Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Thema geschlossen
Alt 31.01.2021, 20:28   #1
Mad2
 
Windows Defener meldet bei Startup Win64/Tnega!MSR  / Malwarebytes findet Riskware.Script - Standard

Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script



Hallo zusammen,

ich habe gestern einige Änderungen an meinen Berechtigungen vorgenommen um auf Dateien im WindowsApps-Ordner zugreifen zu können, hätte ich es bloß gelassen
Ich kann mich nicht daran erinnern eine Fremdsoftware installiert zu haben

Was ist seitdem passiert?

Los ging es mit Fehlermeldungen der Xbox-App und des Microsoft-Store, daraufhin habe ich Windows zurückgesetzt -> keine Besserung.

Der Defender erkennt bei jedem Startup Win64/Tnega!MSR und löscht ihn - in meiner Panik habe ich Malwarebytes und Spyhunter installiert - Malwarebytes unterbindet seitdem ständig die Versuche von Riskware.Script die Registry zu verändern oder Webseiten aufzurufen.



FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by Vanqq (administrator) on DESKTOP-TRKOEOE (Micro-Star International Co., Ltd. MS-7B47) (31-01-2021 20:56:04)
Running from C:\Users\Vanqq\Desktop
Loaded Profiles: Vanqq
Platform: Windows 10 Home Version 20H2 19042.746 (X64) Language: Englisch (Vereinigte Staaten)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <35>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe <2>
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\Run: [Steam] => C:\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-31] (Google LLC -> Google LLC)
Startup: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2020-01-05] (Leader Technologies) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {162E621D-DF8C-4B40-A6F3-F6DF74A8E33D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {17DE9E3A-22D3-457D-A069-0DAEF6D8959D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-31] (Google LLC -> Google LLC)
Task: {232CBDDA-1067-44D9-A149-BC3C396D830E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-31] (Google LLC -> Google LLC)
Task: {448B973C-4C76-4683-BDD5-DFF2C6BAE187} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {69409985-36F7-4C5A-8B79-4E25E7E630BD} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {6BF87EC1-9D57-41D1-8E76-ABCB28A83284} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ADE8B40E-F4BC-4F3B-AC58-C11856682C55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2b2f4dc8-61fa-4b20-aa69-97e6a79c7657}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Profile: C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-31]
Edge Extension: (Outlook) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-31]
Edge Extension: (Word) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-31]
Edge Extension: (Excel) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-31]
Edge Extension: (PowerPoint) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-31]

Chrome: 
=======
CHR Profile: C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default [2021-01-31]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR Extension: (Präsentationen) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-31]
CHR Extension: (Docs) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-31]
CHR Extension: (Google Drive) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-31]
CHR Extension: (YouTube) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-31]
CHR Extension: (Tabellen) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Google Mail) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [12887096 2021-01-31] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-31] (Malwarebytes Inc -> Malwarebytes)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [526904 2021-01-31] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [76744 2021-01-31] (EnigmaSoft Limited -> EnigmaSoft Limited)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-31] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220600 2021-01-31] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-31] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-01-31] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-31] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-01-31] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142440 2021-01-31] (Malwarebytes Inc -> Malwarebytes)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [51776 2020-02-17] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_006e; C:\WINDOWS\System32\drivers\RzDev_006e.sys [52496 2020-02-17] (Razer USA Ltd. -> Razer Inc)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-01-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2021-01-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-30] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-01 03:00 - 2021-01-31 20:16 - 075497472 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-02-01 02:59 - 2021-02-01 03:00 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-01-31 23:49 - 2021-01-31 14:54 - 000000000 ____D C:\Windows.old
2021-01-31 23:48 - 2021-01-31 23:49 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-01-31 23:47 - 2021-01-31 23:48 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-01-31 23:47 - 2021-01-31 23:47 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-01-31 23:47 - 2021-01-31 23:47 - 000000000 ____D C:\ProgramData\ssh
2021-01-31 23:44 - 2021-01-31 23:44 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-01-31 23:44 - 2021-01-31 23:44 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-01-31 23:44 - 2021-01-31 23:44 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-01-31 23:44 - 2021-01-31 23:44 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-31 23:44 - 2021-01-31 23:44 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-31 23:44 - 2021-01-31 23:44 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-31 23:44 - 2021-01-31 23:44 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-31 23:44 - 2021-01-31 23:44 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-31 23:44 - 2021-01-31 23:44 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-01-31 23:44 - 2021-01-31 23:44 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-01-31 23:44 - 2021-01-31 23:44 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-31 23:44 - 2021-01-31 23:44 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-01-31 23:44 - 2021-01-31 23:44 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-01-31 23:43 - 2021-01-31 23:43 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-01-31 23:43 - 2021-01-31 23:43 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-31 23:43 - 2021-01-31 23:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-31 23:43 - 2021-01-31 23:43 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-31 23:43 - 2021-01-31 23:43 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-01-31 23:43 - 2021-01-31 23:43 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-01-31 23:39 - 2021-01-31 23:39 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-01-31 23:39 - 2021-01-31 23:39 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-01-31 23:37 - 2021-01-31 23:37 - 000306166 _____ C:\WINDOWS\system32\perfi007.dat
2021-01-31 23:37 - 2021-01-31 23:37 - 000040520 _____ C:\WINDOWS\system32\perfd007.dat
2021-01-31 23:37 - 2021-01-31 23:37 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-01-31 23:37 - 2021-01-31 23:37 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2021-01-31 23:37 - 2021-01-31 23:37 - 000000000 ____D C:\WINDOWS\system32\de
2021-01-31 23:37 - 2021-01-31 20:24 - 000741386 _____ C:\WINDOWS\system32\perfh007.dat
2021-01-31 23:37 - 2021-01-31 20:24 - 000149636 _____ C:\WINDOWS\system32\perfc007.dat
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files\MSBuild
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-31 20:56 - 2021-01-31 20:56 - 000012182 _____ C:\Users\Vanqq\Desktop\FRST.txt
2021-01-31 20:55 - 2021-01-31 20:55 - 002297856 _____ (Farbar) C:\Users\Vanqq\Downloads\FRST64.exe
2021-01-31 20:55 - 2021-01-31 20:55 - 002297856 _____ (Farbar) C:\Users\Vanqq\Desktop\FRST64.exe
2021-01-31 20:45 - 2021-01-31 20:50 - 000000000 ____D C:\ProgramData\RogueKiller
2021-01-31 20:45 - 2021-01-31 20:45 - 031049536 _____ C:\Users\Vanqq\Downloads\RogueKiller_portable64.exe
2021-01-31 20:40 - 2021-01-31 20:40 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000220600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000142440 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-31 20:40 - 2021-01-31 20:40 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-31 20:40 - 2021-01-31 20:40 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-31 20:39 - 2021-01-31 20:39 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-31 20:38 - 2021-01-31 20:38 - 001965536 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\MBSetup-80562.80562-consumer.exe
2021-01-31 20:33 - 2021-01-31 20:35 - 000000000 ____D C:\EEK
2021-01-31 20:33 - 2021-01-31 20:33 - 000000000 ____D C:\ProgramData\Emsisoft
2021-01-31 20:29 - 2021-01-31 20:29 - 000010018 _____ C:\Users\Vanqq\Downloads\scan_210114-145759.txt
2021-01-31 20:28 - 2021-01-31 20:32 - 315446840 _____ C:\Users\Vanqq\Downloads\EmsisoftEmergencyKit.exe
2021-01-31 20:16 - 2021-01-31 20:17 - 000005886 _____ C:\Users\Vanqq\Desktop\Fixlog.txt
2021-01-31 20:15 - 2021-01-31 20:56 - 000000000 ____D C:\FRST
2021-01-31 18:12 - 2021-01-31 20:17 - 000076744 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2021-01-31 18:12 - 2021-01-31 18:12 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2021-01-31 18:12 - 2021-01-31 18:12 - 000001055 _____ C:\ProgramData\Desktop\SpyHunter5.lnk
2021-01-31 18:12 - 2021-01-31 18:12 - 000000000 ____D C:\sh5ldr
2021-01-31 18:12 - 2021-01-31 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2021-01-31 18:12 - 2021-01-31 18:12 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2021-01-31 18:11 - 2021-01-31 18:11 - 000000000 ____D C:\Program Files\EnigmaSoft
2021-01-31 18:10 - 2021-01-31 18:11 - 006565432 _____ (EnigmaSoft Limited) C:\Users\Vanqq\Downloads\SpyHunter-5.10-15-7042-Installer.exe
2021-01-31 18:05 - 2021-01-31 18:06 - 000000000 ____D C:\AdwCleaner
2021-01-31 18:05 - 2021-01-31 18:05 - 008457584 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\adwcleaner_8.0.9.1.exe
2021-01-31 17:57 - 2021-01-31 17:57 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-31 17:57 - 2021-01-31 17:57 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-31 17:57 - 2021-01-31 17:57 - 000002266 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-31 17:57 - 2021-01-31 17:57 - 000000000 ____D C:\Program Files\Google
2021-01-31 17:56 - 2021-01-31 17:56 - 001321688 _____ (Google LLC) C:\Users\Vanqq\Downloads\ChromeSetup.exe
2021-01-31 17:56 - 2021-01-31 17:56 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-31 17:56 - 2021-01-31 17:56 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-31 17:42 - 2021-01-31 17:42 - 011530207 _____ C:\Users\Vanqq\Downloads\fearlessrevolution.zip
2021-01-31 17:42 - 2021-01-31 17:42 - 000000000 ____D C:\Users\Vanqq\Desktop\FearlessRevolution
2021-01-31 17:37 - 2021-01-31 17:49 - 000000000 ____D C:\Users\Vanqq\AppData\Local\GearsTactics
2021-01-31 17:37 - 2021-01-31 17:37 - 000000000 ____D C:\Users\Vanqq\AppData\Local\UnrealEngine
2021-01-31 17:37 - 2021-01-31 17:37 - 000000000 ____D C:\Users\Vanqq\AppData\Local\NVIDIA Corporation
2021-01-31 17:14 - 2021-01-31 17:14 - 000001873 _____ C:\Users\Vanqq\Downloads\windows_10_store_app_herunterladen.zip
2021-01-31 17:09 - 2021-01-31 17:09 - 000833913 _____ C:\Users\Vanqq\Downloads\Microsoft.VCLibs.140.00_14.0.29231.0_x64__8wekyb3d8bbwe.Appx
2021-01-31 17:09 - 2021-01-31 17:09 - 000244530 _____ C:\Users\Vanqq\Downloads\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe.Appx
2021-01-31 17:08 - 2021-01-31 17:09 - 060448631 _____ C:\Users\Vanqq\Downloads\Microsoft.WindowsStore_12010.1001.313.0_neutral___8wekyb3d8bbwe.AppxBundle
2021-01-31 17:08 - 2021-01-31 17:08 - 005204216 _____ C:\Users\Vanqq\Downloads\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe.Appx
2021-01-31 16:12 - 2021-01-31 17:55 - 000000000 ____D C:\Users\Vanqq\AppData\Local\CrashDumps
2021-01-31 16:11 - 2021-01-31 16:11 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10-Update-Assistent.lnk
2021-01-31 16:11 - 2021-01-31 16:11 - 000000000 ____D C:\Windows10Upgrade
2021-01-31 16:02 - 2021-01-31 16:03 - 008673152 _____ () C:\Users\New\Downloads\XboxInstaller.exe
2021-01-31 16:02 - 2021-01-31 16:02 - 000000000 ____D C:\Users\New\AppData\Local\Steam
2021-01-31 16:02 - 2021-01-31 16:02 - 000000000 ____D C:\Users\New\AppData\Local\CEF
2021-01-31 16:01 - 2021-01-31 16:03 - 000000000 ____D C:\Users\New\AppData\Local\PlaceholderTileLogoFolder
2021-01-31 16:01 - 2021-01-31 16:02 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3495057415-85728902-141794291-1007
2021-01-31 16:01 - 2021-01-31 16:02 - 000000000 ___RD C:\Users\New\OneDrive
2021-01-31 16:00 - 2021-01-31 16:03 - 000000000 ____D C:\Users\New\AppData\Local\Packages
2021-01-31 16:00 - 2021-01-31 16:02 - 000002353 _____ C:\Users\New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-31 16:00 - 2021-01-31 16:01 - 000002266 _____ C:\Users\New\Desktop\Google Chrome.lnk
2021-01-31 16:00 - 2021-01-31 16:01 - 000000000 ____D C:\Users\New
2021-01-31 16:00 - 2021-01-31 16:00 - 000002344 _____ C:\Users\New\Desktop\Microsoft Edge.lnk
2021-01-31 16:00 - 2021-01-31 16:00 - 000000020 ___SH C:\Users\New\ntuser.ini
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ___RD C:\Users\New\3D Objects
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Roaming\Adobe
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\VirtualStore
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\Publishers
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\Google
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\ConnectedDevicesPlatform
2021-01-31 15:55 - 2021-01-31 15:55 - 000000000 ____D C:\Users\Vanqq\AppData\Local\mbam
2021-01-31 15:54 - 2021-01-31 15:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-31 15:53 - 2021-01-31 15:53 - 002086424 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\MBSetup.exe
2021-01-31 15:49 - 2021-01-31 15:49 - 008673152 _____ () C:\Users\Vanqq\Downloads\XboxInstaller.exe
2021-01-31 15:39 - 2021-01-31 15:39 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-31 15:39 - 2021-01-31 15:39 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f7d890cf30bd
2021-01-31 15:36 - 2021-01-31 17:58 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\WeMod
2021-01-31 15:36 - 2021-01-31 15:36 - 000002151 _____ C:\Users\Vanqq\Desktop\WeMod.lnk
2021-01-31 15:36 - 2021-01-31 15:36 - 000000000 ____D C:\Users\Vanqq\AppData\Local\WeMod
2021-01-31 15:36 - 2021-01-31 15:36 - 000000000 ____D C:\Users\Vanqq\AppData\Local\SquirrelTemp
2021-01-31 15:35 - 2021-01-31 15:35 - 000127872 _____ (WeMod LLC) C:\Users\Vanqq\Downloads\WeMod-Setup.exe
2021-01-31 15:35 - 2021-01-31 15:35 - 000127872 _____ (WeMod LLC) C:\Users\Vanqq\Downloads\Gears Tactics Trainer Setup.exe
2021-01-31 15:27 - 2021-01-23 09:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-31 15:27 - 2021-01-23 09:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-31 15:27 - 2021-01-23 09:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-31 15:27 - 2021-01-23 09:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-31 15:27 - 2021-01-23 09:14 - 001453728 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 001193120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 001512096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 001164960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000689312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-31 15:27 - 2021-01-23 09:12 - 000680096 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000672928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000613536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000558240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000547488 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 008262304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 007392928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 005637792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 004611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 002731168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 002103456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 001589408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 000813216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 000657056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 000446624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-31 15:27 - 2021-01-23 09:10 - 007116680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-31 15:27 - 2021-01-23 09:10 - 006070848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-31 15:27 - 2021-01-23 09:10 - 000850080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-31 15:27 - 2021-01-22 23:59 - 000084264 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-31 15:27 - 2021-01-22 23:59 - 000038640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-01-31 15:25 - 2021-01-31 15:25 - 000002912 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-31 15:25 - 2021-01-31 15:25 - 000002906 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-31 15:25 - 2021-01-31 15:25 - 000002902 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-31 15:25 - 2021-01-31 15:25 - 000002900 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-31 14:56 - 2021-01-31 20:24 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-31 14:56 - 2021-01-31 14:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-01-31 14:54 - 2021-01-31 20:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-31 14:54 - 2021-01-31 14:54 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-01-31 14:54 - 2021-01-31 14:54 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-01-31 14:54 - 2021-01-31 14:54 - 000003220 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-01-31 14:54 - 2021-01-31 14:54 - 000002850 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3495057415-85728902-141794291-1004
2021-01-31 14:54 - 2021-01-31 14:54 - 000000020 ___SH C:\Users\Vanqq\ntuser.ini
2021-01-31 14:51 - 2021-01-31 14:54 - 000000000 ____D C:\Users\Vanqq
2021-01-31 14:51 - 2021-01-31 14:52 - 000000000 ____D C:\Users\OxBJRrFpMN
2021-01-31 14:51 - 2019-12-07 10:10 - 000001105 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-31 14:51 - 2019-12-07 10:10 - 000001105 _____ C:\Users\OxBJRrFpMN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-31 14:50 - 2021-01-31 14:50 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-31 14:49 - 2021-01-31 20:17 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-31 14:49 - 2021-01-31 15:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-31 14:49 - 2021-01-31 14:49 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-31 14:21 - 2021-01-31 14:29 - 663780512 _____ (NVIDIA Corporation) C:\Users\Vanqq\Downloads\461.40-desktop-win10-64bit-international-dch-whql.exe
2021-01-31 12:58 - 2021-01-31 14:54 - 000000000 ___DC C:\WINDOWS\Panther
2021-01-31 12:55 - 2021-01-31 12:55 - 000000000 ___HD C:\$WinREAgent
2021-01-31 06:33 - 2021-01-31 23:49 - 000000000 ____D C:\Program Files\UNP
2021-01-30 23:51 - 2021-01-31 14:54 - 000000000 ____D C:\Program Files (x86)\Razer
2021-01-30 23:47 - 2021-01-31 23:49 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-01-30 23:47 - 2021-01-31 23:49 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-01-30 23:47 - 2021-01-30 23:48 - 000000000 ____D C:\WINDOWS\TextInput
2021-01-30 23:47 - 2021-01-30 23:47 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2021-01-30 23:47 - 2021-01-30 23:47 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2021-01-30 23:47 - 2021-01-30 23:47 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2021-01-30 23:47 - 2021-01-30 23:47 - 000000219 _____ C:\WINDOWS\system.ini
2021-01-30 23:47 - 2021-01-30 23:47 - 000000092 _____ C:\WINDOWS\win.ini
2021-01-30 23:47 - 2021-01-30 23:47 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2021-01-30 23:47 - 2021-01-30 23:47 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2021-01-30 23:44 - 2021-01-30 23:52 - 000000000 ___HD C:\$SysReset
2021-01-30 21:40 - 2021-01-30 21:40 - 000000000 ____D C:\Users\Vanqq\AppData\Local\INetHistory
2021-01-30 21:10 - 2021-01-30 21:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-01-30 21:10 - 2021-01-30 21:10 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2021-01-30 21:10 - 2021-01-30 21:10 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput
2021-01-30 20:52 - 2021-01-31 15:29 - 000000000 ____D C:\ProgramData\Packages
2021-01-30 20:52 - 2021-01-30 20:52 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Publishers
2021-01-30 20:38 - 2021-01-30 20:38 - 000000000 ____D C:\Users\Vanqq\AppData\Local\ElevatedDiagnostics
2021-01-30 20:15 - 2021-01-30 20:16 - 000296640 _____ C:\WINDOWS\ntbtlog.txt
2021-01-30 20:15 - 2021-01-30 20:15 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-30 20:14 - 2021-01-30 20:14 - 000000368 ____H C:\WINDOWS\Tasks\Intel PTT EK Recertification.job
2021-01-30 19:57 - 2021-01-31 17:37 - 000000000 ____D C:\Users\Vanqq\AppData\Local\D3DSCache
2021-01-30 19:52 - 2021-01-30 19:52 - 000000478 _____ C:\Users\Vanqq\Documents\license.bat
2021-01-30 19:47 - 2021-01-31 17:24 - 000000000 ____D C:\Users\Vanqq\AppData\Local\PackageStaging
2021-01-30 19:40 - 2021-01-30 19:40 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Comms
2021-01-30 19:28 - 2021-01-30 19:28 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Frontier Developments
2021-01-30 19:28 - 2021-01-30 19:28 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Frontier Developments
2021-01-30 19:25 - 2021-01-30 19:25 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-30 18:07 - 2021-01-30 18:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-30 18:06 - 2021-01-30 18:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-30 16:28 - 2021-01-30 16:28 - 000000202 _____ C:\Users\Vanqq\Desktop\Planet Coaster.url
2021-01-30 15:55 - 2021-01-30 16:22 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Steam
2021-01-30 15:55 - 2021-01-30 15:55 - 000000000 ____D C:\Users\Vanqq\AppData\Local\CEF
2021-01-30 15:54 - 2021-01-31 17:57 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Google
2021-01-30 15:54 - 2021-01-31 17:56 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-30 15:51 - 2021-01-30 15:51 - 000000599 _____ C:\Users\Public\Desktop\Steam.lnk
2021-01-30 15:51 - 2021-01-30 15:51 - 000000599 _____ C:\ProgramData\Desktop\Steam.lnk
2021-01-30 15:50 - 2021-01-31 20:17 - 000000000 ____D C:\Steam
2021-01-30 15:47 - 2021-01-30 15:47 - 000000000 ____D C:\Users\Vanqq\AppData\Local\OneDrive
2021-01-30 15:02 - 2021-01-31 16:19 - 000000000 ____D C:\Users\Vanqq\AppData\Local\PlaceholderTileLogoFolder
2021-01-30 15:00 - 2021-01-31 17:24 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Packages
2021-01-30 15:00 - 2021-01-30 16:22 - 000000000 ____D C:\Users\Vanqq\AppData\Local\ConnectedDevicesPlatform
2021-01-30 15:00 - 2021-01-30 15:47 - 000000000 ____D C:\Users\Vanqq\AppData\Local\MicrosoftEdge
2021-01-30 15:00 - 2021-01-30 15:00 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Adobe
2021-01-30 15:00 - 2021-01-30 15:00 - 000000000 ____D C:\Users\Vanqq\AppData\Local\VirtualStore
2021-01-30 14:57 - 2021-01-30 17:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-01-30 14:57 - 2021-01-30 14:57 - 000021224 _____ C:\Users\Vanqq\Desktop\Removed Apps.html
2021-01-30 14:57 - 2021-01-30 14:57 - 000020510 _____ C:\Users\OxBJRrFpMN\Desktop\Removed Apps.html
2021-01-30 14:54 - 2021-01-31 20:17 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-30 14:54 - 2021-01-31 15:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-31 15:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-31 15:29 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-31 15:28 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-30 14:54 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2021-01-30 14:54 - 2021-01-30 14:54 - 000000000 ____D C:\ProgramData\Razer
2021-01-30 14:28 - 2021-01-30 14:29 - 000000000 ____D C:\ESD
2021-01-30 14:28 - 2021-01-30 14:28 - 000000000 ___HD C:\$Windows.~WS
2021-01-30 13:34 - 2021-01-30 13:34 - 000000080 ___SH C:\bootTel.dat
2021-01-28 22:30 - 2021-01-28 22:34 - 000000000 ____D C:\Users\Vanqq\.dotnet
2021-01-28 22:25 - 2021-01-28 22:25 - 000000000 ____D C:\Users\Vanqq\Cheathappens
2021-01-28 22:09 - 2021-01-31 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.2
2021-01-28 22:09 - 2021-01-28 22:09 - 000000000 ____D C:\Users\Vanqq\Documents\My Cheat Tables
2021-01-23 01:45 - 2021-01-23 01:45 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\Mimimi
2021-01-16 05:49 - 2021-01-16 05:49 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\Oracle
2021-01-14 19:31 - 2021-01-14 19:41 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\MCC
2021-01-14 19:31 - 2021-01-14 19:31 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\UnrealEngine
2021-01-08 05:30 - 2021-01-22 23:59 - 000135408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-01-08 05:30 - 2020-10-05 14:03 - 001690976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2021-01-08 05:30 - 2020-10-05 14:03 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2021-01-08 05:30 - 2020-10-05 14:03 - 000047424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2021-01-08 05:30 - 2020-10-05 14:02 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445671.dll
2021-01-08 05:30 - 2020-10-05 14:02 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445671.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-31 23:49 - 2020-01-05 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenRCT2
2021-01-31 23:49 - 2019-12-07 10:18 - 000000000 ____D C:\WINDOWS\Setup
2021-01-31 23:49 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-01-31 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-01-31 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-01-31 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-31 23:49 - 2018-02-16 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-31 23:48 - 2020-11-29 06:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-01-31 23:48 - 2020-08-02 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2021-01-31 23:48 - 2020-01-10 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-01-31 23:48 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-01-31 23:47 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-31 23:47 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-01-31 23:47 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-01-31 23:46 - 2019-12-07 10:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-01-31 23:46 - 2019-12-07 10:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-01-31 23:38 - 2019-12-07 10:51 - 000000000 ____D C:\WINDOWS\OCR
2021-01-31 23:38 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-01-31 23:38 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-01-31 23:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-01-31 23:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-01-31 23:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-01-31 20:45 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-31 20:40 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-31 20:24 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-31 20:17 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-31 20:16 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-31 18:06 - 2018-03-14 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-01-31 17:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-31 17:24 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-31 17:19 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-31 16:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2021-01-31 16:00 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-31 16:00 - 2018-02-13 14:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-31 15:36 - 2019-09-27 20:22 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2021-01-31 15:11 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-31 14:55 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-01-31 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-31 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-31 14:54 - 2018-02-15 18:47 - 000000000 ___RD C:\Users\Vanqq\3D Objects
2021-01-31 14:51 - 2020-03-28 16:11 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-01-31 14:51 - 2018-02-18 14:58 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-31 14:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-01-30 22:01 - 2018-09-21 04:45 - 000000000 ____D C:\Users\Vanqq\Desktop\Misc
2021-01-30 15:02 - 2018-02-15 18:48 - 000000000 ___RD C:\Users\Vanqq\OneDrive
2021-01-30 14:42 - 2018-02-15 19:28 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\Mozilla
2021-01-29 17:14 - 2019-09-19 19:01 - 000002604 ____H C:\Users\Vanqq\Documents\Default.rdp
2021-01-16 06:38 - 2020-11-29 12:15 - 000000000 ____D C:\Users\Vanqq\Games
2021-01-16 05:21 - 2020-07-18 20:40 - 000000000 ____D C:\temp
2021-01-15 19:37 - 2019-09-23 18:17 - 000000000 ____D C:\Users\Vanqq\Documents\My Games
2021-01-01 15:32 - 2018-02-15 20:14 - 000000000 ____D C:\Users\Vanqq\ansel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
         
Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by Vanqq (31-01-2021 20:57:27)
Running from C:\Users\Vanqq\Desktop
Windows 10 Home Version 20H2 19042.746 (X64) (2021-01-31 13:54:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3495057415-85728902-141794291-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3495057415-85728902-141794291-503 - Limited - Disabled)
Guest (S-1-5-21-3495057415-85728902-141794291-501 - Limited - Disabled)
hCArDMYVPlYUTE (S-1-5-21-3495057415-85728902-141794291-1005 - Limited - Enabled)
New (S-1-5-21-3495057415-85728902-141794291-1007 - Administrator - Enabled) => C:\Users\New
Vanqq (S-1-5-21-3495057415-85728902-141794291-1004 - Administrator - Enabled) => C:\Users\Vanqq
WDAGUtilityAccount (S-1-5-21-3495057415-85728902-141794291-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Excel (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.67 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Grafiktreiber 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Outlook (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.10.7.226 - EnigmaSoft Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
WeMod (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\WeMod) (Version: 6.3.12 - WeMod)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Word (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Corporation)
Gears Tactics -> C:\Program Files\WindowsApps\Microsoft.GanderBaseGame_1.0.149.0_x64__8wekyb3d8bbwe [2021-01-30] (0)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-31] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-31] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-01-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-31] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-01-30 23:47 - 2021-01-31 20:16 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3495057415-85728902-141794291-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D43176CF-CF69-47DA-B1BD-7D82E4927F68}] => (Allow) C:\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C68CFC02-1977-4129-9EDB-3211DC9BFCBE}] => (Allow) C:\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{07546AB5-BC9A-446B-A053-ED11C56FC618}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{CB3DD9B7-D812-4B55-805F-EEBC7991DF9F}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)

==================== Restore Points =========================

31-01-2021 17:23:43 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/31/2021 08:17:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/31/2021 08:17:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/31/2021 08:17:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/31/2021 08:09:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/31/2021 08:09:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007139F
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/31/2021 08:09:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007139F
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/31/2021 06:01:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/31/2021 06:01:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (01/31/2021 08:35:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}

Error: (01/31/2021 08:17:13 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12

Error: (01/31/2021 08:16:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/31/2021 08:16:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/31/2021 08:16:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/31/2021 08:16:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (01/31/2021 08:16:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SpyHunter 5 Kernel Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/31/2021 08:16:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Display Container LS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Restart the service.


Windows Defender:
===================================
Date: 2021-01-31 20:34:38.2360000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D0!ml&threatid=2147757779&enterprise=0
Name: Trojan:Win32/Wacatac.D0!ml
ID: 2147757779
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000000d6\tmp000030b1
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: AV: 1.329.3249.0, AS: 1.329.3249.0, NIS: 1.329.3249.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-31 20:34:22.9610000Z
Description: 
Der überwachte Ordnerzugriff hat C:\EEK\bin64\a2emergencykit.exe daran gehindert, Änderungen am Speicher durchzuführen.
Erkennungszeit: 2021-01-31T19:34:22.961Z
Benutzer: DESKTOP-TRKOEOE\Vanqq
Pfad: \Device\Harddisk0\DR0
Name des Prozesses: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: 1.329.3249.0
Modulversion: 1.1.17700.4
Produktversion: 4.18.2011.6

Date: 2021-01-31 20:17:51.9490000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Severe
Kategorie: Trojan Dropper
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Local machine
Erkennungstype: Concrete
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
Sicherheitsversion: AV: 1.329.3234.0, AS: 1.329.3234.0, NIS: 1.329.3234.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-31 20:10:17.8690000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Severe
Kategorie: Trojan Dropper
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Local machine
Erkennungstype: Concrete
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
Sicherheitsversion: AV: 1.329.3234.0, AS: 1.329.3234.0, NIS: 1.329.3234.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-31 18:05:40.9530000Z
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {6F71B5B4-CEDB-47B2-BD32-50A93492C764}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Full Scan
Benutzer: DESKTOP-TRKOEOE\Vanqq

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1.20 12/28/2017
Motherboard: Micro-Star International Co., Ltd. Z370 TOMAHAWK (MS-7B47)
Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 29%
Total physical RAM: 16338.91 MB
Available physical RAM: 11589.17 MB
Total Virtual: 19282.91 MB
Available Virtual: 12812.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:255.57 GB) (Free:163.1 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:914.44 GB) NTFS

\\?\Volume{ad4b423a-e324-422c-8d18-b7fd741188c9}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{f9598e96-19b3-479b-9f58-120e53b5a14d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 256.2 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
         
Malwarebytes und Spyhunter melden nach den Scans keine Treffer.

Ich danke Euch vorab für Eure Hilfe!

Alt 31.01.2021, 20:38   #2
M-K-D-B
/// TB-Ausbilder
 
Windows Defener meldet bei Startup Win64/Tnega!MSR  / Malwarebytes findet Riskware.Script - Standard

Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script







Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.



Ich hoffe, du hast für SpyHunter kein Geld ausgegeben. Das ist die reinste Abzocke.
Wieso postest du nicht die Logdatei von MBAM mit den erwähnten Funden? Bitte nachreichen!






Schritt 1
Die folgenden Programme sind veraltet, stören die Bereinigung oder es handelt sich um Werbesoftware bzw. unerwünschte Software (Adware, PUP) und müssen entfernt werden.
  • Deinstalliere über Start > Einstellungen > Apps bzw. Start > Systemsteuerung > Programme deinstallieren die folgenden Programme:
    • SpyHunter 5
  • Starte den Rechner im Anschluss neu auf.
  • Gib eine kurze Rückmeldung, ob die Deinstallation erfolgreich war.





Schritt 2
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    CMD: reg query HKCU\Software
    CMD: reg query HKCU\Environment
    End::
             
  • Starte nun FRST und klicke direkt den Reparieren Button.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort:
  • die Logdatei von MBAM
  • eine Rückmeldung bezüglich der Deinstallationen
  • die Logdatei des FRST-Fix (fixlog.txt)
__________________

__________________

Alt 31.01.2021, 20:53   #3
Mad2
 
Windows Defener meldet bei Startup Win64/Tnega!MSR  / Malwarebytes findet Riskware.Script - Standard

Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script



Fixe Antwort für den fixen Helfer

Habe Spyhunter deinstalliert und glücklicherweise kein Geld dafür ausgegeben.

Kleiner Edit: Habe Sophos Antivirus installiert und die Installation abgebrochen als ich Deine Antwort gelesen habe, ab jetzt wird nur noch auf Dein Kommando installiert

Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by Vanqq (31-01-2021 21:52:06) Run:2
Running from C:\Users\Vanqq\Desktop
Loaded Profiles: Vanqq
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: reg query HKCU\Software
CMD: reg query HKCU\Environment

*****************


========= reg query HKCU\Software =========


HKEY_CURRENT_USER\Software\Adlice Software
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\Chromium
HKEY_CURRENT_USER\Software\Google
HKEY_CURRENT_USER\Software\LeaderTech
HKEY_CURRENT_USER\Software\Malwarebytes
HKEY_CURRENT_USER\Software\Microsoft
HKEY_CURRENT_USER\Software\NVIDIA Corporation
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software\RegisteredApplications
HKEY_CURRENT_USER\Software\Sophos
HKEY_CURRENT_USER\Software\Valve
HKEY_CURRENT_USER\Software\WOW6432Node
HKEY_CURRENT_USER\Software\Classes

========= End of CMD: =========


========= reg query HKCU\Environment =========


HKEY_CURRENT_USER\Environment
    Path    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
    TEMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp
    TMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp
    OneDrive    REG_EXPAND_SZ    C:\Users\Vanqq\OneDrive
    Vanqq    REG_SZ    "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"    -windowstyle hidden  -En "PAAjACAAbwBkAGEAagBtAHEAYQBtAGgAZQBuAHcAIAAjAD4AJAB1AD0AJABlAG4AdgA6AFUAcwBlAHIATgBhAG0AZQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAA3ADAAMAA7ACQAaQArACsAKQB7ACQAYwA9ACIASABLAEMAVQA6AFwAUwBPAEYAVABXAEEAUgBFAFwAIgArACQAdQArACIAMQAiADsAVAByAHkAewAkAGEAPQAkAGEAKwAoAEcAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAHAAYQB0AGgAIAAkAGMAKQAuACQAaQB9AEMAYQB0AGMAaAB7AH0AfQA7AGYAdQBuAGMAdABpAG8AbgAgAGMAaABiAGEAewBbAGMAbQBkAGwAZQB0AGIAaQBuAGQAaQBuAGcAKAApAF0AcABhAHIAYQBtACgAWwBwAGEAcgBhAG0AZQB0AGUAcgAoAE0AYQBuAGQAYQB0AG8AcgB5AD0AJAB0AHIAdQBlACkAXQBbAFMAdAByAGkAbgBnAF0AJABoAHMAKQA7ACQAQgB5AHQAZQBzACAAPQAgAFsAYgB5AHQAZQBbAF0AXQA6ADoAbgBlAHcAKAAkAGgAcwAuAEwAZQBuAGcAdABoACAALwAgADIAKQA7AGYAbwByACgAJABpAD0AMAA7ACAAJABpACAALQBsAHQAIAAkAGgAcwAuAEwAZQBuAGcAdABoADsAIAAkAGkAKwA9ADIAKQB7ACQAQgB5AHQAZQBzAFsAJABpAC8AMgBdACAAPQAgAFsAYwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgB5AHQAZQAoACQAaABzAC4AUwB1AGIAcwB0AHIAaQBuAGcAKAAkAGkALAAgADIAKQAsACAAMQA2ACkAfQAkAEIAeQB0AGUAcwB9ADsAJABpACAAPQAgADAAOwBXAGgAaQBsAGUAIAAoACQAVAByAHUAZQApAHsAJABpACsAKwA7ACQAawBvACAAPQAgAFsAbQBhAHQAaABdADoAOgBTAHEAcgB0ACgAJABpACkAOwBpAGYAIAAoACQAawBvACAALQBlAHEAIAAxADAAMAAwACkAewAgAGIAcgBlAGEAawB9AH0AWwBiAHkAdABlAFsAXQBdACQAYgAgAD0AIABjAGgAYgBhACgAJABhAC4AcgBlAHAAbABhAGMAZQAoACIAIwAiACwAJABrAG8AKQApADsAWwBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKAAkAGIAKQA7AFsATQBvAGQAZQBdADoAOgBTAGUAdAB1AHAAKAApADsA "   


========= End of CMD: =========


==== End of Fixlog 21:52:06 ====
         
MBAM-Log:
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 31.01.21
Scan-Zeit: 20:40
Protokolldatei: 3a1dab8c-63fc-11eb-a6e3-309c2368de59.json

-Softwaredaten-
Version: 4.3.0.98
Komponentenversion: 1.0.1157
Version des Aktualisierungspakets: 1.0.36525
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 19041.746)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-TRKOEOE\Vanqq

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 298263
Erkannte Bedrohungen: 5
In die Quarantäne verschobene Bedrohungen: 5
Abgelaufene Zeit: 0 Min., 20 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
RiskWare.Script, HKU\S-1-5-21-3495057415-85728902-141794291-1004\SOFTWARE\Vanqq, In Quarantäne, 8534, 901769, 1.0.36525, , ame, , , 
RiskWare.Script.MZreg, HKU\S-1-5-21-3495057415-85728902-141794291-1004\SOFTWARE\Vanqq1, In Quarantäne, 16671, 884748, 1.0.36525, , ame, , , 

Registrierungswert: 3
RiskWare.Script, HKU\S-1-5-21-3495057415-85728902-141794291-1004\SOFTWARE\Vanqq|653, In Quarantäne, 8534, 901769, 1.0.36525, , ame, , , 
RiskWare.Script.MZreg, HKU\S-1-5-21-3495057415-85728902-141794291-1004\SOFTWARE\Vanqq1|0, In Quarantäne, 16671, 884748, 1.0.36525, , ame, , , 
RiskWare.Script.Powershell, HKU\S-1-5-21-3495057415-85728902-141794291-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|VANQQ, In Quarantäne, 16611, 903622, 1.0.36525, , ame, , , 

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
         
__________________

Alt 01.02.2021, 11:11   #4
M-K-D-B
/// TB-Ausbilder
 
Windows Defener meldet bei Startup Win64/Tnega!MSR  / Malwarebytes findet Riskware.Script - Standard

Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script



Gut gemacht!
Bitte nichts mehr im Alleingang unternehmen, das behindert nur usere gemeinsame Arbeit hier.






Schritt 1
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    DeleteValue: HKCU\Environment|Vanqq
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: Bitsadmin /Reset /Allusers
    powershell: Set-MpPreference -PUAProtection Enabled
    powershell: Set-MpPreference -DisableScanningNetworkFiles 0
    Hosts:
    RemoveProxy:
    SystemRestore: On 
    EmptyTemp:
    End::
             
  • Starte nun FRST und klicke direkt den Reparieren Button.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
Führe Emsisoft Emergency Kit (EEK) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Schritt 3
  • Starte FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort:
  • die Logdatei des FRST-Fix (fixlog.txt)
  • die Logdatei von EEK
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

Alt 01.02.2021, 17:00   #5
Mad2
 
Windows Defener meldet bei Startup Win64/Tnega!MSR  / Malwarebytes findet Riskware.Script - Standard

Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script



Weiter gehts!

Während des Durchlaufs von EmergencyKit hat der Windows-Defender angeschlagen und die folgende Bedrohung entdeckt:

Code:
ATTFilter
 Trojan:Win32/Wacatac.D0!ml
Betroffene Elemente: 
file: C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp000030cd
file: C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp0000315d
file: C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp00003163
         
Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by Vanqq (01-02-2021 17:48:49) Run:3
Running from C:\Users\Vanqq\Desktop
Loaded Profiles: Vanqq
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteValue: HKCU\Environment|Vanqq
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
Hosts:
RemoveProxy:
SystemRestore: On 
EmptyTemp:

*****************

"HKCU\Environment\\Vanqq" => removed successfully

========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= End of CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= End of CMD: =========


========= netsh advfirewall reset =========

OK.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= Set-MpPreference -PUAProtection Enabled =========


========= End of Powershell: =========


========= Set-MpPreference -DisableScanningNetworkFiles 0 =========


========= End of Powershell: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3495057415-85728902-141794291-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3495057415-85728902-141794291-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

SystemRestore: On => completed

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10591708 B
Java, Flash, Steam htmlcache => 4251431 B
Windows/system/drivers => 5744229 B
Edge => 0 B
Chrome => 150457397 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 78536 B
NetworkService => 84484 B
Vanqq => 7091319 B
OxBJRrFpMN => 7091319 B
New => 7091319 B

RecycleBin => 0 B
EmptyTemp: => 191.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:49:16 ====
         


Log EmergencyKit:

Code:
ATTFilter
Emsisoft Emergency Kit – Version 2021.1
Letztes Update: 01.02.2021 17:51:47
Eigene DESKTOP-TRKOEOE\Vanqq
 DESKTOP-TRKOEOE
 Windows 10x64 

Scan-Einstellungen:

Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Spuren, Dateien

PUPs-Erkennung: An
Archive scannen: Aus
E-Mail-Archive scannen: Aus
ADS-Scan: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	01.02.2021 17:52:00

Gescannt:	76131
Gefunden	0

Scan-Ende:	01.02.2021 17:52:51
Scan-Zeit:	0:00:51
         
FRST.txt
Code:
ATTFilter
 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by Vanqq (administrator) on DESKTOP-TRKOEOE (Micro-Star International Co., Ltd. MS-7B47) (01-02-2021 17:55:09)
Running from C:\Users\Vanqq\Desktop
Loaded Profiles: Vanqq
Platform: Windows 10 Home Version 20H2 19042.746 (X64) Language: Englisch (Vereinigte Staaten)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <8>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe <2>
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\Run: [Steam] => C:\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-31] (Google LLC -> Google LLC)
Startup: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2020-01-05] (Leader Technologies) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17DE9E3A-22D3-457D-A069-0DAEF6D8959D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-31] (Google LLC -> Google LLC)
Task: {1C812FB3-74AF-49A4-AA2C-921FC87EA1F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {232CBDDA-1067-44D9-A149-BC3C396D830E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-31] (Google LLC -> Google LLC)
Task: {25A1FDB0-2AE4-4486-A4B2-EA1434A5E4D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {53AC7C85-9E7F-425B-9BCC-64A2A76AA68E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {69409985-36F7-4C5A-8B79-4E25E7E630BD} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {F3BF37EC-192D-4EE7-9B3B-13E5043F1E29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2b2f4dc8-61fa-4b20-aa69-97e6a79c7657}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Profile: C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-01]
Edge Extension: (Outlook) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-31]
Edge Extension: (Word) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-31]
Edge Extension: (Excel) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-31]
Edge Extension: (PowerPoint) - C:\Users\Vanqq\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-31]

Chrome: 
=======
CHR Profile: C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default [2021-02-01]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR Extension: (Präsentationen) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-31]
CHR Extension: (Docs) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-31]
CHR Extension: (Google Drive) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-31]
CHR Extension: (YouTube) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-31]
CHR Extension: (Tabellen) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Google Mail) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\Vanqq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-31] (Malwarebytes Inc -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S4 epp; C:\EEK\bin64\epp.sys [155112 2020-10-27] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220600 2021-02-01] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-31] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-01-31] (Malwarebytes Inc -> Malwarebytes)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [51776 2020-02-17] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_006e; C:\WINDOWS\System32\drivers\RzDev_006e.sys [52496 2020-02-17] (Razer USA Ltd. -> Razer Inc)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-01-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2021-01-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-30] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-01 17:49 - 2021-02-01 17:49 - 000220600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-01 06:05 - 2021-02-01 06:04 - 314572344 _____ C:\Users\Vanqq\Desktop\EmsisoftEmergencyKit (1).exe
2021-02-01 06:05 - 2021-02-01 06:02 - 031049536 _____ C:\Users\Vanqq\Desktop\RogueKiller_portable64 (1).exe
2021-02-01 06:01 - 2021-02-01 06:02 - 031049536 _____ C:\Users\Vanqq\Downloads\RogueKiller_portable64 (1).exe
2021-02-01 06:00 - 2021-02-01 06:04 - 314572344 _____ C:\Users\Vanqq\Downloads\EmsisoftEmergencyKit (1).exe
2021-02-01 05:59 - 2021-02-01 05:59 - 008457584 _____ (Malwarebytes) C:\Users\Vanqq\Desktop\adwcleaner_8.0.9.1 (1).exe
2021-02-01 05:58 - 2021-02-01 05:59 - 008457584 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\adwcleaner_8.0.9.1 (1).exe
2021-02-01 03:00 - 2021-02-01 17:49 - 076021760 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-02-01 02:59 - 2021-02-01 03:00 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-01-31 23:49 - 2021-01-31 14:54 - 000000000 ____D C:\Windows.old
2021-01-31 23:48 - 2021-01-31 23:49 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-01-31 23:47 - 2021-01-31 23:48 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-01-31 23:47 - 2021-01-31 23:47 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-01-31 23:47 - 2021-01-31 23:47 - 000000000 ____D C:\ProgramData\ssh
2021-01-31 23:44 - 2021-01-31 23:44 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-01-31 23:44 - 2021-01-31 23:44 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-01-31 23:44 - 2021-01-31 23:44 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-01-31 23:44 - 2021-01-31 23:44 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-31 23:44 - 2021-01-31 23:44 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-31 23:44 - 2021-01-31 23:44 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-31 23:44 - 2021-01-31 23:44 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-31 23:44 - 2021-01-31 23:44 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-31 23:44 - 2021-01-31 23:44 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-31 23:44 - 2021-01-31 23:44 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-01-31 23:44 - 2021-01-31 23:44 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-31 23:44 - 2021-01-31 23:44 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-31 23:44 - 2021-01-31 23:44 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-01-31 23:44 - 2021-01-31 23:44 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-01-31 23:44 - 2021-01-31 23:44 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-01-31 23:44 - 2021-01-31 23:44 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-31 23:44 - 2021-01-31 23:44 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-01-31 23:44 - 2021-01-31 23:44 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-01-31 23:43 - 2021-01-31 23:43 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-01-31 23:43 - 2021-01-31 23:43 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-31 23:43 - 2021-01-31 23:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-31 23:43 - 2021-01-31 23:43 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-31 23:43 - 2021-01-31 23:43 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-01-31 23:43 - 2021-01-31 23:43 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-01-31 23:43 - 2021-01-31 23:43 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-01-31 23:39 - 2021-01-31 23:39 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-01-31 23:39 - 2021-01-31 23:39 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-01-31 23:37 - 2021-02-01 17:55 - 000741386 _____ C:\WINDOWS\system32\perfh007.dat
2021-01-31 23:37 - 2021-02-01 17:55 - 000149636 _____ C:\WINDOWS\system32\perfc007.dat
2021-01-31 23:37 - 2021-01-31 23:37 - 000306166 _____ C:\WINDOWS\system32\perfi007.dat
2021-01-31 23:37 - 2021-01-31 23:37 - 000040520 _____ C:\WINDOWS\system32\perfd007.dat
2021-01-31 23:37 - 2021-01-31 23:37 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-01-31 23:37 - 2021-01-31 23:37 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2021-01-31 23:37 - 2021-01-31 23:37 - 000000000 ____D C:\WINDOWS\system32\de
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files\MSBuild
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-01-31 23:35 - 2021-01-31 23:35 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-31 21:43 - 2021-01-31 21:46 - 000000000 ____D C:\WINDOWS\CryptoGuard
2021-01-31 21:37 - 2021-01-31 21:46 - 000000000 ____D C:\ProgramData\Sophos
2021-01-31 21:33 - 2021-01-31 21:36 - 307274360 _____ (Sophos Limited) C:\Users\Vanqq\Downloads\SophosInstall.exe
2021-01-31 20:57 - 2021-01-31 20:57 - 000019253 _____ C:\Users\Vanqq\Desktop\Addition.txt
2021-01-31 20:56 - 2021-02-01 17:55 - 000011060 _____ C:\Users\Vanqq\Desktop\FRST.txt
2021-01-31 20:55 - 2021-01-31 20:55 - 002297856 _____ (Farbar) C:\Users\Vanqq\Downloads\FRST64.exe
2021-01-31 20:55 - 2021-01-31 20:55 - 002297856 _____ (Farbar) C:\Users\Vanqq\Desktop\FRST64.exe
2021-01-31 20:45 - 2021-01-31 20:50 - 000000000 ____D C:\ProgramData\RogueKiller
2021-01-31 20:45 - 2021-01-31 20:45 - 031049536 _____ C:\Users\Vanqq\Downloads\RogueKiller_portable64.exe
2021-01-31 20:40 - 2021-01-31 20:40 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-31 20:40 - 2021-01-31 20:40 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-31 20:40 - 2021-01-31 20:40 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-31 20:40 - 2021-01-31 20:40 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-31 20:39 - 2021-01-31 20:39 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-31 20:38 - 2021-01-31 20:38 - 001965536 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\MBSetup-80562.80562-consumer.exe
2021-01-31 20:33 - 2021-02-01 17:53 - 000000000 ____D C:\EEK
2021-01-31 20:33 - 2021-01-31 20:33 - 000000000 ____D C:\ProgramData\Emsisoft
2021-01-31 20:29 - 2021-01-31 20:29 - 000010018 _____ C:\Users\Vanqq\Downloads\scan_210114-145759.txt
2021-01-31 20:28 - 2021-01-31 20:32 - 315446840 _____ C:\Users\Vanqq\Downloads\EmsisoftEmergencyKit.exe
2021-01-31 20:16 - 2021-02-01 17:49 - 000003139 _____ C:\Users\Vanqq\Desktop\Fixlog.txt
2021-01-31 20:15 - 2021-02-01 17:55 - 000000000 ____D C:\FRST
2021-01-31 18:10 - 2021-01-31 18:11 - 006565432 _____ (EnigmaSoft Limited) C:\Users\Vanqq\Downloads\SpyHunter-5.10-15-7042-Installer.exe
2021-01-31 18:05 - 2021-01-31 18:06 - 000000000 ____D C:\AdwCleaner
2021-01-31 18:05 - 2021-01-31 18:05 - 008457584 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\adwcleaner_8.0.9.1.exe
2021-01-31 17:57 - 2021-01-31 17:57 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-31 17:57 - 2021-01-31 17:57 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-31 17:57 - 2021-01-31 17:57 - 000002266 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-31 17:57 - 2021-01-31 17:57 - 000000000 ____D C:\Program Files\Google
2021-01-31 17:56 - 2021-01-31 17:56 - 001321688 _____ (Google LLC) C:\Users\Vanqq\Downloads\ChromeSetup.exe
2021-01-31 17:56 - 2021-01-31 17:56 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-31 17:56 - 2021-01-31 17:56 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-31 17:42 - 2021-01-31 21:05 - 000000000 ____D C:\Users\Vanqq\Desktop\FearlessRevolution
2021-01-31 17:42 - 2021-01-31 17:42 - 011530207 _____ C:\Users\Vanqq\Downloads\fearlessrevolution.zip
2021-01-31 17:37 - 2021-01-31 17:49 - 000000000 ____D C:\Users\Vanqq\AppData\Local\GearsTactics
2021-01-31 17:37 - 2021-01-31 17:37 - 000000000 ____D C:\Users\Vanqq\AppData\Local\UnrealEngine
2021-01-31 17:37 - 2021-01-31 17:37 - 000000000 ____D C:\Users\Vanqq\AppData\Local\NVIDIA Corporation
2021-01-31 17:14 - 2021-01-31 17:14 - 000001873 _____ C:\Users\Vanqq\Downloads\windows_10_store_app_herunterladen.zip
2021-01-31 17:09 - 2021-01-31 17:09 - 000833913 _____ C:\Users\Vanqq\Downloads\Microsoft.VCLibs.140.00_14.0.29231.0_x64__8wekyb3d8bbwe.Appx
2021-01-31 17:09 - 2021-01-31 17:09 - 000244530 _____ C:\Users\Vanqq\Downloads\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe.Appx
2021-01-31 17:08 - 2021-01-31 17:09 - 060448631 _____ C:\Users\Vanqq\Downloads\Microsoft.WindowsStore_12010.1001.313.0_neutral___8wekyb3d8bbwe.AppxBundle
2021-01-31 17:08 - 2021-01-31 17:08 - 005204216 _____ C:\Users\Vanqq\Downloads\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe.Appx
2021-01-31 16:12 - 2021-01-31 21:44 - 000000000 ____D C:\Users\Vanqq\AppData\Local\CrashDumps
2021-01-31 16:11 - 2021-01-31 16:11 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10-Update-Assistent.lnk
2021-01-31 16:11 - 2021-01-31 16:11 - 000000000 ____D C:\Windows10Upgrade
2021-01-31 16:02 - 2021-01-31 16:03 - 008673152 _____ () C:\Users\New\Downloads\XboxInstaller.exe
2021-01-31 16:02 - 2021-01-31 16:02 - 000000000 ____D C:\Users\New\AppData\Local\Steam
2021-01-31 16:02 - 2021-01-31 16:02 - 000000000 ____D C:\Users\New\AppData\Local\CEF
2021-01-31 16:01 - 2021-01-31 16:03 - 000000000 ____D C:\Users\New\AppData\Local\PlaceholderTileLogoFolder
2021-01-31 16:01 - 2021-01-31 16:02 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3495057415-85728902-141794291-1007
2021-01-31 16:01 - 2021-01-31 16:02 - 000000000 ___RD C:\Users\New\OneDrive
2021-01-31 16:00 - 2021-01-31 16:03 - 000000000 ____D C:\Users\New\AppData\Local\Packages
2021-01-31 16:00 - 2021-01-31 16:02 - 000002353 _____ C:\Users\New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-31 16:00 - 2021-01-31 16:01 - 000002266 _____ C:\Users\New\Desktop\Google Chrome.lnk
2021-01-31 16:00 - 2021-01-31 16:01 - 000000000 ____D C:\Users\New
2021-01-31 16:00 - 2021-01-31 16:00 - 000002344 _____ C:\Users\New\Desktop\Microsoft Edge.lnk
2021-01-31 16:00 - 2021-01-31 16:00 - 000000020 ___SH C:\Users\New\ntuser.ini
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ___RD C:\Users\New\3D Objects
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Roaming\Adobe
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\VirtualStore
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\Publishers
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\Google
2021-01-31 16:00 - 2021-01-31 16:00 - 000000000 ____D C:\Users\New\AppData\Local\ConnectedDevicesPlatform
2021-01-31 15:55 - 2021-01-31 15:55 - 000000000 ____D C:\Users\Vanqq\AppData\Local\mbam
2021-01-31 15:54 - 2021-01-31 15:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-31 15:53 - 2021-01-31 15:53 - 002086424 _____ (Malwarebytes) C:\Users\Vanqq\Downloads\MBSetup.exe
2021-01-31 15:49 - 2021-01-31 15:49 - 008673152 _____ () C:\Users\Vanqq\Downloads\XboxInstaller.exe
2021-01-31 15:39 - 2021-01-31 15:39 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-31 15:39 - 2021-01-31 15:39 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f7d890cf30bd
2021-01-31 15:36 - 2021-01-31 17:58 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\WeMod
2021-01-31 15:36 - 2021-01-31 15:36 - 000002151 _____ C:\Users\Vanqq\Desktop\WeMod.lnk
2021-01-31 15:36 - 2021-01-31 15:36 - 000000000 ____D C:\Users\Vanqq\AppData\Local\WeMod
2021-01-31 15:36 - 2021-01-31 15:36 - 000000000 ____D C:\Users\Vanqq\AppData\Local\SquirrelTemp
2021-01-31 15:35 - 2021-01-31 15:35 - 000127872 _____ (WeMod LLC) C:\Users\Vanqq\Downloads\WeMod-Setup.exe
2021-01-31 15:35 - 2021-01-31 15:35 - 000127872 _____ (WeMod LLC) C:\Users\Vanqq\Downloads\Gears Tactics Trainer Setup.exe
2021-01-31 15:27 - 2021-01-23 09:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-31 15:27 - 2021-01-23 09:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-31 15:27 - 2021-01-23 09:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-31 15:27 - 2021-01-23 09:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-31 15:27 - 2021-01-23 09:14 - 001453728 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 001193120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-31 15:27 - 2021-01-23 09:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 001512096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 001164960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000689312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-31 15:27 - 2021-01-23 09:12 - 000680096 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000672928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000613536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000558240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-31 15:27 - 2021-01-23 09:12 - 000547488 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 008262304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 007392928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 005637792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 004611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 002731168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 002103456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 001589408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 000813216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 000657056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-31 15:27 - 2021-01-23 09:11 - 000446624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-31 15:27 - 2021-01-23 09:10 - 007116680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-31 15:27 - 2021-01-23 09:10 - 006070848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-31 15:27 - 2021-01-23 09:10 - 000850080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-31 15:27 - 2021-01-22 23:59 - 000084264 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-31 15:27 - 2021-01-22 23:59 - 000038640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-01-31 15:25 - 2021-01-31 15:25 - 000002912 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-31 15:25 - 2021-01-31 15:25 - 000002906 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-31 15:25 - 2021-01-31 15:25 - 000002902 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-31 15:25 - 2021-01-31 15:25 - 000002900 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-31 14:56 - 2021-02-01 17:55 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-31 14:56 - 2021-01-31 14:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-01-31 14:54 - 2021-02-01 17:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-31 14:54 - 2021-01-31 14:54 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-01-31 14:54 - 2021-01-31 14:54 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-01-31 14:54 - 2021-01-31 14:54 - 000003220 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-01-31 14:54 - 2021-01-31 14:54 - 000002850 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3495057415-85728902-141794291-1004
2021-01-31 14:54 - 2021-01-31 14:54 - 000000020 ___SH C:\Users\Vanqq\ntuser.ini
2021-01-31 14:51 - 2021-01-31 14:54 - 000000000 ____D C:\Users\Vanqq
2021-01-31 14:51 - 2021-01-31 14:52 - 000000000 ____D C:\Users\OxBJRrFpMN
2021-01-31 14:51 - 2019-12-07 10:10 - 000001105 _____ C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-31 14:51 - 2019-12-07 10:10 - 000001105 _____ C:\Users\OxBJRrFpMN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-31 14:50 - 2021-02-01 05:56 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-31 14:49 - 2021-02-01 17:49 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-31 14:49 - 2021-01-31 15:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-31 14:49 - 2021-01-31 14:49 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-31 14:21 - 2021-01-31 14:29 - 663780512 _____ (NVIDIA Corporation) C:\Users\Vanqq\Downloads\461.40-desktop-win10-64bit-international-dch-whql.exe
2021-01-31 12:58 - 2021-01-31 14:54 - 000000000 ___DC C:\WINDOWS\Panther
2021-01-31 12:55 - 2021-01-31 12:55 - 000000000 ___HD C:\$WinREAgent
2021-01-31 06:33 - 2021-01-31 23:49 - 000000000 ____D C:\Program Files\UNP
2021-01-30 23:51 - 2021-01-31 14:54 - 000000000 ____D C:\Program Files (x86)\Razer
2021-01-30 23:47 - 2021-01-31 23:49 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-01-30 23:47 - 2021-01-31 23:49 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-01-30 23:47 - 2021-01-30 23:48 - 000000000 ____D C:\WINDOWS\TextInput
2021-01-30 23:47 - 2021-01-30 23:47 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2021-01-30 23:47 - 2021-01-30 23:47 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2021-01-30 23:47 - 2021-01-30 23:47 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2021-01-30 23:47 - 2021-01-30 23:47 - 000000219 _____ C:\WINDOWS\system.ini
2021-01-30 23:47 - 2021-01-30 23:47 - 000000092 _____ C:\WINDOWS\win.ini
2021-01-30 23:47 - 2021-01-30 23:47 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2021-01-30 23:47 - 2021-01-30 23:47 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2021-01-30 23:44 - 2021-01-30 23:52 - 000000000 ___HD C:\$SysReset
2021-01-30 21:40 - 2021-01-30 21:40 - 000000000 ____D C:\Users\Vanqq\AppData\Local\INetHistory
2021-01-30 21:10 - 2021-01-30 21:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-01-30 21:10 - 2021-01-30 21:10 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2021-01-30 21:10 - 2021-01-30 21:10 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput
2021-01-30 20:52 - 2021-01-31 15:29 - 000000000 ____D C:\ProgramData\Packages
2021-01-30 20:52 - 2021-01-30 20:52 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Publishers
2021-01-30 20:38 - 2021-01-30 20:38 - 000000000 ____D C:\Users\Vanqq\AppData\Local\ElevatedDiagnostics
2021-01-30 20:15 - 2021-01-30 20:16 - 000296640 _____ C:\WINDOWS\ntbtlog.txt
2021-01-30 20:15 - 2021-01-30 20:15 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-30 20:14 - 2021-01-30 20:14 - 000000368 ____H C:\WINDOWS\Tasks\Intel PTT EK Recertification.job
2021-01-30 19:57 - 2021-01-31 17:37 - 000000000 ____D C:\Users\Vanqq\AppData\Local\D3DSCache
2021-01-30 19:52 - 2021-01-30 19:52 - 000000478 _____ C:\Users\Vanqq\Documents\license.bat
2021-01-30 19:47 - 2021-01-31 21:59 - 000000000 ____D C:\Users\Vanqq\AppData\Local\PackageStaging
2021-01-30 19:40 - 2021-01-30 19:40 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Comms
2021-01-30 19:28 - 2021-01-30 19:28 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Frontier Developments
2021-01-30 19:28 - 2021-01-30 19:28 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Frontier Developments
2021-01-30 19:25 - 2021-01-30 19:25 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-30 18:07 - 2021-01-30 18:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-30 18:06 - 2021-01-30 18:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-30 16:28 - 2021-01-30 16:28 - 000000202 _____ C:\Users\Vanqq\Desktop\Planet Coaster.url
2021-01-30 15:55 - 2021-01-30 16:22 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Steam
2021-01-30 15:55 - 2021-01-30 15:55 - 000000000 ____D C:\Users\Vanqq\AppData\Local\CEF
2021-01-30 15:54 - 2021-01-31 17:57 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Google
2021-01-30 15:54 - 2021-01-31 17:56 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-30 15:51 - 2021-01-30 15:51 - 000000599 _____ C:\Users\Public\Desktop\Steam.lnk
2021-01-30 15:51 - 2021-01-30 15:51 - 000000599 _____ C:\ProgramData\Desktop\Steam.lnk
2021-01-30 15:50 - 2021-02-01 17:50 - 000000000 ____D C:\Steam
2021-01-30 15:47 - 2021-01-30 15:47 - 000000000 ____D C:\Users\Vanqq\AppData\Local\OneDrive
2021-01-30 15:02 - 2021-01-31 16:19 - 000000000 ____D C:\Users\Vanqq\AppData\Local\PlaceholderTileLogoFolder
2021-01-30 15:00 - 2021-01-31 21:59 - 000000000 ____D C:\Users\Vanqq\AppData\Local\Packages
2021-01-30 15:00 - 2021-01-30 16:22 - 000000000 ____D C:\Users\Vanqq\AppData\Local\ConnectedDevicesPlatform
2021-01-30 15:00 - 2021-01-30 15:47 - 000000000 ____D C:\Users\Vanqq\AppData\Local\MicrosoftEdge
2021-01-30 15:00 - 2021-01-30 15:00 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Adobe
2021-01-30 15:00 - 2021-01-30 15:00 - 000000000 ____D C:\Users\Vanqq\AppData\Local\VirtualStore
2021-01-30 14:57 - 2021-01-30 17:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-01-30 14:57 - 2021-01-30 14:57 - 000021224 _____ C:\Users\Vanqq\Desktop\Removed Apps.html
2021-01-30 14:57 - 2021-01-30 14:57 - 000020510 _____ C:\Users\OxBJRrFpMN\Desktop\Removed Apps.html
2021-01-30 14:54 - 2021-02-01 17:49 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-30 14:54 - 2021-01-31 15:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-31 15:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-31 15:29 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-31 15:28 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-01-30 14:54 - 2021-01-30 14:54 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2021-01-30 14:54 - 2021-01-30 14:54 - 000000000 ____D C:\ProgramData\Razer
2021-01-30 14:28 - 2021-01-30 14:29 - 000000000 ____D C:\ESD
2021-01-30 14:28 - 2021-01-30 14:28 - 000000000 ___HD C:\$Windows.~WS
2021-01-30 13:34 - 2021-01-30 13:34 - 000000080 ___SH C:\bootTel.dat
2021-01-28 22:30 - 2021-01-28 22:34 - 000000000 ____D C:\Users\Vanqq\.dotnet
2021-01-28 22:25 - 2021-01-28 22:25 - 000000000 ____D C:\Users\Vanqq\Cheathappens
2021-01-28 22:09 - 2021-01-31 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.2
2021-01-28 22:09 - 2021-01-28 22:09 - 000000000 ____D C:\Users\Vanqq\Documents\My Cheat Tables
2021-01-23 01:45 - 2021-01-23 01:45 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\Mimimi
2021-01-16 05:49 - 2021-01-16 05:49 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\Oracle
2021-01-14 19:31 - 2021-01-14 19:41 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\MCC
2021-01-14 19:31 - 2021-01-14 19:31 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\UnrealEngine
2021-01-08 05:30 - 2021-01-22 23:59 - 000135408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-01-08 05:30 - 2020-10-05 14:03 - 001690976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2021-01-08 05:30 - 2020-10-05 14:03 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2021-01-08 05:30 - 2020-10-05 14:03 - 000047424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2021-01-08 05:30 - 2020-10-05 14:02 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445671.dll
2021-01-08 05:30 - 2020-10-05 14:02 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445671.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-01 17:55 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-01 17:49 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-01 17:49 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-01 06:03 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-02-01 05:57 - 2019-09-19 19:01 - 000002604 ____H C:\Users\Vanqq\Documents\Default.rdp
2021-02-01 05:56 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-02-01 05:56 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-01 05:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-01 05:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-01-31 23:49 - 2020-01-05 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenRCT2
2021-01-31 23:49 - 2019-12-07 10:18 - 000000000 ____D C:\WINDOWS\Setup
2021-01-31 23:49 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-01-31 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-01-31 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-01-31 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-31 23:49 - 2018-02-16 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-31 23:48 - 2020-11-29 06:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-01-31 23:48 - 2020-08-02 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2021-01-31 23:48 - 2020-01-10 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-01-31 23:48 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-01-31 23:47 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-31 23:47 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-01-31 23:47 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-01-31 23:47 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-01-31 23:46 - 2019-12-07 10:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-01-31 23:46 - 2019-12-07 10:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-01-31 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-01-31 23:38 - 2019-12-07 10:51 - 000000000 ____D C:\WINDOWS\OCR
2021-01-31 23:38 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-01-31 23:38 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-01-31 23:37 - 2019-12-07 10:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-01-31 23:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-01-31 23:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-01-31 23:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-01-31 21:46 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-31 18:06 - 2018-03-14 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-01-31 17:24 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-31 16:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2021-01-31 16:00 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-31 16:00 - 2018-02-13 14:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-31 15:36 - 2019-09-27 20:22 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2021-01-31 15:11 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-31 14:55 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-01-31 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-31 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-31 14:54 - 2018-02-15 18:47 - 000000000 ___RD C:\Users\Vanqq\3D Objects
2021-01-31 14:51 - 2020-03-28 16:11 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-01-31 14:51 - 2018-02-18 14:58 - 000000000 ____D C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-30 22:01 - 2018-09-21 04:45 - 000000000 ____D C:\Users\Vanqq\Desktop\Misc
2021-01-30 15:02 - 2018-02-15 18:48 - 000000000 ___RD C:\Users\Vanqq\OneDrive
2021-01-30 14:42 - 2018-02-15 19:28 - 000000000 ____D C:\Users\Vanqq\AppData\LocalLow\Mozilla
2021-01-16 06:38 - 2020-11-29 12:15 - 000000000 ____D C:\Users\Vanqq\Games
2021-01-16 05:21 - 2020-07-18 20:40 - 000000000 ____D C:\temp
2021-01-15 19:37 - 2019-09-23 18:17 - 000000000 ____D C:\Users\Vanqq\Documents\My Games

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
         
Addition.txt
Code:
ATTFilter
 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by Vanqq (01-02-2021 17:56:33)
Running from C:\Users\Vanqq\Desktop
Windows 10 Home Version 20H2 19042.746 (X64) (2021-01-31 13:54:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3495057415-85728902-141794291-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3495057415-85728902-141794291-503 - Limited - Disabled)
Guest (S-1-5-21-3495057415-85728902-141794291-501 - Limited - Disabled)
hCArDMYVPlYUTE (S-1-5-21-3495057415-85728902-141794291-1005 - Limited - Enabled)
New (S-1-5-21-3495057415-85728902-141794291-1007 - Administrator - Enabled) => C:\Users\New
Vanqq (S-1-5-21-3495057415-85728902-141794291-1004 - Administrator - Enabled) => C:\Users\Vanqq
WDAGUtilityAccount (S-1-5-21-3495057415-85728902-141794291-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Excel (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Grafiktreiber 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Outlook (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
WeMod (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\WeMod) (Version: 6.3.12 - WeMod)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation)
Word (HKU\S-1-5-21-3495057415-85728902-141794291-1004\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Corporation)
Gears Tactics -> C:\Program Files\WindowsApps\Microsoft.GanderBaseGame_1.0.149.0_x64__8wekyb3d8bbwe [2021-01-30] (0)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-31] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-31] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-01-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-31] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Vanqq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-01-30 23:47 - 2021-02-01 17:48 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3495057415-85728902-141794291-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{4A8ABF16-D4D0-4746-A982-100381DB3183}C:\steam\steam.exe] => (Allow) C:\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{4E7A2A0C-C51A-4645-AFC6-F12BD1FCFCFB}C:\steam\steam.exe] => (Allow) C:\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EA1DA625-DAA3-4F0F-9584-6AD9B943B080}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{67F82824-8EC9-4622-96AC-01EF06392098}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)

==================== Restore Points =========================

31-01-2021 17:23:43 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/01/2021 05:50:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/01/2021 05:50:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/01/2021 05:48:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/01/2021 05:47:53 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (02/01/2021 05:47:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007139F
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/01/2021 05:55:34 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/01/2021 05:54:55 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/01/2021 05:53:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=UserLogon;SessionId=2


System errors:
=============
Error: (02/01/2021 05:49:47 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12

Error: (01/31/2021 09:59:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}

Error: (01/31/2021 09:55:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}

Error: (01/31/2021 09:51:13 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12

Error: (01/31/2021 09:44:00 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}

Error: (01/31/2021 09:41:27 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}

Error: (01/31/2021 08:35:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{7E118543-2CA9-49D9-80F4-255B76E3D84E}

Error: (01/31/2021 08:17:13 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12


Windows Defender:
===================================
Date: 2021-02-01 17:52:33.4750000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D0!ml&threatid=2147757779&enterprise=0
Name: Trojan:Win32/Wacatac.D0!ml
ID: 2147757779
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp000030cd; file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp0000315d; file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp00003163
Erkennungsursprung: Local machine
Erkennungstype: Concrete
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: AV: 1.329.3277.0, AS: 1.329.3277.0, NIS: 1.329.3277.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-02-01 17:52:31.4850000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D0!ml&threatid=2147757779&enterprise=0
Name: Trojan:Win32/Wacatac.D0!ml
ID: 2147757779
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp000030cd; file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp0000315d
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: AV: 1.329.3277.0, AS: 1.329.3277.0, NIS: 1.329.3277.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-02-01 17:52:28.0400000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D0!ml&threatid=2147757779&enterprise=0
Name: Trojan:Win32/Wacatac.D0!ml
ID: 2147757779
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000003a2\tmp000030cd
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: AV: 1.329.3277.0, AS: 1.329.3277.0, NIS: 1.329.3277.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-02-01 17:52:06.2600000Z
Description: 
Der überwachte Ordnerzugriff hat C:\EEK\bin64\a2emergencykit.exe daran gehindert, Änderungen am Speicher durchzuführen.
Erkennungszeit: 2021-02-01T16:52:06.259Z
Benutzer: DESKTOP-TRKOEOE\Vanqq
Pfad: \Device\Harddisk0\DR0
Name des Prozesses: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: 1.329.3277.0
Modulversion: 1.1.17700.4
Produktversion: 4.18.2011.6

Date: 2021-01-31 20:34:38.2360000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D0!ml&threatid=2147757779&enterprise=0
Name: Trojan:Win32/Wacatac.D0!ml
ID: 2147757779
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\Vanqq\AppData\Local\Temp\tmp000000d6\tmp000030b1
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-TRKOEOE\Vanqq
Prozessname: C:\EEK\bin64\a2emergencykit.exe
Sicherheitsversion: AV: 1.329.3249.0, AS: 1.329.3249.0, NIS: 1.329.3249.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1.20 12/28/2017
Motherboard: Micro-Star International Co., Ltd. Z370 TOMAHAWK (MS-7B47)
Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 25%
Total physical RAM: 16338.91 MB
Available physical RAM: 12126.87 MB
Total Virtual: 19282.91 MB
Available Virtual: 13069.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:255.57 GB) (Free:160.77 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:914.44 GB) NTFS

\\?\Volume{ad4b423a-e324-422c-8d18-b7fd741188c9}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{f9598e96-19b3-479b-9f58-120e53b5a14d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 256.2 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
         


Alt 01.02.2021, 20:59   #6
M-K-D-B
/// TB-Ausbilder
 
Windows Defener meldet bei Startup Win64/Tnega!MSR  / Malwarebytes findet Riskware.Script - Standard

Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script



Bei der Meldung von Windows Defender handelt es sich um einen Fehlalarm.
Kein Grund zur Sorge.






Schritt 1
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    DeleteQuarantine:
    Unlock: C:\FRST
    Reboot:
    End::
             
  • Starte nun FRST und klicke direkt den Reparieren Button.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.






Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.


Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:




Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...
Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.


Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
--> Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script

Alt 02.02.2021, 03:52   #7
Mad2
 
Windows Defener meldet bei Startup Win64/Tnega!MSR  / Malwarebytes findet Riskware.Script - Standard

Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script



Überragend! Spende geht in den kommenden Tagen raus wenn das neue Online-Banking-Passwort eintrifft

Vielen Dank für die schnelle Hilfe!

Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by Vanqq (02-02-2021 04:47:58) Run:4
Running from C:\Users\Vanqq\Desktop
Loaded Profiles: Vanqq
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteQuarantine:
Unlock: C:\FRST
Reboot:

*****************

"C:\FRST\Quarantine" => removed successfully
"C:\FRST" => was unlocked


The system needed a reboot.

==== End of Fixlog 04:47:58 ====
         

Alt 02.02.2021, 11:04   #8
M-K-D-B
/// TB-Ausbilder
 
Windows Defener meldet bei Startup Win64/Tnega!MSR  / Malwarebytes findet Riskware.Script - Standard

Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script



Vielen Dank für die Spende. Sie dient zur Erhaltung des Forums.



Wir sind froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

Thema geschlossen

Themen zu Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script
administrator, adobe, adware, antivirus, browser, dateien, defender, dropper, excel, firewall, google, harddisk, home, ics, internet, internet explorer, malwarebytes, msascuil.exe, nvidia, registry, router, scan, trojan, wallpaper, windows, wmi



Ähnliche Themen: Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script


  1. Windows 10 - Windows Defender erkennt TrojanDropper:Win64/Tnega!MSR
    Log-Analyse und Auswertung - 31.01.2021 (18)
  2. Windows Defender meldet andauernd Bedrohung TrojanDropper:Win64/Tnega!MSR C:\Users\Abdullah\AppData\Local\Temp\GetX64BTIT.exe
    Log-Analyse und Auswertung - 30.01.2021 (10)
  3. Windows 10 - TrojanDropper:Win64/Tnega!MSR
    Log-Analyse und Auswertung - 28.01.2021 (15)
  4. TrojanDropper:Win64/Tnega!MSR
    Plagegeister aller Art und deren Bekämpfung - 23.01.2021 (10)
  5. TrojanDropper:Win64/Tnega!MSR beim Download gefangen
    Log-Analyse und Auswertung - 23.01.2021 (12)
  6. TrojanDropper:Win64/Tnega!MSR eingefangen
    Log-Analyse und Auswertung - 22.01.2021 (10)
  7. Windows Defender meldet dauerhaft TrojanDropper:Win64/Tnega!MSR
    Log-Analyse und Auswertung - 16.01.2021 (19)
  8. TrojanDropper:Win64/Tnega!MSR eingefangen
    Log-Analyse und Auswertung - 13.01.2021 (8)
  9. Der Defender schlägt Alarm: Erkannt: TrojanDropper:Win64/Tnega!MSR
    Log-Analyse und Auswertung - 13.01.2021 (8)
  10. In Windows 10 TrojanDropper:Win64/Tnega!MSR
    Log-Analyse und Auswertung - 08.01.2021 (39)
  11. Windows 10: mehrere Trojaner- Warnungen (TrojanDropper:Win64/Tnega!MSR)
    Log-Analyse und Auswertung - 02.01.2021 (35)
  12. Windows 8.1 Kaspersky meldet: HEUR:Trojan.Script.Agent.gen im C:\Windows\Installer\ Ordner
    Log-Analyse und Auswertung - 07.01.2018 (21)
  13. Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ
    Log-Analyse und Auswertung - 15.02.2014 (86)
  14. Avira meldet Trojaner, Malwarebytes findet nichts
    Log-Analyse und Auswertung - 24.01.2013 (11)
  15. Malwarebytes findet ctfmon.lnk im Startup-Ordner
    Log-Analyse und Auswertung - 14.08.2012 (15)
  16. Win64/Sirefef.AE Trojaner Win64/Agent.BA TrojanerC:\Windows\Installer\{f041020c-58e9-a705-4143-4ddcc
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (7)
  17. Malwarebytes findet Trojan.Bancos + RiskWare.Tool.CK + Trojan.Agent.CK...
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (7)

Zum Thema Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script - Hallo zusammen, ich habe gestern einige Änderungen an meinen Berechtigungen vorgenommen um auf Dateien im WindowsApps-Ordner zugreifen zu können, hätte ich es bloß gelassen Ich kann mich nicht daran erinnern - Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script...
Archiv
Du betrachtest: Windows Defener meldet bei Startup Win64/Tnega!MSR / Malwarebytes findet Riskware.Script auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.