| |
| |||||||
Log-Analyse und Auswertung: Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.10.2023, 13:53
| #1 |
| |  Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Hallo zusammen! der im Titel genannte Trojaner wurde gestern vom WinDefender gemeldet als ich meine HDD nach Musik durchsuchte, erst als ich den "schädlichen" Ordner öffnete. (Die HDD ist Ablageort für Spiele und sämtliches, weiter nichts) Habe den besagten Ordner gelöscht, vorher wurde er schon vom Defender in Quarantäne gelegt. Nun habe ich natürlich noch Bedenken was der so anrichtet, bzw. könnte. Vielen Dank im Voraus  FRST Log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023
Ran by steve (administrator) on DESKTOP-0JFIBDK (TAROX BTO PC System) (05-10-2023 14:30:41)
Running from C:\Users\steve\Downloads\FRST64.exe
Loaded Profiles: steve
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3448 (X64) Language: German (Germany) -> English (United Kingdom)
Default browser: Vivaldi
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Crash Processor.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <3>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(D:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Discord Inc. -> Discord Inc.) C:\Users\steve\AppData\Local\DiscordPTB\app-1.0.1035\DiscordPTB.exe <6>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Windows -> Microsoft Corporation) C:\Users\steve\AppData\Local\Temp\95CD8BBD-61EB-4C26-86CC-ACF8FABFD661\DismHost.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Scarlet.Crush Productions) [File not signed] D:\alles für C partition\ScpServer\ScpServer\bin\ScpService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skutta, Kristjan -> ) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2308.3.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Valve Corp. -> Valve Corporation) D:\Program Files (x86)\Steam\steam.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\steve\AppData\Local\Vivaldi\Application\vivaldi.exe <19>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2023-08-10] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2023-10-03] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-10-03] (Adobe Inc. -> )
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [Discord] => C:\Users\steve\AppData\Local\Discord\Update.exe [1525016 2023-04-26] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [WallpaperEngine] => D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [3050080 2022-11-25] (Skutta, Kristjan -> )
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [MicrosoftEdgeAutoLaunch_AB28E5367ED265860776C96F8DFD68CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [RiotClient] => D:\Games\Riot Games\Riot Client\RiotClientServices.exe [70910864 2023-09-30] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37097936 2023-09-09] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [DiscordPTB] => C:\Users\steve\AppData\Local\DiscordPTB\Update.exe [1525024 2023-08-23] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2655848 2023-10-03] (Electronic Arts, Inc. -> Electronic Arts)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09654855-312F-416A-A029-24D764B98BFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {03364EC0-16C4-4DE8-9167-3B6256724B85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31D446AF-929E-4257-8761-61ADCE93133A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {59DEB76E-06E8-4D59-B57B-CFA6A0AE01C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {57BEA90D-4BEF-4602-9C85-213CD39B8B1B} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804312 2023-04-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {EB641FB4-217A-46BB-A149-C988A9F8EA53} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2023-05-19] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E2004575-0CE8-4A79-9DD6-50A670DC5CDD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-05-19] (Nvidia Corporation -> NVIDIA Corporation)
Task: {866AB106-8DFE-4F69-8154-050064594097} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F1E4B307-222A-4363-B123-62D4E81BDE4F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB845611-AC8E-4ED2-A9DD-612411FFE436} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F45450A7-2DEA-49D4-A8C5-99C793103BA8} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1159A7AD-CD7F-4030-9938-9F95DB822777} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {61FD7EB1-9263-4EEC-B674-997D151EEAE9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CD31F163-9879-4C93-9E1E-A7FAD1AB8765} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BC28A7D2-7F93-462A-B7AB-7491BACD1720} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [436544 2023-03-30] (Alexey Nicolaychuk -> )
Task: {680E579F-D9A8-4758-B63F-9A0AA926B19E} - System32\Tasks\VivaldiUpdateCheck-fc19b0abe6cf500b => C:\Users\steve\AppData\Local\Vivaldi\Application\update_notifier.exe [3845520 2023-09-28] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a7ee169b-f46a-4864-a664-6f6da47a55b5}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f8e7eaa1-dd54-4e06-a603-9163c68fc6c8}: [DhcpNameServer] 192.168.178.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-05]
Edge Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-28]
Edge Extension: (Edge relevant text changes) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-14]
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-10-03] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-10-03] (Adobe Inc. -> Adobe Systems)
Vivaldi:
=======
VIV Profile: C:\Users\steve\AppData\Local\Vivaldi\User Data\Default [2023-10-05]
VIV DefaultSearchKeyword: Default -> g
VIV Extension: (TubeBuddy) - C:\Users\steve\AppData\Local\Vivaldi\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2023-10-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-10-03] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [14893832 2023-08-27] (BattlEye Innovations e.K. -> )
R2 Ds3Service; D:\alles für C partition\ScpServer\ScpServer\bin\ScpService.exe [381952 2015-08-03] (Scarlet.Crush Productions) [File not signed]
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11070056 2023-10-03] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-06-05] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [943528 2023-08-23] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-05-01] (Epic Games Inc. -> Epic Games, Inc.)
S3 NGS; C:\ProgramData\Nexon\NGS\NGService.exe [3189352 2023-09-30] (NEXON Korea Corporation. -> NEXON Korea Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9437496 2023-08-10] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [282624 2023-05-05] (Microsoft Corporation) [File not signed]
S1 gvm; C:\Windows\system32\DRIVERS\gvm.sys [390144 2023-06-20] (Google LLC -> Google LLC)
R3 MpKsl01c08963; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2843796E-7184-4FA1-9315-E135C018AC60}\MpKslDrv.sys [263560 2023-10-04] (Microsoft Windows -> Microsoft Corporation)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2023-05-19] (Nvidia Corporation -> NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-08-03] (Bruce James -> Scarlet.Crush Productions)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [26953656 2023-08-10] (Riot Games, Inc. -> Riot Games, Inc.)
R3 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2023-09-27] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572712 2023-09-27] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105872 2023-09-27] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [1432232 2023-10-04] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-10-05 14:10 - 2023-10-05 14:18 - 000061142 _____ C:\Users\steve\Downloads\Addition.txt
2023-10-05 14:09 - 2023-10-05 14:30 - 000020262 _____ C:\Users\steve\Downloads\FRST.txt
2023-10-05 14:08 - 2023-10-05 14:30 - 000000000 ____D C:\FRST
2023-10-05 14:08 - 2023-10-05 14:08 - 002382848 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2023-10-04 16:18 - 2023-10-04 16:18 - 000000000 ____D C:\Users\steve\AppData\Local\HerovsGame
2023-10-04 16:04 - 2023-10-04 16:04 - 000000223 _____ C:\Users\steve\Desktop\MY HERO ULTRA RUMBLE.url
2023-10-03 16:28 - 2023-10-03 16:28 - 000000000 ____D C:\Users\steve\AppData\Local\Century
2023-10-03 15:50 - 2023-10-03 15:50 - 002094439 _____ C:\Users\steve\Downloads\1.psd
2023-10-03 15:39 - 2023-10-03 15:39 - 000000000 ____D C:\Users\steve\Documents\Adobe
2023-10-03 15:38 - 2023-10-03 15:38 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2024.lnk
2023-10-03 15:29 - 2023-10-03 15:29 - 000000000 ___RD C:\Users\steve\Creative Cloud Files
2023-10-03 15:28 - 2023-10-03 22:08 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Adobe
2023-10-03 15:28 - 2023-10-03 15:40 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-10-03 15:28 - 2023-10-03 15:32 - 000000000 ____D C:\ProgramData\Adobe
2023-10-03 15:28 - 2023-10-03 15:29 - 000000000 ____D C:\Program Files\Adobe
2023-10-03 15:28 - 2023-10-03 15:28 - 000001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2023-10-03 15:28 - 2023-10-03 15:28 - 000000000 ____D C:\Program Files (x86)\Adobe
2023-10-03 15:27 - 2023-10-03 15:27 - 000000000 ____D C:\Users\Public\Documents\AdobeGCInfo
2023-10-03 15:25 - 2023-10-03 15:50 - 000000000 ____D C:\Users\steve\AppData\Local\Adobe
2023-10-03 15:25 - 2023-10-03 15:38 - 000000000 ____D C:\Users\steve\AppData\Roaming\com.adobe.dunamis
2023-10-03 13:50 - 2023-10-03 13:50 - 000000000 ____D C:\Users\steve\AppData\Roaming\Ambient Design
2023-10-03 13:43 - 2023-10-03 13:43 - 000000000 ____D C:\ProgramData\Caphyon
2023-10-03 13:42 - 2023-10-03 13:42 - 128840872 _____ (Ambient Design) C:\Users\steve\Downloads\install_artrage_6_demo_windows.exe
2023-10-03 12:59 - 2023-10-03 12:59 - 000000222 _____ C:\Users\steve\Desktop\Century Age of Ashes.url
2023-10-03 12:52 - 2023-10-03 12:52 - 000000000 ____D C:\Users\steve\AppData\Local\AVGame
2023-10-03 02:38 - 2023-10-03 02:38 - 000000222 _____ C:\Users\steve\Desktop\Vampyr.url
2023-09-30 21:32 - 2023-09-30 21:32 - 000000016 _____ C:\ProgramData\mntemp
2023-09-30 21:32 - 2023-09-30 21:32 - 000000000 ____D C:\Users\steve\AppData\Local\Warhaven
2023-09-30 21:32 - 2023-09-30 21:32 - 000000000 ____D C:\ProgramData\Nexon
2023-09-30 20:28 - 2023-09-30 20:28 - 000000223 _____ C:\Users\steve\Desktop\Warhaven.url
2023-09-30 19:51 - 2023-09-30 19:51 - 000000640 _____ C:\Users\steve\Desktop\New Text Document.txt
2023-09-30 13:04 - 2023-09-30 13:04 - 000000000 ____D C:\Users\steve\AppData\Local\WWAATD
2023-09-29 20:49 - 2023-09-29 20:49 - 000000000 ____D C:\Users\steve\AppData\Local\IkeaBR_Server
2023-09-27 00:12 - 2023-09-27 00:12 - 000000000 ____D C:\Users\steve\AppData\Local\Predecessor
2023-09-26 15:55 - 2023-09-26 15:55 - 000000000 ____D C:\Users\steve\AppData\Roaming\SevenConverter
2023-09-26 15:54 - 2023-09-26 15:54 - 144638745 _____ C:\Users\steve\Downloads\SevenConverter-1.5.7.zip
2023-09-26 15:52 - 2023-09-26 15:52 - 000000000 ____D C:\Users\steve\Documents\MiniTool uTube Downloader
2023-09-26 15:52 - 2023-09-26 15:52 - 000000000 ____D C:\Users\steve\AppData\Local\MiniTool uTube Downloader
2023-09-26 13:17 - 2023-09-26 15:58 - 000000000 ____D C:\Users\steve\AppData\Roaming\QtProject
2023-09-26 13:16 - 2023-09-26 13:17 - 000000000 ___HD C:\ProgramData\TWluaVRvb2wgVmlkZW8gQ29udmVydGVy
2023-09-26 13:16 - 2023-09-26 13:17 - 000000000 ____D C:\Users\steve\Documents\MiniTool Video Converter
2023-09-26 13:15 - 2023-09-26 13:15 - 002011888 _____ (MiniTool) C:\Users\steve\Downloads\minitool-video-converter-3-0.exe
2023-09-26 13:15 - 2023-09-18 18:40 - 103349024 _____ (MiniTool ) C:\Users\steve\Downloads\vc-free.exe
2023-09-24 12:56 - 2023-09-24 12:56 - 001289374 _____ C:\Users\steve\Downloads\Lossless.Scaling.Build.10828226.zip
2023-09-24 12:56 - 2023-09-24 12:56 - 000000000 ____D C:\Users\steve\AppData\Local\Lossless Scaling
2023-09-24 12:56 - 2023-03-31 20:43 - 000000000 ____D C:\Users\steve\Desktop\Lossless.Scaling.Build.10828226
2023-09-23 01:44 - 2023-09-23 01:44 - 000000294 _____ C:\Users\steve\Documents\regbckup.reg
2023-09-21 11:34 - 2023-09-26 16:51 - 000000000 ____D C:\Users\steve\Desktop\desk
2023-09-20 13:16 - 2023-10-04 18:34 - 001432232 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys
2023-09-20 13:16 - 2023-09-20 13:16 - 000000000 ____D C:\Users\steve\AppData\Local\Overprime
2023-09-19 23:14 - 2023-09-19 23:14 - 000000000 ____D C:\Users\steve\AppData\Local\LunaAbyss
2023-09-19 16:29 - 2023-09-19 16:29 - 000000000 ____D C:\Intel
2023-09-19 12:43 - 2023-09-19 12:43 - 000000000 ____D C:\Users\steve\AppData\Local\EALaunchHelper
2023-09-18 23:45 - 2023-09-18 23:45 - 001886879 _____ C:\Users\steve\Downloads\PrinceOfPersiaWarriorWithinv1.0NoCDNoDVDFixedexeEng.rar
2023-09-18 23:35 - 2023-09-18 23:36 - 003015265 _____ C:\Users\steve\Downloads\PrinceOfPersiaWarriorWithinv1.0NoCDNoDVDFixedexeEng-2.rar
2023-09-18 23:32 - 2023-09-18 23:47 - 000000000 ____D C:\ProgramData\POPWWPROFILES
2023-09-18 23:32 - 2023-09-18 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2023-09-18 23:01 - 2023-09-18 23:01 - 000000000 ____D C:\Users\steve\AppData\Local\EAConnect_microsoft
2023-09-18 22:50 - 2023-09-19 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2023-09-18 22:50 - 2023-09-18 22:52 - 000000000 ____D C:\Users\steve\AppData\Local\Origin
2023-09-18 22:50 - 2023-09-18 22:52 - 000000000 ____D C:\ProgramData\EA Desktop
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Users\steve\AppData\Local\Electronic Arts
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Users\steve\AppData\Local\EADesktop
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Program Files\Electronic Arts
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Program Files\EA Games
2023-09-18 22:49 - 2023-09-18 22:49 - 002488224 _____ (Electronic Arts) C:\Users\steve\Downloads\EAappInstaller.exe
2023-09-17 20:50 - 2023-09-17 20:50 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Megastorm Games
2023-09-17 19:26 - 2023-09-17 19:26 - 000000000 ____D C:\Users\steve\AppData\LocalLow\NLTech
2023-09-17 19:13 - 2023-09-17 19:13 - 000000000 ____D C:\Users\steve\AppData\Local\DivineKnockout
2023-09-16 14:05 - 2023-09-16 14:05 - 000000000 ____D C:\Program Files\ViGEm ViGEmBus
2023-09-16 14:00 - 2023-09-16 14:00 - 013449768 _____ C:\Users\steve\Downloads\x360ce.zip
2023-09-16 14:00 - 2023-09-16 14:00 - 000000000 ____D C:\ProgramData\X360CE
2023-09-16 11:58 - 2023-09-16 11:58 - 000000000 ___HD C:\$WinREAgent
2023-09-14 12:18 - 2023-09-14 12:19 - 000001376 _____ C:\Users\steve\Desktop\LaunchBDO.lnk
2023-09-14 12:12 - 2023-09-24 18:37 - 000000000 ____D C:\Users\steve\AppData\Roaming\Notepad++
2023-09-14 12:12 - 2023-09-14 12:12 - 004704376 _____ (Don HO don.h@free.fr) C:\Users\steve\Downloads\npp.8.5.6.Installer.x64.exe
2023-09-14 12:12 - 2023-09-14 12:12 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2023-09-14 12:12 - 2023-09-14 12:12 - 000000000 ____D C:\Program Files\Notepad++
2023-09-13 13:48 - 2023-09-13 13:48 - 011367544 _____ (Martin Malik, REALiX s.r.o. ) C:\Users\steve\Downloads\hwi_762.exe
2023-09-13 13:48 - 2023-09-13 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2023-09-13 13:48 - 2023-09-13 13:48 - 000000000 ____D C:\Program Files\HWiNFO64
2023-09-12 20:35 - 2023-09-12 20:35 - 046562290 _____ C:\Users\steve\Downloads\dlc ttt2.rar
2023-09-12 19:50 - 2023-09-12 19:50 - 028236544 _____ C:\Users\steve\Downloads\rpcs3-v0.0.29-15617-c7c81ed9_win64.7z
2023-09-12 19:49 - 2023-09-12 19:49 - 000007050 _____ C:\Users\steve\Downloads\redirect.htm
2023-09-12 19:45 - 2023-10-05 00:46 - 000000000 ____D C:\Users\steve\AppData\Roaming\discordptb
2023-09-12 19:45 - 2023-10-04 21:44 - 000000000 ____D C:\Users\steve\AppData\Local\DiscordPTB
2023-09-11 14:25 - 2023-09-11 14:25 - 000000000 ____D C:\Users\steve\AppData\Local\Cemu
2023-09-10 03:09 - 2023-09-11 00:04 - 000000000 ____D C:\Users\steve\AppData\Roaming\USB_HELPER
2023-09-10 03:09 - 2023-09-10 03:09 - 000000000 ____D C:\Users\steve\AppData\Local\Hikari06
2023-09-10 03:08 - 2023-09-10 03:09 - 000000000 ____D C:\Users\steve\AppData\Roaming\USBHelperLauncher
2023-09-10 03:08 - 2023-09-10 03:08 - 000001070 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wii U USB Helper.lnk
2023-09-10 03:07 - 2023-09-10 03:08 - 000289190 _____ C:\Users\steve\Downloads\USBHelperInstaller.exe
2023-09-10 02:32 - 2023-09-10 02:32 - 000124511 _____ C:\Users\steve\Downloads\Newestkeys.rar
2023-09-09 23:17 - 2023-09-09 23:17 - 024987546 _____ C:\Users\steve\Downloads\cemu_1.26.2.zip
2023-09-09 16:51 - 2023-09-09 16:51 - 000002131 _____ C:\Users\steve\Downloads\Tekken 5_Boss_Hack by [John].7z
2023-09-09 16:31 - 2023-09-09 16:31 - 008528201 _____ C:\Users\steve\Downloads\AncientOgre_P.rar
2023-09-09 15:10 - 2023-09-09 15:11 - 019169430 _____ C:\Users\steve\Downloads\t7_2_JINPACHI_V3.0.zip
2023-09-09 15:04 - 2023-09-09 15:04 - 048681666 _____ C:\Users\steve\Downloads\TekkenMovesetExtractor.zip
2023-09-09 14:57 - 2023-09-09 14:57 - 000218385 _____ C:\Users\steve\Downloads\Tekken 7 Jinpachi Moveset-20230909T125657Z-001.zip
2023-09-05 19:54 - 2023-09-05 19:55 - 000000000 ____D C:\Users\steve\AppData\Local\Maine
2023-09-05 15:58 - 2023-09-05 15:58 - 002541361 _____ C:\Users\steve\Downloads\BDO Font.rar
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-10-05 14:26 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-05 13:41 - 2023-05-28 17:42 - 000000000 ____D C:\ProgramData\NVIDIA
2023-10-05 13:38 - 2023-06-08 22:10 - 000000000 ____D C:\SteamLibrary
2023-10-05 13:38 - 2023-05-28 17:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-05 13:38 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-05 13:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-10-04 16:04 - 2023-05-29 21:48 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-10-04 15:44 - 2023-05-28 18:33 - 000000527 _____ C:\Users\steve\.vivaldi_reporting_data
2023-10-03 19:08 - 2023-05-29 00:32 - 000000000 ____D C:\Users\steve\AppData\Local\CrashDumps
2023-10-03 16:27 - 2023-07-26 20:47 - 000000000 ____D C:\Users\steve\AppData\Roaming\EasyAntiCheat
2023-10-03 16:08 - 2023-05-29 03:17 - 000000000 ____D C:\Users\steve\AppData\Local\UnrealEngine
2023-10-03 15:40 - 2023-05-28 17:47 - 000000000 ____D C:\Users\steve\AppData\Local\Packages
2023-10-03 15:38 - 2023-05-28 17:47 - 000000000 ____D C:\Users\steve\AppData\Roaming\Adobe
2023-10-03 15:38 - 2023-05-28 17:47 - 000000000 ____D C:\Users\steve\AppData\Local\D3DSCache
2023-10-03 15:29 - 2023-05-28 17:41 - 000000000 ____D C:\Users\steve
2023-10-03 15:28 - 2023-05-28 17:57 - 000000000 ____D C:\ProgramData\Package Cache
2023-10-03 15:28 - 2023-05-28 17:42 - 000000000 ____D C:\ProgramData\Packages
2023-10-01 21:51 - 2023-05-28 17:34 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-01 11:46 - 2023-05-28 18:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\discord
2023-10-01 11:43 - 2023-05-28 18:33 - 000000000 ____D C:\Users\steve\AppData\Local\Vivaldi
2023-10-01 11:40 - 2023-07-18 13:52 - 000456412 _____ C:\Windows\system32\perfh006.dat
2023-10-01 11:40 - 2023-07-18 13:52 - 000079336 _____ C:\Windows\system32\perfc006.dat
2023-10-01 11:40 - 2023-05-28 17:43 - 002255670 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-01 11:40 - 2019-12-07 16:51 - 000743838 _____ C:\Windows\system32\perfh007.dat
2023-10-01 11:40 - 2019-12-07 16:51 - 000150260 _____ C:\Windows\system32\perfc007.dat
2023-10-01 11:40 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-10-01 11:36 - 2023-07-09 20:16 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-10-01 11:34 - 2023-05-28 18:14 - 000000000 ____D C:\Users\steve\AppData\Local\Discord
2023-10-01 11:33 - 2023-05-28 17:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-01 11:33 - 2023-05-28 17:33 - 000008192 ___SH C:\DumpStack.log.tmp
2023-10-01 11:33 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-10-01 11:32 - 2023-05-28 22:48 - 000003142 _____ C:\Windows\system32\Tasks\MSIAfterburner
2023-09-28 18:34 - 2023-05-28 18:33 - 000002385 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2023-09-27 21:59 - 2023-05-28 17:34 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-09-27 01:20 - 2023-05-28 22:40 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2023-09-24 14:01 - 2023-05-28 17:48 - 000000000 ____D C:\Users\steve\AppData\Local\PlaceholderTileLogoFolder
2023-09-20 13:17 - 2023-08-22 23:03 - 000000000 ____D C:\ProgramData\Epic
2023-09-19 16:28 - 2023-06-05 02:57 - 000000000 ____D C:\Users\steve\AppData\Roaming\Fatshark
2023-09-19 15:58 - 2023-07-13 22:58 - 000000000 ____D C:\Users\steve\Documents\Soundaufnahmen
2023-09-19 00:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-09-18 23:32 - 2023-05-28 21:57 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-09-18 22:50 - 2023-05-28 21:59 - 000000000 ____D C:\Users\steve\AppData\Local\cache
2023-09-18 21:31 - 2023-08-21 17:50 - 000000000 ____D C:\Users\steve\AppData\Local\AcTools Content Manager
2023-09-17 19:26 - 2023-08-19 18:35 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Unity
2023-09-17 19:13 - 2023-08-22 23:04 - 000000000 ____D C:\Users\steve\AppData\Local\Epic Games
2023-09-17 16:59 - 2023-05-28 19:05 - 000000000 ____D C:\Users\steve\AppData\Local\Steam
2023-09-17 13:48 - 2023-05-29 01:58 - 000003854 _____ C:\Users\steve\AppData\Local\3301857876
2023-09-17 03:29 - 2023-05-28 17:33 - 000259672 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-17 03:28 - 2019-12-07 16:54 - 000000000 ___SD C:\Windows\system32\AppV
2023-09-17 03:28 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-09-16 12:07 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-09-16 12:05 - 2023-05-28 17:36 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-16 11:58 - 2023-05-30 20:33 - 000000000 ____D C:\Windows\system32\MRT
2023-09-16 11:56 - 2023-05-30 20:33 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-14 11:51 - 2023-05-28 22:36 - 000000000 ____D C:\Users\steve\Documents\Black Desert
2023-09-14 11:28 - 2023-05-29 01:51 - 002688512 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-09-14 11:28 - 2023-05-29 01:51 - 000483328 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-09-14 11:28 - 2023-05-29 01:51 - 000210536 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-09-14 11:28 - 2023-05-29 01:51 - 000181864 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-09-14 11:28 - 2023-05-29 01:51 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-09-14 11:28 - 2023-05-29 01:51 - 000095848 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-09-14 11:28 - 2023-05-29 01:51 - 000075368 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-09-14 11:28 - 2023-05-29 01:51 - 000000000 ____D C:\XboxGames
2023-09-12 19:45 - 2023-05-28 18:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2023-09-12 19:45 - 2023-05-28 18:14 - 000000000 ____D C:\Users\steve\AppData\Local\SquirrelTemp
2023-09-12 16:29 - 2023-05-28 22:39 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2023-09-12 16:28 - 2023-05-28 22:48 - 000003126 _____ C:\Windows\system32\Tasks\RTSS
2023-09-10 14:20 - 2023-07-08 01:12 - 000000000 ____D C:\Program Files\Riot Vanguard
2023-09-05 20:15 - 2023-08-27 21:32 - 000000000 ____D C:\Users\steve\AppData\Local\Ubisoft Game Launcher
==================== Files in the root of some directories ========
2023-05-29 01:58 - 2023-09-17 13:48 - 000003854 _____ () C:\Users\steve\AppData\Local\3301857876
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
FRST Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by steve (05-10-2023 14:31:13)
Running from C:\Users\steve\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.3448 (X64) (2023-05-28 15:37:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4237224309-1573821182-25082296-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4237224309-1573821182-25082296-503 - Limited - Disabled)
Gast (S-1-5-21-4237224309-1573821182-25082296-501 - Limited - Disabled)
steve (S-1-5-21-4237224309-1573821182-25082296-1001 - Administrator - Enabled) => C:\Users\steve
WDAGUtilityAccount (S-1-5-21-4237224309-1573821182-25082296-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.0.0.571 - Adobe Inc.)
Adobe Photoshop 2024 (HKLM-x32\...\PHSP_25_0) (Version: 25.0.0.37 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.)
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.4 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{cf77cf6b-71ff-4a71-802d-43adb9b271b7}) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.) Hidden
Black Desert (HKLM-x32\...\BlackDesert_NA_is1) (Version: 23.01.16.1 - PearlAbyss Corp.)
CPUID CPU-Z 2.06 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.06 - CPUID, Inc.)
Discord (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Discord) (Version: 1.0.9013 - Discord Inc.)
Discord PTB (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\DiscordPTB) (Version: 1.0.1032 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.37.0.5550 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{9fadc9c1-bd21-46fd-ad7e-8e08ace2687e}) (Version: 13.37.0.5550 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{AEB35C6C-B6D4-4AA0-8452-DE699737B5F6}) (Version: 1.3.82.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2.1 - )
HWiNFO64 Version 7.62 (HKLM\...\HWiNFO64_is1) (Version: 7.62 - Martin Malik, REALiX s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 2.0 - F.J. Wechselberger)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.5.6 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 536.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.99 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 29.1.3 - OBS Project)
PlayStationPlus (HKLM-x32\...\{B91BC2BC-763E-422C-A5DA-319695354B95}) (Version: 12.1.0 - Sony Interactive Entertainment Inc.)
Prince of Persia Warrior Within (HKLM-x32\...\{EE5BC0BB-9EDA-423C-8276-48857B735D68}) (Version: 1.00.999 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.50.511.2021 - Realtek)
RidersRepublic (HKLM-x32\...\Uplay Install 5487) (Version: - Ubisoft)
Riot Client (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
RivaTuner Statistics Server 7.3.4 (HKLM-x32\...\RTSS) (Version: 7.3.4 - Unwinder)
TreeSize Free V4.6.3 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.6.3 - JAM Software)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 144.0.10906 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
USBHelperLauncher (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\USBHelperLauncher) (Version: 1.0 - FailedShack)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VALORANT (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
Vivaldi (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Vivaldi) (Version: 6.2.3105.54 - Vivaldi Technologies AS.)
WhoCrashed 7.06 (HKLM\...\WhoCrashed_is1) (Version: 7.06 - Resplendence Software Projects Sp.)
WinRAR 6.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-10-03] (Adobe Systems Incorporated)
Back 4 Blood -> C:\Program Files\WindowsApps\WarnerBros.Interactive.e172091a-6630-4ff3-959f-830_1.314.5975.0_x64__ktmk1xygcecda [2023-05-29] (Warner Bros. Interactive)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-12] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-20] (NVIDIA Corp.)
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.927.0_x64__8wekyb3d8bbwe [2023-10-05] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-27] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-27] (Spotify AB) [Startup Task]
Warhammer 40,000: Darktide -> C:\Program Files\WindowsApps\FatsharkAB.Warhammer40000DarktideNew_1.2.1492.0_x64__hwm6pnepa3ng2 [2023-10-04] (Fatshark AB)
WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe [2023-06-21] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A79589C16F3B} -> [Creative Cloud Files] => C:\Users\steve\Creative Cloud Files [2023-10-03 15:29]
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{D1AD56BD-8D3D-43DD-A739-CBF2B0928D21}\localserver32 -> C:\Users\steve\AppData\Local\Vivaldi\Application\6.2.3105.54\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\nvshext.dll [2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\steve\Desktop\LaunchBDO.lnk -> C:\Pearlabyss\BlackDesert\LaunchBDOwithAffinitySet.bat ()
==================== Loaded Modules (Whitelisted) =============
2023-04-03 00:48 - 2023-04-03 00:48 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2023-04-03 00:48 - 2023-04-03 00:48 - 000059392 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2023-04-03 00:49 - 2023-04-03 00:49 - 000699904 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2023-04-03 00:48 - 2023-04-03 00:48 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2023-04-03 00:48 - 2023-04-03 00:48 - 000371712 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2023-03-14 17:57 - 2023-03-14 17:57 - 000058368 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2023-03-14 17:57 - 2023-03-14 17:57 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2023-03-14 17:57 - 2023-03-14 17:57 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2023-05-29 01:51 - 2023-09-14 11:28 - 000483328 _____ (Microsoft Corporation) [File not signed] C:\Windows\SYSTEM32\gameplatformservices.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 002849280 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000685056 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc:169D67954B [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert.lnk:54240D998C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2594]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4412]
AlternateDataStreams: C:\Users\steve\Anwendungsdaten:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\steve\AppData\Roaming:671890e017d8a4fb26004192461213ff [394]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AB28E5367ED265860776C96F8DFD68CB"
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DCF04797-81F5-4C0C-8452-D7E5199278BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{E4A910E2-725E-4BB8-97DA-9CCB1F243133}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{C80B689C-4B41-4E73-BB61-7D544E675958}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{658AD2A2-A564-4D6C-AA7A-30E087E13788}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{3C829B3E-4CC6-4131-BB94-FC02EC914C8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{79C76835-E69A-4BE1-AD49-31FCB9338368}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{A97A7887-368B-4A94-9C23-3152A87D442F}C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{BDC25AE9-4929-489C-9D29-D5CE26B2A32B}C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{DB749087-2A8B-49A4-931A-47BDFA36E64C}] => (Allow) D:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{17D437DE-C479-4CC4-90DA-428CF6AB953A}] => (Allow) D:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9B32655E-B34A-496F-83F4-6FC7A47DA14E}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5940784B-3979-4AF5-ADE8-C834CB9E8E34}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A20DDB46-81A1-43C9-AC9B-7B2E521E32DC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{ED244F85-19BE-452A-BE94-2AE86AAD2483}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{4DC62F78-A33D-42FD-9EB7-959D4D4F1F58}D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [UDP Query User{6DBE7C1B-DBE1-4F4F-B847-427B16689818}D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [{A5C7480C-4FAF-4607-A673-EC0DDDEE3A90}] => (Block) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [{5242BADE-6E0A-4B37-99E9-FC48AF09C799}] => (Block) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [TCP Query User{79F0CAAE-A39C-4FF3-A88A-8552AFA2D076}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Allow) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{E0E28F3C-7776-4340-9DAF-AD76856FAE0D}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Allow) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [TCP Query User{FC0E67E3-7EBE-4E43-8846-11ADB169399F}C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{983A23F0-8AA0-44EC-8C0D-31146EF8F218}C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [TCP Query User{A618D37E-1CCB-43C3-A526-19B3D8C171AC}D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [UDP Query User{FA163D9E-020F-4F14-8377-BC68AA0E0C87}D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [{8B6DD944-BDE3-4AC3-BD55-765F49584076}] => (Block) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [{C96D19F3-631A-46E8-912C-613518C0165B}] => (Block) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [TCP Query User{B3BD6F28-BF0B-4BCF-B68A-B85C16ABC836}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Block) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{88B67A84-D986-4CD5-9A8D-00ED828CECA9}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Block) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [{1D153E78-5C98-4F2D-AB60-DC8CABB328F2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Naruto To Boruto\NARUTO.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{847164C9-506C-4CED-815C-FCF493929212}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Naruto To Boruto\NARUTO.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{CA56DE0E-B4F9-4706-A0C1-059B74A7BD2F}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [UDP Query User{882C6C11-0079-48D1-94FF-8CF90403F3B2}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [TCP Query User{64F53A17-0C86-4E18-B3DD-9CCE546B1066}D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [UDP Query User{A75DBC38-0DC0-450D-B981-134107077E5E}D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [{F85DA664-3E8E-4E84-AD18-80FC97EB227A}] => (Block) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [{6862B720-1B70-40FC-A68A-A57C66156D18}] => (Block) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [{DCF67D02-A0C1-4C99-8F85-7B8A40E9D4D5}] => (Allow) C:\Program Files (x86)\PlayStationPlus\pspluslauncher.exe (Sony Interactive Entertainment LLC -> Sony Interactive Entertainment LLC)
FirewallRules: [{EC71AD93-9DF2-4A68-AEE9-D9521AC9CA8E}] => (Allow) C:\Users\steve\AppData\Local\Gaikai\CrashReports\dumpupload.exe (Sony Interactive Entertainment LLC -> )
FirewallRules: [{C0DA7550-9270-4FA2-B6CD-DD147098813C}] => (Allow) C:\Program Files (x86)\PlayStationPlus\unidater.exe (Sony Interactive Entertainment LLC -> Sony Interactive Entertainment)
FirewallRules: [TCP Query User{0C9167F3-B4D0-4C58-87F0-A86E02CB194A}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Block) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [UDP Query User{D1BEAFB7-9324-48BE-BD8C-4AE963DD6A09}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Block) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [TCP Query User{E4CBE294-65D0-4AAF-AD30-98336EFDE52A}C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe] => (Allow) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [UDP Query User{563E0DB0-DB13-4100-983F-69CBBE2F71EC}C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe] => (Allow) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [{700AFACF-BF20-41CC-A753-23EA074B7BC8}] => (Block) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [{FF6E1D57-1B4D-46F9-A9EC-337FF9F3B225}] => (Block) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [{B9761C15-B2E8-4DD1-895B-1C4C279429B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1444B634-0D3C-4E7B-81E3-E7B0114F6AF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{515D454E-D87F-4E18-8D21-FB627F4B9992}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A33859EC-1C2D-4708-B78E-46B0716D8D46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{407C5E4C-35B9-4AC5-B8C8-20EBB2096CE1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FD05C7EE-8A63-41FE-BB03-563C1DBF9836}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0E037708-8117-4F26-A79E-A8EF366A794F}] => (Allow) C:\SteamLibrary\steamapps\common\En Garde Demo\EnGarde.exe => No File
FirewallRules: [{04457DF8-2F91-4A1A-A615-4896A0A5CA84}] => (Allow) C:\SteamLibrary\steamapps\common\En Garde Demo\EnGarde.exe => No File
FirewallRules: [TCP Query User{4481370E-C528-49B6-A8B1-72F0924C7661}C:\pearlabyss\blackdesert\bin64\blackdesert64.exe] => (Allow) C:\pearlabyss\blackdesert\bin64\blackdesert64.exe (Pearl abyss Corp -> )
FirewallRules: [UDP Query User{67440C80-9217-4949-8FAF-2196C6899E04}C:\pearlabyss\blackdesert\bin64\blackdesert64.exe] => (Allow) C:\pearlabyss\blackdesert\bin64\blackdesert64.exe (Pearl abyss Corp -> )
FirewallRules: [TCP Query User{3BDCCA1D-EA96-4120-9FD2-6C6388C5E106}D:\games\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{A5BDA3C2-B99D-4B2C-89F1-DD019DCD3EEC}D:\games\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{8CFF21DD-D759-4E32-BF28-495080C8608B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Devil May Cry 5\DevilMayCry5.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{D3E64BAD-2D9F-4BC9-B2A9-A324C793AEEB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Devil May Cry 5\DevilMayCry5.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{7C2AAAC5-E37F-4350-AEBD-DCCAA014686E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{335E88B3-DB44-4E62-9092-B024DBF29897}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{337A30C0-EE6E-41B9-A234-0A7E3E5D736B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [{EE30D735-CA09-402B-9916-03EBB34C03AD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [TCP Query User{E3248369-ED12-4C05-8897-D45CE9A9FD71}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [UDP Query User{329C6AC2-7D69-45B8-A425-409A1B11CA19}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [{72CB7328-0990-4304-B050-19665BE71916}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [{9649F702-D824-4A0F-A5D9-5997E2520CBB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [TCP Query User{ABF5908F-C335-4A3C-9618-442B914B136E}D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Block) D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [UDP Query User{9B6D4EA3-AFF0-4839-A56A-CD9F987CDC51}D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Block) D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [TCP Query User{9C0BCC8F-ADAA-4EDD-AD8A-128F95E3C7C4}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7CF5524A-907F-4385-8636-A9C0DC3A613F}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{DFDAED3F-0171-4E6D-BF36-9820C312D891}D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{82BC7D55-53DA-4A18-832D-7D9FC75216A7}D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{4B95870A-5274-45CD-A156-D8D8DA8EC130}] => (Block) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{4AFAFD29-9FF1-49B5-90CD-7D382D4C7AFA}] => (Block) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{355CDB9B-DEF5-44BF-BC78-96CF0442DCE9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Demo\Europa.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{806E4445-C41A-4A4D-AACB-36FAAC4C3B7D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Demo\Europa.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{2A677AB7-E322-4830-BEBA-63261ADDD108}] => (Allow) D:\Games\RidersRepublic\RidersRepublic.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{F53E2BB4-FE58-4850-9363-538A623A26C3}] => (Allow) D:\Games\RidersRepublic\RidersRepublic_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{5ED3A785-942D-4441-87DD-93D5BA4FA448}] => (Allow) D:\Games\RidersRepublic\RidersRepublic_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{F701C52E-53E9-45FD-A223-37D2598D40AC}] => (Allow) C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{99FC416A-531B-4DDD-9678-F2D8AE075525}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grounded\Grounded.exe (Obsidian Entertainment, Inc. -> Epic Games, Inc.)
FirewallRules: [{62C58094-EE8F-4A25-9C58-156D85408F4B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grounded\Grounded.exe (Obsidian Entertainment, Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{C3D382E1-805E-4509-B0DD-866EC8D70BFE}C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [UDP Query User{21C7AEB1-7D4C-489D-9101-4E1204DD75E8}C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [{655DBFBF-40B8-487A-A245-F962B002FE11}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [{FD2F0EDE-EE2C-4A45-B2A9-1AE7218D1AFE}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [TCP Query User{642DFF3A-E77F-4ECE-B6E4-CBC148B4CA7A}C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [UDP Query User{008FE377-808A-4095-B7A9-D1DCB37EACD7}C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [{91B06BAC-61F4-4897-940D-8BA778753AC3}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [{47FBF48F-7735-455A-B8EA-FCEE1BA392B0}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [{E2FA37E7-2060-409D-A697-81E2953ECBFD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\VRising\VRising.exe (Stunlock Studios AB -> )
FirewallRules: [{0253FB2C-4EA7-4E52-9566-7E82C18C4B11}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\VRising\VRising.exe (Stunlock Studios AB -> )
FirewallRules: [{EE685ACE-EC8B-45BA-9F2B-6DD013758F1C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C75CF5A1-2E74-4B2E-B0B7-F6C2A208348A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{07F14A7B-9602-4E04-A2A1-F69E993892B1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C8EC026F-DB26-4C3D-A978-7D4C3DB2DC59}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C0E30DAA-B6BC-4DE2-BBF0-701178235FF2}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{CEBC5B9A-CEA7-4BB2-B5F2-ACF7157398AE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C936518D-8CD8-4B21-A67B-68C2DB13B150}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F2C9AAD0-5229-4BE7-8BAD-1F23E3E12900}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{DF43925E-FA1C-4B04-90A3-112BC97D13BD}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{976453AB-3164-4F53-BB68-BA1974EF3019}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D4CEAC82-0EBA-449F-8ADF-C01DBB855B92}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{14107C9A-114C-46C1-B31E-8A4024921E87}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guilt Demo\GuiltDemo.exe () [File not signed]
FirewallRules: [{CC9A3C2A-0C04-4D6A-9C40-DD0A213AC095}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guilt Demo\GuiltDemo.exe () [File not signed]
FirewallRules: [{D6ABFFE5-01DA-4D70-9990-4ACD668F31B5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Overprime\ParagonClient.exe (Netmarble F&C Inc. -> Epic Games, Inc.) [File not signed]
FirewallRules: [{B23206AF-3F17-4DE2-987E-6074B8B4C15A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Overprime\ParagonClient.exe (Netmarble F&C Inc. -> Epic Games, Inc.) [File not signed]
FirewallRules: [{BB259F25-BD24-4741-B4D3-4B4073AB678A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9E9F8912-6155-42B1-A264-713747E295BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7D6F3607-805E-444F-9FCC-581877D1394A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2C209794-FB19-41BD-A6A8-BE32804ECC48}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DB541803-82B7-4FA7-A626-65F00175C0DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BB0A62F7-EF4E-43D2-B9DD-9CA65D8AE936}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{327FD3BE-74CC-4641-895B-9140BC4AC5E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{54425409-BDDA-4B0C-B146-4A8E2C66463F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A3D02D3-26AC-472F-9F16-2A079E9C6076}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8AFD82F3-211D-49D8-A8AB-51EA7888A51F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D4F5CC8D-5E44-4BDB-8CF0-0624DDCEF46B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhaven\Warhaven\Binaries\Win64\Warhaven-Win64-Shipping.exe (NEXON Korea Corporation. -> Nexon Korea)
FirewallRules: [{2A494004-BB6C-4D36-98F8-D7BEA7DBA309}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhaven\Warhaven\Binaries\Win64\Warhaven-Win64-Shipping.exe (NEXON Korea Corporation. -> Nexon Korea)
FirewallRules: [{7783C9EC-1D59-4D10-97E3-C97BDA18D447}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF130DA1-5875-4ED1-A6EE-90C83E339203}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe (Focus Home Interactive -> Focus Home Interactive)
FirewallRules: [{C7C07AE0-840F-4E9D-A570-D600369D3244}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe (Focus Home Interactive -> Focus Home Interactive)
FirewallRules: [{10324C18-F43D-42EA-AA09-15A92D49711C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Century\Century.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{03C44E98-F5B7-464D-8A34-3B6B58D44046}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Century\Century.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [TCP Query User{B30A03D7-A311-4071-A9BD-A0CAD9563250}D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{08F3CBD0-4EAC-4191-8A83-798F16EF9675}D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{881153A9-A2A0-4756-81A3-63B434AC22E9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\My Hero Ultra Rumble\HerovsGame\Binaries\Win64\MHUR.exe (BNEI) [File not signed]
FirewallRules: [{7579E632-7EB4-42E7-B07F-63808A65CE57}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\My Hero Ultra Rumble\HerovsGame\Binaries\Win64\MHUR.exe (BNEI) [File not signed]
==================== Restore Points =========================
03-10-2023 13:43:32 Installed ArtRage 6 Demo
==================== Faulty Device Manager Devices ============
Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/03/2023 07:08:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EALaunchHelper.exe, version: 13.37.0.5550, time stamp: 0x65173201
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process ID: 0x3468
Faulting application start time: 0x01d9f61c375e6af9
Faulting application path: C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report ID: 61642891-227c-43df-8bed-40acb0fa5825
Faulting package full name:
Faulting package-relative application ID:
Error: (10/01/2023 11:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x46d0
Faulting application start time: 0x01d9f449220cb50f
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: d5334bba-3c1e-4024-adeb-19bec662e788
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4404
Faulting application start time: 0x01d9f4491c60e6d6
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 5ad0f45f-b267-4dba-bc51-1406dac53d34
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4b8c
Faulting application start time: 0x01d9f44915a85f83
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: a7deb725-d884-4ea9-9bf9-2f36ce2b8f6b
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4370
Faulting application start time: 0x01d9f44911009cd0
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 05c06c1f-bcd9-4a65-8177-602ac38a8b80
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x3928
Faulting application start time: 0x01d9f3eafb46b5ab
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: a7043e35-60dc-450f-8fa6-0f1b58820406
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 12:10:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4060
Faulting application start time: 0x01d9f3eaf58fe7f1
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 8a5dd693-d321-47b3-ad09-cf3537c64b16
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (09/30/2023 11:45:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4368
Faulting application start time: 0x01d9f3e762f36ec8
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 78dd7f78-d1f9-4b5c-bb43-dd545b7d4485
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
System errors:
=============
Error: (10/05/2023 01:38:03 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (10/04/2023 02:21:08 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (10/03/2023 01:43:42 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: ??\Device\HarddiskVolumeShadowCopy12
Error: (10/03/2023 12:52:38 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (10/02/2023 11:48:27 AM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (10/01/2023 07:49:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (10/01/2023 07:49:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (10/01/2023 11:33:26 AM) (Source: TPM) (EventID: 15) (User: NT-AUTORITÄT)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Windows Defender:
================
Date: 2023-10-05 01:10:49
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {6839F56E-5A6B-48FE-A5AE-0438F170730F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-10-04 23:19:45
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.H!ml&threatid=2147814523&enterprise=0
Name: Trojan:Win32/Wacatac.H!ml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_D:\Users\-..-\Documents\Things\USB STICK\S4\[S4L] Codes In-Game Trainer 0.1.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-0JFIBDK\steve
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.399.40.0, AS: 1.399.40.0, NIS: 1.399.40.0
Modulversion: AM: 1.1.23090.2007, NIS: 1.1.23090.2007
Date: 2023-10-04 14:21:09
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {09118F2F-DD78-4AE9-AE61-93B474972E52}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-10-03 12:52:39
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {DB6BA914-8D83-405B-86E8-2418BB38F38F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-10-02 11:48:28
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {C658E1D2-03EA-4A6E-BFBA-2EF8B2BF6371}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Event[0]:
Date: 2023-07-18 13:55:56
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.393.702.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.23060.1005
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".
CodeIntegrity:
===============
Date: 2023-07-18 17:28:58
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 4202 06/16/2023
Motherboard: ASUSTeK COMPUTER INC. PRIME B450M-A
Processor: AMD Ryzen 5 5600 6-Core Processor
Percentage of memory in use: 64%
Total physical RAM: 32680.62 MB
Available physical RAM: 11503.18 MB
Total Virtual: 37607.2 MB
Available Virtual: 7595.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.42 GB) (Free:79.28 GB) (Model: Samsung SSD 840 PRO Series) NTFS
Drive d: (Windows) (Fixed) (Total:930.34 GB) (Free:99.34 GB) (Model: TOSHIBA HDWD110) NTFS
\\?\Volume{c0f2ecdd-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{36853ede-301c-49da-bdf8-b33b92a3977e}\ (Windows RE tools) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS
\\?\Volume{45b38fcd-2611-4a25-9609-20552808547e}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{75d233e1-b882-4e2d-8963-fba759abb7a3}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: C0F2ECDD)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
|
|
05.10.2023, 18:49
| #2 |
| /// TB-Ausbilder   | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen. Wir beginnen mit MBAM und ADW. Schritt 1 Führe Malwarebytes' AntiMalware (MBAM) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 2 Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. |
|
05.10.2023, 19:52
| #3 |
| | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Hallo Matthias und herzlichen Dank für deine Hilfe!
__________________Hier die Log von MBAM: Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 10/5/23
Scan Time: 8:39 PM
Log File: 93dbe954-63ae-11ee-ac4d-40b076105f4f.json
-Software Information-
Version: 4.6.4.286
Components Version: 1.0.2163
Update Package Version: 1.0.75975
License: Trial
-System Information-
OS: Windows 10 (Build 19045.3448)
CPU: x64
File System: NTFS
User: DESKTOP-0JFIBDK\steve
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 261413
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 2 min, 28 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 1
PUP.Optional.ChipDe, C:\USERS\STEVE\DOWNLOADS\PLAYSTATION NOW (PS NOW) FüR WINDOWS - CHIP INSTALLER _IRPBX.EXE, Quarantined, 6761, 562568, 1.0.75975, , ame, , F5980F17F44DA870072C5CE396EB01BF, 2F9079DF89E96A997A910F9243173AC60BFE625501452152F8AB281778E5696B
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-05-2023
# Duration: 00:00:02
# OS: Windows 10 (Build 19045.3448)
# Scanned: 32108
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
|
|
05.10.2023, 19:57
| #4 |
| /// TB-Ausbilder | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Schritt 1 Führe ESET Online Scanner (EOS) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. |
|
05.10.2023, 23:24
| #5 |
| | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Hier die Logdatei vom ESET Scanner: Code:
ATTFilter 06.10.2023 00:21:12
Geprüfte Dateien: 1608117
Erkannte Dateien: 6
Gesäuberte Dateien: 6
Prüfdauer gesamt 03:00:13
Prüfstatus: Abgeschlossen
C:\Users\steve\Documents\visual styles tools\Windows 7 Start Orb Changer\Windows 7 Start Orb Changer v5.exe Win32/HackTool.ExpStart.A potenziell unsichere Anwendung gelöscht
D:\Users\-..-\Desktop\Desktopthings\USB\[www.OldSchoolHack.me]_winject17b\COD 4 Aim\Level Hack + Unlock All Cod4\EasyAccount.exe Win32/GameTool.EG potenziell unsichere Anwendung durch Löschen gesäubert
D:\Users\-..-\Desktop\Desktopthings\USB\[www.OldSchoolHack.me]_winject17b\karmabot\Karma Bot Cod4.exe eine Variante von Win32/GameHack.NL potenziell unsichere Anwendung durch Löschen gesäubert
D:\Users\-..-\Desktop\Desktopthings\USB\[www.OldSchoolHack.me]_winject17b\Rename_Me.dll eine Variante von Win32/GameHack.ADQ potenziell unsichere Anwendung durch Löschen gesäubert
D:\Users\-..-\Documents\Things\USB STICK\IObit Advanced SystemCare PRO 8.0.3.588 Final Incl. Crack [ATOM]\advanced-systemcare-setup.exe eine Variante von Win32/IObit.AS potenziell unerwünschte Anwendung,eine Variante von Win32/IObit.AP potenziell unerwünschte Anwendung,eine Variante von Win32/IObit.AH potenziell unerwünschte Anwendung,eine Variante von Win32/IObit.M potenziell unerwünschte Anwendung,eine Variante von Win32/IObit.J potenziell unerwünschte Anwendung,Win32/IObit.D potenziell unerwünschte Anwendung,eine Variante von Win32/IObit.D potenziell unerwünschte Anwendung durch Löschen gesäubert
D:\Users\-..-\Documents\visual styles tools\Windows 7 Start Orb Changer\Windows 7 Start Orb Changer v5.exe Win32/HackTool.ExpStart.A potenziell unsichere Anwendung gelöscht
|
|
06.10.2023, 20:02
| #6 |
| /// TB-Ausbilder | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Gut gemacht. Führe bitte eine Kontrole mit FRST aus. Schritt 1
|
|
06.10.2023, 21:15
| #7 |
| | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Gern, hier sind die beiden Logs: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023
Ran by steve (administrator) on DESKTOP-0JFIBDK (TAROX BTO PC System) (06-10-2023 22:11:26)
Running from C:\Users\steve\Downloads\FRST64.exe
Loaded Profiles: steve
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3448 (X64) Language: German (Germany) -> English (United Kingdom)
Default browser: Vivaldi
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Adobe Crash Processor.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <3>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe
(C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe ->) (Electronic Arts, Inc. -> The Qt Company Ltd.) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtWebEngineProcess.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(D:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe ->) (Skutta, Kristjan -> ) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe <5>
(Discord Inc. -> Discord Inc.) C:\Users\steve\AppData\Local\Discord\app-1.0.9018\Discord.exe <6>
(Discord Inc. -> Discord Inc.) C:\Users\steve\AppData\Local\DiscordPTB\app-1.0.1036\DiscordPTB.exe <6>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) D:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\steve\AppData\Local\Vivaldi\Application\vivaldi.exe <15>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Scarlet.Crush Productions) [File not signed] D:\alles für C partition\ScpServer\ScpServer\bin\ScpService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skutta, Kristjan -> ) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2308.3.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2023-08-10] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2023-10-03] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-10-03] (Adobe Inc. -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [Discord] => C:\Users\steve\AppData\Local\Discord\Update.exe [1525016 2023-04-26] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [WallpaperEngine] => D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [3223136 2023-10-04] (Skutta, Kristjan -> )
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [MicrosoftEdgeAutoLaunch_AB28E5367ED265860776C96F8DFD68CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [RiotClient] => D:\Games\Riot Games\Riot Client\RiotClientServices.exe [70910864 2023-09-30] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37097936 2023-09-09] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [DiscordPTB] => C:\Users\steve\AppData\Local\DiscordPTB\Update.exe [1525024 2023-08-23] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2655848 2023-10-03] (Electronic Arts, Inc. -> Electronic Arts)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {A3F69357-C49F-44CD-9F6D-89E168CAB4FD} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804312 2023-04-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {EB641FB4-217A-46BB-A149-C988A9F8EA53} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2023-05-19] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E2004575-0CE8-4A79-9DD6-50A670DC5CDD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-05-19] (Nvidia Corporation -> NVIDIA Corporation)
Task: {866AB106-8DFE-4F69-8154-050064594097} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F1E4B307-222A-4363-B123-62D4E81BDE4F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB845611-AC8E-4ED2-A9DD-612411FFE436} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F45450A7-2DEA-49D4-A8C5-99C793103BA8} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1159A7AD-CD7F-4030-9938-9F95DB822777} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {61FD7EB1-9263-4EEC-B674-997D151EEAE9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CD31F163-9879-4C93-9E1E-A7FAD1AB8765} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BC28A7D2-7F93-462A-B7AB-7491BACD1720} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [436544 2023-03-30] (Alexey Nicolaychuk -> )
Task: {680E579F-D9A8-4758-B63F-9A0AA926B19E} - System32\Tasks\VivaldiUpdateCheck-fc19b0abe6cf500b => C:\Users\steve\AppData\Local\Vivaldi\Application\update_notifier.exe [3845520 2023-10-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a7ee169b-f46a-4864-a664-6f6da47a55b5}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f8e7eaa1-dd54-4e06-a603-9163c68fc6c8}: [DhcpNameServer] 192.168.178.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-06]
Edge Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-28]
Edge Extension: (Edge relevant text changes) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-14]
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-10-03] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-10-03] (Adobe Inc. -> Adobe Systems)
Vivaldi:
=======
VIV Profile: C:\Users\steve\AppData\Local\Vivaldi\User Data\Default [2023-10-06]
VIV DefaultSearchKeyword: Default -> g
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-10-03] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [14893832 2023-08-27] (BattlEye Innovations e.K. -> )
R2 Ds3Service; D:\alles für C partition\ScpServer\ScpServer\bin\ScpService.exe [381952 2015-08-03] (Scarlet.Crush Productions) [File not signed]
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11070056 2023-10-03] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-06-05] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [943528 2023-08-23] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-05-01] (Epic Games Inc. -> Epic Games, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9316040 2023-10-05] (Malwarebytes Inc. -> Malwarebytes)
S3 NGS; C:\ProgramData\Nexon\NGS\NGService.exe [3189352 2023-09-30] (NEXON Korea Corporation. -> NEXON Korea Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9437496 2023-08-10] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [282624 2023-05-05] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S1 gvm; C:\Windows\system32\DRIVERS\gvm.sys [390144 2023-06-20] (Google LLC -> Google LLC)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222288 2023-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-10-05] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2023-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-10-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188016 2023-10-05] (Malwarebytes Inc. -> Malwarebytes)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2023-05-19] (Nvidia Corporation -> NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-08-03] (Bruce James -> Scarlet.Crush Productions)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [26953656 2023-08-10] (Riot Games, Inc. -> Riot Games, Inc.)
R3 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55856 2023-09-27] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [572712 2023-09-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105872 2023-09-27] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [1432232 2023-10-05] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-10-06 22:11 - 2023-10-06 22:11 - 000000000 ____D C:\Users\steve\Downloads\FRST-OlderVersion
2023-10-06 20:29 - 2023-10-06 20:29 - 000000223 _____ C:\Users\steve\Desktop\Big Fat Battle Playtest.url
2023-10-06 00:21 - 2023-10-06 00:21 - 000003388 _____ C:\Users\steve\Desktop\ESET.txt
2023-10-05 21:16 - 2023-10-05 21:16 - 000001272 _____ C:\Users\steve\Desktop\ESET Online Scanner.lnk
2023-10-05 21:15 - 2023-10-05 21:17 - 000001378 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-10-05 21:15 - 2023-10-05 21:15 - 015274968 _____ (ESET) C:\Users\steve\Downloads\esetonlinescanner.exe
2023-10-05 21:15 - 2023-10-05 21:15 - 000000000 ____D C:\Users\steve\AppData\Local\ESET
2023-10-05 20:48 - 2023-10-05 20:48 - 000001420 _____ C:\Users\steve\Desktop\AdwCleaner[S00].txt
2023-10-05 20:46 - 2023-10-05 20:48 - 000000000 ____D C:\AdwCleaner
2023-10-05 20:46 - 2023-10-05 20:46 - 008791352 _____ (Malwarebytes) C:\Users\steve\Downloads\adwcleaner.exe
2023-10-05 20:44 - 2023-10-05 20:44 - 000001461 _____ C:\Users\steve\Desktop\MBAM.txt
2023-10-05 20:39 - 2023-10-06 20:39 - 000000000 ____D C:\Users\steve\AppData\Local\Malwarebytes
2023-10-05 20:39 - 2023-10-05 20:39 - 000188016 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-10-05 20:39 - 2023-10-05 20:39 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-10-05 20:39 - 2023-10-05 20:39 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-10-05 20:38 - 2023-10-05 20:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-10-05 20:38 - 2023-10-05 20:38 - 000000000 ____D C:\Program Files\Malwarebytes
2023-10-05 20:18 - 2023-10-05 20:18 - 000000000 ____D C:\Users\steve\AppData\Local\mbam
2023-10-05 20:17 - 2023-10-05 20:17 - 002606880 _____ (Malwarebytes) C:\Users\steve\Downloads\MBSetup.exe
2023-10-05 14:10 - 2023-10-05 14:31 - 000061141 _____ C:\Users\steve\Downloads\Addition.txt
2023-10-05 14:09 - 2023-10-06 22:11 - 000020526 _____ C:\Users\steve\Downloads\FRST.txt
2023-10-05 14:08 - 2023-10-06 22:11 - 002383360 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2023-10-05 14:08 - 2023-10-06 22:11 - 000000000 ____D C:\FRST
2023-10-04 16:18 - 2023-10-04 16:18 - 000000000 ____D C:\Users\steve\AppData\Local\HerovsGame
2023-10-03 16:28 - 2023-10-03 16:28 - 000000000 ____D C:\Users\steve\AppData\Local\Century
2023-10-03 15:50 - 2023-10-03 15:50 - 002094439 _____ C:\Users\steve\Downloads\1.psd
2023-10-03 15:39 - 2023-10-03 15:39 - 000000000 ____D C:\Users\steve\Documents\Adobe
2023-10-03 15:38 - 2023-10-03 15:38 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2024.lnk
2023-10-03 15:29 - 2023-10-05 20:33 - 000000000 ___RD C:\Users\steve\Creative Cloud Files
2023-10-03 15:28 - 2023-10-03 22:08 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Adobe
2023-10-03 15:28 - 2023-10-03 15:40 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-10-03 15:28 - 2023-10-03 15:32 - 000000000 ____D C:\ProgramData\Adobe
2023-10-03 15:28 - 2023-10-03 15:29 - 000000000 ____D C:\Program Files\Adobe
2023-10-03 15:28 - 2023-10-03 15:28 - 000001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2023-10-03 15:28 - 2023-10-03 15:28 - 000000000 ____D C:\Program Files (x86)\Adobe
2023-10-03 15:27 - 2023-10-03 15:27 - 000000000 ____D C:\Users\Public\Documents\AdobeGCInfo
2023-10-03 15:25 - 2023-10-03 15:50 - 000000000 ____D C:\Users\steve\AppData\Local\Adobe
2023-10-03 15:25 - 2023-10-03 15:38 - 000000000 ____D C:\Users\steve\AppData\Roaming\com.adobe.dunamis
2023-10-03 13:50 - 2023-10-03 13:50 - 000000000 ____D C:\Users\steve\AppData\Roaming\Ambient Design
2023-10-03 13:43 - 2023-10-03 13:43 - 000000000 ____D C:\ProgramData\Caphyon
2023-10-03 13:42 - 2023-10-03 13:42 - 128840872 _____ (Ambient Design) C:\Users\steve\Downloads\install_artrage_6_demo_windows.exe
2023-10-03 12:59 - 2023-10-03 12:59 - 000000222 _____ C:\Users\steve\Desktop\Century Age of Ashes.url
2023-10-03 12:52 - 2023-10-03 12:52 - 000000000 ____D C:\Users\steve\AppData\Local\AVGame
2023-10-03 02:38 - 2023-10-03 02:38 - 000000222 _____ C:\Users\steve\Desktop\Vampyr.url
2023-09-30 21:32 - 2023-09-30 21:32 - 000000016 _____ C:\ProgramData\mntemp
2023-09-30 21:32 - 2023-09-30 21:32 - 000000000 ____D C:\Users\steve\AppData\Local\Warhaven
2023-09-30 21:32 - 2023-09-30 21:32 - 000000000 ____D C:\ProgramData\Nexon
2023-09-30 20:28 - 2023-09-30 20:28 - 000000223 _____ C:\Users\steve\Desktop\Warhaven.url
2023-09-30 19:51 - 2023-09-30 19:51 - 000000640 _____ C:\Users\steve\Desktop\New Text Document.txt
2023-09-30 13:04 - 2023-09-30 13:04 - 000000000 ____D C:\Users\steve\AppData\Local\WWAATD
2023-09-29 20:49 - 2023-09-29 20:49 - 000000000 ____D C:\Users\steve\AppData\Local\IkeaBR_Server
2023-09-27 00:12 - 2023-09-27 00:12 - 000000000 ____D C:\Users\steve\AppData\Local\Predecessor
2023-09-26 15:55 - 2023-09-26 15:55 - 000000000 ____D C:\Users\steve\AppData\Roaming\SevenConverter
2023-09-26 15:54 - 2023-09-26 15:54 - 144638745 _____ C:\Users\steve\Downloads\SevenConverter-1.5.7.zip
2023-09-26 15:52 - 2023-09-26 15:52 - 000000000 ____D C:\Users\steve\Documents\MiniTool uTube Downloader
2023-09-26 15:52 - 2023-09-26 15:52 - 000000000 ____D C:\Users\steve\AppData\Local\MiniTool uTube Downloader
2023-09-26 13:17 - 2023-09-26 15:58 - 000000000 ____D C:\Users\steve\AppData\Roaming\QtProject
2023-09-26 13:16 - 2023-09-26 13:17 - 000000000 ___HD C:\ProgramData\TWluaVRvb2wgVmlkZW8gQ29udmVydGVy
2023-09-26 13:16 - 2023-09-26 13:17 - 000000000 ____D C:\Users\steve\Documents\MiniTool Video Converter
2023-09-26 13:15 - 2023-09-26 13:15 - 002011888 _____ (MiniTool) C:\Users\steve\Downloads\minitool-video-converter-3-0.exe
2023-09-26 13:15 - 2023-09-18 18:40 - 103349024 _____ (MiniTool ) C:\Users\steve\Downloads\vc-free.exe
2023-09-24 12:56 - 2023-09-24 12:56 - 001289374 _____ C:\Users\steve\Downloads\Lossless.Scaling.Build.10828226.zip
2023-09-24 12:56 - 2023-09-24 12:56 - 000000000 ____D C:\Users\steve\AppData\Local\Lossless Scaling
2023-09-24 12:56 - 2023-03-31 20:43 - 000000000 ____D C:\Users\steve\Desktop\Lossless.Scaling.Build.10828226
2023-09-23 01:44 - 2023-09-23 01:44 - 000000294 _____ C:\Users\steve\Documents\regbckup.reg
2023-09-21 11:34 - 2023-09-26 16:51 - 000000000 ____D C:\Users\steve\Desktop\desk
2023-09-20 13:16 - 2023-10-05 17:21 - 001432232 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys
2023-09-20 13:16 - 2023-09-20 13:16 - 000000000 ____D C:\Users\steve\AppData\Local\Overprime
2023-09-19 23:14 - 2023-09-19 23:14 - 000000000 ____D C:\Users\steve\AppData\Local\LunaAbyss
2023-09-19 16:29 - 2023-09-19 16:29 - 000000000 ____D C:\Intel
2023-09-19 12:43 - 2023-09-19 12:43 - 000000000 ____D C:\Users\steve\AppData\Local\EALaunchHelper
2023-09-18 23:45 - 2023-09-18 23:45 - 001886879 _____ C:\Users\steve\Downloads\PrinceOfPersiaWarriorWithinv1.0NoCDNoDVDFixedexeEng.rar
2023-09-18 23:35 - 2023-09-18 23:36 - 003015265 _____ C:\Users\steve\Downloads\PrinceOfPersiaWarriorWithinv1.0NoCDNoDVDFixedexeEng-2.rar
2023-09-18 23:32 - 2023-09-18 23:47 - 000000000 ____D C:\ProgramData\POPWWPROFILES
2023-09-18 23:32 - 2023-09-18 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2023-09-18 23:01 - 2023-09-18 23:01 - 000000000 ____D C:\Users\steve\AppData\Local\EAConnect_microsoft
2023-09-18 22:50 - 2023-09-19 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2023-09-18 22:50 - 2023-09-18 22:52 - 000000000 ____D C:\Users\steve\AppData\Local\Origin
2023-09-18 22:50 - 2023-09-18 22:52 - 000000000 ____D C:\ProgramData\EA Desktop
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Users\steve\AppData\Local\Electronic Arts
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Users\steve\AppData\Local\EADesktop
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Program Files\Electronic Arts
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Program Files\EA Games
2023-09-18 22:49 - 2023-09-18 22:49 - 002488224 _____ (Electronic Arts) C:\Users\steve\Downloads\EAappInstaller.exe
2023-09-17 20:50 - 2023-09-17 20:50 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Megastorm Games
2023-09-17 19:26 - 2023-09-17 19:26 - 000000000 ____D C:\Users\steve\AppData\LocalLow\NLTech
2023-09-17 19:13 - 2023-09-17 19:13 - 000000000 ____D C:\Users\steve\AppData\Local\DivineKnockout
2023-09-16 14:05 - 2023-09-16 14:05 - 000000000 ____D C:\Program Files\ViGEm ViGEmBus
2023-09-16 14:00 - 2023-09-16 14:00 - 013449768 _____ C:\Users\steve\Downloads\x360ce.zip
2023-09-16 14:00 - 2023-09-16 14:00 - 000000000 ____D C:\ProgramData\X360CE
2023-09-16 11:58 - 2023-09-16 11:58 - 000000000 ___HD C:\$WinREAgent
2023-09-14 12:18 - 2023-09-14 12:19 - 000001376 _____ C:\Users\steve\Desktop\LaunchBDO.lnk
2023-09-14 12:12 - 2023-09-24 18:37 - 000000000 ____D C:\Users\steve\AppData\Roaming\Notepad++
2023-09-14 12:12 - 2023-09-14 12:12 - 004704376 _____ (Don HO don.h@free.fr) C:\Users\steve\Downloads\npp.8.5.6.Installer.x64.exe
2023-09-14 12:12 - 2023-09-14 12:12 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2023-09-14 12:12 - 2023-09-14 12:12 - 000000000 ____D C:\Program Files\Notepad++
2023-09-13 13:48 - 2023-09-13 13:48 - 011367544 _____ (Martin Malik, REALiX s.r.o. ) C:\Users\steve\Downloads\hwi_762.exe
2023-09-13 13:48 - 2023-09-13 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2023-09-13 13:48 - 2023-09-13 13:48 - 000000000 ____D C:\Program Files\HWiNFO64
2023-09-12 20:35 - 2023-09-12 20:35 - 046562290 _____ C:\Users\steve\Downloads\dlc ttt2.rar
2023-09-12 19:50 - 2023-09-12 19:50 - 028236544 _____ C:\Users\steve\Downloads\rpcs3-v0.0.29-15617-c7c81ed9_win64.7z
2023-09-12 19:49 - 2023-09-12 19:49 - 000007050 _____ C:\Users\steve\Downloads\redirect.htm
2023-09-12 19:45 - 2023-10-06 21:41 - 000000000 ____D C:\Users\steve\AppData\Local\DiscordPTB
2023-09-12 19:45 - 2023-10-06 20:03 - 000000000 ____D C:\Users\steve\AppData\Roaming\discordptb
2023-09-11 14:25 - 2023-09-11 14:25 - 000000000 ____D C:\Users\steve\AppData\Local\Cemu
2023-09-10 03:09 - 2023-09-11 00:04 - 000000000 ____D C:\Users\steve\AppData\Roaming\USB_HELPER
2023-09-10 03:09 - 2023-09-10 03:09 - 000000000 ____D C:\Users\steve\AppData\Local\Hikari06
2023-09-10 03:08 - 2023-09-10 03:09 - 000000000 ____D C:\Users\steve\AppData\Roaming\USBHelperLauncher
2023-09-10 03:08 - 2023-09-10 03:08 - 000001070 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wii U USB Helper.lnk
2023-09-10 03:07 - 2023-09-10 03:08 - 000289190 _____ C:\Users\steve\Downloads\USBHelperInstaller.exe
2023-09-10 02:32 - 2023-09-10 02:32 - 000124511 _____ C:\Users\steve\Downloads\Newestkeys.rar
2023-09-09 23:17 - 2023-09-09 23:17 - 024987546 _____ C:\Users\steve\Downloads\cemu_1.26.2.zip
2023-09-09 16:51 - 2023-09-09 16:51 - 000002131 _____ C:\Users\steve\Downloads\Tekken 5_Boss_Hack by [John].7z
2023-09-09 16:31 - 2023-09-09 16:31 - 008528201 _____ C:\Users\steve\Downloads\AncientOgre_P.rar
2023-09-09 15:10 - 2023-09-09 15:11 - 019169430 _____ C:\Users\steve\Downloads\t7_2_JINPACHI_V3.0.zip
2023-09-09 15:04 - 2023-09-09 15:04 - 048681666 _____ C:\Users\steve\Downloads\TekkenMovesetExtractor.zip
2023-09-09 14:57 - 2023-09-09 14:57 - 000218385 _____ C:\Users\steve\Downloads\Tekken 7 Jinpachi Moveset-20230909T125657Z-001.zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-10-06 21:33 - 2023-05-28 18:14 - 000000000 ____D C:\Users\steve\AppData\Local\Discord
2023-10-06 20:30 - 2023-05-29 21:48 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-10-06 18:33 - 2023-05-28 18:33 - 000002385 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2023-10-06 18:33 - 2023-05-28 18:33 - 000000000 ____D C:\Users\steve\AppData\Local\Vivaldi
2023-10-06 18:28 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-06 16:05 - 2023-05-28 18:33 - 000000527 _____ C:\Users\steve\.vivaldi_reporting_data
2023-10-06 14:53 - 2023-05-28 17:42 - 000000000 ____D C:\ProgramData\NVIDIA
2023-10-06 14:51 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-10-06 14:50 - 2023-06-08 22:10 - 000000000 ____D C:\SteamLibrary
2023-10-06 14:50 - 2023-05-28 17:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-06 01:20 - 2023-05-28 17:47 - 000000000 ____D C:\Users\steve\AppData\Local\D3DSCache
2023-10-05 20:39 - 2023-07-18 13:52 - 000456412 _____ C:\Windows\system32\perfh006.dat
2023-10-05 20:39 - 2023-07-18 13:52 - 000079336 _____ C:\Windows\system32\perfc006.dat
2023-10-05 20:39 - 2023-05-28 17:43 - 002255670 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-05 20:39 - 2019-12-07 16:51 - 000743838 _____ C:\Windows\system32\perfh007.dat
2023-10-05 20:39 - 2019-12-07 16:51 - 000150260 _____ C:\Windows\system32\perfc007.dat
2023-10-05 20:39 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-10-05 20:38 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-10-05 20:36 - 2023-05-05 14:28 - 000000000 ____D C:\Windows\SystemTemp
2023-10-05 20:35 - 2023-07-09 20:16 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-10-05 20:33 - 2023-05-28 18:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\discord
2023-10-05 20:32 - 2023-05-28 17:41 - 000000000 ____D C:\Users\steve
2023-10-05 20:32 - 2023-05-28 17:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-05 20:32 - 2023-05-28 17:33 - 000008192 ___SH C:\DumpStack.log.tmp
2023-10-05 20:32 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-10-05 20:31 - 2023-05-28 22:48 - 000003142 _____ C:\Windows\system32\Tasks\MSIAfterburner
2023-10-05 19:01 - 2023-05-29 01:51 - 002709096 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-10-05 19:01 - 2023-05-29 01:51 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-10-05 19:01 - 2023-05-29 01:51 - 000210536 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-10-05 19:01 - 2023-05-29 01:51 - 000181864 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-10-05 19:01 - 2023-05-29 01:51 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-10-05 19:01 - 2023-05-29 01:51 - 000095736 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-10-05 19:01 - 2023-05-29 01:51 - 000075360 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-10-05 19:01 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-05 19:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-10-03 19:08 - 2023-05-29 00:32 - 000000000 ____D C:\Users\steve\AppData\Local\CrashDumps
2023-10-03 16:27 - 2023-07-26 20:47 - 000000000 ____D C:\Users\steve\AppData\Roaming\EasyAntiCheat
2023-10-03 16:08 - 2023-05-29 03:17 - 000000000 ____D C:\Users\steve\AppData\Local\UnrealEngine
2023-10-03 15:40 - 2023-05-28 17:47 - 000000000 ____D C:\Users\steve\AppData\Local\Packages
2023-10-03 15:38 - 2023-05-28 17:47 - 000000000 ____D C:\Users\steve\AppData\Roaming\Adobe
2023-10-03 15:28 - 2023-05-28 17:57 - 000000000 ____D C:\ProgramData\Package Cache
2023-10-03 15:28 - 2023-05-28 17:42 - 000000000 ____D C:\ProgramData\Packages
2023-10-01 21:51 - 2023-05-28 17:34 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-27 21:59 - 2023-05-28 17:34 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-09-27 01:20 - 2023-05-28 22:40 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2023-09-24 14:01 - 2023-05-28 17:48 - 000000000 ____D C:\Users\steve\AppData\Local\PlaceholderTileLogoFolder
2023-09-20 13:17 - 2023-08-22 23:03 - 000000000 ____D C:\ProgramData\Epic
2023-09-19 16:28 - 2023-06-05 02:57 - 000000000 ____D C:\Users\steve\AppData\Roaming\Fatshark
2023-09-19 15:58 - 2023-07-13 22:58 - 000000000 ____D C:\Users\steve\Documents\Soundaufnahmen
2023-09-18 23:32 - 2023-05-28 21:57 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-09-18 22:50 - 2023-05-28 21:59 - 000000000 ____D C:\Users\steve\AppData\Local\cache
2023-09-18 21:31 - 2023-08-21 17:50 - 000000000 ____D C:\Users\steve\AppData\Local\AcTools Content Manager
2023-09-17 19:26 - 2023-08-19 18:35 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Unity
2023-09-17 19:13 - 2023-08-22 23:04 - 000000000 ____D C:\Users\steve\AppData\Local\Epic Games
2023-09-17 16:59 - 2023-05-28 19:05 - 000000000 ____D C:\Users\steve\AppData\Local\Steam
2023-09-17 13:48 - 2023-05-29 01:58 - 000003854 _____ C:\Users\steve\AppData\Local\3301857876
2023-09-17 03:29 - 2023-05-28 17:33 - 000259672 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-17 03:28 - 2019-12-07 16:54 - 000000000 ___SD C:\Windows\system32\AppV
2023-09-17 03:28 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-09-16 12:07 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-09-16 12:05 - 2023-05-28 17:36 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-16 11:58 - 2023-05-30 20:33 - 000000000 ____D C:\Windows\system32\MRT
2023-09-16 11:56 - 2023-05-30 20:33 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-14 11:51 - 2023-05-28 22:36 - 000000000 ____D C:\Users\steve\Documents\Black Desert
2023-09-14 11:28 - 2023-05-29 01:51 - 000000000 ____D C:\XboxGames
2023-09-12 19:45 - 2023-05-28 18:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2023-09-12 19:45 - 2023-05-28 18:14 - 000000000 ____D C:\Users\steve\AppData\Local\SquirrelTemp
2023-09-12 16:29 - 2023-05-28 22:39 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2023-09-12 16:28 - 2023-05-28 22:48 - 000003126 _____ C:\Windows\system32\Tasks\RTSS
2023-09-10 14:20 - 2023-07-08 01:12 - 000000000 ____D C:\Program Files\Riot Vanguard
==================== Files in the root of some directories ========
2023-05-29 01:58 - 2023-09-17 13:48 - 000003854 _____ () C:\Users\steve\AppData\Local\3301857876
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by steve (06-10-2023 22:12:08)
Running from C:\Users\steve\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.3448 (X64) (2023-05-28 15:37:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4237224309-1573821182-25082296-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4237224309-1573821182-25082296-503 - Limited - Disabled)
Gast (S-1-5-21-4237224309-1573821182-25082296-501 - Limited - Disabled)
steve (S-1-5-21-4237224309-1573821182-25082296-1001 - Administrator - Enabled) => C:\Users\steve
WDAGUtilityAccount (S-1-5-21-4237224309-1573821182-25082296-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.0.0.571 - Adobe Inc.)
Adobe Photoshop 2024 (HKLM-x32\...\PHSP_25_0) (Version: 25.0.0.37 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.)
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.4 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{cf77cf6b-71ff-4a71-802d-43adb9b271b7}) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.) Hidden
Black Desert (HKLM-x32\...\BlackDesert_NA_is1) (Version: 23.01.16.1 - PearlAbyss Corp.)
CPUID CPU-Z 2.06 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.06 - CPUID, Inc.)
Discord (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Discord) (Version: 1.0.9013 - Discord Inc.)
Discord PTB (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\DiscordPTB) (Version: 1.0.1032 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.37.0.5550 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{9fadc9c1-bd21-46fd-ad7e-8e08ace2687e}) (Version: 13.37.0.5550 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{AEB35C6C-B6D4-4AA0-8452-DE699737B5F6}) (Version: 1.3.82.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2.1 - )
HWiNFO64 Version 7.62 (HKLM\...\HWiNFO64_is1) (Version: 7.62 - Martin Malik, REALiX s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.6.4.286 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.4.286 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.55 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 2.0 - F.J. Wechselberger)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.5.6 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 536.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.99 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 29.1.3 - OBS Project)
PlayStationPlus (HKLM-x32\...\{B91BC2BC-763E-422C-A5DA-319695354B95}) (Version: 12.1.0 - Sony Interactive Entertainment Inc.)
Prince of Persia Warrior Within (HKLM-x32\...\{EE5BC0BB-9EDA-423C-8276-48857B735D68}) (Version: 1.00.999 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.50.511.2021 - Realtek)
RidersRepublic (HKLM-x32\...\Uplay Install 5487) (Version: - Ubisoft)
Riot Client (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
RivaTuner Statistics Server 7.3.4 (HKLM-x32\...\RTSS) (Version: 7.3.4 - Unwinder)
TreeSize Free V4.6.3 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.6.3 - JAM Software)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 144.0.10906 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
USBHelperLauncher (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\USBHelperLauncher) (Version: 1.0 - FailedShack)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VALORANT (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
Vivaldi (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Vivaldi) (Version: 6.2.3105.58 - Vivaldi Technologies AS.)
WhoCrashed 7.06 (HKLM\...\WhoCrashed_is1) (Version: 7.06 - Resplendence Software Projects Sp.)
WinRAR 6.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-10-03] (Adobe Systems Incorporated)
Back 4 Blood -> C:\Program Files\WindowsApps\WarnerBros.Interactive.e172091a-6630-4ff3-959f-830_1.314.5975.0_x64__ktmk1xygcecda [2023-05-29] (Warner Bros. Interactive)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-12] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-20] (NVIDIA Corp.)
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.927.0_x64__8wekyb3d8bbwe [2023-10-05] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-27] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-27] (Spotify AB) [Startup Task]
Warhammer 40,000: Darktide -> C:\Program Files\WindowsApps\FatsharkAB.Warhammer40000DarktideNew_1.2.1492.0_x64__hwm6pnepa3ng2 [2023-10-04] (Fatshark AB)
WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe [2023-06-21] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A79589C16F3B} -> [Creative Cloud Files] => C:\Users\steve\Creative Cloud Files [2023-10-03 15:29]
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{D1AD56BD-8D3D-43DD-A739-CBF2B0928D21}\localserver32 -> C:\Users\steve\AppData\Local\Vivaldi\Application\6.2.3105.58\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-10-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\nvshext.dll [2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-10-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\steve\Desktop\LaunchBDO.lnk -> C:\Pearlabyss\BlackDesert\LaunchBDOwithAffinitySet.bat ()
==================== Loaded Modules (Whitelisted) =============
2023-04-03 00:48 - 2023-04-03 00:48 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2023-04-03 00:48 - 2023-04-03 00:48 - 000059392 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2023-04-03 00:49 - 2023-04-03 00:49 - 000699904 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2023-04-03 00:48 - 2023-04-03 00:48 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2023-04-03 00:48 - 2023-04-03 00:48 - 000371712 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2023-03-14 17:57 - 2023-03-14 17:57 - 000058368 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2023-03-14 17:57 - 2023-03-14 17:57 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2023-03-14 17:57 - 2023-03-14 17:57 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000017920 _____ () [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libEGL.DLL
2023-10-03 19:08 - 2023-10-03 19:08 - 003567616 _____ () [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libGLESv2.dll
2019-06-10 13:21 - 2019-06-10 13:21 - 000668160 _____ () [File not signed] C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2017-07-08 12:52 - 2017-07-08 12:52 - 002983917 _____ () [File not signed] C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2015-11-22 22:05 - 2015-11-22 22:05 - 001530880 _____ () [File not signed] C:\Program Files\EqualizerAPO\libsndfile-1.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 002849280 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000685056 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qgif.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000039936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qicns.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qico.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qjpeg.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qsvg.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qtga.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000380416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qtiff.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qwbmp.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qwebp.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 001455616 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\platforms\qwindows.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000227328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt\labs\platform\qtlabsplatformplugin.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Gui.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000327168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Positioning.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000319488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5PrintSupport.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Qml.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QmlModels.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QmlWorkerScript.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 004254720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Quick.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QuickControls2.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000222208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QuickShapes.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 001128960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QuickTemplates2.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000075264 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QuickWidgets.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000334848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Svg.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebChannel.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000396288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebEngine.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 103583232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebEngineCore.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000250880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebEngineWidgets.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 005611520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Widgets.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WinExtras.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Xml.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000018432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick.2\qtquick2plugin.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000294400 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick\Layouts\qquicklayoutsplugin.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick\Shapes\qmlshapesplugin.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick\Window.2\windowplugin.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtWebChannel\declarative_webchannel.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000093696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtWebEngine\qtwebengineplugin.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\styles\qwindowsvistastyle.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc:169D67954B [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert.lnk:54240D998C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2594]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4412]
AlternateDataStreams: C:\Users\steve\Anwendungsdaten:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\steve\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [141]
AlternateDataStreams: C:\Users\steve\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [178]
AlternateDataStreams: C:\Users\steve\AppData\Roaming:671890e017d8a4fb26004192461213ff [394]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AB28E5367ED265860776C96F8DFD68CB"
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DCF04797-81F5-4C0C-8452-D7E5199278BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{E4A910E2-725E-4BB8-97DA-9CCB1F243133}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{C80B689C-4B41-4E73-BB61-7D544E675958}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{658AD2A2-A564-4D6C-AA7A-30E087E13788}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{3C829B3E-4CC6-4131-BB94-FC02EC914C8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{79C76835-E69A-4BE1-AD49-31FCB9338368}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{A97A7887-368B-4A94-9C23-3152A87D442F}C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{BDC25AE9-4929-489C-9D29-D5CE26B2A32B}C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{DB749087-2A8B-49A4-931A-47BDFA36E64C}] => (Allow) D:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{17D437DE-C479-4CC4-90DA-428CF6AB953A}] => (Allow) D:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9B32655E-B34A-496F-83F4-6FC7A47DA14E}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5940784B-3979-4AF5-ADE8-C834CB9E8E34}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A20DDB46-81A1-43C9-AC9B-7B2E521E32DC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{ED244F85-19BE-452A-BE94-2AE86AAD2483}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{4DC62F78-A33D-42FD-9EB7-959D4D4F1F58}D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [UDP Query User{6DBE7C1B-DBE1-4F4F-B847-427B16689818}D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [{A5C7480C-4FAF-4607-A673-EC0DDDEE3A90}] => (Block) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [{5242BADE-6E0A-4B37-99E9-FC48AF09C799}] => (Block) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [TCP Query User{79F0CAAE-A39C-4FF3-A88A-8552AFA2D076}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Allow) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{E0E28F3C-7776-4340-9DAF-AD76856FAE0D}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Allow) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [TCP Query User{FC0E67E3-7EBE-4E43-8846-11ADB169399F}C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{983A23F0-8AA0-44EC-8C0D-31146EF8F218}C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [TCP Query User{A618D37E-1CCB-43C3-A526-19B3D8C171AC}D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [UDP Query User{FA163D9E-020F-4F14-8377-BC68AA0E0C87}D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [{8B6DD944-BDE3-4AC3-BD55-765F49584076}] => (Block) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [{C96D19F3-631A-46E8-912C-613518C0165B}] => (Block) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [TCP Query User{B3BD6F28-BF0B-4BCF-B68A-B85C16ABC836}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Block) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{88B67A84-D986-4CD5-9A8D-00ED828CECA9}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Block) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [{1D153E78-5C98-4F2D-AB60-DC8CABB328F2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Naruto To Boruto\NARUTO.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{847164C9-506C-4CED-815C-FCF493929212}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Naruto To Boruto\NARUTO.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{CA56DE0E-B4F9-4706-A0C1-059B74A7BD2F}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [UDP Query User{882C6C11-0079-48D1-94FF-8CF90403F3B2}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [TCP Query User{64F53A17-0C86-4E18-B3DD-9CCE546B1066}D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [UDP Query User{A75DBC38-0DC0-450D-B981-134107077E5E}D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [{F85DA664-3E8E-4E84-AD18-80FC97EB227A}] => (Block) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [{6862B720-1B70-40FC-A68A-A57C66156D18}] => (Block) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [{DCF67D02-A0C1-4C99-8F85-7B8A40E9D4D5}] => (Allow) C:\Program Files (x86)\PlayStationPlus\pspluslauncher.exe (Sony Interactive Entertainment LLC -> Sony Interactive Entertainment LLC)
FirewallRules: [{EC71AD93-9DF2-4A68-AEE9-D9521AC9CA8E}] => (Allow) C:\Users\steve\AppData\Local\Gaikai\CrashReports\dumpupload.exe (Sony Interactive Entertainment LLC -> )
FirewallRules: [{C0DA7550-9270-4FA2-B6CD-DD147098813C}] => (Allow) C:\Program Files (x86)\PlayStationPlus\unidater.exe (Sony Interactive Entertainment LLC -> Sony Interactive Entertainment)
FirewallRules: [TCP Query User{0C9167F3-B4D0-4C58-87F0-A86E02CB194A}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Block) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [UDP Query User{D1BEAFB7-9324-48BE-BD8C-4AE963DD6A09}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Block) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [TCP Query User{E4CBE294-65D0-4AAF-AD30-98336EFDE52A}C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe] => (Allow) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [UDP Query User{563E0DB0-DB13-4100-983F-69CBBE2F71EC}C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe] => (Allow) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [{700AFACF-BF20-41CC-A753-23EA074B7BC8}] => (Block) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [{FF6E1D57-1B4D-46F9-A9EC-337FF9F3B225}] => (Block) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [{B9761C15-B2E8-4DD1-895B-1C4C279429B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1444B634-0D3C-4E7B-81E3-E7B0114F6AF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{515D454E-D87F-4E18-8D21-FB627F4B9992}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A33859EC-1C2D-4708-B78E-46B0716D8D46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{407C5E4C-35B9-4AC5-B8C8-20EBB2096CE1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FD05C7EE-8A63-41FE-BB03-563C1DBF9836}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0E037708-8117-4F26-A79E-A8EF366A794F}] => (Allow) C:\SteamLibrary\steamapps\common\En Garde Demo\EnGarde.exe => No File
FirewallRules: [{04457DF8-2F91-4A1A-A615-4896A0A5CA84}] => (Allow) C:\SteamLibrary\steamapps\common\En Garde Demo\EnGarde.exe => No File
FirewallRules: [TCP Query User{4481370E-C528-49B6-A8B1-72F0924C7661}C:\pearlabyss\blackdesert\bin64\blackdesert64.exe] => (Allow) C:\pearlabyss\blackdesert\bin64\blackdesert64.exe (Pearl abyss Corp -> )
FirewallRules: [UDP Query User{67440C80-9217-4949-8FAF-2196C6899E04}C:\pearlabyss\blackdesert\bin64\blackdesert64.exe] => (Allow) C:\pearlabyss\blackdesert\bin64\blackdesert64.exe (Pearl abyss Corp -> )
FirewallRules: [TCP Query User{3BDCCA1D-EA96-4120-9FD2-6C6388C5E106}D:\games\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{A5BDA3C2-B99D-4B2C-89F1-DD019DCD3EEC}D:\games\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{8CFF21DD-D759-4E32-BF28-495080C8608B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Devil May Cry 5\DevilMayCry5.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{D3E64BAD-2D9F-4BC9-B2A9-A324C793AEEB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Devil May Cry 5\DevilMayCry5.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{7C2AAAC5-E37F-4350-AEBD-DCCAA014686E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{335E88B3-DB44-4E62-9092-B024DBF29897}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{337A30C0-EE6E-41B9-A234-0A7E3E5D736B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [{EE30D735-CA09-402B-9916-03EBB34C03AD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [TCP Query User{E3248369-ED12-4C05-8897-D45CE9A9FD71}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [UDP Query User{329C6AC2-7D69-45B8-A425-409A1B11CA19}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [{72CB7328-0990-4304-B050-19665BE71916}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [{9649F702-D824-4A0F-A5D9-5997E2520CBB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [TCP Query User{ABF5908F-C335-4A3C-9618-442B914B136E}D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Block) D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [UDP Query User{9B6D4EA3-AFF0-4839-A56A-CD9F987CDC51}D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Block) D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [TCP Query User{9C0BCC8F-ADAA-4EDD-AD8A-128F95E3C7C4}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7CF5524A-907F-4385-8636-A9C0DC3A613F}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{DFDAED3F-0171-4E6D-BF36-9820C312D891}D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{82BC7D55-53DA-4A18-832D-7D9FC75216A7}D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{4B95870A-5274-45CD-A156-D8D8DA8EC130}] => (Block) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{4AFAFD29-9FF1-49B5-90CD-7D382D4C7AFA}] => (Block) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{355CDB9B-DEF5-44BF-BC78-96CF0442DCE9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Demo\Europa.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{806E4445-C41A-4A4D-AACB-36FAAC4C3B7D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Demo\Europa.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{2A677AB7-E322-4830-BEBA-63261ADDD108}] => (Allow) D:\Games\RidersRepublic\RidersRepublic.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{F53E2BB4-FE58-4850-9363-538A623A26C3}] => (Allow) D:\Games\RidersRepublic\RidersRepublic_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{5ED3A785-942D-4441-87DD-93D5BA4FA448}] => (Allow) D:\Games\RidersRepublic\RidersRepublic_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{F701C52E-53E9-45FD-A223-37D2598D40AC}] => (Allow) C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{99FC416A-531B-4DDD-9678-F2D8AE075525}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grounded\Grounded.exe (Obsidian Entertainment, Inc. -> Epic Games, Inc.)
FirewallRules: [{62C58094-EE8F-4A25-9C58-156D85408F4B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grounded\Grounded.exe (Obsidian Entertainment, Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{C3D382E1-805E-4509-B0DD-866EC8D70BFE}C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [UDP Query User{21C7AEB1-7D4C-489D-9101-4E1204DD75E8}C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [{655DBFBF-40B8-487A-A245-F962B002FE11}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [{FD2F0EDE-EE2C-4A45-B2A9-1AE7218D1AFE}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [TCP Query User{642DFF3A-E77F-4ECE-B6E4-CBC148B4CA7A}C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [UDP Query User{008FE377-808A-4095-B7A9-D1DCB37EACD7}C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [{91B06BAC-61F4-4897-940D-8BA778753AC3}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [{47FBF48F-7735-455A-B8EA-FCEE1BA392B0}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [{E2FA37E7-2060-409D-A697-81E2953ECBFD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\VRising\VRising.exe (Stunlock Studios AB -> )
FirewallRules: [{0253FB2C-4EA7-4E52-9566-7E82C18C4B11}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\VRising\VRising.exe (Stunlock Studios AB -> )
FirewallRules: [{EE685ACE-EC8B-45BA-9F2B-6DD013758F1C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C75CF5A1-2E74-4B2E-B0B7-F6C2A208348A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{07F14A7B-9602-4E04-A2A1-F69E993892B1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C8EC026F-DB26-4C3D-A978-7D4C3DB2DC59}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C0E30DAA-B6BC-4DE2-BBF0-701178235FF2}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{CEBC5B9A-CEA7-4BB2-B5F2-ACF7157398AE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C936518D-8CD8-4B21-A67B-68C2DB13B150}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F2C9AAD0-5229-4BE7-8BAD-1F23E3E12900}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{DF43925E-FA1C-4B04-90A3-112BC97D13BD}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{976453AB-3164-4F53-BB68-BA1974EF3019}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D4CEAC82-0EBA-449F-8ADF-C01DBB855B92}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{14107C9A-114C-46C1-B31E-8A4024921E87}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guilt Demo\GuiltDemo.exe () [File not signed]
FirewallRules: [{CC9A3C2A-0C04-4D6A-9C40-DD0A213AC095}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guilt Demo\GuiltDemo.exe () [File not signed]
FirewallRules: [{D6ABFFE5-01DA-4D70-9990-4ACD668F31B5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Overprime\ParagonClient.exe (Netmarble F&C Inc. -> Epic Games, Inc.) [File not signed]
FirewallRules: [{B23206AF-3F17-4DE2-987E-6074B8B4C15A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Overprime\ParagonClient.exe (Netmarble F&C Inc. -> Epic Games, Inc.) [File not signed]
FirewallRules: [{BB259F25-BD24-4741-B4D3-4B4073AB678A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9E9F8912-6155-42B1-A264-713747E295BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7D6F3607-805E-444F-9FCC-581877D1394A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2C209794-FB19-41BD-A6A8-BE32804ECC48}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DB541803-82B7-4FA7-A626-65F00175C0DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BB0A62F7-EF4E-43D2-B9DD-9CA65D8AE936}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{327FD3BE-74CC-4641-895B-9140BC4AC5E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{54425409-BDDA-4B0C-B146-4A8E2C66463F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A3D02D3-26AC-472F-9F16-2A079E9C6076}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8AFD82F3-211D-49D8-A8AB-51EA7888A51F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D4F5CC8D-5E44-4BDB-8CF0-0624DDCEF46B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhaven\Warhaven\Binaries\Win64\Warhaven-Win64-Shipping.exe (NEXON Korea Corporation. -> Nexon Korea)
FirewallRules: [{2A494004-BB6C-4D36-98F8-D7BEA7DBA309}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhaven\Warhaven\Binaries\Win64\Warhaven-Win64-Shipping.exe (NEXON Korea Corporation. -> Nexon Korea)
FirewallRules: [{FF130DA1-5875-4ED1-A6EE-90C83E339203}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe (Focus Home Interactive -> Focus Home Interactive)
FirewallRules: [{C7C07AE0-840F-4E9D-A570-D600369D3244}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe (Focus Home Interactive -> Focus Home Interactive)
FirewallRules: [{10324C18-F43D-42EA-AA09-15A92D49711C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Century\Century.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{03C44E98-F5B7-464D-8A34-3B6B58D44046}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Century\Century.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [TCP Query User{B30A03D7-A311-4071-A9BD-A0CAD9563250}D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{08F3CBD0-4EAC-4191-8A83-798F16EF9675}D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C8BBF594-A006-4CD3-9AB3-EFF5EABBBE56}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.55\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E7B488DB-A965-4EC1-9EA0-CC7BC0451083}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Big Fat Battle Playtest\ProjectY.exe () [File not signed]
FirewallRules: [{8CBDE95C-5D49-470A-AD7D-6B86E39D0CFE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Big Fat Battle Playtest\ProjectY.exe () [File not signed]
==================== Restore Points =========================
03-10-2023 13:43:32 Installed ArtRage 6 Demo
==================== Faulty Device Manager Devices ============
Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/05/2023 08:35:02 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (10/05/2023 08:21:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 4.0.0.1682 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3c0c
Start Time: 01d9f7b862b6735e
Termination Time: 4294967295
Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Report Id: 2d0acd29-7653-47a3-b4f8-0c6d7c5a4e42
Faulting package full name:
Faulting package-relative application ID:
Hang type: Cross-process
Error: (10/05/2023 08:21:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbamtray.exe version 4.0.0.1682 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 5b4c
Start Time: 01d9f7b85ee10d46
Termination Time: 4294967295
Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Report Id: 0b381b57-f161-4b97-9d8d-bca60c5457b0
Faulting package full name:
Faulting package-relative application ID:
Hang type: Cross-process
Error: (10/03/2023 07:08:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EALaunchHelper.exe, version: 13.37.0.5550, time stamp: 0x65173201
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process ID: 0x3468
Faulting application start time: 0x01d9f61c375e6af9
Faulting application path: C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report ID: 61642891-227c-43df-8bed-40acb0fa5825
Faulting package full name:
Faulting package-relative application ID:
Error: (10/01/2023 11:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x46d0
Faulting application start time: 0x01d9f449220cb50f
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: d5334bba-3c1e-4024-adeb-19bec662e788
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4404
Faulting application start time: 0x01d9f4491c60e6d6
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 5ad0f45f-b267-4dba-bc51-1406dac53d34
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4b8c
Faulting application start time: 0x01d9f44915a85f83
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: a7deb725-d884-4ea9-9bf9-2f36ce2b8f6b
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4370
Faulting application start time: 0x01d9f44911009cd0
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 05c06c1f-bcd9-4a65-8177-602ac38a8b80
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
System errors:
=============
Error: (10/06/2023 02:52:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_4df53 service.
Error: (10/06/2023 02:51:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_4df53 service.
Error: (10/06/2023 02:51:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_4df53 service.
Error: (10/06/2023 02:50:43 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (10/06/2023 01:21:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_4df53 service.
Error: (10/05/2023 09:19:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (10/05/2023 09:19:10 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\steve\AppData\Local\Temp\ehdrv.sys
Error: (10/05/2023 09:19:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Windows Defender:
================
Date: 2023-10-05 01:10:49
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {6839F56E-5A6B-48FE-A5AE-0438F170730F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-10-04 23:19:45
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.H!ml&threatid=2147814523&enterprise=0
Name: Trojan:Win32/Wacatac.H!ml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_D:\Users\-..-\Documents\Things\USB STICK\S4\[S4L] Codes In-Game Trainer 0.1.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-0JFIBDK\steve
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.399.40.0, AS: 1.399.40.0, NIS: 1.399.40.0
Modulversion: AM: 1.1.23090.2007, NIS: 1.1.23090.2007
Date: 2023-10-04 14:21:09
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {09118F2F-DD78-4AE9-AE61-93B474972E52}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-10-03 12:52:39
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {DB6BA914-8D83-405B-86E8-2418BB38F38F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-10-02 11:48:28
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {C658E1D2-03EA-4A6E-BFBA-2EF8B2BF6371}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Event[0]:
Date: 2023-07-18 13:55:56
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.393.702.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.23060.1005
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".
CodeIntegrity:
===============
Date: 2023-07-18 17:28:58
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 4202 06/16/2023
Motherboard: ASUSTeK COMPUTER INC. PRIME B450M-A
Processor: AMD Ryzen 5 5600 6-Core Processor
Percentage of memory in use: 34%
Total physical RAM: 32680.62 MB
Available physical RAM: 21265.29 MB
Total Virtual: 39080.62 MB
Available Virtual: 20907.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.42 GB) (Free:73.79 GB) (Model: Samsung SSD 840 PRO Series) NTFS
Drive d: (Windows) (Fixed) (Total:930.34 GB) (Free:98.93 GB) (Model: TOSHIBA HDWD110) NTFS
\\?\Volume{c0f2ecdd-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{36853ede-301c-49da-bdf8-b33b92a3977e}\ (Windows RE tools) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS
\\?\Volume{45b38fcd-2611-4a25-9609-20552808547e}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{75d233e1-b882-4e2d-8963-fba759abb7a3}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: C0F2ECDD)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
|
|
07.10.2023, 20:27
| #8 |
| /// TB-Ausbilder | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Schritt 1 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
|
|
08.10.2023, 15:28
| #9 |
| | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Vielen Dank für die detaillierte Auflistung der Schritte! Hier die fixLog: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by steve (08-10-2023 16:17:40) Run:1
Running from C:\Users\steve\Desktop
Loaded Profiles: steve
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\TWluaVRvb2wgVmlkZW8gQ29udmVydGVy
C:\Users\steve\AppData\Local\3301857876
CMD: cscript /nologo %systemroot%\System32\slmgr.vbs /dlv
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: sfc /scannow
Hosts:
RemoveProxy:
EmptyTemp:
End::
*****************
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
"C:\ProgramData\TWluaVRvb2wgVmlkZW8gQ29udmVydGVy" folder move:
C:\ProgramData\TWluaVRvb2wgVmlkZW8gQ29udmVydGVy => moved successfully
C:\Users\steve\AppData\Local\3301857876 => moved successfully
========= cscript /nologo %systemroot%\System32\slmgr.vbs /dlv =========
Software licensing service version: 10.0.19041.3448
Name: Windows(R), Professional edition
Description: Windows(R) Operating System, OEM_DM channel
Activation ID: bd3762d7-270d-4760-8fb3-d829ca45278a
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 03612-03305-165-586373-02-1031-19045.0000-1482023
Product Key Channel: OEM:DM
Installation ID: 068402450533103181783380980364147433774863975477181467108121606
Use License URL: https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=DM
Validation URL: https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx
Partial Product Key: BBH22
License Status: Licensed
Remaining Windows rearm count: 1001
Remaining SKU rearm count: 1001
Trusted time: 08.10.2023 16:17:50
========= End of CMD: =========
========= netsh winsock reset =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= netsh winhttp reset proxy =========
Current WinHTTP proxy settings:
Direct access (no proxy server).
========= End of CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
{9357DB7D-0201-4489-8BE2-D3CA7F59FBB4} canceled.
{7238D74E-B562-4551-9878-9A8393562763} canceled.
{22FD970E-C566-4528-81C6-ACE98B1DD9E6} canceled.
3 out of 3 jobs canceled.
========= End of CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= sfc /scannow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-4237224309-1573821182-25082296-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-4237224309-1573821182-25082296-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69661027 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 981875733 B
Windows/system/drivers => 64871917 B
Edge => 0 B
Vivaldi => 821491629 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 48632 B
NetworkService => 167378 B
steve => 623130018 B
RecycleBin => 0 B
EmptyTemp: => 2.4 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:20:32 ====
|
|
08.10.2023, 20:22
| #10 |
| /// TB-Ausbilder | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Gut gemacht. Wir führen noch eine Kontrolle mit SC durch. Schritt 1 Führe SecurityCheck (SC) gemäß der bebilderten Anleitung aus und füge die Logdatei als Anhang hinzu. |
|
08.10.2023, 23:31
| #11 |
| | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Das ging recht flott. Hier die Log vom SC: Code:
ATTFilter SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 09.10.2023 00:28:07
Path starting: C:\Users\steve\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: steve
VersionXML: 10.71is-01.10.2023
___________________________________________________________________________
Windows 10(6.3.19045) (x64) Professional Release: 2009 Lang: German(0407)
Installation date OS: 28.05.2023 15:37:03
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Users\steve\AppData\Local\Vivaldi\Application\vivaldi.exe
SystemDrive: C: FS: [NTFS] Capacity: [238.4 Gb] Used: [155.4 Gb] Free: [83 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 4.6.4.286 v.4.6.4.286 [+]
--------------------------- [ OtherUtilities ] ----------------------------
Notepad++ (64-bit x64) v.8.5.6 Warning! Download Update
NVIDIA GeForce Experience 3.27.0.112 v.3.27.0.112
Epic Games Launcher v.1.3.82.0
------------------------------ [ ArchAndFM ] ------------------------------
TreeSize Free V4.6.3 (64 bit) v.4.6.3 Warning! Download Update
WinRAR 6.21 (64-Bit) v.6.21.0 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.1.0.9013 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Vivaldi v.6.2.3105.58 [+]
Microsoft Edge v.117.0.2045.60 [+]
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1682
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1243
Microsoft Defender Antivirus Service (WinDefend) - The service has stopped
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
|
|
09.10.2023, 19:42
| #12 |
| /// TB-Ausbilder | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Schritt 1 Überprüfe dein System auf fehlende Windows Updates.
Schritt 2 Die folgenden Programme sind veraltet. Du solltest sie deinstallieren und die neueste Version installieren:
Entfernung der verwendeten Tools Führe KpRm gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...  Vielleicht möchtest du das Forum mit einer kleinen Spende  unterstützen.  Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen: Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
10.10.2023, 14:05
| #13 |
| | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Vielen Dank, verfügbare Updates für Windows wurden runtergeladen und installiert, Apps geupdated und die verwendeten Tools entfernt. Hier die Log: Code:
ATTFilter # Run at 10.10.2023 14:36:06
# KpRm (Kernel-panik) version 2.15.0
# Website https://kernel-panik.me/tool/kprm/
# Run by steve from C:\Users\steve\Desktop
# Computer Name: DESKTOP-0JFIBDK
# OS: Windows 10 X64 (19045) (10.0.19045.3516)
# Number of passes: 1
- Checked options -
~ Delete Tools
~ Delete Quarantines
- Delete Tools -
## AdwCleaner
[OK] C:\Users\steve\Downloads\adwcleaner.exe deleted
[OK] C:\AdwCleaner deleted
## ESET Online Scanner
[OK] C:\Users\steve\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\steve\Downloads\esetonlinescanner.exe deleted
[OK] C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
[OK] C:\Users\steve\AppData\Local\ESET\ESETOnlineScanner deleted
## FRST
[OK] C:\Users\steve\Desktop\Fixlog.txt deleted
[OK] C:\Users\steve\Desktop\FRST64.exe deleted
[OK] C:\Users\steve\Downloads\Addition.txt deleted
[OK] C:\Users\steve\Downloads\FRST-OlderVersion deleted
[OK] C:\Users\steve\Downloads\FRST.txt deleted
[OK] C:\FRST deleted
## Malwarebytes (log)
[OK] C:\Users\steve\Desktop\MBAM.txt deleted
## SecurityCheck
[OK] C:\Users\steve\Desktop\SecurityCheck.exe deleted
[OK] C:\SecurityCheck deleted
-- KPRM finished in 2.21s --
Ich habe somit keine weiteren Fragen und spreche einen herzlichen Dank an dich aus und bin äußerst froh, dass wir dieses Problem mit deiner ausführlichen Hilfe beseitigen konnten! |
|
10.10.2023, 16:32
| #14 |
| /// TB-Ausbilder | Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Wir sind froh, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
|
| Themen zu Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt |
| access denied, adware, browser, computer, defender, fehler, google, home, installation, internet, internet explorer, musik, registry, reinigung des systems, rundll, scan, server, services.exe, software, stick, svchost.exe, system, trojaner, udp, usb, virus, windows |
Lesestoff:
Linear-Darstellung
