Weiter gehts!
Während des Durchlaufs von EmergencyKit hat der Windows-Defender angeschlagen und die folgende Bedrohung entdeckt: Code:
Trojan:Win32/Wacatac.D0!ml
Betroffene Elemente:
file: C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp000030cd
file: C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp0000315d
file: C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp00003163
Fixlog: Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by Vanqq (01-02-2021 17:48:49) Run:3
Running from C:\Users\Vanqq\Desktop
Loaded Profiles: Vanqq
Boot Mode: Normal
==============================================
fixlist content:
*****************
DeleteValue: HKCU\Environment|Vanqq
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
Hosts:
RemoveProxy:
SystemRestore: On
EmptyTemp:
*****************
"HKCU\Environment\\Vanqq" => removed successfully
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= End of CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= End of CMD: =========
========= netsh advfirewall reset =========
OK.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= End of CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= Set-MpPreference -PUAProtection Enabled =========
========= End of Powershell: =========
========= Set-MpPreference -DisableScanningNetworkFiles 0 =========
========= End of Powershell: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3495057415-85728902-141794291-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3495057415-85728902-141794291-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
SystemRestore: On => completed
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10591708 B
Java, Flash, Steam htmlcache => 4251431 B
Windows/system/drivers => 5744229 B
Edge => 0 B
Chrome => 150457397 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 78536 B
NetworkService => 84484 B
Vanqq => 7091319 B
OxBJRrFpMN => 7091319 B
New => 7091319 B
RecycleBin => 0 B
EmptyTemp: => 191.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:49:16 ====
Log EmergencyKit: Code:
Emsisoft Emergency Kit – Version 2021.1
Letztes Update: 01.02.2021 17:51:47
Eigene DESKTOP-TRKOEOE\Vanqq
DESKTOP-TRKOEOE
Windows 10x64
Scan-Einstellungen:
Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Spuren, Dateien
PUPs-Erkennung: An
Archive scannen: Aus
E-Mail-Archive scannen: Aus
ADS-Scan: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 01.02.2021 17:52:00
Gescannt: 76131
Gefunden 0
Scan-Ende: 01.02.2021 17:52:51
Scan-Zeit: 0:00:51
FRST.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by Vanqq (administrator) on DESKTOP-TRKOEOE (Micro-Star International Co., Ltd. MS-7B47) (01-02-2021 17:55:09)
Running from C:\Users\Vanqq\Desktop
Loaded Profiles: Vanqq
Platform: Windows 10 Home Version 20H2 19042.746 (X64) Language: Englisch (Vereinigte Staaten)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <8>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe <2>
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\Run: [Steam] => C:\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-31] (Google LLC -> Google LLC)
Startup: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2020-01-05] (Leader Technologies) [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {17DE9E3A-22D3-457D-A069-0DAEF6D8959D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-31] (Google LLC -> Google LLC)
Task: {1C812FB3-74AF-49A4-AA2C-921FC87EA1F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {232CBDDA-1067-44D9-A149-BC3C396D830E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-31] (Google LLC -> Google LLC)
Task: {25A1FDB0-2AE4-4486-A4B2-EA1434A5E4D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {53AC7C85-9E7F-425B-9BCC-64A2A76AA68E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {69409985-36F7-4C5A-8B79-4E25E7E630BD} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {F3BF37EC-192D-4EE7-9B3B-13E5043F1E29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2b2f4dc8-61fa-4b20-aa69-97e6a79c7657}: [DhcpNameServer] 192.168.178.1
Edge:
=======
Edge Profile: C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-01]
Edge Extension: (Outlook) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-31]
Edge Extension: (Word) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-31]
Edge Extension: (Excel) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-31]
Edge Extension: (PowerPoint) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-31]
Chrome:
=======
CHR Profile: C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default [2021-02-01]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR Extension: (Präsentationen) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-31]
CHR Extension: (Docs) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-31]
CHR Extension: (Google Drive) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-31]
CHR Extension: (YouTube) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-31]
CHR Extension: (Tabellen) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Google Mail) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-31]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-31] (Malwarebytes Inc -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S4 epp; C:\EEK\bin64\epp.sys [155112 2020-10-27] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220600 2021-02-01] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-01-31] (Malwarebytes Inc -> Malwarebytes)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [51776 2020-02-17] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_006e; C:\WINDOWS\System32\drivers\RzDev_006e.sys [52496 2020-02-17] (Razer USA Ltd. -> Razer Inc)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-01-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2021-01-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-01 17:49 - 2021-02-01 17:49 - 000220600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-01 06:05 - 2021-02-01 06:04 - 314572344 _____ C:\Users\Vanqq\Desktop\EmsisoftEmergencyKit (1).exe
2021-02-01 06:05 - 2021-02-01 06:02 - 031049536 _____ C:\Users\Vanqq\Desktop\RogueKiller_portable64 (1).exe
2021-02-01 06:01 - 2021-02-01 06:02 - 031049536 _____ C:\Users\Vanqq\Downloads\RogueKiller_portable64 (1).exe
2021-02-01 06:00 - 2021-02-01 06:04 - 314572344 _____ C:\Users\Vanqq\Downloads\EmsisoftEmergencyKit (1).exe
2021-02-01 05:59 - 2021-02-01 05:59 - 008457584 _____ (Malwarebytes) C:\Users\Vanqq\Desktop\adwcleaner_8.0.9.1 (1).exe
2021-02-01 05:58 - 2021-02-01 05:59 - 008457584 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\adwcleaner_8.0.9.1 (1).exe
2021-02-01 03:00 - 2021-02-01 17:49 - 076021760 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-02-01 02:59 - 2021-02-01 03:00 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-01-31 23:49 - 2021-01-31 14:54 - 000000000 ____D C:\Windows.old
2021-01-31 23:48 - 2021-01-31 23:49 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-01-31 23:47 - 2021-01-31 23:48 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-01-31 23:47 - 2021-01-31 23:47 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-01-31 23:47 - 2021-01-31 23:47 - 000000000 ____D C:\ProgramData\ssh
2021-01-31 23:44 - 2021-01-31 23:44 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-01-31 23:44 - 2021-01-31 23:44 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-01-31 23:44 - 2021-01-31 23:44 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-01-31 23:44 - 2021-01-31 23:44 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-31 23:44 - 2021-01-31 23:44 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-31 23:44 - 2021-01-31 23:44 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-31 23:44 - 2021-01-31 23:44 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-31 23:44 - 2021-01-31 23:44 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-31 23:44 - 2021-01-31 23:44 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-01-31 23:44 - 2021-01-31 23:44 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-01-31 23:44 - 2021-01-31 23:44 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-31 23:44 - 2021-01-31 23:44 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-01-31 23:44 - 2021-01-31 23:44 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-01-31 23:43 - 2021-01-31 23:43 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-01-31 23:43 - 2021-01-31 23:43 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-31 23:43 - 2021-01-31 23:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-31 23:43 - 2021-01-31 23:43 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-31 23:43 - 2021-01-31 23:43 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-01-31 23:43 - 2021-01-31 23:43 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-01-31 23:39 - 2021-01-31 23:39 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-01-31 23:39 - 2021-01-31 23:39 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-01-31 23:37 - 2021-02-01 17:55 - 000741386 _____ C:\WINDOWS\system32\perfh007.dat
2021-01-31 23:37 - 2021-02-01 17:55 - 000149636 _____ C:\WINDOWS\system32\perfc007.dat
2021-01-31 23:37 - 2021-01-31 23:37 - 000306166 _____ C:\WINDOWS\system32\perfi007.dat
2021-01-31 23:37 - 2021-01-31 23:37 - 000040520 _____ C:\WINDOWS\system32\perfd007.dat
2021-01-31 23:37 - 2021-01-31 23:37 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-01-31 23:37 - 2021-01-31 23:37 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2021-01-31 23:37 - 2021-01-31 23:37 - 000000000 ____D C:\WINDOWS\system32\de
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files\MSBuild
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-31 21:43 - 2021-01-31 21:46 - 000000000 ____D C:\WINDOWS\CryptoGuard
2021-01-31 21:37 - 2021-01-31 21:46 - 000000000 ____D C:\ProgramData\Sophos
2021-01-31 21:33 - 2021-01-31 21:36 - 307274360 _____ (Sophos Limited) C:\Users\Vanqq\Downloads\SophosInstall.exe
2021-01-31 20:57 - 2021-01-31 20:57 - 000019253 _____ C:\Users\Vanqq\Desktop\Addition.txt
2021-01-31 20:56 - 2021-02-01 17:55 - 000011060 _____ C:\Users\Vanqq\Desktop\FRST.txt
2021-01-31 20:55 - 2021-01-31 20:55 - 002297856 _____ (Farbar) C:\Users\Vanqq\Downloads\FRST64.exe
2021-01-31 20:55 - 2021-01-31 20:55 - 002297856 _____ (Farbar) C:\Users\Vanqq\Desktop\FRST64.exe
2021-01-31 20:45 - 2021-01-31 20:50 - 000000000 ____D C:\ProgramData\RogueKiller
2021-01-31 20:45 - 2021-01-31 20:45 - 031049536 _____ C:\Users\Vanqq\Downloads\RogueKiller_portable64.exe
2021-01-31 20:40 - 2021-01-31 20:40 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-31 20:40 - 2021-01-31 20:40 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-31 20:40 - 2021-01-31 20:40 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-31 20:39 - 2021-01-31 20:39 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-31 20:38 - 2021-01-31 20:38 - 001965536 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\MBSetup-80562.80562-consumer.exe
2021-01-31 20:33 - 2021-02-01 17:53 - 000000000 ____D C:\EEK
2021-01-31 20:33 - 2021-01-31 20:33 - 000000000 ____D C:\ProgramData\Emsisoft
2021-01-31 20:29 - 2021-01-31 20:29 - 000010018 _____ C:\Users\Vanqq\Downloads\scan_210114-145759.txt
2021-01-31 20:28 - 2021-01-31 20:32 - 315446840 _____ C:\Users\Vanqq\Downloads\EmsisoftEmergencyKit.exe
2021-01-31 20:16 - 2021-02-01 17:49 - 000003139 _____ C:\Users\Vanqq\Desktop\Fixlog.txt
2021-01-31 20:15 - 2021-02-01 17:55 - 000000000 ____D C:\FRST
2021-01-31 18:10 - 2021-01-31 18:11 - 006565432 _____ (EnigmaSoft Limited) C:\Users\Vanqq\Downloads\SpyHunter-5.10-15-7042-Installer.exe
2021-01-31 18:05 - 2021-01-31 18:06 - 000000000 ____D C:\AdwCleaner
2021-01-31 18:05 - 2021-01-31 18:05 - 008457584 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\adwcleaner_8.0.9.1.exe
2021-01-31 17:57 - 2021-01-31 17:57 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-31 17:57 - 2021-01-31 17:57 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-31 17:57 - 2021-01-31 17:57 - 000002266 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-31 17:57 - 2021-01-31 17:57 - 000000000 ____D C:\Program Files\Google
2021-01-31 17:56 - 2021-01-31 17:56 - 001321688 _____ (Google LLC) C:\Users\Vanqq\Downloads\ChromeSetup.exe
2021-01-31 17:56 - 2021-01-31 17:56 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-31 17:56 - 2021-01-31 17:56 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-31 17:42 - 2021-01-31 21:05 - 000000000 ____D C:\Users\Vanqq\Desktop\FearlessRevolution
2021-01-31 17:42 - 2021-01-31 17:42 - 011530207 _____ C:\Users\Vanqq\Downloads\fearlessrevolution.zip
2021-01-31 17:37 - 2021-01-31 17:49 - 000000000 ____D C:\Users\Vanqq\AppData\Local\GearsTactics
2021-01-31 17:37 - 2021-01-31 17:37 - 000000000 ____D C:\Users\Vanqq\AppData\Local\UnrealEngine
2021-01-31 17:37 - 2021-01-31 17:37 - 000000000 ____D C:\Users\Vanqq\AppData\Local\NVIDIA Corporation
2021-01-31 17:14 - 2021-01-31 17:14 - 000001873 _____ C:\Users\Vanqq\Downloads\windows_10_store_app_herunterladen.zip
2021-01-31 17:09 - 2021-01-31 17:09 - 000833913 _____ C:\Users\Vanqq\Downloads\Microsoft.VCLibs.140.00_14.0.29231.0_x64__8wekyb3d8bbwe.Appx
2021-01-31 17:09 - 2021-01-31 17:09 - 000244530 _____ C:\Users\Vanqq\Downloads\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe.Appx
2021-01-31 17:08 - 2021-01-31 17:09 - 060448631 _____ C:\Users\Vanqq\Downloads\Microsoft.WindowsStore_12010.1001.313.0_neutral___8wekyb3d8bbwe.AppxBundle
2021-01-31 17:08 - 2021-01-31 17:08 - 005204216 _____ C:\Users\Vanqq\Downloads\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe.Appx
2021-01-31 16:12 - 2021-01-31 21:44 - 000000000 ____D C:\Users\Vanqq\AppData\Local\CrashDumps
2021-01-31 16:11 - 2021-01-31 16:11 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10-Update-Assistent.lnk
2021-01-31 16:11 - 2021-01-31 16:11 - 000000000 ____D C:\Windows10Upgrade
2021-01-31 16:02 - 2021-01-31 16:03 - 008673152 _____ () C:\Users\New\Downloads\XboxInstaller.exe
2021-01-31 16:02 - 2021-01-31 16:02 - 000000000 ____D C:\Users\New\AppData\Local\Steam
2021-01-31 16:02 - 2021-01-31 16:02 - 000000000 ____D C:\Users\New\AppData\Local\CEF
2021-01-31 16:01 - 2021-01-31 16:03 - 000000000 ____D C:\Users\New\AppData\Local\PlaceholderTileLogoFolder
2021-01-31 16:01 - 2021-01-31 16:02 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3495057415-85728902-141794291-1007
2021-01-31 16:01 - 2021-01-31 16:02 - 000000000 ___RD C:\Users\New\OneDrive
2021-01-31 16:00 - 2021-01-31 16:03 - 000000000 ____D C:\Users\New\AppData\Local\Packages
2021-01-31 16:00 - 2021-01-31 16:02 - 000002353 _____ C:\Users\New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-31 16:00 - 2021-01-31 16:01 - 000002266 _____ C:\Users\New\Desktop\Google Chrome.lnk
2021-01-31 16:00 - 2021-01-31 16:01 - 000000000 ____D C:\Users\New
2021-01-31 16:00 - 2021-01-31 16:00 - 000002344 _____ C:\Users\New\Desktop\Microsoft Edge.lnk
2021-01-31 16:00 - 2021-01-31 16:00 - 000000020 ___SH C:\Users\New\ntuser.ini
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ___RD C:\Users\New\3D Objects
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Roaming\Adobe
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\VirtualStore
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\Publishers
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\Google
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\ConnectedDevicesPlatform
2021-01-31 15:55 - 2021-01-31 15:55 - 000000000 ____D C:\Users\Vanqq\AppData\Local\mbam
2021-01-31 15:54 - 2021-01-31 15:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-31 15:53 - 2021-01-31 15:53 - 002086424 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\MBSetup.exe
2021-01-31 15:49 - 2021-01-31 15:49 - 008673152 _____ () C:\Users\Vanqq\Downloads\XboxInstaller.exe
2021-01-31 15:39 - 2021-01-31 15:39 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-31 15:39 - 2021-01-31 15:39 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f7d890cf30bd
2021-01-31 15:36 - 2021-01-31 17:58 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\WeMod
2021-01-31 15:36 - 2021-01-31 15:36 - 000002151 _____ C:\Users\Vanqq\Desktop\WeMod.lnk
2021-01-31 15:36 - 2021-01-31 15:36 - 000000000 ____D C:\Users\Vanqq\AppData\Local\WeMod
2021-01-31 15:36 - 2021-01-31 15:36 - 000000000 ____D C:\Users\Vanqq\AppData\Local\SquirrelTemp
2021-01-31 15:35 - 2021-01-31 15:35 - 000127872 _____ (WeMod LLC) C:\Users\Vanqq\Downloads\WeMod-Setup.exe
2021-01-31 15:35 - 2021-01-31 15:35 - 000127872 _____ (WeMod LLC) C:\Users\Vanqq\Downloads\Gears Tactics Trainer Setup.exe
2021-01-31 15:27 - 2021-01-23 09:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-31 15:27 - 2021-01-23 09:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-31 15:27 - 2021-01-23 09:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-31 15:27 - 2021-01-23 09:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-31 15:27 - 2021-01-23 09:14 - 001453728 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 001193120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 001512096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 001164960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000689312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-31 15:27 - 2021-01-23 09:12 - 000680096 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000672928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000613536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000558240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000547488 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 008262304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 007392928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 005637792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 004611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 002731168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 002103456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 001589408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 000813216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 000657056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 000446624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-31 15:27 - 2021-01-23 09:10 - 007116680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-31 15:27 - 2021-01-23 09:10 - 006070848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-31 15:27 - 2021-01-23 09:10 - 000850080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-31 15:27 - 2021-01-22 23:59 - 000084264 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-31 15:27 - 2021-01-22 23:59 - 000038640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-01-31 15:25 - 2021-01-31 15:25 - 000002912 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-31 15:25 - 2021-01-31 15:25 - 000002906 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-31 15:25 - 2021-01-31 15:25 - 000002902 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-31 15:25 - 2021-01-31 15:25 - 000002900 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-31 14:56 - 2021-02-01 17:55 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-31 14:56 - 2021-01-31 14:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-01-31 14:54 - 2021-02-01 17:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-31 14:54 - 2021-01-31 14:54 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-01-31 14:54 - 2021-01-31 14:54 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-01-31 14:54 - 2021-01-31 14:54 - 000003220 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-01-31 14:54 - 2021-01-31 14:54 - 000002850 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3495057415-85728902-141794291-1004
2021-01-31 14:54 - 2021-01-31 14:54 - 000000020 ___SH C:\Users\Vanqq\ntuser.ini
2021-01-31 14:51 - 2021-01-31 14:54 - 000000000 ____D C:\Users\Vanqq
2021-01-31 14:51 - 2021-01-31 14:52 - 000000000 ____D C:\Users\OxBJRrFpMN
2021-01-31 14:51 - 2019-12-07 10:10 - 000001105 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-31 14:51 - 2019-12-07 10:10 - 000001105 _____ C:\Users\OxBJRrFpMN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-31 14:50 - 2021-02-01 05:56 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-31 14:49 - 2021-02-01 17:49 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-31 14:49 - 2021-01-31 15:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-31 14:49 - 2021-01-31 14:49 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-31 14:21 - 2021-01-31 14:29 - 663780512 _____ (NVIDIA Corporation) C:\Users\Vanqq\Downloads\461.40-desktop-win10-64bit-international-dch-whql.exe
2021-01-31 12:58 - 2021-01-31 14:54 - 000000000 ___DC C:\WINDOWS\Panther
2021-01-31 12:55 - 2021-01-31 12:55 - 000000000 ___HD C:\$WinREAgent
2021-01-31 06:33 - 2021-01-31 23:49 - 000000000 ____D C:\Program Files\UNP
2021-01-30 23:51 - 2021-01-31 14:54 - 000000000 ____D C:\Program Files (x86)\Razer
2021-01-30 23:47 - 2021-01-31 23:49 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-01-30 23:47 - 2021-01-31 23:49 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-01-30 23:47 - 2021-01-30 23:48 - 000000000 ____D C:\WINDOWS\TextInput
2021-01-30 23:47 - 2021-01-30 23:47 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2021-01-30 23:47 - 2021-01-30 23:47 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2021-01-30 23:47 - 2021-01-30 23:47 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2021-01-30 23:47 - 2021-01-30 23:47 - 000000219 _____ C:\WINDOWS\system.ini
2021-01-30 23:47 - 2021-01-30 23:47 - 000000092 _____ C:\WINDOWS\win.ini
2021-01-30 23:47 - 2021-01-30 23:47 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2021-01-30 23:47 - 2021-01-30 23:47 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2021-01-30 23:44 - 2021-01-30 23:52 - 000000000 ___HD C:\$SysReset
2021-01-30 21:40 - 2021-01-30 21:40 - 000000000 ____D C:\Users\Vanqq\AppData\Local\INetHistory
2021-01-30 21:10 - 2021-01-30 21:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-01-30 21:10 - 2021-01-30 21:10 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2021-01-30 21:10 - 2021-01-30 21:10 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput
2021-01-30 20:52 - 2021-01-31 15:29 - 000000000 ____D C:\ProgramData\Packages
2021-01-30 20:52 - 2021-01-30 20:52 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Publishers
2021-01-30 20:38 - 2021-01-30 20:38 - 000000000 ____D C:\Users\Vanqq\AppData\Local\ElevatedDiagnostics
2021-01-30 20:15 - 2021-01-30 20:16 - 000296640 _____ C:\WINDOWS\ntbtlog.txt
2021-01-30 20:15 - 2021-01-30 20:15 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-30 20:14 - 2021-01-30 20:14 - 000000368 ____H C:\WINDOWS\Tasks\Intel PTT EK Recertification.job
2021-01-30 19:57 - 2021-01-31 17:37 - 000000000 ____D C:\Users\Vanqq\AppData\Local\D3DSCache
2021-01-30 19:52 - 2021-01-30 19:52 - 000000478 _____ C:\Users\Vanqq\Documents\license.bat
2021-01-30 19:47 - 2021-01-31 21:59 - 000000000 ____D C:\Users\Vanqq\AppData\Local\PackageStaging
2021-01-30 19:40 - 2021-01-30 19:40 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Comms
2021-01-30 19:28 - 2021-01-30 19:28 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Frontier Developments
2021-01-30 19:28 - 2021-01-30 19:28 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Frontier Developments
2021-01-30 19:25 - 2021-01-30 19:25 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-30 18:07 - 2021-01-30 18:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-30 18:06 - 2021-01-30 18:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-30 16:28 - 2021-01-30 16:28 - 000000202 _____ C:\Users\Vanqq\Desktop\Planet Coaster.url
2021-01-30 15:55 - 2021-01-30 16:22 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Steam
2021-01-30 15:55 - 2021-01-30 15:55 - 000000000 ____D C:\Users\Vanqq\AppData\Local\CEF
2021-01-30 15:54 - 2021-01-31 17:57 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Google
2021-01-30 15:54 - 2021-01-31 17:56 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-30 15:51 - 2021-01-30 15:51 - 000000599 _____ C:\Users\Public\Desktop\Steam.lnk
2021-01-30 15:51 - 2021-01-30 15:51 - 000000599 _____ C:\ProgramData\Desktop\Steam.lnk
2021-01-30 15:50 - 2021-02-01 17:50 - 000000000 ____D C:\Steam
2021-01-30 15:47 - 2021-01-30 15:47 - 000000000 ____D C:\Users\Vanqq\AppData\Local\OneDrive
2021-01-30 15:02 - 2021-01-31 16:19 - 000000000 ____D C:\Users\Vanqq\AppData\Local\PlaceholderTileLogoFolder
2021-01-30 15:00 - 2021-01-31 21:59 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Packages
2021-01-30 15:00 - 2021-01-30 16:22 - 000000000 ____D C:\Users\Vanqq\AppData\Local\ConnectedDevicesPlatform
2021-01-30 15:00 - 2021-01-30 15:47 - 000000000 ____D C:\Users\Vanqq\AppData\Local\MicrosoftEdge
2021-01-30 15:00 - 2021-01-30 15:00 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Adobe
2021-01-30 15:00 - 2021-01-30 15:00 - 000000000 ____D C:\Users\Vanqq\AppData\Local\VirtualStore
2021-01-30 14:57 - 2021-01-30 17:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-01-30 14:57 - 2021-01-30 14:57 - 000021224 _____ C:\Users\Vanqq\Desktop\Removed Apps.html
2021-01-30 14:57 - 2021-01-30 14:57 - 000020510 _____ C:\Users\OxBJRrFpMN\Desktop\Removed Apps.html
2021-01-30 14:54 - 2021-02-01 17:49 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-30 14:54 - 2021-01-31 15:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-31 15:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-31 15:29 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-31 15:28 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-30 14:54 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2021-01-30 14:54 - 2021-01-30 14:54 - 000000000 ____D C:\ProgramData\Razer
2021-01-30 14:28 - 2021-01-30 14:29 - 000000000 ____D C:\ESD
2021-01-30 14:28 - 2021-01-30 14:28 - 000000000 ___HD C:\$Windows.~WS
2021-01-30 13:34 - 2021-01-30 13:34 - 000000080 ___SH C:\bootTel.dat
2021-01-28 22:30 - 2021-01-28 22:34 - 000000000 ____D C:\Users\Vanqq\.dotnet
2021-01-28 22:25 - 2021-01-28 22:25 - 000000000 ____D C:\Users\Vanqq\Cheathappens
2021-01-28 22:09 - 2021-01-31 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.2
2021-01-28 22:09 - 2021-01-28 22:09 - 000000000 ____D C:\Users\Vanqq\Documents\My Cheat Tables
2021-01-23 01:45 - 2021-01-23 01:45 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\Mimimi
2021-01-16 05:49 - 2021-01-16 05:49 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\Oracle
2021-01-14 19:31 - 2021-01-14 19:41 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\MCC
2021-01-14 19:31 - 2021-01-14 19:31 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\UnrealEngine
2021-01-08 05:30 - 2021-01-22 23:59 - 000135408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-01-08 05:30 - 2020-10-05 14:03 - 001690976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2021-01-08 05:30 - 2020-10-05 14:03 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2021-01-08 05:30 - 2020-10-05 14:03 - 000047424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2021-01-08 05:30 - 2020-10-05 14:02 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445671.dll
2021-01-08 05:30 - 2020-10-05 14:02 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445671.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-01 17:55 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-01 17:49 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-01 17:49 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-01 06:03 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-02-01 05:57 - 2019-09-19 19:01 - 000002604 ____H C:\Users\Vanqq\Documents\Default.rdp
2021-02-01 05:56 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-02-01 05:56 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-01 05:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-01 05:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-01-31 23:49 - 2020-01-05 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenRCT2
2021-01-31 23:49 - 2019-12-07 10:18 - 000000000 ____D C:\WINDOWS\Setup
2021-01-31 23:49 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-01-31 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-01-31 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-01-31 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-31 23:49 - 2018-02-16 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-31 23:48 - 2020-11-29 06:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-01-31 23:48 - 2020-08-02 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2021-01-31 23:48 - 2020-01-10 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-01-31 23:48 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-01-31 23:47 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-31 23:47 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-01-31 23:47 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-01-31 23:46 - 2019-12-07 10:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-01-31 23:46 - 2019-12-07 10:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-01-31 23:38 - 2019-12-07 10:51 - 000000000 ____D C:\WINDOWS\OCR
2021-01-31 23:38 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-01-31 23:38 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-01-31 23:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-01-31 23:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-01-31 23:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-01-31 21:46 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-31 18:06 - 2018-03-14 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-01-31 17:24 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-31 16:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2021-01-31 16:00 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-31 16:00 - 2018-02-13 14:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-31 15:36 - 2019-09-27 20:22 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2021-01-31 15:11 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-31 14:55 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-01-31 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-31 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-31 14:54 - 2018-02-15 18:47 - 000000000 ___RD C:\Users\Vanqq\3D Objects
2021-01-31 14:51 - 2020-03-28 16:11 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-01-31 14:51 - 2018-02-18 14:58 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-30 22:01 - 2018-09-21 04:45 - 000000000 ____D C:\Users\Vanqq\Desktop\Misc
2021-01-30 15:02 - 2018-02-15 18:48 - 000000000 ___RD C:\Users\Vanqq\OneDrive
2021-01-30 14:42 - 2018-02-15 19:28 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\Mozilla
2021-01-16 06:38 - 2020-11-29 12:15 - 000000000 ____D C:\Users\Vanqq\Games
2021-01-16 05:21 - 2020-07-18 20:40 - 000000000 ____D C:\temp
2021-01-15 19:37 - 2019-09-23 18:17 - 000000000 ____D C:\Users\Vanqq\Documents\My Games
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by Vanqq (01-02-2021 17:56:33)
Running from C:\Users\Vanqq\Desktop
Windows 10 Home Version 20H2 19042.746 (X64) (2021-01-31 13:54:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3495057415-85728902-141794291-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3495057415-85728902-141794291-503 - Limited - Disabled)
Guest (S-1-5-21-3495057415-85728902-141794291-501 - Limited - Disabled)
hCArDMYVPlYUTE (S-1-5-21-3495057415-85728902-141794291-1005 - Limited - Enabled)
New (S-1-5-21-3495057415-85728902-141794291-1007 - Administrator - Enabled) => C:\Users\New
Vanqq (S-1-5-21-3495057415-85728902-141794291-1004 - Administrator - Enabled) => C:\Users\Vanqq
WDAGUtilityAccount (S-1-5-21-3495057415-85728902-141794291-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Excel (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Grafiktreiber 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Outlook (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
WeMod (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\WeMod) (Version: 6.3.12 - WeMod)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Word (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Corporation)
Gears Tactics -> C:\Program Files\WindowsApps\Microsoft.GanderBaseGame_1.0.149.0_x64__8wekyb3d8bbwe [2021-01-30] (0)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-31] (NVIDIA Corp.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-31] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-01-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-31] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-01-30 23:47 - 2021-02-01 17:48 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3495057415-85728902-141794291-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{4A8ABF16-D4D0-4746-A982-100381DB3183}C:\steam\steam.exe] => (Allow) C:\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{4E7A2A0C-C51A-4645-AFC6-F12BD1FCFCFB}C:\steam\steam.exe] => (Allow) C:\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EA1DA625-DAA3-4F0F-9584-6AD9B943B080}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{67F82824-8EC9-4622-96AC-01EF06392098}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
==================== Restore Points =========================
31-01-2021 17:23:43 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/01/2021 05:50:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (02/01/2021 05:50:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (02/01/2021 05:48:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (02/01/2021 05:47:53 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
Error: (02/01/2021 05:47:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007139F
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (02/01/2021 05:55:34 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (02/01/2021 05:54:55 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (02/01/2021 05:53:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
System errors:
=============
Error: (02/01/2021 05:49:47 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12
Error: (01/31/2021 09:59:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}
Error: (01/31/2021 09:55:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}
Error: (01/31/2021 09:51:13 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12
Error: (01/31/2021 09:44:00 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}
Error: (01/31/2021 09:41:27 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}
Error: (01/31/2021 08:35:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}
Error: (01/31/2021 08:17:13 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12
Windows Defender:
===================================
Date: 2021-02-01 17:52:33.4750000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D0!ml&threatid=2147757779&enterprise=0
Name: Trojan:Win32/Wacatac.D0!ml
ID: 2147757779
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp000030cd; file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp0000315d; file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp00003163
Erkennungsursprung: Local machine
Erkennungstype: Concrete
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: AV: 1.329.3277.0, AS: 1.329.3277.0, NIS: 1.329.3277.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-02-01 17:52:31.4850000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D0!ml&threatid=2147757779&enterprise=0
Name: Trojan:Win32/Wacatac.D0!ml
ID: 2147757779
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp000030cd; file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp0000315d
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: AV: 1.329.3277.0, AS: 1.329.3277.0, NIS: 1.329.3277.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-02-01 17:52:28.0400000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D0!ml&threatid=2147757779&enterprise=0
Name: Trojan:Win32/Wacatac.D0!ml
ID: 2147757779
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp000030cd
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: AV: 1.329.3277.0, AS: 1.329.3277.0, NIS: 1.329.3277.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-02-01 17:52:06.2600000Z
Description:
Der überwachte Ordnerzugriff hat C:\EEK\bin64\a2emergencykit.exe daran gehindert, Änderungen am Speicher durchzuführen.
Erkennungszeit: 2021-02-01T16:52:06.259Z
Benutzer: DESKTOP-TRKOEOE\Vanqq
Pfad: \Device\Harddisk0\DR0
Name des Prozesses: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: 1.329.3277.0
Modulversion: 1.1.17700.4
Produktversion: 4.18.2011.6
Date: 2021-01-31 20:34:38.2360000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D0!ml&threatid=2147757779&enterprise=0
Name: Trojan:Win32/Wacatac.D0!ml
ID: 2147757779
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000000d6\tmp000030b1
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: AV: 1.329.3249.0, AS: 1.329.3249.0, NIS: 1.329.3249.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1.20 12/28/2017
Motherboard: Micro-Star International Co., Ltd. Z370 TOMAHAWK (MS-7B47)
Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 25%
Total physical RAM: 16338.91 MB
Available physical RAM: 12126.87 MB
Total Virtual: 19282.91 MB
Available Virtual: 13069.94 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:255.57 GB) (Free:160.77 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:914.44 GB) NTFS
\\?\Volume{ad4b423a-e324-422c-8d18-b7fd741188c9}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{f9598e96-19b3-479b-9f58-120e53b5a14d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 256.2 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
|
Lesestoff: