| |
| |||||||
Log-Analyse und Auswertung: Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.10.2023, 13:53
| #1 |
| |  Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt Hallo zusammen! der im Titel genannte Trojaner wurde gestern vom WinDefender gemeldet als ich meine HDD nach Musik durchsuchte, erst als ich den "schädlichen" Ordner öffnete. (Die HDD ist Ablageort für Spiele und sämtliches, weiter nichts) Habe den besagten Ordner gelöscht, vorher wurde er schon vom Defender in Quarantäne gelegt. Nun habe ich natürlich noch Bedenken was der so anrichtet, bzw. könnte. Vielen Dank im Voraus  FRST Log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023
Ran by steve (administrator) on DESKTOP-0JFIBDK (TAROX BTO PC System) (05-10-2023 14:30:41)
Running from C:\Users\steve\Downloads\FRST64.exe
Loaded Profiles: steve
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3448 (X64) Language: German (Germany) -> English (United Kingdom)
Default browser: Vivaldi
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Crash Processor.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <3>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(D:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Discord Inc. -> Discord Inc.) C:\Users\steve\AppData\Local\DiscordPTB\app-1.0.1035\DiscordPTB.exe <6>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Windows -> Microsoft Corporation) C:\Users\steve\AppData\Local\Temp\95CD8BBD-61EB-4C26-86CC-ACF8FABFD661\DismHost.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Scarlet.Crush Productions) [File not signed] D:\alles für C partition\ScpServer\ScpServer\bin\ScpService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skutta, Kristjan -> ) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2308.3.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Valve Corp. -> Valve Corporation) D:\Program Files (x86)\Steam\steam.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\steve\AppData\Local\Vivaldi\Application\vivaldi.exe <19>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2023-08-10] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2023-10-03] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-10-03] (Adobe Inc. -> )
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [Discord] => C:\Users\steve\AppData\Local\Discord\Update.exe [1525016 2023-04-26] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [WallpaperEngine] => D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [3050080 2022-11-25] (Skutta, Kristjan -> )
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [MicrosoftEdgeAutoLaunch_AB28E5367ED265860776C96F8DFD68CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [RiotClient] => D:\Games\Riot Games\Riot Client\RiotClientServices.exe [70910864 2023-09-30] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37097936 2023-09-09] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [DiscordPTB] => C:\Users\steve\AppData\Local\DiscordPTB\Update.exe [1525024 2023-08-23] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2655848 2023-10-03] (Electronic Arts, Inc. -> Electronic Arts)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09654855-312F-416A-A029-24D764B98BFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {03364EC0-16C4-4DE8-9167-3B6256724B85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31D446AF-929E-4257-8761-61ADCE93133A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {59DEB76E-06E8-4D59-B57B-CFA6A0AE01C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {57BEA90D-4BEF-4602-9C85-213CD39B8B1B} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804312 2023-04-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {EB641FB4-217A-46BB-A149-C988A9F8EA53} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2023-05-19] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E2004575-0CE8-4A79-9DD6-50A670DC5CDD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-05-19] (Nvidia Corporation -> NVIDIA Corporation)
Task: {866AB106-8DFE-4F69-8154-050064594097} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F1E4B307-222A-4363-B123-62D4E81BDE4F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB845611-AC8E-4ED2-A9DD-612411FFE436} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F45450A7-2DEA-49D4-A8C5-99C793103BA8} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1159A7AD-CD7F-4030-9938-9F95DB822777} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {61FD7EB1-9263-4EEC-B674-997D151EEAE9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CD31F163-9879-4C93-9E1E-A7FAD1AB8765} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BC28A7D2-7F93-462A-B7AB-7491BACD1720} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [436544 2023-03-30] (Alexey Nicolaychuk -> )
Task: {680E579F-D9A8-4758-B63F-9A0AA926B19E} - System32\Tasks\VivaldiUpdateCheck-fc19b0abe6cf500b => C:\Users\steve\AppData\Local\Vivaldi\Application\update_notifier.exe [3845520 2023-09-28] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a7ee169b-f46a-4864-a664-6f6da47a55b5}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f8e7eaa1-dd54-4e06-a603-9163c68fc6c8}: [DhcpNameServer] 192.168.178.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-05]
Edge Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-28]
Edge Extension: (Edge relevant text changes) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-14]
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-10-03] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-10-03] (Adobe Inc. -> Adobe Systems)
Vivaldi:
=======
VIV Profile: C:\Users\steve\AppData\Local\Vivaldi\User Data\Default [2023-10-05]
VIV DefaultSearchKeyword: Default -> g
VIV Extension: (TubeBuddy) - C:\Users\steve\AppData\Local\Vivaldi\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2023-10-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-10-03] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [14893832 2023-08-27] (BattlEye Innovations e.K. -> )
R2 Ds3Service; D:\alles für C partition\ScpServer\ScpServer\bin\ScpService.exe [381952 2015-08-03] (Scarlet.Crush Productions) [File not signed]
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11070056 2023-10-03] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-06-05] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [943528 2023-08-23] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-05-01] (Epic Games Inc. -> Epic Games, Inc.)
S3 NGS; C:\ProgramData\Nexon\NGS\NGService.exe [3189352 2023-09-30] (NEXON Korea Corporation. -> NEXON Korea Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9437496 2023-08-10] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [282624 2023-05-05] (Microsoft Corporation) [File not signed]
S1 gvm; C:\Windows\system32\DRIVERS\gvm.sys [390144 2023-06-20] (Google LLC -> Google LLC)
R3 MpKsl01c08963; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2843796E-7184-4FA1-9315-E135C018AC60}\MpKslDrv.sys [263560 2023-10-04] (Microsoft Windows -> Microsoft Corporation)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2023-05-19] (Nvidia Corporation -> NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-08-03] (Bruce James -> Scarlet.Crush Productions)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [26953656 2023-08-10] (Riot Games, Inc. -> Riot Games, Inc.)
R3 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2023-09-27] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572712 2023-09-27] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105872 2023-09-27] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [1432232 2023-10-04] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-10-05 14:10 - 2023-10-05 14:18 - 000061142 _____ C:\Users\steve\Downloads\Addition.txt
2023-10-05 14:09 - 2023-10-05 14:30 - 000020262 _____ C:\Users\steve\Downloads\FRST.txt
2023-10-05 14:08 - 2023-10-05 14:30 - 000000000 ____D C:\FRST
2023-10-05 14:08 - 2023-10-05 14:08 - 002382848 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2023-10-04 16:18 - 2023-10-04 16:18 - 000000000 ____D C:\Users\steve\AppData\Local\HerovsGame
2023-10-04 16:04 - 2023-10-04 16:04 - 000000223 _____ C:\Users\steve\Desktop\MY HERO ULTRA RUMBLE.url
2023-10-03 16:28 - 2023-10-03 16:28 - 000000000 ____D C:\Users\steve\AppData\Local\Century
2023-10-03 15:50 - 2023-10-03 15:50 - 002094439 _____ C:\Users\steve\Downloads\1.psd
2023-10-03 15:39 - 2023-10-03 15:39 - 000000000 ____D C:\Users\steve\Documents\Adobe
2023-10-03 15:38 - 2023-10-03 15:38 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2024.lnk
2023-10-03 15:29 - 2023-10-03 15:29 - 000000000 ___RD C:\Users\steve\Creative Cloud Files
2023-10-03 15:28 - 2023-10-03 22:08 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Adobe
2023-10-03 15:28 - 2023-10-03 15:40 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-10-03 15:28 - 2023-10-03 15:32 - 000000000 ____D C:\ProgramData\Adobe
2023-10-03 15:28 - 2023-10-03 15:29 - 000000000 ____D C:\Program Files\Adobe
2023-10-03 15:28 - 2023-10-03 15:28 - 000001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2023-10-03 15:28 - 2023-10-03 15:28 - 000000000 ____D C:\Program Files (x86)\Adobe
2023-10-03 15:27 - 2023-10-03 15:27 - 000000000 ____D C:\Users\Public\Documents\AdobeGCInfo
2023-10-03 15:25 - 2023-10-03 15:50 - 000000000 ____D C:\Users\steve\AppData\Local\Adobe
2023-10-03 15:25 - 2023-10-03 15:38 - 000000000 ____D C:\Users\steve\AppData\Roaming\com.adobe.dunamis
2023-10-03 13:50 - 2023-10-03 13:50 - 000000000 ____D C:\Users\steve\AppData\Roaming\Ambient Design
2023-10-03 13:43 - 2023-10-03 13:43 - 000000000 ____D C:\ProgramData\Caphyon
2023-10-03 13:42 - 2023-10-03 13:42 - 128840872 _____ (Ambient Design) C:\Users\steve\Downloads\install_artrage_6_demo_windows.exe
2023-10-03 12:59 - 2023-10-03 12:59 - 000000222 _____ C:\Users\steve\Desktop\Century Age of Ashes.url
2023-10-03 12:52 - 2023-10-03 12:52 - 000000000 ____D C:\Users\steve\AppData\Local\AVGame
2023-10-03 02:38 - 2023-10-03 02:38 - 000000222 _____ C:\Users\steve\Desktop\Vampyr.url
2023-09-30 21:32 - 2023-09-30 21:32 - 000000016 _____ C:\ProgramData\mntemp
2023-09-30 21:32 - 2023-09-30 21:32 - 000000000 ____D C:\Users\steve\AppData\Local\Warhaven
2023-09-30 21:32 - 2023-09-30 21:32 - 000000000 ____D C:\ProgramData\Nexon
2023-09-30 20:28 - 2023-09-30 20:28 - 000000223 _____ C:\Users\steve\Desktop\Warhaven.url
2023-09-30 19:51 - 2023-09-30 19:51 - 000000640 _____ C:\Users\steve\Desktop\New Text Document.txt
2023-09-30 13:04 - 2023-09-30 13:04 - 000000000 ____D C:\Users\steve\AppData\Local\WWAATD
2023-09-29 20:49 - 2023-09-29 20:49 - 000000000 ____D C:\Users\steve\AppData\Local\IkeaBR_Server
2023-09-27 00:12 - 2023-09-27 00:12 - 000000000 ____D C:\Users\steve\AppData\Local\Predecessor
2023-09-26 15:55 - 2023-09-26 15:55 - 000000000 ____D C:\Users\steve\AppData\Roaming\SevenConverter
2023-09-26 15:54 - 2023-09-26 15:54 - 144638745 _____ C:\Users\steve\Downloads\SevenConverter-1.5.7.zip
2023-09-26 15:52 - 2023-09-26 15:52 - 000000000 ____D C:\Users\steve\Documents\MiniTool uTube Downloader
2023-09-26 15:52 - 2023-09-26 15:52 - 000000000 ____D C:\Users\steve\AppData\Local\MiniTool uTube Downloader
2023-09-26 13:17 - 2023-09-26 15:58 - 000000000 ____D C:\Users\steve\AppData\Roaming\QtProject
2023-09-26 13:16 - 2023-09-26 13:17 - 000000000 ___HD C:\ProgramData\TWluaVRvb2wgVmlkZW8gQ29udmVydGVy
2023-09-26 13:16 - 2023-09-26 13:17 - 000000000 ____D C:\Users\steve\Documents\MiniTool Video Converter
2023-09-26 13:15 - 2023-09-26 13:15 - 002011888 _____ (MiniTool) C:\Users\steve\Downloads\minitool-video-converter-3-0.exe
2023-09-26 13:15 - 2023-09-18 18:40 - 103349024 _____ (MiniTool ) C:\Users\steve\Downloads\vc-free.exe
2023-09-24 12:56 - 2023-09-24 12:56 - 001289374 _____ C:\Users\steve\Downloads\Lossless.Scaling.Build.10828226.zip
2023-09-24 12:56 - 2023-09-24 12:56 - 000000000 ____D C:\Users\steve\AppData\Local\Lossless Scaling
2023-09-24 12:56 - 2023-03-31 20:43 - 000000000 ____D C:\Users\steve\Desktop\Lossless.Scaling.Build.10828226
2023-09-23 01:44 - 2023-09-23 01:44 - 000000294 _____ C:\Users\steve\Documents\regbckup.reg
2023-09-21 11:34 - 2023-09-26 16:51 - 000000000 ____D C:\Users\steve\Desktop\desk
2023-09-20 13:16 - 2023-10-04 18:34 - 001432232 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys
2023-09-20 13:16 - 2023-09-20 13:16 - 000000000 ____D C:\Users\steve\AppData\Local\Overprime
2023-09-19 23:14 - 2023-09-19 23:14 - 000000000 ____D C:\Users\steve\AppData\Local\LunaAbyss
2023-09-19 16:29 - 2023-09-19 16:29 - 000000000 ____D C:\Intel
2023-09-19 12:43 - 2023-09-19 12:43 - 000000000 ____D C:\Users\steve\AppData\Local\EALaunchHelper
2023-09-18 23:45 - 2023-09-18 23:45 - 001886879 _____ C:\Users\steve\Downloads\PrinceOfPersiaWarriorWithinv1.0NoCDNoDVDFixedexeEng.rar
2023-09-18 23:35 - 2023-09-18 23:36 - 003015265 _____ C:\Users\steve\Downloads\PrinceOfPersiaWarriorWithinv1.0NoCDNoDVDFixedexeEng-2.rar
2023-09-18 23:32 - 2023-09-18 23:47 - 000000000 ____D C:\ProgramData\POPWWPROFILES
2023-09-18 23:32 - 2023-09-18 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2023-09-18 23:01 - 2023-09-18 23:01 - 000000000 ____D C:\Users\steve\AppData\Local\EAConnect_microsoft
2023-09-18 22:50 - 2023-09-19 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2023-09-18 22:50 - 2023-09-18 22:52 - 000000000 ____D C:\Users\steve\AppData\Local\Origin
2023-09-18 22:50 - 2023-09-18 22:52 - 000000000 ____D C:\ProgramData\EA Desktop
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Users\steve\AppData\Local\Electronic Arts
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Users\steve\AppData\Local\EADesktop
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Program Files\Electronic Arts
2023-09-18 22:50 - 2023-09-18 22:50 - 000000000 ____D C:\Program Files\EA Games
2023-09-18 22:49 - 2023-09-18 22:49 - 002488224 _____ (Electronic Arts) C:\Users\steve\Downloads\EAappInstaller.exe
2023-09-17 20:50 - 2023-09-17 20:50 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Megastorm Games
2023-09-17 19:26 - 2023-09-17 19:26 - 000000000 ____D C:\Users\steve\AppData\LocalLow\NLTech
2023-09-17 19:13 - 2023-09-17 19:13 - 000000000 ____D C:\Users\steve\AppData\Local\DivineKnockout
2023-09-16 14:05 - 2023-09-16 14:05 - 000000000 ____D C:\Program Files\ViGEm ViGEmBus
2023-09-16 14:00 - 2023-09-16 14:00 - 013449768 _____ C:\Users\steve\Downloads\x360ce.zip
2023-09-16 14:00 - 2023-09-16 14:00 - 000000000 ____D C:\ProgramData\X360CE
2023-09-16 11:58 - 2023-09-16 11:58 - 000000000 ___HD C:\$WinREAgent
2023-09-14 12:18 - 2023-09-14 12:19 - 000001376 _____ C:\Users\steve\Desktop\LaunchBDO.lnk
2023-09-14 12:12 - 2023-09-24 18:37 - 000000000 ____D C:\Users\steve\AppData\Roaming\Notepad++
2023-09-14 12:12 - 2023-09-14 12:12 - 004704376 _____ (Don HO don.h@free.fr) C:\Users\steve\Downloads\npp.8.5.6.Installer.x64.exe
2023-09-14 12:12 - 2023-09-14 12:12 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2023-09-14 12:12 - 2023-09-14 12:12 - 000000000 ____D C:\Program Files\Notepad++
2023-09-13 13:48 - 2023-09-13 13:48 - 011367544 _____ (Martin Malik, REALiX s.r.o. ) C:\Users\steve\Downloads\hwi_762.exe
2023-09-13 13:48 - 2023-09-13 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2023-09-13 13:48 - 2023-09-13 13:48 - 000000000 ____D C:\Program Files\HWiNFO64
2023-09-12 20:35 - 2023-09-12 20:35 - 046562290 _____ C:\Users\steve\Downloads\dlc ttt2.rar
2023-09-12 19:50 - 2023-09-12 19:50 - 028236544 _____ C:\Users\steve\Downloads\rpcs3-v0.0.29-15617-c7c81ed9_win64.7z
2023-09-12 19:49 - 2023-09-12 19:49 - 000007050 _____ C:\Users\steve\Downloads\redirect.htm
2023-09-12 19:45 - 2023-10-05 00:46 - 000000000 ____D C:\Users\steve\AppData\Roaming\discordptb
2023-09-12 19:45 - 2023-10-04 21:44 - 000000000 ____D C:\Users\steve\AppData\Local\DiscordPTB
2023-09-11 14:25 - 2023-09-11 14:25 - 000000000 ____D C:\Users\steve\AppData\Local\Cemu
2023-09-10 03:09 - 2023-09-11 00:04 - 000000000 ____D C:\Users\steve\AppData\Roaming\USB_HELPER
2023-09-10 03:09 - 2023-09-10 03:09 - 000000000 ____D C:\Users\steve\AppData\Local\Hikari06
2023-09-10 03:08 - 2023-09-10 03:09 - 000000000 ____D C:\Users\steve\AppData\Roaming\USBHelperLauncher
2023-09-10 03:08 - 2023-09-10 03:08 - 000001070 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wii U USB Helper.lnk
2023-09-10 03:07 - 2023-09-10 03:08 - 000289190 _____ C:\Users\steve\Downloads\USBHelperInstaller.exe
2023-09-10 02:32 - 2023-09-10 02:32 - 000124511 _____ C:\Users\steve\Downloads\Newestkeys.rar
2023-09-09 23:17 - 2023-09-09 23:17 - 024987546 _____ C:\Users\steve\Downloads\cemu_1.26.2.zip
2023-09-09 16:51 - 2023-09-09 16:51 - 000002131 _____ C:\Users\steve\Downloads\Tekken 5_Boss_Hack by [John].7z
2023-09-09 16:31 - 2023-09-09 16:31 - 008528201 _____ C:\Users\steve\Downloads\AncientOgre_P.rar
2023-09-09 15:10 - 2023-09-09 15:11 - 019169430 _____ C:\Users\steve\Downloads\t7_2_JINPACHI_V3.0.zip
2023-09-09 15:04 - 2023-09-09 15:04 - 048681666 _____ C:\Users\steve\Downloads\TekkenMovesetExtractor.zip
2023-09-09 14:57 - 2023-09-09 14:57 - 000218385 _____ C:\Users\steve\Downloads\Tekken 7 Jinpachi Moveset-20230909T125657Z-001.zip
2023-09-05 19:54 - 2023-09-05 19:55 - 000000000 ____D C:\Users\steve\AppData\Local\Maine
2023-09-05 15:58 - 2023-09-05 15:58 - 002541361 _____ C:\Users\steve\Downloads\BDO Font.rar
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-10-05 14:26 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-05 13:41 - 2023-05-28 17:42 - 000000000 ____D C:\ProgramData\NVIDIA
2023-10-05 13:38 - 2023-06-08 22:10 - 000000000 ____D C:\SteamLibrary
2023-10-05 13:38 - 2023-05-28 17:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-05 13:38 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-05 13:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-10-04 16:04 - 2023-05-29 21:48 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-10-04 15:44 - 2023-05-28 18:33 - 000000527 _____ C:\Users\steve\.vivaldi_reporting_data
2023-10-03 19:08 - 2023-05-29 00:32 - 000000000 ____D C:\Users\steve\AppData\Local\CrashDumps
2023-10-03 16:27 - 2023-07-26 20:47 - 000000000 ____D C:\Users\steve\AppData\Roaming\EasyAntiCheat
2023-10-03 16:08 - 2023-05-29 03:17 - 000000000 ____D C:\Users\steve\AppData\Local\UnrealEngine
2023-10-03 15:40 - 2023-05-28 17:47 - 000000000 ____D C:\Users\steve\AppData\Local\Packages
2023-10-03 15:38 - 2023-05-28 17:47 - 000000000 ____D C:\Users\steve\AppData\Roaming\Adobe
2023-10-03 15:38 - 2023-05-28 17:47 - 000000000 ____D C:\Users\steve\AppData\Local\D3DSCache
2023-10-03 15:29 - 2023-05-28 17:41 - 000000000 ____D C:\Users\steve
2023-10-03 15:28 - 2023-05-28 17:57 - 000000000 ____D C:\ProgramData\Package Cache
2023-10-03 15:28 - 2023-05-28 17:42 - 000000000 ____D C:\ProgramData\Packages
2023-10-01 21:51 - 2023-05-28 17:34 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-01 11:46 - 2023-05-28 18:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\discord
2023-10-01 11:43 - 2023-05-28 18:33 - 000000000 ____D C:\Users\steve\AppData\Local\Vivaldi
2023-10-01 11:40 - 2023-07-18 13:52 - 000456412 _____ C:\Windows\system32\perfh006.dat
2023-10-01 11:40 - 2023-07-18 13:52 - 000079336 _____ C:\Windows\system32\perfc006.dat
2023-10-01 11:40 - 2023-05-28 17:43 - 002255670 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-01 11:40 - 2019-12-07 16:51 - 000743838 _____ C:\Windows\system32\perfh007.dat
2023-10-01 11:40 - 2019-12-07 16:51 - 000150260 _____ C:\Windows\system32\perfc007.dat
2023-10-01 11:40 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-10-01 11:36 - 2023-07-09 20:16 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-10-01 11:34 - 2023-05-28 18:14 - 000000000 ____D C:\Users\steve\AppData\Local\Discord
2023-10-01 11:33 - 2023-05-28 17:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-01 11:33 - 2023-05-28 17:33 - 000008192 ___SH C:\DumpStack.log.tmp
2023-10-01 11:33 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-10-01 11:32 - 2023-05-28 22:48 - 000003142 _____ C:\Windows\system32\Tasks\MSIAfterburner
2023-09-28 18:34 - 2023-05-28 18:33 - 000002385 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2023-09-27 21:59 - 2023-05-28 17:34 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-09-27 01:20 - 2023-05-28 22:40 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2023-09-24 14:01 - 2023-05-28 17:48 - 000000000 ____D C:\Users\steve\AppData\Local\PlaceholderTileLogoFolder
2023-09-20 13:17 - 2023-08-22 23:03 - 000000000 ____D C:\ProgramData\Epic
2023-09-19 16:28 - 2023-06-05 02:57 - 000000000 ____D C:\Users\steve\AppData\Roaming\Fatshark
2023-09-19 15:58 - 2023-07-13 22:58 - 000000000 ____D C:\Users\steve\Documents\Soundaufnahmen
2023-09-19 00:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-09-18 23:32 - 2023-05-28 21:57 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-09-18 22:50 - 2023-05-28 21:59 - 000000000 ____D C:\Users\steve\AppData\Local\cache
2023-09-18 21:31 - 2023-08-21 17:50 - 000000000 ____D C:\Users\steve\AppData\Local\AcTools Content Manager
2023-09-17 19:26 - 2023-08-19 18:35 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Unity
2023-09-17 19:13 - 2023-08-22 23:04 - 000000000 ____D C:\Users\steve\AppData\Local\Epic Games
2023-09-17 16:59 - 2023-05-28 19:05 - 000000000 ____D C:\Users\steve\AppData\Local\Steam
2023-09-17 13:48 - 2023-05-29 01:58 - 000003854 _____ C:\Users\steve\AppData\Local\3301857876
2023-09-17 03:29 - 2023-05-28 17:33 - 000259672 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-17 03:28 - 2019-12-07 16:54 - 000000000 ___SD C:\Windows\system32\AppV
2023-09-17 03:28 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-17 03:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-09-16 12:07 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-09-16 12:05 - 2023-05-28 17:36 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-16 11:58 - 2023-05-30 20:33 - 000000000 ____D C:\Windows\system32\MRT
2023-09-16 11:56 - 2023-05-30 20:33 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-14 11:51 - 2023-05-28 22:36 - 000000000 ____D C:\Users\steve\Documents\Black Desert
2023-09-14 11:28 - 2023-05-29 01:51 - 002688512 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-09-14 11:28 - 2023-05-29 01:51 - 000483328 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-09-14 11:28 - 2023-05-29 01:51 - 000210536 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-09-14 11:28 - 2023-05-29 01:51 - 000181864 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-09-14 11:28 - 2023-05-29 01:51 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-09-14 11:28 - 2023-05-29 01:51 - 000095848 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-09-14 11:28 - 2023-05-29 01:51 - 000075368 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-09-14 11:28 - 2023-05-29 01:51 - 000000000 ____D C:\XboxGames
2023-09-12 19:45 - 2023-05-28 18:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2023-09-12 19:45 - 2023-05-28 18:14 - 000000000 ____D C:\Users\steve\AppData\Local\SquirrelTemp
2023-09-12 16:29 - 2023-05-28 22:39 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2023-09-12 16:28 - 2023-05-28 22:48 - 000003126 _____ C:\Windows\system32\Tasks\RTSS
2023-09-10 14:20 - 2023-07-08 01:12 - 000000000 ____D C:\Program Files\Riot Vanguard
2023-09-05 20:15 - 2023-08-27 21:32 - 000000000 ____D C:\Users\steve\AppData\Local\Ubisoft Game Launcher
==================== Files in the root of some directories ========
2023-05-29 01:58 - 2023-09-17 13:48 - 000003854 _____ () C:\Users\steve\AppData\Local\3301857876
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
FRST Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by steve (05-10-2023 14:31:13)
Running from C:\Users\steve\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.3448 (X64) (2023-05-28 15:37:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4237224309-1573821182-25082296-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4237224309-1573821182-25082296-503 - Limited - Disabled)
Gast (S-1-5-21-4237224309-1573821182-25082296-501 - Limited - Disabled)
steve (S-1-5-21-4237224309-1573821182-25082296-1001 - Administrator - Enabled) => C:\Users\steve
WDAGUtilityAccount (S-1-5-21-4237224309-1573821182-25082296-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.0.0.571 - Adobe Inc.)
Adobe Photoshop 2024 (HKLM-x32\...\PHSP_25_0) (Version: 25.0.0.37 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.)
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.4 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{cf77cf6b-71ff-4a71-802d-43adb9b271b7}) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.) Hidden
Black Desert (HKLM-x32\...\BlackDesert_NA_is1) (Version: 23.01.16.1 - PearlAbyss Corp.)
CPUID CPU-Z 2.06 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.06 - CPUID, Inc.)
Discord (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Discord) (Version: 1.0.9013 - Discord Inc.)
Discord PTB (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\DiscordPTB) (Version: 1.0.1032 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.37.0.5550 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{9fadc9c1-bd21-46fd-ad7e-8e08ace2687e}) (Version: 13.37.0.5550 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{AEB35C6C-B6D4-4AA0-8452-DE699737B5F6}) (Version: 1.3.82.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2.1 - )
HWiNFO64 Version 7.62 (HKLM\...\HWiNFO64_is1) (Version: 7.62 - Martin Malik, REALiX s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 2.0 - F.J. Wechselberger)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.5.6 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 536.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.99 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 29.1.3 - OBS Project)
PlayStationPlus (HKLM-x32\...\{B91BC2BC-763E-422C-A5DA-319695354B95}) (Version: 12.1.0 - Sony Interactive Entertainment Inc.)
Prince of Persia Warrior Within (HKLM-x32\...\{EE5BC0BB-9EDA-423C-8276-48857B735D68}) (Version: 1.00.999 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.50.511.2021 - Realtek)
RidersRepublic (HKLM-x32\...\Uplay Install 5487) (Version: - Ubisoft)
Riot Client (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
RivaTuner Statistics Server 7.3.4 (HKLM-x32\...\RTSS) (Version: 7.3.4 - Unwinder)
TreeSize Free V4.6.3 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.6.3 - JAM Software)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 144.0.10906 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
USBHelperLauncher (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\USBHelperLauncher) (Version: 1.0 - FailedShack)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VALORANT (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
Vivaldi (HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\Vivaldi) (Version: 6.2.3105.54 - Vivaldi Technologies AS.)
WhoCrashed 7.06 (HKLM\...\WhoCrashed_is1) (Version: 7.06 - Resplendence Software Projects Sp.)
WinRAR 6.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-10-03] (Adobe Systems Incorporated)
Back 4 Blood -> C:\Program Files\WindowsApps\WarnerBros.Interactive.e172091a-6630-4ff3-959f-830_1.314.5975.0_x64__ktmk1xygcecda [2023-05-29] (Warner Bros. Interactive)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-12] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-20] (NVIDIA Corp.)
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.927.0_x64__8wekyb3d8bbwe [2023-10-05] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-27] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-27] (Spotify AB) [Startup Task]
Warhammer 40,000: Darktide -> C:\Program Files\WindowsApps\FatsharkAB.Warhammer40000DarktideNew_1.2.1492.0_x64__hwm6pnepa3ng2 [2023-10-04] (Fatshark AB)
WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe [2023-06-21] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A79589C16F3B} -> [Creative Cloud Files] => C:\Users\steve\Creative Cloud Files [2023-10-03 15:29]
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{D1AD56BD-8D3D-43DD-A739-CBF2B0928D21}\localserver32 -> C:\Users\steve\AppData\Local\Vivaldi\Application\6.2.3105.54\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-4237224309-1573821182-25082296-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1ddf203f8d876fdf\nvshext.dll [2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-03] (Adobe Inc. -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\steve\Desktop\LaunchBDO.lnk -> C:\Pearlabyss\BlackDesert\LaunchBDOwithAffinitySet.bat ()
==================== Loaded Modules (Whitelisted) =============
2023-04-03 00:48 - 2023-04-03 00:48 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2023-04-03 00:48 - 2023-04-03 00:48 - 000059392 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2023-04-03 00:49 - 2023-04-03 00:49 - 000699904 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2023-04-03 00:48 - 2023-04-03 00:48 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2023-04-03 00:48 - 2023-04-03 00:48 - 000371712 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2023-03-14 17:57 - 2023-03-14 17:57 - 000058368 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2023-03-14 17:57 - 2023-03-14 17:57 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2023-03-14 17:57 - 2023-03-14 17:57 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2023-05-29 01:51 - 2023-09-14 11:28 - 000483328 _____ (Microsoft Corporation) [File not signed] C:\Windows\SYSTEM32\gameplatformservices.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 002849280 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000685056 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2023-10-03 19:08 - 2023-10-03 19:08 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc:169D67954B [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert.lnk:54240D998C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2594]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4412]
AlternateDataStreams: C:\Users\steve\Anwendungsdaten:671890e017d8a4fb26004192461213ff [394]
AlternateDataStreams: C:\Users\steve\AppData\Roaming:671890e017d8a4fb26004192461213ff [394]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AB28E5367ED265860776C96F8DFD68CB"
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-4237224309-1573821182-25082296-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DCF04797-81F5-4C0C-8452-D7E5199278BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{E4A910E2-725E-4BB8-97DA-9CCB1F243133}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{C80B689C-4B41-4E73-BB61-7D544E675958}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{658AD2A2-A564-4D6C-AA7A-30E087E13788}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{3C829B3E-4CC6-4131-BB94-FC02EC914C8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{79C76835-E69A-4BE1-AD49-31FCB9338368}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{A97A7887-368B-4A94-9C23-3152A87D442F}C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{BDC25AE9-4929-489C-9D29-D5CE26B2A32B}C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\steve\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{DB749087-2A8B-49A4-931A-47BDFA36E64C}] => (Allow) D:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{17D437DE-C479-4CC4-90DA-428CF6AB953A}] => (Allow) D:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9B32655E-B34A-496F-83F4-6FC7A47DA14E}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5940784B-3979-4AF5-ADE8-C834CB9E8E34}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A20DDB46-81A1-43C9-AC9B-7B2E521E32DC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{ED244F85-19BE-452A-BE94-2AE86AAD2483}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{4DC62F78-A33D-42FD-9EB7-959D4D4F1F58}D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [UDP Query User{6DBE7C1B-DBE1-4F4F-B847-427B16689818}D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [{A5C7480C-4FAF-4607-A673-EC0DDDEE3A90}] => (Block) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [{5242BADE-6E0A-4B37-99E9-FC48AF09C799}] => (Block) D:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe () [File not signed]
FirewallRules: [TCP Query User{79F0CAAE-A39C-4FF3-A88A-8552AFA2D076}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Allow) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{E0E28F3C-7776-4340-9DAF-AD76856FAE0D}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Allow) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [TCP Query User{FC0E67E3-7EBE-4E43-8846-11ADB169399F}C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{983A23F0-8AA0-44EC-8C0D-31146EF8F218}C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\steve\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [TCP Query User{A618D37E-1CCB-43C3-A526-19B3D8C171AC}D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [UDP Query User{FA163D9E-020F-4F14-8377-BC68AA0E0C87}D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [{8B6DD944-BDE3-4AC3-BD55-765F49584076}] => (Block) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [{C96D19F3-631A-46E8-912C-613518C0165B}] => (Block) D:\program files (x86)\steam\steamapps\common\redeemer\examplegame\binaries\win64\examplegame-win64-shipping.exe (Sobaka Studio) [File not signed]
FirewallRules: [TCP Query User{B3BD6F28-BF0B-4BCF-B68A-B85C16ABC836}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Block) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{88B67A84-D986-4CD5-9A8D-00ED828CECA9}D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Block) D:\games\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [{1D153E78-5C98-4F2D-AB60-DC8CABB328F2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Naruto To Boruto\NARUTO.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{847164C9-506C-4CED-815C-FCF493929212}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Naruto To Boruto\NARUTO.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{CA56DE0E-B4F9-4706-A0C1-059B74A7BD2F}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [UDP Query User{882C6C11-0079-48D1-94FF-8CF90403F3B2}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [TCP Query User{64F53A17-0C86-4E18-B3DD-9CCE546B1066}D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [UDP Query User{A75DBC38-0DC0-450D-B981-134107077E5E}D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [{F85DA664-3E8E-4E84-AD18-80FC97EB227A}] => (Block) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [{6862B720-1B70-40FC-A68A-A57C66156D18}] => (Block) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe (BANDAI NAMCO Entertainment Inc.) [File not signed]
FirewallRules: [{DCF67D02-A0C1-4C99-8F85-7B8A40E9D4D5}] => (Allow) C:\Program Files (x86)\PlayStationPlus\pspluslauncher.exe (Sony Interactive Entertainment LLC -> Sony Interactive Entertainment LLC)
FirewallRules: [{EC71AD93-9DF2-4A68-AEE9-D9521AC9CA8E}] => (Allow) C:\Users\steve\AppData\Local\Gaikai\CrashReports\dumpupload.exe (Sony Interactive Entertainment LLC -> )
FirewallRules: [{C0DA7550-9270-4FA2-B6CD-DD147098813C}] => (Allow) C:\Program Files (x86)\PlayStationPlus\unidater.exe (Sony Interactive Entertainment LLC -> Sony Interactive Entertainment)
FirewallRules: [TCP Query User{0C9167F3-B4D0-4C58-87F0-A86E02CB194A}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Block) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [UDP Query User{D1BEAFB7-9324-48BE-BD8C-4AE963DD6A09}D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Block) D:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe (SOLEIL LTD. -> Soleil Ltd.)
FirewallRules: [TCP Query User{E4CBE294-65D0-4AAF-AD30-98336EFDE52A}C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe] => (Allow) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [UDP Query User{563E0DB0-DB13-4100-983F-69CBBE2F71EC}C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe] => (Allow) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [{700AFACF-BF20-41CC-A753-23EA074B7BC8}] => (Block) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [{FF6E1D57-1B4D-46F9-A9EC-337FF9F3B225}] => (Block) C:\steamlibrary\steamapps\common\vrising\vrising_server\vrisingserver.exe => No File
FirewallRules: [{B9761C15-B2E8-4DD1-895B-1C4C279429B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1444B634-0D3C-4E7B-81E3-E7B0114F6AF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{515D454E-D87F-4E18-8D21-FB627F4B9992}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A33859EC-1C2D-4708-B78E-46B0716D8D46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{407C5E4C-35B9-4AC5-B8C8-20EBB2096CE1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FD05C7EE-8A63-41FE-BB03-563C1DBF9836}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2306.14001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0E037708-8117-4F26-A79E-A8EF366A794F}] => (Allow) C:\SteamLibrary\steamapps\common\En Garde Demo\EnGarde.exe => No File
FirewallRules: [{04457DF8-2F91-4A1A-A615-4896A0A5CA84}] => (Allow) C:\SteamLibrary\steamapps\common\En Garde Demo\EnGarde.exe => No File
FirewallRules: [TCP Query User{4481370E-C528-49B6-A8B1-72F0924C7661}C:\pearlabyss\blackdesert\bin64\blackdesert64.exe] => (Allow) C:\pearlabyss\blackdesert\bin64\blackdesert64.exe (Pearl abyss Corp -> )
FirewallRules: [UDP Query User{67440C80-9217-4949-8FAF-2196C6899E04}C:\pearlabyss\blackdesert\bin64\blackdesert64.exe] => (Allow) C:\pearlabyss\blackdesert\bin64\blackdesert64.exe (Pearl abyss Corp -> )
FirewallRules: [TCP Query User{3BDCCA1D-EA96-4120-9FD2-6C6388C5E106}D:\games\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{A5BDA3C2-B99D-4B2C-89F1-DD019DCD3EEC}D:\games\riot games\riot client\riotclientservices.exe] => (Allow) D:\games\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{8CFF21DD-D759-4E32-BF28-495080C8608B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Devil May Cry 5\DevilMayCry5.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{D3E64BAD-2D9F-4BC9-B2A9-A324C793AEEB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Devil May Cry 5\DevilMayCry5.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{7C2AAAC5-E37F-4350-AEBD-DCCAA014686E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{335E88B3-DB44-4E62-9092-B024DBF29897}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{337A30C0-EE6E-41B9-A234-0A7E3E5D736B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [{EE30D735-CA09-402B-9916-03EBB34C03AD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [TCP Query User{E3248369-ED12-4C05-8897-D45CE9A9FD71}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [UDP Query User{329C6AC2-7D69-45B8-A425-409A1B11CA19}D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe (Valve Corp. -> Activision Publishing Inc.)
FirewallRules: [{72CB7328-0990-4304-B050-19665BE71916}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [{9649F702-D824-4A0F-A5D9-5997E2520CBB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [TCP Query User{ABF5908F-C335-4A3C-9618-442B914B136E}D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Block) D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [UDP Query User{9B6D4EA3-AFF0-4839-A56A-CD9F987CDC51}D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Block) D:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [TCP Query User{9C0BCC8F-ADAA-4EDD-AD8A-128F95E3C7C4}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7CF5524A-907F-4385-8636-A9C0DC3A613F}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{DFDAED3F-0171-4E6D-BF36-9820C312D891}D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{82BC7D55-53DA-4A18-832D-7D9FC75216A7}D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{4B95870A-5274-45CD-A156-D8D8DA8EC130}] => (Block) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{4AFAFD29-9FF1-49B5-90CD-7D382D4C7AFA}] => (Block) D:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{355CDB9B-DEF5-44BF-BC78-96CF0442DCE9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Demo\Europa.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{806E4445-C41A-4A4D-AACB-36FAAC4C3B7D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Europa Demo\Europa.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{2A677AB7-E322-4830-BEBA-63261ADDD108}] => (Allow) D:\Games\RidersRepublic\RidersRepublic.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{F53E2BB4-FE58-4850-9363-538A623A26C3}] => (Allow) D:\Games\RidersRepublic\RidersRepublic_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{5ED3A785-942D-4441-87DD-93D5BA4FA448}] => (Allow) D:\Games\RidersRepublic\RidersRepublic_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{F701C52E-53E9-45FD-A223-37D2598D40AC}] => (Allow) C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{99FC416A-531B-4DDD-9678-F2D8AE075525}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grounded\Grounded.exe (Obsidian Entertainment, Inc. -> Epic Games, Inc.)
FirewallRules: [{62C58094-EE8F-4A25-9C58-156D85408F4B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grounded\Grounded.exe (Obsidian Entertainment, Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{C3D382E1-805E-4509-B0DD-866EC8D70BFE}C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [UDP Query User{21C7AEB1-7D4C-489D-9101-4E1204DD75E8}C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [{655DBFBF-40B8-487A-A245-F962B002FE11}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [{FD2F0EDE-EE2C-4A45-B2A9-1AE7218D1AFE}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\usbhelperlauncher.exe () [File not signed]
FirewallRules: [TCP Query User{642DFF3A-E77F-4ECE-B6E4-CBC148B4CA7A}C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [UDP Query User{008FE377-808A-4095-B7A9-D1DCB37EACD7}C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe] => (Allow) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [{91B06BAC-61F4-4897-940D-8BA778753AC3}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [{47FBF48F-7735-455A-B8EA-FCEE1BA392B0}] => (Block) C:\users\steve\appdata\roaming\usbhelperlauncher\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [{E2FA37E7-2060-409D-A697-81E2953ECBFD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\VRising\VRising.exe (Stunlock Studios AB -> )
FirewallRules: [{0253FB2C-4EA7-4E52-9566-7E82C18C4B11}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\VRising\VRising.exe (Stunlock Studios AB -> )
FirewallRules: [{EE685ACE-EC8B-45BA-9F2B-6DD013758F1C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C75CF5A1-2E74-4B2E-B0B7-F6C2A208348A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{07F14A7B-9602-4E04-A2A1-F69E993892B1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C8EC026F-DB26-4C3D-A978-7D4C3DB2DC59}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C0E30DAA-B6BC-4DE2-BBF0-701178235FF2}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{CEBC5B9A-CEA7-4BB2-B5F2-ACF7157398AE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C936518D-8CD8-4B21-A67B-68C2DB13B150}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F2C9AAD0-5229-4BE7-8BAD-1F23E3E12900}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{DF43925E-FA1C-4B04-90A3-112BC97D13BD}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{976453AB-3164-4F53-BB68-BA1974EF3019}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D4CEAC82-0EBA-449F-8ADF-C01DBB855B92}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{14107C9A-114C-46C1-B31E-8A4024921E87}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guilt Demo\GuiltDemo.exe () [File not signed]
FirewallRules: [{CC9A3C2A-0C04-4D6A-9C40-DD0A213AC095}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guilt Demo\GuiltDemo.exe () [File not signed]
FirewallRules: [{D6ABFFE5-01DA-4D70-9990-4ACD668F31B5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Overprime\ParagonClient.exe (Netmarble F&C Inc. -> Epic Games, Inc.) [File not signed]
FirewallRules: [{B23206AF-3F17-4DE2-987E-6074B8B4C15A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Overprime\ParagonClient.exe (Netmarble F&C Inc. -> Epic Games, Inc.) [File not signed]
FirewallRules: [{BB259F25-BD24-4741-B4D3-4B4073AB678A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9E9F8912-6155-42B1-A264-713747E295BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7D6F3607-805E-444F-9FCC-581877D1394A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2C209794-FB19-41BD-A6A8-BE32804ECC48}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DB541803-82B7-4FA7-A626-65F00175C0DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BB0A62F7-EF4E-43D2-B9DD-9CA65D8AE936}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{327FD3BE-74CC-4641-895B-9140BC4AC5E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{54425409-BDDA-4B0C-B146-4A8E2C66463F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A3D02D3-26AC-472F-9F16-2A079E9C6076}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8AFD82F3-211D-49D8-A8AB-51EA7888A51F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D4F5CC8D-5E44-4BDB-8CF0-0624DDCEF46B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhaven\Warhaven\Binaries\Win64\Warhaven-Win64-Shipping.exe (NEXON Korea Corporation. -> Nexon Korea)
FirewallRules: [{2A494004-BB6C-4D36-98F8-D7BEA7DBA309}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhaven\Warhaven\Binaries\Win64\Warhaven-Win64-Shipping.exe (NEXON Korea Corporation. -> Nexon Korea)
FirewallRules: [{7783C9EC-1D59-4D10-97E3-C97BDA18D447}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF130DA1-5875-4ED1-A6EE-90C83E339203}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe (Focus Home Interactive -> Focus Home Interactive)
FirewallRules: [{C7C07AE0-840F-4E9D-A570-D600369D3244}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe (Focus Home Interactive -> Focus Home Interactive)
FirewallRules: [{10324C18-F43D-42EA-AA09-15A92D49711C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Century\Century.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{03C44E98-F5B7-464D-8A34-3B6B58D44046}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Century\Century.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [TCP Query User{B30A03D7-A311-4071-A9BD-A0CAD9563250}D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{08F3CBD0-4EAC-4191-8A83-798F16EF9675}D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\century\century\binaries\win64\century-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{881153A9-A2A0-4756-81A3-63B434AC22E9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\My Hero Ultra Rumble\HerovsGame\Binaries\Win64\MHUR.exe (BNEI) [File not signed]
FirewallRules: [{7579E632-7EB4-42E7-B07F-63808A65CE57}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\My Hero Ultra Rumble\HerovsGame\Binaries\Win64\MHUR.exe (BNEI) [File not signed]
==================== Restore Points =========================
03-10-2023 13:43:32 Installed ArtRage 6 Demo
==================== Faulty Device Manager Devices ============
Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/03/2023 07:08:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EALaunchHelper.exe, version: 13.37.0.5550, time stamp: 0x65173201
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process ID: 0x3468
Faulting application start time: 0x01d9f61c375e6af9
Faulting application path: C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report ID: 61642891-227c-43df-8bed-40acb0fa5825
Faulting package full name:
Faulting package-relative application ID:
Error: (10/01/2023 11:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x46d0
Faulting application start time: 0x01d9f449220cb50f
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: d5334bba-3c1e-4024-adeb-19bec662e788
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4404
Faulting application start time: 0x01d9f4491c60e6d6
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 5ad0f45f-b267-4dba-bc51-1406dac53d34
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4b8c
Faulting application start time: 0x01d9f44915a85f83
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: a7deb725-d884-4ea9-9bf9-2f36ce2b8f6b
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4370
Faulting application start time: 0x01d9f44911009cd0
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 05c06c1f-bcd9-4a65-8177-602ac38a8b80
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 11:24:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x3928
Faulting application start time: 0x01d9f3eafb46b5ab
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: a7043e35-60dc-450f-8fa6-0f1b58820406
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (10/01/2023 12:10:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4060
Faulting application start time: 0x01d9f3eaf58fe7f1
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 8a5dd693-d321-47b3-ad09-cf3537c64b16
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (09/30/2023 11:45:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process ID: 0x4368
Faulting application start time: 0x01d9f3e762f36ec8
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 78dd7f78-d1f9-4b5c-bb43-dd545b7d4485
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
System errors:
=============
Error: (10/05/2023 01:38:03 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (10/04/2023 02:21:08 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (10/03/2023 01:43:42 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: ??\Device\HarddiskVolumeShadowCopy12
Error: (10/03/2023 12:52:38 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (10/02/2023 11:48:27 AM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Error: (10/01/2023 07:49:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (10/01/2023 07:49:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (10/01/2023 11:33:26 AM) (Source: TPM) (EventID: 15) (User: NT-AUTORITÄT)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
Windows Defender:
================
Date: 2023-10-05 01:10:49
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {6839F56E-5A6B-48FE-A5AE-0438F170730F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-10-04 23:19:45
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.H!ml&threatid=2147814523&enterprise=0
Name: Trojan:Win32/Wacatac.H!ml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_D:\Users\-..-\Documents\Things\USB STICK\S4\[S4L] Codes In-Game Trainer 0.1.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-0JFIBDK\steve
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.399.40.0, AS: 1.399.40.0, NIS: 1.399.40.0
Modulversion: AM: 1.1.23090.2007, NIS: 1.1.23090.2007
Date: 2023-10-04 14:21:09
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {09118F2F-DD78-4AE9-AE61-93B474972E52}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-10-03 12:52:39
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {DB6BA914-8D83-405B-86E8-2418BB38F38F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-10-02 11:48:28
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {C658E1D2-03EA-4A6E-BFBA-2EF8B2BF6371}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Event[0]:
Date: 2023-07-18 13:55:56
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.393.702.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.23060.1005
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".
CodeIntegrity:
===============
Date: 2023-07-18 17:28:58
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 4202 06/16/2023
Motherboard: ASUSTeK COMPUTER INC. PRIME B450M-A
Processor: AMD Ryzen 5 5600 6-Core Processor
Percentage of memory in use: 64%
Total physical RAM: 32680.62 MB
Available physical RAM: 11503.18 MB
Total Virtual: 37607.2 MB
Available Virtual: 7595.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.42 GB) (Free:79.28 GB) (Model: Samsung SSD 840 PRO Series) NTFS
Drive d: (Windows) (Fixed) (Total:930.34 GB) (Free:99.34 GB) (Model: TOSHIBA HDWD110) NTFS
\\?\Volume{c0f2ecdd-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{36853ede-301c-49da-bdf8-b33b92a3977e}\ (Windows RE tools) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS
\\?\Volume{45b38fcd-2611-4a25-9609-20552808547e}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{75d233e1-b882-4e2d-8963-fba759abb7a3}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: C0F2ECDD)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
|
| Themen zu Wacatac.H!ml von Win Defender gefunden - FRST Log beigefügt |
| access denied, adware, browser, computer, defender, fehler, google, home, installation, internet, internet explorer, musik, registry, reinigung des systems, rundll, scan, server, services.exe, software, stick, svchost.exe, system, trojaner, udp, usb, virus, windows |
Baum-Darstellung