQL Server 2019 CTP2.2 (HKLM\...\{0AF3B52A-F38D-4D63-9F72-73623C601CD9}) (Version: 15.0.1200.24 - Microsoft Corporation) Microsoft-System-CLR-Typen für SQL Server 2019 CTP2.2 (HKLM-x32\...\{BF16A1DB-06A6-4A8E-B7A8-61F1F9C9FBA3}) (Version: 15.0.1200.24 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang) MySQL Connector Net 8.0.22 (HKLM-x32\...\{F7CB561A-E6E8-4B53-887B-DE2215BCA4C4}) (Version: 8.0.22 - Oracle) NeoFly (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\2eedfbc2cc1a251c) (Version: 2.33.0.4 - NeoFly) Node.js (HKLM\...\{7667E0D6-09E5-4146-94B0-F8918EC5A692}) (Version: 15.4.0 - Node.js Foundation) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation) NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation) NVIDIA Grafiktreiber 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation) NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera GX Stable 72.0.3815.487 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Opera GX 72.0.3815.487) (Version: 72.0.3815.487 - Opera Software) Oracle VM VirtualBox 6.1.16 (HKLM\...\{6BC7BBCE-9202-4698-B866-F02AACB838C7}) (Version: 6.1.16 - Oracle Corporation) Origin (HKLM-x32\...\Origin) (Version: 10.5.91.46291 - Electronic Arts, Inc.) Outlook (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.162.0.13 - Overwolf Ltd.) Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf) Overwolf.Setup.VC100CRTx86.Dist (HKLM-x32\...\{8989DBC1-E87B-448F-9147-57EEEC5A24A5}) (Version: 1.0.0 - Overwolf) Hidden Paket zur Festlegung von Zielversionen von Microsoft .NET Framework 4.7.2 (Deutsch) (HKLM-x32\...\{98FE7C2A-22A4-401A-B45B-2AA107C06DD7}) (Version: 4.7.03062 - Microsoft Corporation) Hidden Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive) Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.1 - Patriot Memory) Hidden Patriot Viper DRAM RGB (HKLM-x32\...\{e38442c0-a433-48c2-84e2-51ac0b30c3ab}) (Version: 1.0.9.1 - Patriot Memory) Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.3 - Patriot Memory) Hidden Patriot Viper M2 SSD RGB (HKLM-x32\...\{8839fbd5-69f9-41c5-a1cf-cdfbec966d66}) (Version: 1.0.6.3 - Patriot Memory) PDF24 Creator 10.0.7 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 10.0.7 - PDF24.org) PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden PowerPoint (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project) RAGE Multiplayer (HKLM-x32\...\RAGE Multiplayer) (Version: 0.0.1.1 - ) RamCache III (HKLM-x32\...\RamCache III) (Version: 1.01.08 - ASUSTeKcomputer Inc) Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1355.18 - Rockstar Games) REDlauncher (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com) RetroArch 1.9.0 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\RetroArch) (Version: 1.9.0 - libretro) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games) ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.1.16.0 - ASUSTek COMPUTER INC.) Sandboxie 5.46.5 (64-bit) (HKLM\...\Sandboxie) (Version: 5.46.5 - sandboxie-plus.com) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH) The Alchemyst Tale version 0.9.2a (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{ED583D84-DF75-4411-80DB-7FE5AD2F07F7}_is1) (Version: 0.9.2a - Night Games) Twine 2.3.9 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\09757d2a-5a16-578f-a64f-297ed0213ec0) (Version: 2.3.9 - Chris Klimas) TyperSolver (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\TyperSolver) (Version: 2.1.2 - ProTypers) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 118.0.10358 - Ubisoft) UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) vcpp_crt.redist.clickonce (HKLM-x32\...\{21928C37-911F-4FC7-936F-720AB8739C0E}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Visual Studio Community 2019 (HKLM-x32\...\00cf5edf) (Version: 16.8.30804.86 - Microsoft Corporation) VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{78696386-A4B6-4F69-B558-2667CD3A579D}) (Version: 16.8.30530 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{DEB11EB7-B61A-4883-8CB0-99013A4873AB}) (Version: 16.8.30608 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{A90E107F-D024-4EEC-A6F4-9E2858B4E506}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{E9439DB7-BF01-4820-8CB1-80957150AB86}) (Version: 16.8.30530 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{8990F1B6-F880-4E73-A2D9-7A611F4C38A1}) (Version: 16.8.30530 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{08AF5DA9-F3BD-4B59-8D99-C47CC4D53CAD}) (Version: 16.8.30530 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6013F369-D916-4C44-A79F-B1A35AEDAEBB}) (Version: 16.8.30530 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{E1FD1D9D-0611-4DE5-826F-37FAC17706AC}) (Version: 16.8.30615 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden vs_vswebprotocolselectormsi (HKLM-x32\...\{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 - Microsoft Corporation) Hidden vs_vswebprotocolselectormsires (HKLM-x32\...\{0F772F74-D1D4-4D63-B37D-FBBC3D9581C7}) (Version: 16.8.30509 - Microsoft Corporation) Hidden War Thunder Launcher 1.0.3.260 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network) WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WeMod (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\WeMod) (Version: 6.3.12 - WeMod) WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH) XAMPP (HKLM\...\xampp) (Version: 8.0.0-2 - Bitnami) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.5) (Version: 1.3.5 - Xvid Team) Packages: ========= ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_3.3.7.0_x64__qmba6cd70vzyy [2021-01-21] (ASUSTeK COMPUTER INC.) Bridge Constructor Portal -> C:\Program Files\WindowsApps\HeadupGames.BridgeConstructorPortal_5.0.173.2_x64__zedvb25zy7eke [2021-02-02] (Headup Games) Control PCGP -> C:\Program Files\WindowsApps\505GAMESS.P.A.ControlPCGP_1.0.5.0_x64__tefn33qh9azfc [2021-01-22] (505 GAMES S.P.A.) Kali Linux -> C:\Program Files\WindowsApps\KaliLinux.54290C8133FEE_1.6.0.0_x64__ey8k8hqnwqnmg [2021-01-15] (Kali Linux) Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.12.13.0_x64__8wekyb3d8bbwe [2020-12-23] (Microsoft Studios) Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2020-12-11] (Microsoft Studios) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad] Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.37.4322.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Corporation) [Startup Task] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21057.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-21] (NVIDIA Corp.) Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64__qbz5n2kfra8p0 [2020-12-26] (Python Software Foundation) Sea of Thieves -> C:\Program Files\WindowsApps\Microsoft.SeaofThieves_2.98.921.2_x64__8wekyb3d8bbwe [2021-01-30] (ms-resource:PublisherDisplayName) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-30] (Spotify AB) [Startup Task] Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_2004.2020.812.0_x64__79rhkp1fndgsc [2021-01-31] (Canonical Group Limited) Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.0_neutral__jc2kecmnkxwqc [2021-02-01] (word.office.com) XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52 [2021-01-21] (New Work SE) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-02] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-02] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed] HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189440 2019-12-07] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS) HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\***\anaconda3\Scripts\activate.bat C:\Users\***\anaconda3 ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda32).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\***\anaconda32\Scripts\activate.bat C:\Users\***\anaconda32 ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\cf42999f6561ff23\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/ ==================== Loaded Modules (Whitelisted) ============= 2020-07-08 18:42 - 2020-07-08 18:42 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node 2020-07-08 18:42 - 2020-07-08 18:42 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node 2020-07-14 18:16 - 2020-07-14 18:16 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node 2020-12-10 23:51 - 2020-01-08 13:33 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 000884224 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 000999936 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 000987648 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 000950784 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 001667584 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll 2020-12-11 00:03 - 2020-02-20 10:02 - 001063424 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FanInfofromProtocol.dll 2020-12-10 23:51 - 2020-03-31 10:32 - 001164800 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll 2020-12-10 23:51 - 2020-03-31 10:31 - 005844612 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll 2020-12-10 23:51 - 2019-05-13 17:44 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll 2020-12-10 23:51 - 2019-05-13 17:44 - 000681984 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll 2020-12-10 18:59 - 2019-12-23 19:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll 2020-12-10 18:59 - 2019-06-26 17:07 - 000094208 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\MacroControl.dll 2020-04-22 16:35 - 2020-04-22 16:35 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll 2020-12-10 23:51 - 2020-02-11 16:02 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\libprotobufd.dll 2019-11-20 16:38 - 2019-11-20 16:38 - 000412160 _____ () [File not signed] C:\Program Files (x86)\ASUS\GPU TweakII\CPUPackageTempDLL.dll 2020-12-10 23:51 - 2020-02-11 16:05 - 000069632 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.05\Exeio.dll 2020-11-23 18:42 - 2020-11-23 18:42 - 000356352 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll 2020-11-23 18:04 - 2020-11-23 18:04 - 000759808 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll 2020-11-23 18:04 - 2020-11-23 18:04 - 000743936 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll 2020-11-23 18:03 - 2020-11-23 18:03 - 000658944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll 2020-11-23 18:04 - 2020-11-23 18:04 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll 2020-11-23 18:03 - 2020-11-23 18:03 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll 2020-11-23 18:02 - 2020-11-23 18:02 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll 2019-04-09 09:21 - 2019-04-09 09:21 - 000018432 _____ () [File not signed] C:\Program Files\TeamSpeak 3 Client\libEGL.DLL 2019-04-09 09:21 - 2019-04-09 09:21 - 003572224 _____ () [File not signed] C:\Program Files\TeamSpeak 3 Client\libGLESv2.dll 2020-12-10 19:11 - 2020-12-10 19:11 - 000157696 _____ () [File not signed] C:\Users\***\AppData\Roaming\TS3Client\plugins\gamepad_joystick_win64.dll 2020-05-26 18:08 - 2020-05-26 18:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll 2020-12-11 00:03 - 2020-02-11 16:02 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll 2020-12-10 18:59 - 2019-10-24 12:15 - 002676736 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\AURAChecker.dll 2021-01-26 21:44 - 2021-01-26 21:44 - 000684544 _____ (sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SbieDll.dll 2021-01-26 21:48 - 2021-01-26 21:48 - 000121344 _____ (sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SboxHostDll.dll 2020-10-21 10:59 - 2020-10-21 10:59 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll 2020-12-10 18:59 - 2019-06-26 17:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll 2020-12-10 18:59 - 2019-06-26 17:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll 2020-12-10 19:00 - 2020-05-14 16:15 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libcrypto-1_1-x64.dll 2020-12-10 19:00 - 2020-05-14 16:15 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libssl-1_1-x64.dll 2020-12-15 19:28 - 2020-12-15 19:28 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll 2020-12-15 19:28 - 2020-12-15 19:28 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll 2020-11-23 18:02 - 2020-11-23 18:02 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll 2020-11-23 18:02 - 2020-11-23 18:02 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll 2020-12-15 19:28 - 2020-12-15 19:28 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2021-01-27 20:17 - 2020-12-15 19:28 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000078336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qgifd.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000102400 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicnsd.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000079360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicod.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000668160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qjpegd.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000062976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qsvgd.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000062464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtgad.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000654848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtiffd.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000060416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwbmpd.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000927744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwebpd.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 003420672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\platforms\qwindowsd.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 010995712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Cored.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 011535360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Guid.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000568320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Svgd.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 009089024 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Widgetsd.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000312832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Xmld.dll 2020-12-10 23:51 - 2020-01-08 13:33 - 000303616 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\styles\qwindowsvistastyled.dll 2019-04-10 17:30 - 2019-04-10 17:30 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\iconengines\qsvgicon.dll 2019-04-09 09:28 - 2019-04-09 09:28 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll 2019-04-09 09:29 - 2019-04-09 09:29 - 000397312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll 2019-04-10 17:29 - 2019-04-10 17:29 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\imageformats\qsvg.dll 2019-04-09 09:30 - 2019-04-09 09:30 - 001453568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll 2019-05-31 12:05 - 2019-05-31 12:05 - 006130176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Core.dll 2019-04-09 09:25 - 2019-04-09 09:25 - 006470656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Gui.dll 2019-04-09 09:24 - 2019-04-09 09:24 - 001314816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Network.dll 2019-04-10 18:31 - 2019-04-10 18:31 - 000317440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Positioning.dll 2019-04-09 09:28 - 2019-04-09 09:28 - 000318464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5PrintSupport.dll 2019-04-10 17:55 - 2019-04-10 17:55 - 004001792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Qml.dll 2019-04-10 17:48 - 2019-04-10 17:48 - 003776000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Quick.dll 2019-04-10 17:50 - 2019-04-10 17:50 - 000072704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5QuickWidgets.dll 2019-04-09 09:23 - 2019-04-09 09:23 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Sql.dll 2019-04-10 17:29 - 2019-04-10 17:29 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Svg.dll 2019-04-10 18:40 - 2019-04-10 18:40 - 000113664 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5WebChannel.dll 2019-04-11 02:37 - 2019-04-11 02:37 - 079989760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5WebEngineCore.dll 2019-04-11 02:54 - 2019-04-11 02:54 - 000228864 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5WebEngineWidgets.dll 2019-04-09 09:27 - 2019-04-09 09:27 - 005580800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Widgets.dll 2019-04-09 09:28 - 2019-04-09 09:28 - 001151488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll 2019-04-09 09:29 - 2019-04-09 09:29 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\styles\qwindowsvistastyle.dll 2020-12-10 23:51 - 2020-02-11 16:05 - 000362496 _____ (TODO: <Company name>) [File not signed] [File is in use] C:\Program Files (x86)\ASUS\VGA COM\2.00.05\AsusGpuTweak.dll 2020-12-10 18:59 - 2019-07-31 15:48 - 000072704 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Protocol\Interrupt\InterruptTransfer.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== SearchScopes: HKU\S-1-5-21-629832801-3061168427-1117579530-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-02-03] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-02-03] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 10:14 - 2021-02-03 15:40 - 000000261 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 192.168.0.194 host.docker.internal 192.168.0.194 gateway.docker.internal 127.0.0.1 kubernetes.docker.internal ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\FAHClient;C:\Program Files\Git\cmd;C:\Program Files\nodejs\;C:\Program Files\dotnet\;C:\xampp\php;C:\composer;C:\Program Files\Docker\Docker\resources\bin;C:\ProgramData\DockerDesktop\version-bin HKU\S-1-5-21-629832801-3061168427-1117579530-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\***-wallpaper.png DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Hamachi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "RamCache III " HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{871B3A7F-3007-4AD5-B483-F5022123811A}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Block) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) FirewallRules: [UDP Query User{793E5378-914D-4352-BAF4-3FC4E30AFFFC}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Block) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) FirewallRules: [TCP Query User{1169B210-74F0-43A0-AE85-4762948E8A3F}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Block) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe (ASUSTeK Computer Inc. -> ASUS) FirewallRules: [UDP Query User{8278FD5D-B772-4D28-B7B8-BA441DB9E61B}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Block) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe (ASUSTeK Computer Inc. -> ASUS) FirewallRules: [TCP Query User{8DBDBC18-365D-48FC-858D-84D11E6C9053}C:\program files (x86)\fahclient\fahclient.exe] => (Block) C:\program files (x86)\fahclient\fahclient.exe () [File not signed] FirewallRules: [UDP Query User{187F7AAB-2C4E-4370-9A62-1989F044F5B1}C:\program files (x86)\fahclient\fahclient.exe] => (Block) C:\program files (x86)\fahclient\fahclient.exe () [File not signed] FirewallRules: [{01A32FF9-550F-4EFE-9F8E-4C083EE31E57}] => (Allow) D:\Steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{1E2B6590-FC39-4DF4-AB6F-98A96019F7B4}] => (Allow) D:\Steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{6B510401-E676-42B2-BAE5-980CF9AFF50D}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{CD6046A6-5F70-4FEA-B065-43714FD5A57B}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) ==================== Restore Points ========================= 19-01-2021 20:24:25 Scheduled Checkpoint 21-01-2021 17:27:42 AURA Service 29-01-2021 15:25:44 DirectX wurde installiert ==================== Faulty Device Manager Devices ============ Name: PCI-Ver-/Entschlüsselungscontroller Description: PCI-Ver-/Entschlüsselungscontroller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: LogMeIn Hamachi Virtual Ethernet Adapter Description: LogMeIn Hamachi Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn Inc. Service: Hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: PCI-Gerät Description: PCI-Gerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI-Gerät Description: PCI-Gerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (02/03/2021 03:41:19 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (02/03/2021 01:26:34 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-GVB5PET) Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode. Error: (02/03/2021 01:25:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hacker Evolution Duality.exe, Version: 5.0.1.0, Zeitstempel: 0x54f6e57a Name des fehlerhaften Moduls: D3D9.DLL, Version: 10.0.19041.662, Zeitstempel: 0x3292e3dc Ausnahmecode: 0xc000041d Fehleroffset: 0x0004fd85 ID des fehlerhaften Prozesses: 0x5d64 Startzeit der fehlerhaften Anwendung: 0x01d6f9c28aafeef8 Pfad der fehlerhaften Anwendung: D:\Steam\steamapps\common\Hacker Evolution Duality\Hacker Evolution Duality.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\D3D9.DLL Berichtskennung: 0e900468-ea25-4ba7-b9b2-c96f36441931 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (02/03/2021 01:25:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Hacker Evolution Duality.exe, Version: 5.0.1.0, Zeitstempel: 0x54f6e57a Name des fehlerhaften Moduls: D3D9.DLL, Version: 10.0.19041.662, Zeitstempel: 0x3292e3dc Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004fd85 ID des fehlerhaften Prozesses: 0x5d64 Startzeit der fehlerhaften Anwendung: 0x01d6f9c28aafeef8 Pfad der fehlerhaften Anwendung: D:\Steam\steamapps\common\Hacker Evolution Duality\Hacker Evolution Duality.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\D3D9.DLL Berichtskennung: af6ca99f-4d0d-4f55-a067-514271c8c369 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (02/03/2021 01:17:04 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-GVB5PET) Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode. Error: (02/03/2021 01:16:23 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-GVB5PET) Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode. Error: (02/03/2021 12:13:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 10.0.19041.546, Zeitstempel: 0xb850de5d Name des fehlerhaften Moduls: combase.dll, Version: 10.0.19041.746, Zeitstempel: 0x2f680839 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000aaa02 ID des fehlerhaften Prozesses: 0x219c Startzeit der fehlerhaften Anwendung: 0x01d6f9b623c2bd5b Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\DllHost.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\combase.dll Berichtskennung: 4cfa1059-fbe4-4671-ba6d-b9836d40f771 Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (02/02/2021 09:53:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Barotrauma.exe, Version: 0.11.0.9, Zeitstempel: 0x5ee99cfc Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.662, Zeitstempel: 0xec58f015 Ausnahmecode: 0xe0434352 Fehleroffset: 0x000000000002d759 ID des fehlerhaften Prozesses: 0x5fb0 Startzeit der fehlerhaften Anwendung: 0x01d6f9a5758383ea Pfad der fehlerhaften Anwendung: C:\Users\***\Downloads\Barotrauma.Uncharted.Depths\Barotrauma.Uncharted.Depths\Barotrauma\Barotrauma.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll Berichtskennung: 1f9e3e4d-b8a3-416d-8588-c9cea65ae3fc Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: System errors: ============= Error: (02/03/2021 03:40:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "SysMain" wurde mit folgendem Fehler beendet: Falscher Parameter. Error: (02/03/2021 03:39:38 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden. Error: (02/03/2021 03:39:02 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GVB5PET) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/03/2021 03:35:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service. Error: (02/03/2021 03:35:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Restart the service. Error: (02/03/2021 03:35:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Disc Soft Lite Bus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/03/2021 03:35:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/03/2021 03:35:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Gaming Services" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Windows Defender: =================================== Date: 2021-02-02 22:37:14.1070000Z Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {5F8DBCF3-6305-4395-903A-DB02AC057A5A} Überprüfungstyp: Antimalware Überprüfungsparameter: Full Scan Benutzer: DESKTOP-GVB5PET\*** Date: 2021-02-02 22:18:58.4770000Z Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AA84&threatid=2147757276&enterprise=0 Name: Trojan:Win32/Ymacco.AA84 ID: 2147757276 Schweregrad: Severe Kategorie: Trojan Pfad: file:_C:\Users\***\Downloads\Poly Bridge 2 v1.23\Poly Bridge 2 v1.23.exe Erkennungsursprung: Local machine Erkennungstype: FastPath Erkennungsquelle: Real-Time Protection Benutzer: DESKTOP-GVB5PET\*** Prozessname: C:\Program Files\qBittorrent\qbittorrent.exe Sicherheitsversion: AV: 1.331.67.0, AS: 1.331.67.0, NIS: 1.331.67.0 Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5 Date: 2021-02-02 22:12:56.1210000Z Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AA84&threatid=2147757276&enterprise=0 Name: Trojan:Win32/Ymacco.AA84 ID: 2147757276 Schweregrad: Severe Kategorie: Trojan Pfad: file:_C:\Users\***\Downloads\Poly Bridge 2 v1.23\Poly Bridge 2 v1.23.exe Erkennungsursprung: Local machine Erkennungstype: FastPath Erkennungsquelle: Real-Time Protection Benutzer: DESKTOP-GVB5PET\*** Prozessname: C:\Program Files\qBittorrent\qbittorrent.exe Sicherheitsversion: AV: 1.331.67.0, AS: 1.331.67.0, NIS: 1.331.67.0 Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5 Date: 2021-02-02 15:08:17.4490000Z Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AA84&threatid=2147757276&enterprise=0 Name: Trojan:Win32/Ymacco.AA84 ID: 2147757276 Schweregrad: Severe Kategorie: Trojan Pfad: file:_C:\Users\***\Downloads\Hardspace Shipbreaker v0.1.5\Hardspace Shipbreaker v0.1.5.exe Erkennungsursprung: Local machine Erkennungstype: FastPath Erkennungsquelle: Real-Time Protection Benutzer: DESKTOP-GVB5PET\*** Prozessname: C:\Program Files\qBittorrent\qbittorrent.exe Sicherheitsversion: AV: 1.329.3319.0, AS: 1.329.3319.0, NIS: 1.329.3319.0 Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4 Date: 2021-02-01 04:15:19.0640000Z Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0 Name: PUA:Win32/Presenoker ID: 242420 Schweregrad: Low Kategorie: Potentially Unwanted Software Pfad: file:_C:\Users\***\AppData\Local\Opera Software\Opera GX Stable\Cache\f_005106; file:_C:\Users\***\OneDrive\Desktop\audacity2-4-2.exe; file:_C:\Users\***\OneDrive\Desktop\audacity2-4-2.exe.opdownload; webfile:_C:\Users\***\OneDrive\Desktop\audacity2-4-2.exe|https://www.audacityorg.de/download/audacity2-4-2.exe|pid:32924,ProcessStart:132566108182513824 Erkennungsursprung: Local machine Erkennungstype: Concrete Erkennungsquelle: Real-Time Protection Benutzer: DESKTOP-GVB5PET\*** Prozessname: C:\Users\***\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe Sicherheitsversion: AV: 1.329.3270.0, AS: 1.329.3270.0, NIS: 1.329.3270.0 Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4 CodeIntegrity: =================================== Date: 2021-02-02 22:37:12.2590000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Users\***\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-02 22:37:12.2530000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Users\***\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2021-01-31 11:24:58.3850000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-01-31 11:24:58.3670000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-01-25 21:53:36.4470000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-01-25 21:53:36.4340000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-01-19 04:17:42.4170000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-01-19 04:17:42.4030000Z Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: American Megatrends Inc. 1401 12/03/2020 Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B550-F GAMING Processor: AMD Ryzen 9 5900X 12-Core Processor Percentage of memory in use: 33% Total physical RAM: 32678.25 MB Available physical RAM: 21697.42 MB Total Virtual: 38310.25 MB Available Virtual: 22247.3 MB ==================== Drives ================================ Drive a: (****) (Fixed) (Total:14.65 GB) (Free:14.37 GB) NTFS Drive c: (Windows) (Fixed) (Total:450.5 GB) (Free:97.04 GB) NTFS Drive d: (Spiele) (Fixed) (Total:3726 GB) (Free:2139.89 GB) NTFS \\?\Volume{a50c4c6e-c1c5-4737-b5d1-c330d2935c82}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS \\?\Volume{04457ac2-27bd-80ff-f2fe-af428262d882}\ () (Fixed) (Total:49.88 GB) (Free:0 GB) NTFS \\?\Volume{28e62878-b101-a079-8951-5885c200adfd}\ () (Fixed) (Total:1.39 GB) (Free:0 GB) NTFS \\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS \\?\Volume{53c9a71f-9fe8-42a1-98f9-89888f15923a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 3. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 4. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 5. ==================== End of Addition.txt ======================= FRST.txt folgt Geändert von Dafot (03.02.2021 um 16:03 Uhr) |
03.02.2021, 15:54 | #7 |
| Windows 10:Trojan:Win32/Ymacco.AA84 FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2021 Ran by *** (administrator) on DESKTOP-GVB5PET (ASUS System Product Name) (03-02-2021 15:43:35) Running from C:\Users\***\OneDrive\Desktop\Logs Loaded Profiles: *** Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: Englisch (Großbritannien) Default browser: Opera Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\FAHClient\FAHClient.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2> (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\AsusFanControlService.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe (ASUSTEK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe (ASUSTEK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe (ASUSTeK Computer Inc. -> TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe (Discord Inc. -> Discord Inc.) C:\Users\***\AppData\Local\Discord\app-0.0.309\Discord.exe <6> (Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\com.docker.service (Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\Docker Desktop.exe (Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\resources\com.docker.backend.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2> (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe (Gaijin Network LTD -> Gaijin) C:\Users\***\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe (geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe (Kristjan Skutta -> ) D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\***\AppData\Local\Programs\Microsoft VS Code\Code.exe <8> (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2101.1002.1.0_x64__8wekyb3d8bbwe\XboxAppServices.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2101.1002.1.0_x64__8wekyb3d8bbwe\XboxPcApp.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\NVDisplay.Container.exe <2> (Opera Software AS -> Opera Software) C:\Users\***\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe <52> (Opera Software AS -> Opera Software) C:\Users\***\AppData\Local\Programs\Opera GX\72.0.3815.487\opera_crashreporter.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SbieSvc.exe (Skutta, Kristjan -> ) D:\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe <4> (Skutta, Kristjan -> ) D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (Valve -> Valve Corporation) D:\Steam\steam.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [558144 2020-12-15] (geek software GmbH -> geek software GmbH) HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [RamCache III ] => C:\Program Files (x86)\RamCache III\RamCache.exe [5416728 2020-12-11] (FNet Co., Ltd. -> FNet Co., Ltd) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Steam] => D:\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365512 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Discord] => C:\Users\***\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-27] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [2566064 2021-01-21] (Docker Inc -> Docker Inc.) HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Gaijin.Net Updater] => C:\Users\***\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin) HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\Windows\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-12-12] ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () [File not signed] ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0143656C-1352-43B2-B3D2-E90EFFDCE983} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe [56784 2020-08-27] (ASUSTeK Computer Inc. -> ) Task: {0473DF70-B202-483D-A1D0-DF63E551836D} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4329008 2020-02-11] (ASUSTeK Computer Inc. -> TODO: <Company name>) Task: {04BAB218-20CA-4007-B360-AD3169E32E05} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {05F1CCCF-0B67-4A82-9DEB-B72B32A88D6F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2488664 2021-01-11] (Overwolf Ltd -> Overwolf LTD) Task: {18510097-9AF5-45EB-A09A-6457121CFA28} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3994024 2021-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {1E0696C9-442B-4188-94A0-8F8F2395AF9A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {291C4142-B057-4AB8-914F-A9665F47A111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-25] (Google LLC -> Google LLC) Task: {347FA865-78DC-448F-982C-4DC2C0F86FDF} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d6cf1e5114a45 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {365FC414-245A-454E-8C39-61AD4AAD9E1A} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64936 2021-01-13] (Microsoft Corporation -> Microsoft) Task: {42AA9FFD-20F4-4123-8122-A72BC0CC921A} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1891432 2020-10-16] (ASUSTeK Computer Inc. -> ASUS) Task: {478B7906-24BE-41E4-B4BE-95A34C89CDB7} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4A340641-FDA6-4604-AD27-6D8B00F37F83} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5154EB9D-3576-4D6E-84DB-873D9EB827C6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {58E8BC50-CF24-495A-8E62-7BB0343DE640} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {665F9586-578E-466C-9833-78B59D89123C} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1469288 2020-02-25] (ASUSTeK Computer Inc. -> ) Task: {66B1C6A7-9BDE-492C-AA6C-D122E83CEAAC} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> ) Task: {73CAFB4B-9668-4DF9-A860-CAB19131984D} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2112560 2020-01-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {75BC2A88-3584-48A7-9D16-B3D48B90AD95} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7B1D328E-0A12-4F30-8B2D-184D34665D12} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [1039360 2020-11-10] (TODO: <Company name>) [File not signed] Task: {7FB1EE3B-210E-4616-BB9B-258CECD89FBB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation) Task: {90F637DF-B836-4A6B-B712-9F3FA3D63161} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [12933600 2020-12-02] (ASUSTEK COMPUTER INC. -> ASUSTeK COMPUTER INC.) Task: {91051D95-4C90-4F8F-BA99-31A8B0C85573} - System32\Tasks\ASUS\NoiseCancelingEngine.exe => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1232904 2020-08-13] (ASUSTeK Computer Inc. -> ASUS) Task: {91B3B63C-FC75-43C4-9E04-BB89455FC08D} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1509424 2020-03-31] (ASUSTeK Computer Inc. -> ) Task: {A2B1786A-58EC-4541-8F66-0BB1B2745C06} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {AD84F8F1-5044-450F-8EA2-056936FBD315} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation) Task: {B1F6C1A0-E3B6-4FE2-933B-C4632890E469} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-25] (Google LLC -> Google LLC) Task: {B934DC97-970E-4EFB-B96B-25B20E172DE8} - System32\Tasks\Opera GX scheduled Autoupdate 1607692819 => C:\Users\***\AppData\Local\Programs\Opera GX\launcher.exe [1664664 2021-01-26] (Opera Software AS -> Opera Software) Task: {C9722CB1-5AD7-4AD0-A15C-6A3739A4ADFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3994024 2021-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {D24DD9FE-C9EA-4666-B989-42A57C3620BE} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {DABE9E31-1AFB-47B6-A819-0BE33D3E8A5F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-02-03] (Microsoft Corporation -> Microsoft Corporation) Task: {DCEC519B-4ED9-4E14-850B-2053D0133529} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E1ABEDE4-F6A8-47EE-935E-76328A73D5E1} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [45278736 2020-09-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {E3099887-C4B3-4973-BA83-1EF28F3B362B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E4937235-A4D5-4C1E-9381-18337C8E8EA3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {F2CA5E44-910A-471C-8EFE-B81EFB0488BB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-629832801-3061168427-1117579530-500 => C:\Users\***\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{377b5f12-fefd-41eb-a852-66421703ad3b}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{39db88fc-71f6-40ec-99ce-b07a3187949c}: [DhcpNameServer] 172.18.0.24 Tcpip\..\Interfaces\{89036400-ea9f-4c33-a062-f311870e9c6c}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-03] Edge Extension: (Outlook) - C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-12-11] Edge Extension: (Word) - C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-12-11] Edge Extension: (Excel) - C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-12-11] Edge Extension: (PowerPoint) - C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-12-11] FireFox: ======== FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed] FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation) Opera: ======= StartMenuInternet: (HKU\S-1-5-21-629832801-3061168427-1117579530-1001) Opera GXStable - "C:\Users\***\AppData\Local\Programs\Opera GX\Launcher.exe" ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [344184 2021-01-21] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe [442416 2020-09-28] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\AsusFanControlService.exe [2070576 2020-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1122840 2021-02-03] (ASUSTeK Computer Inc. -> ) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8895512 2020-12-10] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8902024 2021-01-22] (Microsoft Corporation -> Microsoft Corporation) R2 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [16336 2021-01-21] (Docker Inc -> Docker Inc.) R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.) R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.) S3 Dashlane Vpn Service; C:\Program Files (x86)\Dashlane\VPN\Service\VpnService.exe [3403264 2020-12-07] (Dashlane USA, Inc. -> AnchorFree Inc.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4581320 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-12-18] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2020-12-08] (FUTUREMARK INC -> Futuremark) S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.) R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3053656 2021-01-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-02] (Malwarebytes Inc -> Malwarebytes) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2488664 2021-01-11] (Overwolf Ltd -> Overwolf LTD) R2 PDF24; C:\Program Files\PDF24\pdf24.exe [558144 2020-12-15] (geek software GmbH -> geek software GmbH) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2020-12-17] (Even Balance, Inc. -> ) S3 Rockstar Service; D:\Rockstar\Launcher\RockstarService.exe [1631360 2020-12-02] (Rockstar Games, Inc. -> Rockstar Games) R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [5463128 2021-01-18] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [323584 2021-01-26] (sandboxie-plus.com) [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation) S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-10-16] (Oracle Corporation -> Oracle Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation) R2 Wallpaper Engine Service; D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [514552 2020-12-14] (Kristjan Skutta -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-11] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-11] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2020-02-19] (AnchorFree Inc -> The OpenVPN Project) R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [34112 2019-07-02] (ASUSTeK Computer Inc. -> ) R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> ) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45984 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21920 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 cpuz149; C:\Windows\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-03] (CPUID S.A.R.L.U. -> CPUID) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd) R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-02-02] (Malwarebytes Corporation -> Malwarebytes) R0 FNETHYRAMAS; C:\Windows\System32\drivers\FNETHYRAMAS.SYS [56496 2020-12-11] (FNet Co., Ltd. -> FNet Co., Ltd.) R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> ) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.) R3 IGO_VSD; C:\Windows\system32\drivers\igovsd.sys [40224 2020-07-07] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelli-go) R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [35344 2020-11-03] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220600 2021-02-02] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-02-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-02-03] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-02-03] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-02] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142440 2021-02-03] (Malwarebytes Inc -> Malwarebytes) R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [182160 2021-01-26] (NGO -> sandboxie-plus.com) R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249344 2020-10-16] (Oracle Corporation -> Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-11] (Microsoft Windows -> Microsoft Corporation) S3 ALSysIO; \??\C:\Users\***\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X] S3 WinRing0_1_2_0; \??\C:\Users\***\AppData\Local\Temp\Rar$EXa12664.29463\LibreHardwareMonitorLib.sys [X] <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-03 15:39 - 2021-02-03 15:39 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2021-02-03 15:39 - 2021-02-03 15:39 - 000142440 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2021-02-03 15:39 - 2021-02-03 15:39 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2021-02-03 01:46 - 2021-02-03 01:46 - 000174896 _____ C:\Users\***\Downloads\Leistungsnachweis (5).pdf 2021-02-03 00:59 - 2021-02-03 00:59 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord 2021-02-02 23:47 - 2021-02-02 23:47 - 000000000 ____D C:\Users\***\OneDrive\Documents\Dry Cactus 2021-02-02 23:47 - 2021-02-02 23:47 - 000000000 ____D C:\Users\***\AppData\LocalLow\Dry Cactus 2021-02-02 22:49 - 2021-02-02 22:50 - 000000000 ____D C:\AdwCleaner 2021-02-02 22:48 - 2021-02-03 15:43 - 000000000 ____D C:\FRST 2021-02-02 22:47 - 2021-02-02 22:47 - 000055387 _____ C:\Users\***\Downloads\FRST.txt 2021-02-02 22:36 - 2021-02-02 22:36 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-02-02 22:36 - 2021-02-02 22:36 - 000220600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-02-02 22:36 - 2021-02-02 22:36 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2021-02-02 22:36 - 2021-02-02 22:36 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys 2021-02-02 22:36 - 2021-02-02 22:36 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-02-02 22:36 - 2021-02-02 22:36 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-02-02 22:36 - 2021-02-02 22:36 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-02-02 22:36 - 2021-02-02 22:36 - 000000000 ____D C:\Users\***\AppData\Local\mbam 2021-02-02 22:36 - 2021-02-02 22:36 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-02-02 22:35 - 2021-02-02 22:35 - 000000000 ____D C:\Program Files\Malwarebytes 2021-02-02 21:54 - 2021-02-02 21:54 - 000000000 ____D C:\Users\***\AppData\Local\Daedalic Entertainment GmbH 2021-02-02 20:15 - 2021-02-02 20:16 - 000000000 ____D C:\Users\***\AppData\Roaming\RetroArch 2021-02-02 20:15 - 2021-02-02 20:15 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RetroArch 2021-02-02 20:09 - 2021-02-02 20:09 - 000002082 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yuzu.lnk 2021-02-02 20:09 - 2021-02-02 20:09 - 000001320 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yuzu Maintenance Tool.lnk 2021-02-02 20:08 - 2021-02-02 20:09 - 000000000 ____D C:\Users\***\AppData\Local\yuzu 2021-02-02 20:04 - 2021-02-02 20:04 - 000000757 _____ C:\Users\***\AppData\Local\recently-used.xbel 2021-02-02 19:42 - 2021-02-02 19:42 - 000000000 ____D C:\Users\***\AppData\Local\gtk-3.0 2021-02-02 19:41 - 2021-02-02 19:41 - 000000000 ____D C:\Users\***\AppData\Roaming\Ryujinx 2021-02-02 18:31 - 2021-02-02 18:31 - 000000000 ____D C:\Users\***\AppData\LocalLow\Spiderling Games 2021-02-02 18:20 - 2021-02-02 18:20 - 000000000 ____D C:\Users\***\AppData\Local\ElevatedDiagnostics 2021-02-02 15:22 - 2021-02-02 22:23 - 000000000 ____D C:\Users\***\AppData\Roaming\Goldberg SteamEmu Saves 2021-02-02 15:22 - 2021-02-02 15:22 - 000000000 ____D C:\var 2021-02-02 15:22 - 2021-02-02 15:22 - 000000000 ____D C:\Users\***\AppData\LocalLow\Blackbird Interactive 2021-02-02 15:18 - 2021-02-02 15:18 - 000000000 ____D C:\Users\***\Downloads\Hardspace.Shipbreaker.v0.3.0 2021-02-02 15:09 - 2021-02-02 15:18 - 1531094714 _____ C:\Users\***\Downloads\Hardspace.Shipbreaker.v0.3.0.rar 2021-02-02 12:47 - 2021-02-02 12:48 - 059720373 _____ C:\Users\***\Downloads\SSS-0.4-market.zip 2021-02-01 02:29 - 2021-02-01 02:29 - 033128832 _____ C:\Users\***\Downloads\Englischkurs_CD06 (1).zip.opdownload 2021-02-01 01:54 - 2021-02-01 01:54 - 133516379 _____ C:\Users\***\Downloads\Englischkurs_CD06.zip 2021-02-01 01:08 - 2021-02-01 01:23 - 000000000 ____D C:\Users\***\OneDrive\Documents\Audacity 2021-02-01 01:01 - 2021-02-01 01:01 - 002652579 _____ C:\Users\***\Downloads\Nezzer_EXM_02.m4a 2021-02-01 00:54 - 2021-02-01 06:30 - 000000000 ____D C:\Users\***\AppData\Roaming\audacity 2021-02-01 00:54 - 2021-02-01 00:54 - 000001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2021-02-01 00:54 - 2021-02-01 00:54 - 000001083 _____ C:\Users\Public\Desktop\Audacity.lnk 2021-02-01 00:54 - 2021-02-01 00:54 - 000001083 _____ C:\ProgramData\Desktop\Audacity.lnk 2021-02-01 00:54 - 2021-02-01 00:54 - 000000000 ____D C:\Users\***\AppData\Local\Audacity 2021-02-01 00:54 - 2021-02-01 00:54 - 000000000 ____D C:\Program Files (x86)\Audacity 2021-02-01 00:14 - 2021-02-01 00:14 - 000877636 _____ C:\Users\***\Downloads\Vorschau_54210_Achsensymmetrie_-_Lernen_an_Stationen.pdf 2021-02-01 00:06 - 2021-02-01 00:06 - 000174765 _____ C:\Users\***\Downloads\Leistungsnachweis (4) (1).pdf 2021-02-01 00:03 - 2021-02-01 00:03 - 000174765 _____ C:\Users\***\Downloads\Leistungsnachweis (4).pdf 2021-01-31 19:34 - 2021-01-31 19:34 - 000000000 ___RD C:\Sandbox 2021-01-31 19:33 - 2021-01-31 19:43 - 000001488 _____ C:\Windows\Sandboxie.ini 2021-01-31 19:33 - 2021-01-31 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2021-01-31 19:33 - 2021-01-31 19:33 - 000000000 ____D C:\Program Files\Sandboxie 2021-01-31 19:32 - 2021-01-31 19:33 - 005240143 _____ C:\Users\***\Downloads\Sandboxie-Classic-v5.46.5.zip 2021-01-31 19:23 - 2021-01-31 19:23 - 000077538 _____ C:\Users\***\Downloads\WhatsApp Image 2021-01-31 at 19.21.42.jpeg 2021-01-31 17:51 - 2021-01-31 17:51 - 000166132 _____ C:\Users\***\Downloads\Abwassersatzung Ketsch 2015.pdf 2021-01-31 17:48 - 2021-01-31 17:48 - 000034005 _____ C:\Users\***\Downloads\Badeordnung.pdf 2021-01-31 12:10 - 2021-01-31 12:10 - 095088730 _____ C:\Users\***\Downloads\Spanischkurs_CD08.zip 2021-01-31 11:38 - 2021-01-31 11:38 - 000000000 ____D C:\Users\***\AppData\LocalLow\DefaultCompany 2021-01-29 19:15 - 2021-01-29 19:19 - 000000000 ____D C:\Users\***\OneDrive\Documents\Assassin's Creed Origins 2021-01-29 18:54 - 2021-01-29 18:54 - 000715606 _____ C:\Users\***\Downloads\Compensation - v0.86.html 2021-01-29 18:41 - 2021-01-29 18:41 - 000000000 ____D C:\Users\***\AppData\Roaming\LoCity3D 2021-01-29 18:38 - 2021-01-29 18:41 - 237075105 _____ C:\Users\***\Downloads\LoCity3D DEMO Alpha 1.2.7z 2021-01-29 16:43 - 2021-01-29 16:43 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lily 2021-01-29 16:43 - 2021-01-29 16:43 - 000000000 ____D C:\Users\***\AppData\LocalLow\Youth Everlasting 2021-01-29 16:43 - 2021-01-29 16:43 - 000000000 ____D C:\Program Files (x86)\Youth Everlasting 2021-01-29 16:41 - 2021-01-29 16:41 - 000000014 _____ C:\Users\***\Downloads\censorship.dat 2021-01-29 15:26 - 2021-01-29 15:27 - 000000000 ____D C:\Users\***\OneDrive\Documents\Assassin's Creed IV Black Flag 2021-01-29 15:15 - 2021-01-29 15:15 - 000006277 _____ C:\Users\***\Downloads\message (5).txt 2021-01-29 14:43 - 2021-01-29 14:43 - 003094193 _____ C:\Users\***\Downloads\APA_-_AstraZeneca.pdf.pdf 2021-01-29 14:42 - 2021-01-29 14:42 - 000032056 _____ C:\Users\***\Downloads\Vaccines__contract_between_European_Commission_and_AstraZeneca_now_published.pdf 2021-01-28 23:01 - 2021-01-28 23:01 - 000173067 _____ C:\Users\***\Downloads\Teilnahmebescheinigung.pdf 2021-01-28 23:00 - 2021-01-28 23:00 - 000174646 _____ C:\Users\***\Downloads\Leistungsnachweis (3).pdf 2021-01-28 19:07 - 2021-01-28 19:07 - 000000000 ____D C:\Users\***\AppData\LocalLow\Rejected Games 2021-01-28 19:03 - 2021-01-28 19:03 - 000000000 ____D C:\Users\***\AppData\LocalLow\VirtualBrightPlayz 2021-01-28 18:23 - 2021-02-03 08:05 - 000000000 ____D C:\Users\***\AppData\Roaming\power-nativefier-adf79a 2021-01-28 17:38 - 2021-01-29 19:15 - 000000000 ____D C:\Users\***\AppData\Local\Ubisoft Game Launcher 2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\ProgramData\Ubisoft 2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\Program Files (x86)\Ubisoft 2021-01-28 16:25 - 2021-01-28 16:25 - 000000000 ____D C:\Users\***\AppData\LocalLow\Wastelands Interactive 2021-01-28 16:16 - 2021-01-28 16:16 - 000000000 ____D C:\Users\***\OneDrive\Documents\Train Station Renovation 2021-01-28 16:16 - 2021-01-28 16:16 - 000000000 ____D C:\Users\***\AppData\LocalLow\Live Motion Games 2021-01-28 15:59 - 2021-01-28 15:59 - 000000000 ____D C:\Users\***\OneDrive\Documents\Wastelands-Interactive 2021-01-28 09:03 - 2021-01-28 09:03 - 008479472 _____ C:\Users\***\Downloads\Degrees_mod_0.1.24.0_mod_1.9.1.rar 2021-01-27 20:42 - 2021-01-27 20:42 - 000461912 _____ C:\Users\***\Downloads\11174_Kontenrahmen DATEV SKR 03.pdf 2021-01-27 20:41 - 2021-01-27 20:41 - 009229367 _____ C:\Users\***\Downloads\HHPL_2021_Onlineversion_14_01_2021 (1).pdf 2021-01-27 20:39 - 2021-01-27 20:39 - 009229367 _____ C:\Users\***\Downloads\HHPL_2021_Onlineversion_14_01_2021.pdf 2021-01-27 19:46 - 2021-01-27 19:48 - 000000000 ____D C:\Users\***\AppData\Roaming\Docker Desktop 2021-01-26 00:58 - 2021-01-26 00:58 - 000000423 _____ C:\Users\***\Downloads\jsonformatter (2).txt 2021-01-26 00:56 - 2021-01-26 00:56 - 000000479 _____ C:\Users\***\Downloads\jsonformatter (1).txt 2021-01-26 00:49 - 2021-01-26 00:49 - 000000015 _____ C:\Users\***\Downloads\jsonformatter.txt 2021-01-25 23:29 - 2021-01-25 23:29 - 000000204 _____ C:\Users\***\.gitconfig 2021-01-25 14:16 - 2021-01-25 14:16 - 120820514 _____ C:\Users\***\Downloads\Lilith's Throne v0.3.13-20210125T131437Z-001.zip 2021-01-25 14:12 - 2021-01-25 14:12 - 119173440 _____ C:\Users\***\Downloads\Lilith's Throne v0.3.13.zip 2021-01-25 13:58 - 2021-01-25 13:58 - 000000000 ____D C:\Users\***\AppData\Roaming\com.lilithsthrone.main.Main 2021-01-25 13:56 - 2021-01-25 13:56 - 051169217 _____ C:\Users\***\Downloads\Lilith's Throne v0.3.1.8.zip 2021-01-25 04:50 - 2021-01-25 04:50 - 156422624 _____ C:\Users\***\Downloads\PSST-pc.rar 2021-01-24 21:59 - 2021-01-24 21:59 - 000392398 _____ C:\Users\***\Downloads\Boyagio Chapter 2 - 2020.pdf 2021-01-24 21:53 - 2021-01-24 21:53 - 000151928 _____ C:\Users\***\Downloads\Boyagio Chapter 1 - 2020.pdf 2021-01-24 21:51 - 2021-01-24 21:51 - 000214549 _____ C:\Users\***\Downloads\Apprentice and King - Ch1-3 for release.pdf 2021-01-24 01:04 - 2021-01-24 01:06 - 000000031 _____ C:\Users\***\.node_repl_history 2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\***\Downloads\twd (3).pdf 2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\***\Downloads\twd (2).pdf 2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\***\Downloads\twd (1).pdf 2021-01-23 21:19 - 2021-01-23 21:19 - 000111490 _____ C:\Users\***\Downloads\twd.pdf 2021-01-23 20:23 - 2021-01-23 20:23 - 000000000 ____D C:\Users\***\AppData\Local\IO Interactive 2021-01-23 20:19 - 2021-01-23 20:19 - 000000000 ____D C:\Users\***\AppData\Roaming\IO Interactive 2021-01-23 20:19 - 2021-01-23 20:19 - 000000000 ____D C:\Users\***\AppData\Local\Epic Games 2021-01-23 20:09 - 2021-01-23 20:09 - 000159421 _____ C:\Users\***\Downloads\WhatsApp Image 2021-01-23 at 20.05.11.jpeg 2021-01-23 20:06 - 2021-01-23 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman 3 2021-01-23 16:05 - 2021-02-02 23:44 - 000000000 ____D C:\Users\***\AppData\Roaming\qBittorrent 2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\Users\***\AppData\Local\qBittorrent 2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\Program Files\qBittorrent 2021-01-23 15:56 - 2021-01-23 15:56 - 000027012 _____ C:\Users\***\Downloads\b64c886ef8004f8ee33f4c6c7732bfedc4057c0b (1).dlc 2021-01-23 15:55 - 2021-01-23 15:55 - 000027012 _____ C:\Users\***\Downloads\b64c886ef8004f8ee33f4c6c7732bfedc4057c0b.dlc 2021-01-23 15:49 - 2021-01-23 15:49 - 000029360 _____ C:\Users\***\Downloads\d62857db3247a973c56b1e6b8646baabc5d5b5c1.dlc 2021-01-23 14:05 - 2021-01-23 14:05 - 000000000 ____D C:\Users\***\OneDrive\Documents\EVE 2021-01-23 13:55 - 2021-01-23 13:55 - 000000000 ____D C:\Users\***\AppData\Local\LauncherCrashes 2021-01-23 13:55 - 2021-01-23 13:55 - 000000000 ____D C:\Users\***\AppData\Local\CCP 2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder 2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\Users\***\AppData\Local\Gaijin 2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\ProgramData\Gaijin 2021-01-21 16:41 - 2021-01-21 16:41 - 000097854 _____ C:\Users\***\Downloads\WhatsApp Image 2021-01-21 at 10.49.26.jpeg 2021-01-21 09:29 - 2021-01-21 09:29 - 000059627 _____ C:\Users\***\Downloads\Sozialversicherungen.pdf 2021-01-21 04:47 - 2021-01-21 04:52 - 000000000 ____D C:\Users\***\OneDrive\Documents\Universe Sandbox 2021-01-21 04:47 - 2021-01-21 04:47 - 000000000 ____D C:\Users\***\AppData\LocalLow\Giant Army 2021-01-21 04:30 - 2021-01-21 04:30 - 000002149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Docker Desktop.lnk 2021-01-19 14:03 - 2021-01-19 14:03 - 000174645 _____ C:\Users\***\Downloads\Leistungsnachweis (2).pdf 2021-01-19 11:31 - 2021-01-21 04:26 - 000000000 ____D C:\Users\***\AppData\Local\Docker Desktop Installer 2021-01-19 01:31 - 2021-01-19 01:31 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProTypers 2021-01-19 01:31 - 2021-01-19 01:31 - 000000000 ____D C:\Users\***\AppData\Local\TyperSolver 2021-01-18 21:00 - 2021-01-18 21:00 - 000174645 _____ C:\Users\***\Downloads\Leistungsnachweis (1).pdf 2021-01-18 20:40 - 2021-01-18 20:40 - 000776707 _____ C:\Users\***\Downloads\PIR00_K02 (1).pdf 2021-01-18 20:39 - 2021-01-18 20:39 - 000776707 _____ C:\Users\***\Downloads\PIR00_K02.pdf 2021-01-18 06:44 - 2021-01-18 06:44 - 601207032 _____ C:\Users\***\Downloads\EveeFanGameAlpha001.7z 2021-01-18 06:42 - 2021-01-18 06:51 - 040686870 _____ C:\Users\***\Downloads\DNd_Poisoned.rar 2021-01-15 15:57 - 2021-01-15 15:57 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 002254336 _____ C:\Windows\system32\dwmscene.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE 2021-01-15 15:57 - 2021-01-15 15:57 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx 2021-01-15 15:57 - 2021-01-15 15:57 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr 2021-01-15 15:57 - 2021-01-15 15:57 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx 2021-01-15 15:57 - 2021-01-15 15:57 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2021-01-15 15:57 - 2021-01-15 15:57 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr 2021-01-15 15:57 - 2021-01-15 15:57 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000467968 _____ C:\Windows\system32\AssignedAccessCsp.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000455168 _____ C:\Windows\system32\ssdm.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2021-01-15 15:57 - 2021-01-15 15:57 - 000374072 _____ C:\Windows\system32\vp9fs.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000306688 _____ C:\Windows\system32\HeatCore.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2021-01-15 15:57 - 2021-01-15 15:57 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2021-01-15 15:57 - 2021-01-15 15:57 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax 2021-01-15 15:57 - 2021-01-15 15:57 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe 2021-01-15 15:57 - 2021-01-15 15:57 - 000157184 _____ C:\Windows\system32\uwfcsp.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe 2021-01-15 15:57 - 2021-01-15 15:57 - 000138056 _____ C:\Windows\system32\HvsiManagementApi.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax 2021-01-15 15:57 - 2021-01-15 15:57 - 000101704 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2021-01-15 15:57 - 2021-01-15 15:57 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2021-01-15 15:57 - 2021-01-15 15:57 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl 2021-01-15 15:57 - 2021-01-15 15:57 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll 2021-01-15 15:57 - 2021-01-15 15:57 - 000010894 _____ C:\Windows\system32\DrtmAuthTxt.wim 2021-01-15 03:38 - 2021-01-15 03:38 - 000000000 ____D C:\Users\***\AppData\Local\Teradici 2021-01-15 03:37 - 2021-01-15 03:37 - 000000000 ____D C:\Users\***\AppData\Local\Amazon Web Services 2021-01-15 03:36 - 2021-01-15 03:36 - 000001369 _____ C:\Users\Public\Desktop\Amazon WorkSpaces.lnk 2021-01-15 03:36 - 2021-01-15 03:36 - 000001369 _____ C:\ProgramData\Desktop\Amazon WorkSpaces.lnk 2021-01-15 03:36 - 2021-01-15 03:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon WorkSpaces 2021-01-15 03:36 - 2021-01-15 03:36 - 000000000 ____D C:\Program Files (x86)\Amazon Web Services, Inc 2021-01-15 01:54 - 2021-01-15 01:54 - 011145670 _____ C:\Users\***\Downloads\Oracle_VM_VirtualBox_Extension_Pack-6.1.16.vbox-extpack 2021-01-15 01:51 - 2021-01-15 01:51 - 000290435 _____ C:\Users\***\Downloads\kali-linux-2020.4-vbox-amd64.ova.torrent 2021-01-15 01:50 - 2021-01-15 02:11 - 3798939648 _____ C:\Users\***\Downloads\kali-linux-2020.4-vbox-amd64.ova 2021-01-15 01:34 - 2021-01-15 01:34 - 000001780 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane.lnk 2021-01-15 01:34 - 2021-01-15 01:34 - 000000000 ____D C:\Users\***\AppData\LocalLow\Dashlane 2021-01-15 01:33 - 2021-01-23 17:17 - 000000000 ____D C:\Users\***\AppData\Roaming\Dashlane 2021-01-15 01:33 - 2021-01-15 01:33 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane 2021-01-14 22:27 - 2021-01-14 22:27 - 000000365 _____ C:\Users\***\Downloads\user-minus.svg 2021-01-14 21:51 - 2021-01-14 21:51 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2021-01-14 20:29 - 2021-01-14 20:31 - 080338394 _____ C:\Users\***\Downloads\Juvisu 0.1.0.zip 2021-01-14 20:27 - 2021-01-14 20:27 - 000158013 _____ C:\Users\***\Downloads\BrothersKeeper0.4.zip 2021-01-14 17:48 - 2021-01-14 17:48 - 000505278 _____ C:\Users\***\Downloads\BeamMP_Server.zip 2021-01-14 15:38 - 2021-01-14 15:38 - 000000334 _____ C:\Users\***\Downloads\dollar-sign (2).svg 2021-01-14 15:38 - 2021-01-14 15:38 - 000000334 _____ C:\Users\***\Downloads\dollar-sign (1).svg 2021-01-14 02:59 - 2021-01-14 02:59 - 000000918 _____ C:\Users\***\package-lock.json 2021-01-14 02:59 - 2021-01-14 02:59 - 000000404 _____ C:\Users\***\Downloads\user-x.svg 2021-01-14 02:59 - 2021-01-14 02:59 - 000000000 ____D C:\Users\***\node_modules 2021-01-14 00:26 - 2021-01-14 00:26 - 000000373 _____ C:\Users\***\Downloads\plus-square.svg 2021-01-14 00:26 - 2021-01-14 00:26 - 000000351 _____ C:\Users\***\Downloads\plus-circle.svg 2021-01-14 00:25 - 2021-01-14 00:25 - 000000334 _____ C:\Users\***\Downloads\dollar-sign.svg 2021-01-14 00:22 - 2021-01-14 00:22 - 000000315 _____ C:\Users\***\Downloads\pie-chart.svg 2021-01-14 00:11 - 2021-01-14 00:11 - 000000428 _____ C:\Users\***\Downloads\message-circle.svg 2021-01-14 00:11 - 2021-01-14 00:11 - 000000314 _____ C:\Users\***\Downloads\send.svg 2021-01-14 00:10 - 2021-01-14 00:10 - 000000408 _____ C:\Users\***\Downloads\user-plus.svg 2021-01-14 00:10 - 2021-01-14 00:10 - 000000386 _____ C:\Users\***\Downloads\tool.svg 2021-01-13 21:36 - 2021-01-13 21:36 - 000000000 ____D C:\Users\***\OneDrive\Documents\Egosoft 2021-01-13 18:38 - 2021-01-13 19:10 - 000000000 ____D C:\Users\***\AppData\Roaming\BeamMP Launcher 2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamMP Launcher 2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\***\AppData\Roaming\BeamMP 2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\***\AppData\Local\Caphyon 2021-01-13 18:37 - 2021-01-13 18:37 - 015464292 _____ C:\Users\***\Downloads\BeamMP_Installer.zip 2021-01-13 16:49 - 2021-01-13 16:49 - 000000000 ____D C:\Users\***\AppData\Roaming\Skype 2021-01-13 06:22 - 2021-01-13 06:22 - 000000000 ____D C:\Users\***\.matplotlib 2021-01-13 06:14 - 2021-01-13 06:14 - 001740714 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\Users\***\AppData\Local\NuGet 2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL 2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\Program Files (x86)\MySQL 2021-01-13 05:59 - 2021-01-13 05:59 - 000000000 ____D C:\Users\***\AppData\Roaming\NuGet 2021-01-13 05:56 - 2021-01-13 05:56 - 000000000 ____D C:\Users\***\.templateengine 2021-01-13 04:21 - 2021-01-13 06:38 - 000156498 _____ C:\Users\***\Untitled2.ipynb 2021-01-13 02:51 - 2021-01-13 02:51 - 001507766 _____ C:\Users\***\Downloads\CAREtaker v0.5.4.1.1-bugfixed.html 2021-01-12 14:28 - 2021-01-18 14:32 - 000000000 ___SD C:\Windows\system32\lxss 2021-01-12 14:28 - 2021-01-12 14:28 - 000001162 _____ C:\Windows\system32\config\VSMIDK 2021-01-12 14:28 - 2021-01-12 14:28 - 000000000 ___SD C:\Windows\SysWOW64\lxss 2021-01-12 02:33 - 2021-01-12 02:33 - 016528923 _____ C:\Users\***\Downloads\wordpress-5.6 (1).zip 2021-01-12 02:24 - 2021-01-12 02:25 - 016528923 _____ C:\Users\***\Downloads\wordpress-5.6.zip 2021-01-12 02:07 - 2021-01-12 02:09 - 000000838 _____ C:\Users\***\Untitled1.ipynb 2021-01-12 01:32 - 2021-01-13 06:17 - 000000000 ____D C:\Users\***\.keras 2021-01-12 01:31 - 2021-01-13 06:36 - 000000000 ____D C:\Users\***\AppData\Roaming\jupyter 2021-01-12 01:31 - 2021-01-13 04:21 - 000000000 ____D C:\Users\***\.ipynb_checkpoints 2021-01-12 01:31 - 2021-01-12 01:35 - 000000618 _____ C:\Users\***\Untitled.ipynb 2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\Users\***\AppData\Local\Yarn 2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\Users\***\.jupyter 2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\ProgramData\jupyter 2021-01-12 01:18 - 2021-01-12 01:18 - 000000000 ____D C:\Users\***\.conda 2021-01-12 01:10 - 2021-01-12 01:25 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit) 2021-01-12 01:10 - 2021-01-12 01:10 - 000000000 ____D C:\Users\***\OneDrive\Documents\Python Scripts 2021-01-12 01:09 - 2021-01-12 01:20 - 000000000 ____D C:\Users\***\anaconda3 2021-01-12 01:03 - 2021-01-12 01:03 - 063128149 _____ C:\Users\***\Downloads\tensorflow-1.13.1-cp35-cp35m-win_amd64.whl 2021-01-11 16:46 - 2021-01-11 16:46 - 000000000 ____D C:\Users\***\AppData\Roaming\PsySH 2021-01-11 16:09 - 2021-01-11 16:09 - 000552212 _____ C:\Users\***\Downloads\Carnal Apostle 0.1.html 2021-01-11 02:34 - 2021-01-11 02:34 - 001447147 _____ C:\Users\***\Downloads\CAREtaker v0.5.3.5.4b - Test Build (1).html 2021-01-11 02:30 - 2021-01-11 02:30 - 000000000 ____D C:\Users\***\AppData\Local\Lisa the ghost witch 2021-01-11 02:29 - 2021-01-11 02:29 - 000000000 ____D C:\Users\***\Downloads\Lisa the ghost witch 2021-01-11 02:28 - 2021-01-11 02:29 - 116495692 _____ C:\Users\***\Downloads\Lisa the ghost witch.zip 2021-01-11 02:10 - 2021-01-11 02:13 - 227600872 _____ C:\Users\***\Downloads\InnocentCity-Demo2-pc (1).rar 2021-01-11 02:04 - 2021-01-11 02:06 - 123657626 _____ C:\Users\***\Downloads\BSCURP-Alpha-1.7.1-pc.zip 2021-01-10 06:02 - 2021-01-10 06:02 - 000000000 ____D C:\Users\***\AppData\Local\Composer 2021-01-10 06:01 - 2021-01-10 06:02 - 000000000 ____D C:\Users\***\AppData\Roaming\Composer 2021-01-10 06:01 - 2021-01-10 06:01 - 000000000 ____D C:\composer 2021-01-10 06:00 - 2021-01-10 06:00 - 002200574 _____ C:\Users\***\Downloads\composer.phar 2021-01-10 06:00 - 2021-01-10 06:00 - 002200574 _____ C:\Users\***\Downloads\composer (1).phar 2021-01-10 05:53 - 2021-01-10 05:57 - 000000000 ____D C:\Users\***\.docker 2021-01-10 05:52 - 2021-02-03 15:39 - 000000000 ____D C:\ProgramData\DockerDesktop 2021-01-10 05:52 - 2021-01-21 04:30 - 000000000 ____D C:\ProgramData\Docker 2021-01-10 05:51 - 2021-02-03 15:40 - 000000000 ____D C:\Users\***\AppData\Local\Docker 2021-01-10 05:51 - 2021-01-10 05:57 - 000000000 ____D C:\Users\***\AppData\Roaming\Docker 2021-01-10 05:51 - 2021-01-10 05:51 - 000000000 ____D C:\Program Files\Docker 2021-01-10 05:11 - 2021-01-10 05:11 - 141026660 _____ C:\Users\***\Downloads\The Encyclopedia of Tentacles for Boys Vol.1.rar 2021-01-10 05:08 - 2021-01-10 05:08 - 050003965 _____ C:\Users\***\Downloads\[Little Camp Buddy][Regression Mod][Caiman][14dayPreAlpha] (1).zip 2021-01-10 05:08 - 2021-01-10 05:08 - 019015980 _____ C:\Users\***\Downloads\[Little Camp Buddy][Caiman]Felix Voices Normalized.zip 2021-01-10 05:02 - 2021-01-10 05:02 - 001082048 _____ C:\Users\***\Downloads\PSST-pc.zip 2021-01-10 04:30 - 2021-01-10 04:31 - 042228792 _____ C:\Users\***\Downloads\PSST-part1.rar 2021-01-10 04:26 - 2021-01-10 04:31 - 351453457 _____ C:\Users\***\Downloads\DannysnewHome GoP EN-1.0-pc.rar 2021-01-10 04:18 - 2021-01-10 04:19 - 000000000 ____D C:\Users\***\AppData\Local\tyranoscript 2021-01-10 04:17 - 2021-01-10 04:18 - 456342100 _____ C:\Users\***\Downloads\Virtualboy02-WINC.zip 2021-01-10 04:13 - 2021-01-10 04:13 - 043991574 _____ C:\Users\***\Downloads\Hantu_Laut-1.0-all.zip 2021-01-10 04:00 - 2021-01-10 04:00 - 000000000 ____D C:\Users\***\Downloads\Lewd House Build 2021-01-10 03:59 - 2021-01-10 03:59 - 057087475 _____ C:\Users\***\Downloads\Lewd House Build.zip 2021-01-10 03:37 - 2021-01-10 03:37 - 050003965 _____ C:\Users\***\Downloads\[Little Camp Buddy][Regression Mod][Caiman][14dayPreAlpha].zip 2021-01-10 03:35 - 2021-01-10 03:42 - 524288000 _____ C:\Users\***\Downloads\Infight Kids - The Gazmend Saga.zip.001 2021-01-10 03:32 - 2021-01-10 03:32 - 000000000 ____D C:\Users\***\AppData\Local\jungle 2021-01-10 03:31 - 2021-01-10 03:31 - 056013246 _____ C:\Users\***\Downloads\windows-x64-LostJungle-0-1hotfix.7z 2021-01-10 03:31 - 2021-01-10 03:31 - 000739172 _____ C:\Users\***\Downloads\Mansion Management_early_alpha_v0-2_hotfix (1).html 2021-01-10 03:27 - 2021-01-10 03:27 - 000464403 _____ C:\Users\***\Downloads\EnterLink V2 0.5 Test.html 2021-01-10 03:24 - 2021-01-10 03:24 - 000016565 _____ C:\Users\***\Downloads\discipline.zip 2021-01-09 22:05 - 2021-01-09 22:05 - 000000000 ____D C:\Users\***\AppData\Local\enchant 2021-01-09 01:21 - 2021-01-09 01:21 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Alchemyst Tale 2021-01-09 01:21 - 2021-01-09 01:21 - 000000000 ____D C:\Users\***\AppData\LocalLow\Night Games 2021-01-08 22:31 - 2021-01-08 22:31 - 604110848 _____ C:\Users\***\OneDrive\Documents\Windows.iso 2021-01-08 22:18 - 2021-01-08 22:38 - 000000000 ____D C:\ESD 2021-01-08 22:18 - 2021-01-08 22:18 - 000000000 ___HD C:\$Windows.~WS 2021-01-08 22:17 - 2021-01-08 22:17 - 000000000 ____D C:\$WINDOWS.~BT 2021-01-08 22:15 - 2021-01-09 22:05 - 000000000 ____D C:\Users\***\AppData\Roaming\HexChat 2021-01-08 22:14 - 2021-01-08 22:14 - 010471352 _____ (HexChat ) C:\Users\***\Downloads\HexChat 2.14.3 x64.exe 2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Users\***\source 2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Users\***\AppData\Local\IdentityNexusIntegration 2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat 2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Program Files\HexChat 2021-01-08 22:13 - 2021-01-13 06:04 - 000000000 ____D C:\Users\***\AppData\Local\.IdentityService 2021-01-08 22:13 - 2021-01-08 22:14 - 000000000 ____D C:\Users\***\OneDrive\Documents\Visual Studio 2019 2021-01-08 22:13 - 2021-01-08 22:13 - 000001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2019.lnk 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\3082 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\2052 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1055 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1049 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1046 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1045 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1042 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1041 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1040 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1036 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1033 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1031 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1029 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1028 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\3082 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\2052 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1055 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1049 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1046 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1045 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1042 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1041 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1040 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1036 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1033 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1031 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1029 2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1028 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Users\***\.dotnet 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files\Microsoft SQL Server 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\NuGet 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs 2021-01-08 22:11 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files\dotnet 2021-01-08 22:11 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\dotnet 2021-01-08 22:11 - 2021-01-08 22:11 - 000001802 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk 2021-01-08 22:11 - 2021-01-08 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019 2021-01-08 22:10 - 2021-01-13 06:15 - 000000000 ____D C:\Users\***\AppData\Roaming\Visual Studio Setup 2021-01-08 22:10 - 2021-01-13 06:03 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2021-01-08 22:10 - 2021-01-13 06:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\***\AppData\Roaming\vstelemetry 2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft Visual Studio 2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\***\AppData\Local\ServiceHub 2021-01-08 22:09 - 2021-01-08 22:09 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio 2021-01-08 14:05 - 2021-01-08 14:05 - 000000000 ____D C:\Users\***\AppData\Local\INetHistory 2021-01-08 11:18 - 2021-01-08 12:03 - 085533426 _____ C:\Users\***\Downloads\The Alchemyst Tale - Installer.rar 2021-01-08 04:00 - 2021-01-08 04:00 - 001184178 _____ C:\Users\***\Downloads\Kml Military bases.kml 2021-01-08 00:09 - 2021-01-08 00:10 - 006865541 _____ C:\Users\***\Downloads\Git Compiled (10-21-2020) (1).rar 2021-01-07 23:12 - 2021-01-07 23:12 - 000000000 ____D C:\Users\***\AppData\LocalLow\President Studio 2021-01-07 23:07 - 2021-01-07 23:07 - 000000000 ____D C:\Users\***\.prefs 2021-01-07 08:13 - 2021-01-07 08:13 - 199590012 _____ C:\Users\***\Downloads\Aphrodisia-0.5.5-pc.zip 2021-01-07 08:11 - 2021-01-07 08:11 - 030546372 _____ C:\Users\***\Downloads\Rock-Paper-Strip-1.0-pc.zip 2021-01-05 17:53 - 2021-02-03 01:00 - 000000000 ____D C:\Users\***\OneDrive\Documents\Mount and Blade II Bannerlord 2021-01-04 19:40 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-03 15:44 - 2020-12-10 19:11 - 000000000 ____D C:\Users\***\AppData\Roaming\TS3Client 2021-02-03 15:42 - 2020-12-12 11:16 - 000000000 ____D C:\Users\***\AppData\Roaming\Code 2021-02-03 15:41 - 2020-12-19 17:43 - 000000000 ____D C:\Users\***\AppData\Roaming\discord 2021-02-03 15:41 - 2020-12-10 19:36 - 000000000 ____D C:\ProgramData\NVIDIA 2021-02-03 15:40 - 2021-01-02 14:08 - 000000000 ____D C:\Users\***\AppData\Local\LogMeIn Hamachi 2021-02-03 15:40 - 2020-12-12 07:41 - 000000000 ____D C:\ProgramData\FAHClient 2021-02-03 15:39 - 2020-12-11 20:15 - 000003092 _____ C:\Windows\system32\Tasks\GPU Tweak II 2021-02-03 15:39 - 2020-12-11 02:56 - 000000000 ____D C:\Users\*** 2021-02-03 15:39 - 2020-12-11 02:51 - 001162008 _____ C:\Windows\system32\wpbbin.exe 2021-02-03 15:39 - 2020-12-11 02:51 - 001122840 _____ C:\Windows\system32\AsusUpdateCheck.exe 2021-02-03 15:39 - 2020-12-11 02:51 - 000008192 ___SH C:\DumpStack.log.tmp 2021-02-03 15:39 - 2020-12-11 02:51 - 000000000 ____D C:\ProgramData\ASUS 2021-02-03 15:39 - 2020-11-19 00:41 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-02-03 15:39 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-02-03 15:39 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI 2021-02-03 15:35 - 2020-12-20 19:48 - 000000000 ____D C:\Users\***\AppData\LocalLow\Temp 2021-02-03 14:32 - 2020-12-11 02:57 - 000000000 ____D C:\Users\***\AppData\Local\Packages 2021-02-03 14:07 - 2020-12-11 02:57 - 001724774 _____ C:\Windows\system32\PerfStringBackup.INI 2021-02-03 14:07 - 2020-12-11 01:33 - 000746378 _____ C:\Windows\system32\perfh007.dat 2021-02-03 14:07 - 2020-12-11 01:33 - 000154146 _____ C:\Windows\system32\perfc007.dat 2021-02-03 14:07 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF 2021-02-03 14:06 - 2020-12-24 15:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-02-03 13:54 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-02-03 13:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness 2021-02-03 13:53 - 2020-11-19 00:41 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-02-03 01:32 - 2020-12-10 20:29 - 000000000 ____D C:\Program Files (x86)\SpeedFan 2021-02-03 01:26 - 2020-12-10 19:57 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2021-02-03 01:25 - 2020-12-10 22:12 - 000000000 ____D C:\Users\***\AppData\Local\CrashDumps 2021-02-03 00:52 - 2020-12-10 19:18 - 000000000 ____D C:\Users\***\AppData\Local\D3DSCache 2021-02-03 00:46 - 2020-12-10 23:07 - 000000000 ____D C:\Users\***\OneDrive\Documents\ShareX 2021-02-02 22:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2021-02-02 21:44 - 2020-12-10 19:03 - 000000000 ____D C:\Users\***\AppData\Local\PlaceholderTileLogoFolder 2021-02-02 21:33 - 2021-01-01 19:53 - 000000000 ____D C:\Users\***\AppData\Roaming\Stormworks 2021-02-02 14:54 - 2020-12-12 06:23 - 000000000 ____D C:\Users\***\OneDrive\Documents\Paradox Interactive 2021-01-31 19:39 - 2020-11-19 00:45 - 000000000 ____D C:\ProgramData\Packages 2021-01-31 16:08 - 2020-12-22 16:45 - 000000000 ____D C:\Users\***\AppData\Roaming\npm-cache 2021-01-30 20:11 - 2020-11-19 00:44 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-01-29 19:04 - 2020-12-29 23:46 - 000000000 ____D C:\Users\***\OneDrive\Documents\Twine 2021-01-29 19:04 - 2020-12-29 23:46 - 000000000 ____D C:\Users\***\AppData\Roaming\Twine 2021-01-28 18:45 - 2020-12-11 14:20 - 000004232 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1607692819 2021-01-28 18:45 - 2020-12-11 14:20 - 000001438 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk 2021-01-28 18:43 - 2020-12-10 22:13 - 000000000 ____D C:\Users\***\AppData\Roaming\.minecraft 2021-01-27 20:17 - 2020-12-15 19:28 - 000000000 ____D C:\ProgramData\Origin 2021-01-27 20:17 - 2020-12-15 19:28 - 000000000 ____D C:\Program Files (x86)\Origin 2021-01-26 22:16 - 2020-12-17 21:52 - 000000000 ____D C:\Users\***\AppData\Local\Arma 3 Launcher 2021-01-26 22:02 - 2020-12-17 22:02 - 000000000 ____D C:\Users\***\AppData\Local\Arma 3 2021-01-25 04:50 - 2020-12-12 00:17 - 000000000 ____D C:\Users\***\AppData\Roaming\RenPy 2021-01-24 15:56 - 2020-12-13 06:59 - 000000000 ____D C:\Users\***\AppData\Local\JDownloader 2.0 2021-01-23 21:33 - 2020-12-18 13:09 - 000000000 ____D C:\RAGEMP 2021-01-23 19:57 - 2020-12-11 02:52 - 000000000 ____D C:\Users\***\AppData\Local\Disc_Soft_Ltd 2021-01-22 10:49 - 2020-12-10 18:58 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2021-01-21 23:18 - 2020-12-10 19:36 - 000000000 ____D C:\Users\***\AppData\Local\NVIDIA Corporation 2021-01-21 21:37 - 2020-12-14 16:54 - 000000000 ____D C:\Users\***\OneDrive\Documents\My Games 2021-01-21 17:28 - 2020-12-10 19:00 - 000000000 ____D C:\Program Files (x86)\LightingService 2021-01-21 17:28 - 2020-12-10 18:59 - 000000000 ____D C:\Program Files\ASUS 2021-01-21 17:28 - 2020-12-10 18:57 - 000000000 ____D C:\ProgramData\Package Cache 2021-01-21 17:28 - 2020-12-10 18:57 - 000000000 ____D C:\Program Files (x86)\ASUS 2021-01-19 21:49 - 2020-11-19 00:44 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-01-19 21:49 - 2020-11-19 00:44 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-01-19 20:04 - 2020-12-11 00:03 - 000000000 ____D C:\Program Files (x86)\Overwolf 2021-01-19 01:31 - 2020-12-19 17:43 - 000000000 ____D C:\Users\***\AppData\Local\SquirrelTemp 2021-01-18 14:34 - 2020-11-19 00:41 - 000440880 _____ C:\Windows\system32\FNTCACHE.DAT 2021-01-18 14:32 - 2020-12-26 04:08 - 000000000 ____D C:\Program Files\Hyper-V 2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-01-18 14:32 - 2019-12-07 15:45 - 000000000 ____D C:\Windows\system32\Drivers\en-GB 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr 2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-01-16 20:15 - 2020-12-13 13:15 - 000000000 ____D C:\Users\***\OneDrive\Documents\Rockstar Games 2021-01-16 20:14 - 2020-12-13 13:15 - 000000000 ____D C:\Users\***\AppData\Local\Rockstar Games 2021-01-15 15:58 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp 2021-01-15 15:56 - 2020-11-19 00:43 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2021-01-15 15:53 - 2020-12-13 18:08 - 000000000 ____D C:\Windows\system32\MRT 2021-01-15 15:52 - 2020-12-13 18:08 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-01-15 03:37 - 2020-12-26 04:05 - 000000000 ____D C:\Users\***\.VirtualBox 2021-01-15 02:11 - 2020-12-26 04:05 - 000000000 ____D C:\Users\***\VirtualBox VMs 2021-01-15 01:49 - 2020-12-26 04:05 - 000000000 ____D C:\ProgramData\VirtualBox 2021-01-14 21:51 - 2020-12-13 13:15 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2021-01-14 19:58 - 2020-12-20 19:45 - 000025342 _____ C:\Users\***\Downloads\verdi.pdf 2021-01-14 16:46 - 2020-12-31 22:07 - 000000000 ____D C:\Users\***\OneDrive\Documents\BeamNG.drive 2021-01-12 00:00 - 2020-12-13 06:02 - 000000000 ____D C:\ProgramData\AMD AutoUpdate 2021-01-11 12:47 - 2020-12-24 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-01-10 23:50 - 2020-12-11 02:58 - 000000000 ___RD C:\Users\***\OneDrive 2021-01-10 23:50 - 2020-12-10 20:00 - 000000000 ____D C:\Users\***\OneDrive\Documents\3DMark 2021-01-10 05:52 - 2020-11-19 03:50 - 001499136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vfpext.sys 2021-01-10 05:52 - 2020-11-19 03:50 - 001115448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lxcore.sys 2021-01-10 05:52 - 2020-11-19 03:50 - 000405824 _____ (Microsoft Corporation) C:\Windows\system32\vmprox.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\vmvpci.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000320000 _____ (Microsoft Corporation) C:\Windows\system32\vfpctrl.exe 2021-01-10 05:52 - 2020-11-19 03:50 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\wsl.exe 2021-01-10 05:52 - 2020-11-19 03:50 - 000158208 _____ (Microsoft Corporation) C:\Windows\system32\hnsdiag.exe 2021-01-10 05:52 - 2020-11-19 03:50 - 000122168 _____ (Microsoft Corporation) C:\Windows\system32\vmsifcore.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000109384 _____ (Microsoft Corporation) C:\Windows\system32\vmwpevents.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\wslconfig.exe 2021-01-10 05:52 - 2020-11-19 03:50 - 000079168 _____ (Microsoft Corporation) C:\Windows\system32\vmwpctrl.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\bash.exe 2021-01-10 05:52 - 2020-11-19 03:50 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\vfpapi.dll 2021-01-10 05:52 - 2020-11-19 03:50 - 000027960 _____ (Microsoft Corporation) C:\Windows\system32\vmsifproxystub.dll 2021-01-10 05:52 - 2020-11-19 03:49 - 000206152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys 2021-01-10 05:52 - 2020-11-19 03:49 - 000175416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000260616 _____ (Microsoft Corporation) C:\Windows\system32\hcsdiag.exe 2021-01-10 05:52 - 2019-12-07 10:09 - 000222008 _____ (Microsoft Corporation) C:\Windows\system32\NetMgmtIF.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000151352 _____ C:\Windows\system32\nmscrub.exe 2021-01-10 05:52 - 2019-12-07 10:09 - 000142648 _____ (Microsoft Corporation) C:\Windows\system32\nmbind.exe 2021-01-10 05:52 - 2019-12-07 10:09 - 000129336 _____ (Microsoft Corporation) C:\Windows\system32\vmvirtio.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000123704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000107048 _____ (Microsoft Corporation) C:\Windows\system32\p9np.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000091152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\p9rdr.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000081208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\p9np.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000061240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pvhdparser.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000058888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\l2bridge.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000049192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdparser.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000041784 _____ (Microsoft Corporation) C:\Windows\system32\NvAgent.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000039440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\passthruparser.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000037112 _____ (Microsoft Corporation) C:\Windows\system32\sbresources.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocketcontrol.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000031544 _____ (Microsoft Corporation) C:\Windows\system32\vmcomputeeventlog.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000027448 _____ (Microsoft Corporation) C:\Windows\system32\VrdUmed.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000021304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hnswfpdriver.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000015880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lxss.sys 2021-01-10 05:52 - 2019-12-07 10:09 - 000012816 _____ (Microsoft Corporation) C:\Windows\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\Windows\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\Windows\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll 2021-01-10 05:52 - 2019-12-07 10:09 - 000012304 _____ (Microsoft Corporation) C:\Windows\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll 2021-01-09 22:05 - 2021-01-01 15:31 - 000000000 ____D C:\ProgramData\NeoFly 2021-01-09 21:45 - 2021-01-01 15:28 - 000000000 ____D C:\Users\***\AppData\Local\Deployment 2021-01-08 22:58 - 2020-12-20 21:44 - 000201286 _____ C:\Users\***\Downloads\Lebenslauf ***.pdf 2021-01-08 22:38 - 2020-12-11 02:50 - 000000000 ____D C:\Windows\Panther 2021-01-08 22:13 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-01-08 22:11 - 2020-12-13 14:12 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-01-08 14:01 - 2020-12-10 19:01 - 000000000 ____D C:\Users\***\AppData\Local\Comms 2021-01-05 17:24 - 2021-01-02 20:44 - 000000000 ____D C:\Users\***\AppData\Local\FlightSimulator ==================== Files in the root of some directories ======== 2021-02-02 20:04 - 2021-02-02 20:04 - 000000757 _____ () C:\Users\***\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== |
03.02.2021, 20:15 | #8 |
/// TB-Ausbilder | Windows 10:Trojan:Win32/Ymacco.AA84 Schritt 1
Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt: Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst... Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen. Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
03.02.2021, 22:07 | #9 |
| Windows 10:Trojan:Win32/Ymacco.AA84Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 03-02-2021 Ran by ****(03-02-2021 22:00:19) Run:2 Running from C:\Users\****/Desktop Loaded Profiles: **** Boot Mode: Normal ============================================== fixlist content: ***************** DeleteQuarantine: Unlock: C:\FRST Reboot: ***************** "C:\FRST\Quarantine" => removed successfully "C:\FRST" => was unlocked The system needed a reboot. ==== End of Fixlog 22:00:19 ==== |
04.02.2021, 10:55 | #10 |
/// TB-Ausbilder | Windows 10:Trojan:Win32/Ymacco.AA84 Wir sind froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
Themen zu Windows 10:Trojan:Win32/Ymacco.AA84 |
.dll, adware, blockiert, browser, computer, defender, explorer, firewall, geforce, helper, home, internet, internet explorer, microsoft defender, nvcontainer, nvcontainer.exe, nvidia, scan, security, server, software, tcp, temp, trojan, trojaner, udp, virtualbox, virus, windows, wmi |