Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Thema geschlossen
Alt 16.12.2021, 16:28   #1
ViErus0815
 
Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Standard

Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.



Hallo Zusammen,

Leider habe ich heute dummerweise eine unsichere RAR DDatei entpackt, woraufhin ich promt eine Meldung vom Defender bekam, dass Trojan:Win32/Wacatac.B!ml erkannt wurde. Dann wurde mir vorgeschlagen, die Datei in Quarantäne zu verschieben oder zu löschen. Ich versuchte es also mit löschen, woraufhin die Meldung, dass der Trojaner erkannt wurde gleich 2 mal kam. Das gleiche auch beim Versuch die Datei in Quarantäne zu schieben etc.
So hat sich eine Liste mit immer der gleichen Warnung angesammelt. Schließlich habe ich eine Systemwiederherstellung vom 14.12. durchgeführt, wodurch die Datei auch erstmal verschwunden ist. Im Windows Defender konnte ich dann alles, was in Quarantäne war auch löschen.
Nun ist aber die Frage, hatte ich nochmal Glück und der Trojaner wurde gestoppt, oder nicht. Dadurch dass er immer sofort wieder gefunden wurde, bräuchte ich da eure Hilfe.
Nach der Systemwiederherstellung habe ich natürlich eine vollständige Überprüfung durchgeführt, welche ohne Befund verlief.

Vielen Dank schonmal.

Hier die Logs:
Code:
ATTFilter
 Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
durchgeführt von vieru (Administrator) auf XXX (Micro-Star International Co., Ltd. MS-7C56) (16-12-2021 17:05:36)
Gestartet von C:\Users\vieru\Downloads
Geladene Profile: vieru
Plattform: Microsoft Windows 11 Home Version 21H2 22000.318 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Corsair Memory, Inc. -> Corsair Memory, Inc.) G:\Programme\iCue\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) G:\Programme\iCue\CorsairMsiPluginService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) G:\Programme\iCue\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) G:\Programme\iCue\iCUE.exe
(Corsair Memory, Inc. -> Corsair) G:\Programme\iCue\iCUEDevicePluginHost.exe <7>
(Electronic Arts, Inc. -> Electronic Arts) G:\Programme\Origin\OriginWebHelperService.exe
(Famatech Corp. -> Famatech Corp.) C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\vieru\AppData\Local\Microsoft\OneDrive\21.230.1107.0004\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.22000.1.0_neutral__8wekyb3d8bbwe\SecHealthUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <14>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <5>
(Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_642e50d7b66aa2a4\Display.NvContainer\NVDisplay.Container.exe <2>

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [CORSAIR iCUE 4 Software] => G:\Programme\iCue\iCUE Launcher.exe [181984 2021-10-18] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [RadminVPN] => C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe [2034560 2021-09-21] (Famatech Corp. -> Famatech Corp.)
HKU\S-1-5-21-84713171-1761078591-1079883020-1001\...\MountPoints2: {3ac06bd2-550e-11ec-96bc-826086459b17} - "E:\OnePlus_setup.exe" /s
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {028DE34F-A799-4E58-A114-2D66CC70554B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {144D1271-DD4C-4D4E-A268-2C32ED2EE5D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {371D062E-A775-48AC-9D7A-50B0AE4302ED} - System32\Tasks\Overwolf Updater Task => G:\Programme\Overwolf\OverwolfUpdater.exe [2484056 2021-11-23] (Overwolf Ltd -> Overwolf LTD)
Task: {4A1C7596-7A29-4466-A9AF-BFE78AF55026} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {51DA81A0-773F-4A12-A02F-E358334780A9} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {65516F64-C21B-4AFC-A39B-BD45ABB429A9} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {6AD7F1EA-B010-4866-9920-56F96D6A96F7} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {6EF764C9-FF56-4ABC-B336-5490BB1424AC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {735A293F-7004-46A4-896A-CB5DD8FA3F91} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A1E61CA4-3281-4B8D-978F-278F35AB8537} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {AB97E6C3-23F5-4D92-A633-53B96D669CB7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B1AA4450-EC46-4A57-ABA7-89707E937DC7} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D6CE7132-2E43-4103-9880-67F65A9CDC51} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647376 2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D8641708-1C04-469C-917B-85C180D46F8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E47A7F33-DAB3-406D-BFDC-5C511E02B987} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.53\Installer\setup.exe [2874808 2021-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBD79546-7A47-4AA6-BBA9-5FC673739F93} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF211B11-E977-44C1-9145-02246A30B9CB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339464 2021-11-24] (Nvidia Corporation -> NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{fe049c5e-05f2-4435-89cc-1ac9b3d4720a}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Profile: C:\Users\vieru\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-18]

FireFox:
========
FF DefaultProfile: 1vhis3vz.default
FF ProfilePath: C:\Users\vieru\AppData\Roaming\Mozilla\Firefox\Profiles\1vhis3vz.default [2021-10-29]
FF ProfilePath: C:\Users\vieru\AppData\Roaming\Mozilla\Firefox\Profiles\y2gzofv0.default-release [2021-12-16]
FF Extension: (AdBlocker Ultimate) - C:\Users\vieru\AppData\Roaming\Mozilla\Firefox\Profiles\y2gzofv0.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2021-12-14]
FF Extension: (EPUBReader) - C:\Users\vieru\AppData\Roaming\Mozilla\Firefox\Profiles\y2gzofv0.default-release\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2021-10-29]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2021-10-29] (BattlEye Innovations e.K. -> )
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616360 2021-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; G:\Programme\iCue\CueLLAccessService.exe [230616 2021-10-18] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairMsiPluginService; G:\Programme\iCue\CorsairMsiPluginService.exe [205024 2021-10-18] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; G:\Programme\iCue\Corsair.Service.exe [80600 2021-10-18] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 Origin Client Service; G:\Programme\Origin\OriginClientService.exe [2557656 2021-11-02] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; G:\Programme\Origin\OriginWebHelperService.exe [3476184 2021-11-02] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; G:\Programme\Overwolf\OverwolfUpdater.exe [2484056 2021-11-23] (Overwolf Ltd -> Overwolf LTD)
R2 RvControlSvc; C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe [1055104 2021-09-21] (Famatech Corp. -> Famatech Corp.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_642e50d7b66aa2a4\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_642e50d7b66aa2a4\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [180224 2021-06-05] (Microsoft Corporation) [Datei ist nicht signiert]
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60328 2021-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess5549359DA15468FB0DBD16A7F4FDD26FD461C93C; G:\Programme\iCue\CorsairLLAccess64.sys [21752 2021-09-10] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45984 2021-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21920 2021-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 cpuz152; C:\Windows\temp\cpuz152\cpuz152_x64.sys [35840 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47928 2018-04-30] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 rt68cx21; C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_83918281f99bbdde\rt68cx21x64.sys [510344 2021-10-29] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.sys [409000 2021-06-01] (Realtek Semiconductor Corp. -> Realtek)
R3 RvNetMP60; C:\Windows\System32\drivers\RvNetMP60.sys [69048 2021-09-21] (Famatech Corp. -> Famatech Corp.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-12-16 17:03 - 2021-12-16 17:05 - 000014914 _____ C:\Users\vieru\Downloads\FRST.txt
2021-12-16 17:02 - 2021-12-16 17:05 - 000000000 ____D C:\FRST
2021-12-16 16:57 - 2021-12-16 16:57 - 002311168 _____ (Farbar) C:\Users\vieru\Downloads\FRST64.exe
2021-12-16 15:24 - 2021-12-16 15:24 - 077856768 _____ C:\Windows\system32\config\SOFTWARE
2021-12-16 15:23 - 2021-12-16 15:24 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-12-16 13:13 - 2021-12-16 13:13 - 000000000 ____D C:\Users\vieru\AppData\Local\mbam
2021-12-16 13:03 - 2021-12-16 13:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-16 13:03 - 2021-12-16 13:03 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-16 12:55 - 2021-12-16 14:16 - 000000000 ____D C:\Users\vieru\AppData\Roaming\Ubisoft
2021-12-16 12:55 - 2021-12-16 12:55 - 000000000 ____D C:\Windows\SysWOW64\directx
2021-12-16 12:52 - 2021-12-16 12:52 - 000000000 ____D C:\Users\vieru\AppData\Roaming\WinRAR
2021-12-15 13:59 - 2021-12-15 13:59 - 000000000 ____D C:\Users\vieru\AppData\Local\UnrealEngineLauncher
2021-12-15 13:59 - 2021-12-15 13:59 - 000000000 ____D C:\Users\vieru\AppData\Local\UnrealEngine
2021-12-15 13:59 - 2021-12-15 13:59 - 000000000 ____D C:\Users\vieru\AppData\Local\EpicGamesLauncher
2021-12-15 13:59 - 2021-12-15 13:59 - 000000000 ____D C:\Users\vieru\AppData\Local\Epic Games
2021-12-15 13:58 - 2021-12-15 13:58 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-12-15 13:57 - 2021-12-15 14:00 - 000000000 ____D C:\ProgramData\Epic
2021-12-15 13:56 - 2021-12-15 13:56 - 000000000 ___HD C:\$WinREAgent
2021-12-11 15:09 - 2021-12-11 15:10 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-84713171-1761078591-1079883020-1001
2021-12-11 14:25 - 2021-12-11 15:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-12-07 11:00 - 2021-12-07 11:00 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-12-03 16:53 - 2021-11-26 20:16 - 000038016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2021-12-03 16:08 - 2021-11-27 18:08 - 001874648 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-12-03 16:08 - 2021-11-27 18:08 - 001874648 _____ C:\Windows\system32\vulkaninfo.exe
2021-12-03 16:08 - 2021-11-27 18:08 - 001466808 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-12-03 16:08 - 2021-11-27 18:08 - 001450200 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-12-03 16:08 - 2021-11-27 18:08 - 001450200 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-12-03 16:08 - 2021-11-27 18:08 - 001206400 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-12-03 16:08 - 2021-11-27 18:08 - 001111272 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-12-03 16:08 - 2021-11-27 18:08 - 001111272 _____ C:\Windows\system32\vulkan-1.dll
2021-12-03 16:08 - 2021-11-27 18:08 - 000966416 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-12-03 16:08 - 2021-11-27 18:08 - 000966416 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-12-03 16:08 - 2021-11-27 18:05 - 000802232 _____ C:\Windows\system32\nvofapi64.dll
2021-12-03 16:08 - 2021-11-27 18:05 - 000658360 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-12-03 16:08 - 2021-11-27 18:05 - 000636856 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-12-03 16:08 - 2021-11-27 18:04 - 002116536 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-12-03 16:08 - 2021-11-27 18:04 - 001599416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-12-03 16:08 - 2021-11-27 18:04 - 001523328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-12-03 16:08 - 2021-11-27 18:04 - 001172608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-12-03 16:08 - 2021-11-27 18:04 - 000981120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-12-03 16:08 - 2021-11-27 18:04 - 000795104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-12-03 16:08 - 2021-11-27 18:04 - 000707712 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-12-03 16:08 - 2021-11-27 18:04 - 000678328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-12-03 16:08 - 2021-11-27 18:04 - 000564352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-12-03 16:08 - 2021-11-27 18:03 - 008725928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-12-03 16:08 - 2021-11-27 18:03 - 007845816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-12-03 16:08 - 2021-11-27 18:03 - 005728384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2021-12-03 16:08 - 2021-11-27 18:03 - 004938880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-12-03 16:08 - 2021-11-27 18:03 - 002850432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-12-03 16:08 - 2021-11-27 18:03 - 000452208 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-12-03 16:08 - 2021-11-27 18:02 - 000849016 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-12-03 16:08 - 2021-11-27 18:01 - 006434528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-12-03 16:08 - 2021-11-26 20:16 - 000085718 _____ C:\Windows\system32\nvinfo.pb
2021-12-02 14:04 - 2021-12-02 14:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2021-11-22 19:34 - 2021-11-22 19:34 - 000000783 _____ C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2021-11-21 18:12 - 2021-12-11 14:20 - 000004782 _____ C:\Windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2021-11-21 18:12 - 2021-11-21 18:12 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-11-20 13:29 - 2021-11-20 13:29 - 000000306 __RSH C:\ProgramData\ntuser.pol
2021-11-20 13:29 - 2021-11-20 13:29 - 000000000 ____D C:\Users\vieru\usb_driver
2021-11-20 13:29 - 2021-11-20 13:29 - 000000000 ____D C:\Program Files\DIFX
2021-11-20 13:29 - 2018-04-30 13:53 - 000099128 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusbK.dll
2021-11-20 13:29 - 2018-04-30 13:53 - 000084280 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusbK.dll
2021-11-20 13:29 - 2018-04-30 13:53 - 000076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2021-11-20 13:29 - 2018-04-30 13:53 - 000067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2021-11-20 13:29 - 2018-04-30 13:53 - 000047928 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusbK.sys
2021-11-20 13:28 - 2021-11-22 20:00 - 000000000 ____D C:\Users\vieru\AppData\Roaming\TegraRcmGUI
2021-11-20 13:28 - 2021-11-20 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TegraRcmGUI
2021-11-19 12:57 - 2021-11-19 12:57 - 000000000 ____D C:\Users\vieru\OneDrive\Dokumente\The Witcher 3
2021-11-19 12:57 - 2021-11-19 12:57 - 000000000 ____D C:\Users\vieru\OneDrive\Dokumente\Frontier Developments
2021-11-19 12:57 - 2020-03-11 19:50 - 000595042 _____ C:\Users\vieru\OneDrive\Dokumente\Kolloquium .pptx
2021-11-19 12:57 - 2019-12-03 07:37 - 000456973 _____ C:\Users\vieru\OneDrive\Dokumente\Bachelorarbeit .pdf
2021-11-19 12:56 - 2021-11-29 19:28 - 000000000 ____D C:\Users\vieru\OneDrive\Dokumente\Anno 1800
2021-11-19 12:56 - 2021-11-19 12:57 - 000000000 ____D C:\Users\vieru\OneDrive\Dokumente\ArduinoData
2021-11-19 12:55 - 2021-11-19 12:56 - 000000000 ____D C:\Users\vieru\OneDrive\Dokumente\Arduino

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-12-16 16:58 - 2021-10-29 17:19 - 000000000 ____D C:\ProgramData\Mozilla
2021-12-16 16:58 - 2021-06-05 12:33 - 000000000 ___RD C:\Users\vieru\OneDrive
2021-12-16 16:57 - 2021-10-29 17:19 - 000000000 ____D C:\Users\vieru\AppData\LocalLow\Mozilla
2021-12-16 16:56 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\AppReadiness
2021-12-16 16:56 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-16 16:56 - 2021-06-05 12:27 - 000000000 ____D C:\ProgramData\NVIDIA
2021-12-16 15:31 - 2021-06-05 18:53 - 000719320 _____ C:\Windows\system32\perfh007.dat
2021-12-16 15:31 - 2021-06-05 18:53 - 000148436 _____ C:\Windows\system32\perfc007.dat
2021-12-16 15:31 - 2021-06-05 13:09 - 000000000 ____D C:\Windows\INF
2021-12-16 15:31 - 2021-06-05 12:28 - 001659148 _____ C:\Windows\system32\PerfStringBackup.INI
2021-12-16 15:24 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemTemp
2021-12-16 15:24 - 2021-06-05 12:22 - 000012288 ___SH C:\DumpStack.log.tmp
2021-12-16 15:24 - 2021-06-05 12:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-12-16 15:24 - 2021-06-05 12:22 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-12-16 15:22 - 2021-06-05 13:01 - 000524288 _____ C:\Windows\system32\config\BBI
2021-12-16 15:18 - 2021-06-05 12:31 - 000000000 ____D C:\Users\vieru\AppData\Local\D3DSCache
2021-12-16 14:10 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\ServiceState
2021-12-16 14:10 - 2021-06-05 12:28 - 000000000 ____D C:\Users\vieru
2021-12-16 14:09 - 2021-11-01 14:36 - 000000000 ____D C:\Users\vieru\AppData\Roaming\discord
2021-12-16 14:09 - 2021-11-01 14:31 - 000000000 ____D C:\Users\vieru\AppData\Local\Overwolf
2021-12-16 14:09 - 2021-10-29 17:26 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-16 14:09 - 2021-10-29 17:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-12-16 14:09 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemResources
2021-12-16 14:09 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\oobe
2021-12-16 14:09 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\DiagTrack
2021-12-16 14:09 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\bcastdvr
2021-12-16 14:05 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-16 14:05 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\registration
2021-12-16 14:04 - 2021-10-30 08:31 - 000000000 ____D C:\ProgramData\Origin
2021-12-16 14:04 - 2021-10-29 17:26 - 000000000 ____D C:\Users\vieru\AppData\Local\NVIDIA Corporation
2021-12-16 14:04 - 2021-06-05 13:01 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-12-16 12:39 - 2021-06-05 12:22 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-12-15 14:15 - 2021-10-29 17:36 - 000000000 ____D C:\Users\vieru\AppData\Local\Ubisoft Game Launcher
2021-12-15 13:58 - 2021-06-05 13:01 - 000000000 ____D C:\Windows\CbsTemp
2021-12-14 18:13 - 2021-06-05 12:31 - 000000000 ____D C:\Users\vieru\AppData\Local\Packages
2021-12-14 18:13 - 2021-06-05 12:27 - 000000000 ____D C:\ProgramData\Packages
2021-12-14 16:21 - 2021-10-30 10:44 - 000000000 ____D C:\Users\vieru\OneDrive\Dokumente\My Games
2021-12-11 15:15 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\LiveKernelReports
2021-12-11 15:12 - 2021-06-05 12:27 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-12-11 15:10 - 2021-06-05 12:33 - 000003360 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-84713171-1761078591-1079883020-1001
2021-12-11 15:10 - 2021-06-05 12:33 - 000002395 _____ C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-11 15:09 - 2021-10-29 17:19 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-12-11 15:09 - 2021-10-29 17:19 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-12-11 14:20 - 2021-06-05 12:22 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-11 14:20 - 2021-06-05 12:22 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-10 15:09 - 2021-06-05 12:22 - 000003700 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-10 15:09 - 2021-06-05 12:22 - 000003576 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-04 15:27 - 2021-10-29 17:26 - 000000000 ____D C:\Users\vieru\AppData\Local\NVIDIA
2021-12-02 14:01 - 2021-11-01 14:48 - 000000000 ____D C:\Users\vieru\AppData\Roaming\Corsair
2021-12-01 18:34 - 2021-10-29 17:26 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 18:34 - 2021-10-29 17:26 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 18:34 - 2021-10-29 17:26 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 18:34 - 2021-10-29 17:26 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 18:34 - 2021-10-29 17:26 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 18:34 - 2021-10-29 17:26 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 18:34 - 2021-10-29 17:26 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 18:34 - 2021-10-29 17:26 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 18:34 - 2021-10-29 17:26 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-12-01 18:34 - 2021-10-29 17:26 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2021-12-01 18:34 - 2021-10-29 17:26 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-12-01 18:34 - 2021-06-05 12:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-11-29 20:33 - 2021-10-30 08:31 - 000000000 ____D C:\Users\vieru\AppData\Roaming\Origin
2021-11-29 17:19 - 2021-10-30 08:31 - 000000000 ____D C:\Users\vieru\AppData\Local\Origin
2021-11-28 17:33 - 2021-10-31 15:58 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-11-27 18:02 - 2021-06-05 12:27 - 007582680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-11-27 12:16 - 2021-11-01 14:36 - 000000000 ____D C:\Users\vieru\AppData\Local\Discord
2021-11-26 20:16 - 2021-06-05 12:27 - 000125568 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2021-11-23 08:27 - 2021-10-29 17:26 - 002849992 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2021-11-23 08:27 - 2021-10-29 17:26 - 002195656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2021-11-23 08:27 - 2021-10-29 17:26 - 001294032 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2021-11-20 13:29 - 2021-06-05 13:10 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-11-16 19:36 - 2021-10-29 17:26 - 000001951 _____ C:\Windows\NvContainerRecovery.bat

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2021-10-29 18:18 - 2021-10-29 18:18 - 000007606 _____ () C:\Users\vieru\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-12-2021
durchgeführt von vieru (16-12-2021 17:05:58)
Gestartet von C:\Users\vieru\Downloads
Microsoft Windows 11 Home Version 21H2 22000.318 (X64) (2021-06-05 11:23:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-84713171-1761078591-1079883020-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-84713171-1761078591-1079883020-503 - Limited - Disabled)
Gast (S-1-5-21-84713171-1761078591-1079883020-501 - Limited - Disabled)
vieru (S-1-5-21-84713171-1761078591-1079883020-1001 - Administrator - Enabled) => C:\Users\vieru
WDAGUtilityAccount (S-1-5-21-84713171-1761078591-1079883020-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version:  - Ubisoft)
Assassin's Creed Valhalla (HKLM-x32\...\Uplay Install 13504) (Version:  - Ubisoft)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.64.43202 - Electronic Arts)
CORSAIR iCUE 4 Software (HKLM\...\{1141E485-63AD-48C1-9B16-36D593C56D08}) (Version: 4.17.244 - Corsair)
CurseForge (HKU\S-1-5-21-84713171-1761078591-1079883020-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.186.1.6 - Overwolf app)
Discord (HKU\S-1-5-21-84713171-1761078591-1079883020-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Eclipse Temurin JDK mit Hotspot 11.0.13+8 (x64) (HKLM\...\{F0BD6505-B511-4E4D-8A67-48F6E3186076}) (Version: 11.0.13.8 - Eclipse Adoptium)
Far Cry 6 (HKLM-x32\...\Uplay Install 5266) (Version:  - Ubisoft)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.53 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.53 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-84713171-1761078591-1079883020-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2FA9DAAC-895B-4E99-99D9-DC2965FBE79C}) (Version: 2.87.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 95.0 (x64 de)) (Version: 95.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.2.1 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 91.2.1 (x64 de)) (Version: 91.2.1 - Mozilla)
NVIDIA FrameView SDK 1.2.4999.30397803 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.4999.30397803 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.123 - NVIDIA Corporation)
NVIDIA Grafiktreiber 497.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 497.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.94 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.107.49426 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.185.0.12 - Overwolf Ltd.)
Radmin VPN 1.1.16 (HKLM-x32\...\{FB7B9E4A-3626-4143-856B-A28BB0789255}) (Version: 1.1.4395 - Famatech)
TegraRcmGUI (HKLM-x32\...\{FD7196C9-BD86-4736-AF9D-7CFCB9E03E67}) (Version: 2.6.0 - eliboa) Hidden
TegraRcmGUI (HKLM-x32\...\TegraRcmGUI 2.6.0) (Version: 2.6.0 - eliboa)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 127.1.10616 - Ubisoft)
Watch Dogs Legion (HKLM-x32\...\Uplay Install 3353) (Version:  - Ubisoft)
Windows-Treiberpaket - libusbK Nintendo Switch APX Mode (04/27/2014 3.0.7.0) (HKLM\...\5C4BD94286C931BB5D47200B4AF1D1B99B3C08AB) (Version: 04/27/2014 3.0.7.0 - libusbK)

Packages:
=========
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.22.1.0_x64__6rarf9sa4v8jt [2021-12-16] (Disney)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-16] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-12-16] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0 [2021-12-16] (Spotify AB) [Startup Task]
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-12-16] (New Work SE)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_642e50d7b66aa2a4\nvshext.dll [2021-11-27] (Nvidia Corporation -> NVIDIA Corporation)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2021-09-08 13:44 - 2021-09-08 13:44 - 000090112 _____ (Silicon Laboratories, Inc.) [Datei ist nicht signiert] G:\Programme\iCue\SiUSBXp.dll
2021-10-30 09:03 - 2021-10-30 09:03 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] G:\Programme\Origin\LIBEAY32.dll
2021-10-30 09:03 - 2021-10-30 09:03 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] G:\Programme\Origin\ssleay32.dll
2021-10-30 09:03 - 2021-10-30 09:03 - 001611264 _____ (The Qt Company Ltd) [Datei ist nicht signiert] G:\Programme\Origin\platforms\qwindows.dll
2021-11-27 09:34 - 2021-10-30 09:03 - 005487104 _____ (The Qt Company Ltd) [Datei ist nicht signiert] G:\Programme\Origin\Qt5Core.dll
2021-11-27 09:34 - 2021-10-30 09:03 - 005841920 _____ (The Qt Company Ltd) [Datei ist nicht signiert] G:\Programme\Origin\Qt5Gui.dll
2021-11-27 09:34 - 2021-10-30 09:03 - 001179136 _____ (The Qt Company Ltd) [Datei ist nicht signiert] G:\Programme\Origin\Qt5Network.dll
2021-11-27 09:34 - 2021-10-30 09:03 - 000146432 _____ (The Qt Company Ltd) [Datei ist nicht signiert] G:\Programme\Origin\Qt5WebSockets.dll
2021-11-27 09:34 - 2021-10-30 09:03 - 005089792 _____ (The Qt Company Ltd) [Datei ist nicht signiert] G:\Programme\Origin\Qt5Widgets.dll
2021-11-27 09:34 - 2021-10-30 09:03 - 000184832 _____ (The Qt Company Ltd) [Datei ist nicht signiert] G:\Programme\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========


==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Eclipse Adoptium\jdk-11.0.13.8-hotspot\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-84713171-1761078591-1079883020-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img19.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\Run32: => "RadminVPN"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{F7A6B0BD-6156-425A-AC9E-FA9759194AE8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6DEA5C5B-45D8-46CD-96AE-7396CEF7622E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C27BC165-71F8-4580-9912-79B79E0DA5DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{84A3162E-D9A6-4EF5-BAF1-D05B02854742}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CC703A46-BE6B-45EF-811E-186589712D39}] => (Allow) D:\Spiele\Ubisoft Game Launcher\games\Watch Dogs Legion\bin\WatchDogsLegion.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{F841A73F-CC16-4A94-9E7C-3AB88231709C}] => (Allow) D:\Spiele\Ubisoft Game Launcher\games\Watch Dogs Legion\bin\WatchDogsLegion.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [TCP Query User{6999F9EE-7B71-4CF0-9DBE-7B5659C88420}C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (1)\runtime\temurin-8-windows-x64\bin\java.exe] => (Allow) C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (1)\runtime\temurin-8-windows-x64\bin\java.exe => Keine Datei
FirewallRules: [UDP Query User{DF2E089D-C05F-435E-A103-57D9035614B6}C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (1)\runtime\temurin-8-windows-x64\bin\java.exe] => (Allow) C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (1)\runtime\temurin-8-windows-x64\bin\java.exe => Keine Datei
FirewallRules: [{61C921F8-6B44-499F-B5E2-B63D327DAD2B}] => (Allow) C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe (Famatech Corp. -> Famatech Corp.)
FirewallRules: [{0CCA3533-36E5-4B4F-9571-1881CAA00C86}] => (Allow) D:\Spiele\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{E132D95A-B0DB-431F-ADA7-FB8A71625C7F}] => (Allow) D:\Spiele\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{9DE490AB-FA3B-46B6-B367-37E9B577CA46}] => (Allow) D:\Spiele\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [Datei ist nicht signiert]
FirewallRules: [{792EA133-5CCD-4C9B-8A39-EBE89ABFC370}] => (Allow) D:\Spiele\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{B885BF0E-A4B0-48AC-9223-F967D09BE8DB}C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (2)\runtime\temurin-8-windows-x64\bin\java.exe] => (Allow) C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (2)\runtime\temurin-8-windows-x64\bin\java.exe
FirewallRules: [UDP Query User{42302BFD-69AD-43ED-8AD2-FBBEF424BCC1}C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (2)\runtime\temurin-8-windows-x64\bin\java.exe] => (Allow) C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (2)\runtime\temurin-8-windows-x64\bin\java.exe
FirewallRules: [TCP Query User{AF74E97E-6682-4E5E-BFA4-B106056242C4}C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (3)\runtime\temurin-8-windows-x64\bin\java.exe] => (Allow) C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (3)\runtime\temurin-8-windows-x64\bin\java.exe
FirewallRules: [UDP Query User{8DE3B77A-FD21-45C2-8645-B4D96CAA2F11}C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (3)\runtime\temurin-8-windows-x64\bin\java.exe] => (Allow) C:\users\vieru\curseforge\minecraft\instances\better minecraft [plus] (3)\runtime\temurin-8-windows-x64\bin\java.exe
FirewallRules: [TCP Query User{7495DF8B-022F-4528-B1D0-7C18B131CF14}G:\backup\switch\nut\nut.exe] => (Block) G:\backup\switch\nut\nut.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{4DC164BB-750D-4E2A-ACA2-46B069ADC97C}G:\backup\switch\nut\nut.exe] => (Block) G:\backup\switch\nut\nut.exe () [Datei ist nicht signiert]
FirewallRules: [{254B4BF6-B6A7-4486-A820-6BE598535D16}] => (Allow) D:\Spiele\Ubisoft Game Launcher\games\Anno 1800\Bin\Win64\Anno1800.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [{4AA2BB2F-5445-44ED-B56B-E54BF24D3AB7}] => (Allow) G:\Programme\Overwolf\0.184.0.35\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{492BAC42-E539-424E-81F6-5F205CCF4FB0}] => (Allow) G:\Programme\Overwolf\0.184.0.35\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{42CCEC80-2FA7-46C8-BE9A-25E82A115ACF}] => (Block) G:\Programme\Overwolf\0.184.0.35\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{8CD81162-7A37-4768-9BDE-B0EDBD34FA5D}] => (Block) G:\Programme\Overwolf\0.184.0.35\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{153E6D96-34A7-49AE-82BF-330D138558B0}] => (Allow) G:\Programme\Overwolf\0.185.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{21F065C6-A83F-43F5-9F35-B8FA7A9D88BA}] => (Allow) G:\Programme\Overwolf\0.185.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{67CE84F0-11F9-45C6-BFE5-F53329E6B796}] => (Block) G:\Programme\Overwolf\0.185.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F99093AD-77D0-4ED3-B4DD-4BBD6E0EA68B}] => (Block) G:\Programme\Overwolf\0.185.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{1404E703-872F-45B8-A506-919F6A8BB5B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6B9AA935-7A87-4BD5-AFB8-42791519240B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E9C96C77-F2B5-497E-8061-9C87271247B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9219C2B7-762B-401E-8ADD-F0F78C9681CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9489CDE3-7AF4-4C69-8FFA-A5D139D51723}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21323.200.1078.109_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7095F45D-A652-4DFD-BB7A-D04C53B34990}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21323.200.1078.109_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{31EE6B3A-5F16-4A57-B667-61C66359793F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A740363F-C5E1-4731-B748-81F206856FE1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{81BC1A7F-E32C-49B0-862C-02F016200037}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CDC7F4A9-4F97-413D-BC8A-40AEF46EDFCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{66059B8D-0719-4AD6-A98E-5912BFFC931D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D9E414B2-8DA1-42C3-A8A0-ED6AE395842C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E4138983-DF31-49C1-A185-332C1D22616C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{50CCC78C-3B16-4736-8108-7BA3DEB76D69}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F7A032BB-9C12-4F12-A77F-4D7FBC944C4E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

02-12-2021 14:02:15 Installed CORSAIR iCUE 4 Software
03-12-2021 15:06:10 Windows Modules Installer
11-12-2021 14:45:32 Geplanter Prüfpunkt
14-12-2021 16:21:27 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913
16-12-2021 14:03:53 Wiederherstellungsvorgang

==================== Fehlerhafte Geräte im Gerätemanager ============


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (12/16/2021 03:24:57 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\USER$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Methode: GET(0ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (12/16/2021 03:24:57 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Methode: GET(16ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (12/16/2021 03:08:41 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (12/16/2021 03:08:41 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/16/2021 02:17:47 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (12/16/2021 02:17:47 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/16/2021 02:10:41 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\USER$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Methode: GET(15ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (12/16/2021 02:10:41 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Methode: GET(62ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)


Systemfehler:
=============
Error: (12/16/2021 04:56:31 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{152FE878-77D4-4650-BB14-B68FD3693DB8} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (12/16/2021 02:04:14 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1115" in DCOM, als der Dienst "wuauserv" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/16/2021 02:04:14 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1115" in DCOM, als der Dienst "wuauserv" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/16/2021 02:04:14 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1115" in DCOM, als der Dienst "wuauserv" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/16/2021 01:37:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NMPJ99VJBWV-Microsoft.YourPhone

Error: (12/16/2021 01:36:53 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{FE049C5E-05F2-4435-89CC-1AC9B3D4720A} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (12/16/2021 01:10:35 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{FE049C5E-05F2-4435-89CC-1AC9B3D4720A} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (12/16/2021 12:38:49 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{FE049C5E-05F2-4435-89CC-1AC9B3D4720A} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.


Windows Defender:
================
Date: 2021-12-16 14:45:06
Description: 
N/A

Date: 2021-12-16 14:27:08
Description: 
N/A

Date: 2021-12-16 13:35:43
Description: 
N/A

Date: 2021-12-16 13:16:03
Description: 
N/A

Date: 2021-12-16 13:13:27
Description: 
N/A
Event[0]

Date: 2021-12-16 15:35:03
Description: 
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 
%Vorherige Version der Sicherheitsinformationen: 1.355.292.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 
%Vorherige Modulversion: 1.1.18800.4
Fehlercode: 0x80240438
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".  ਍

Date: 2021-12-16 14:20:53
Description: 
N/A

Date: 2021-12-16 14:10:38
Description: 
N/A

Date: 2021-12-16 13:25:56
Description: 
N/A

Date: 2021-11-09 18:49:27
Description: 
N/A

CodeIntegrity:
===============
Date: 2021-12-16 13:13:41
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ਍


==================== Speicherinformationen =========================== 

BIOS: American Megatrends International, LLC. 1.83 09/24/2021
Hauptplatine: Micro-Star International Co., Ltd. MPG B550 GAMING PLUS (MS-7C56)
Prozessor: AMD Ryzen 5 5600X 6-Core Processor 
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 32694.09 MB
Verfügbarer physikalischer RAM: 26409.64 MB
Summe virtueller Speicher: 45494.09 MB
Verfügbarer virtueller Speicher: 37759.13 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:930.8 GB) (Free:842.52 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.5 GB) (Free:528.33 GB) NTFS
Drive g: (Spiele) (Fixed) (Total:638.54 GB) (Free:372.53 GB) NTFS

\\?\Volume{9c070234-8ebf-4d12-af8e-b19f030d70f4}\ () (Fixed) (Total:0.6 GB) (Free:0.08 GB) NTFS
\\?\Volume{8582f9d2-0000-0000-0000-e01c49000000}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{60bcb75e-361e-4638-92fa-8cf2cb773a9a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8582F9D2)
Partition 1: (Not Active) - (Size=292.5 GB) - (Type=42)
Partition 2: (Not Active) - (Size=531 MB) - (Type=27)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=42)

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt =======================
         
Code:
ATTFilter
 Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 11-12-2021
durchgeführt von vieru (16-12-2021 17:06:21)
Gestartet von C:\Users\vieru\Downloads
Start-Modus: Normal

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk -> G:\Programme\Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TegraRcmGUI\TegraRcmGUI.lnk -> G:\Programme\Tegra RCM\TegraRcmGUI.exe (eliboa)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radmin VPN\Radmin Viewer 3.lnk -> C:\Program Files (x86)\Radmin VPN\Radmin.exe (Famatech Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin deinstallieren.lnk -> G:\Programme\Origin\OriginUninstall.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Fehlermeldungs-Hilfe.lnk -> G:\Programme\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> G:\Programme\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield™ V\Battlefield™ V.lnk -> D:\Spiele\Battlefield V\bfv.exe (EA Digital Illusions CE AB)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield™ V\Electronic Arts-Nutzervereinbarung.lnk -> D:\Spiele\Battlefield V\Support\User Agreement\de_DE.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield™ V\Kundendienst.lnk -> D:\Spiele\Battlefield V\Support\EA Help\Kundendienst.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Corsair\iCUE.lnk -> G:\Programme\iCue\iCUE.exe (Corsair Memory, Inc.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Windows Terminal.lnk -> Tile and icon assets
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Windows Terminal.lnk -> Tile and icon assets
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Battlefield™ V.lnk -> D:\Spiele\Battlefield V\bfv.exe (EA Digital Illusions CE AB)
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Thunderbird.lnk -> G:\Programme\Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Origin.lnk -> G:\Programme\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\vieru\Links\Desktop.lnk -> C:\Users\vieru\OneDrive\Desktop ()
Shortcut: C:\Users\vieru\Links\Downloads.lnk -> C:\Users\vieru\Downloads ()
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\vieru\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk -> G:\Programme\Tor\Browser\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Ubisoft Connect\Ubisoft Connect.lnk -> D:\Spiele\Ubisoft Game Launcher\UbisoftConnect.exe (Ubisoft)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Ubisoft Connect\Uninstall.lnk -> D:\Spiele\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\vieru\AppData\Local\NVIDIA Corporation\Shield Apps\Anno1800.lnk -> D:\Spiele\Ubisoft Game Launcher\games\Anno 1800\Bin\Win64\Anno1800.exe (Ubisoft)
Shortcut: C:\Users\vieru\AppData\Local\NVIDIA Corporation\Shield Apps\FarCry6.lnk -> D:\Spiele\Ubisoft Game Launcher\games\Far Cry 6\bin\FarCry6.exe (Ubisoft Entertainment)
Shortcut: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Windows Terminal.lnk -> Tile and icon assets
Shortcut: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Windows Terminal.lnk -> Tile and icon assets
Shortcut: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radmin VPN\Radmin VPN.lnk -> C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe (Famatech Corp.) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAbout
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\CurseForge.lnk -> G:\Programme\Overwolf\OverwolfLauncher.exe (Overwolf Ltd.) -> -launchapp cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj -from-startmenu
ShortcutWithArgument: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Overwolf.lnk -> G:\Programme\Overwolf\OverwolfLauncher.exe (Overwolf Ltd.) -> -from-desktop
ShortcutWithArgument: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk -> C:\Users\vieru\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\vieru\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAbout
ShortcutWithArgument: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\vieru\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\Users\vieru\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

==================== Ende vom Shortcut.txt =============================
         

Alt 16.12.2021, 22:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Standard

Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.



Zitat:
eine unsichere RAR DDatei entpackt
Was soll denn diese unkonkrete Angabe? Wenn du nicht genau nennst, was das für eine Datei war, kann niemand auch nur irgendein Statement dazu abgeben wie es mit dem Risiko aussieht.

Davon ab, du schreibst ja selbst, ass du die Datei nur entpackt aber nicht ausgeführt hast. Dann noch eine Systemwiederherstellerung. Warum also vorher eine Leichtsinnigkeit und dann jetzt so eine Panik?
__________________

__________________

Alt 17.12.2021, 09:50   #3
ViErus0815
 
Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Standard

Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.



Hallo Cosinus,

Es sollte ein Crack für Anno 2070 sein. Ich besitze das Spiel eigentlich, jedoch über den Account den sich mein Bruder und ich früher geteilt haben. Damit ich das Spiel also nicht immer über seinen Account starten musste, dachte ich es wäre "einfacher" das Spiel von Uplay zu trennen.
Die RAR war Passwort geschützt und enthielt eine .exe Datei namens "Activate". Ich fand das schon verdächtig, dachte aber eben entpacken und auf Viren Scannen bestätigt meinen Verdacht. Dann kam ja auch nach dem Entpacken direkt die Warnung, ohne dass ich die Datei ausgeführt habe.
Was mich verunsichert ist die Reaktion des Defenders, dass er die Datei wohl immer wieder löschen wollte, sie aber sofort wieder als neue Bedrohung auftauchte. Daher frage ich mich, ob die Datei durch das entpacken schon Schaden verursachen konnte oder eben nicht.
__________________

Alt 17.12.2021, 15:23   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Standard

Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.



Durch Entpacken allein entsteht kein Schaden.
__________________
Logs bitte immer in CODE-Tags posten

Alt 17.12.2021, 15:30   #5
ViErus0815
 
Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Standard

Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.



Okay danke, das beruhigt mich. Kannst du dir denn das beschriebene Verhalten vom Defender erklären? Ich habe insgesamt 13 mal die Meldung der Bedrohung bekommen, dass eine Bedrohung festgestellt wurde, immer nach dem Klick auf "Quarantäne" oder "Löschen" direkt wieder eine.
Jetzt steht 12 mal "Bedrohung wurde entfernt" und ein mal "Wartung unvollständig" in meinem Schutzverlauf.


Alt 17.12.2021, 15:37   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Standard

Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.



Dazu kann man wenig sagen. In den Logs tauchen ja keine Funde mehr vom WD auf. Oder hab ich was an den Augen?
__________________
--> Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.

Alt 17.12.2021, 15:59   #7
ViErus0815
 
Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Standard

Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.



Ne, zumindest nicht in denen von FRST, jedoch aber im Defender Log. Vielleicht hilft das weiter?

Code:
ATTFilter
2021-12-16T11:59:45.381Z [Cloud] End of cloud request.
2021-12-16T11:59:45.406Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T11:59:45.407Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T11:59:45.433Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T11:59:45.451Z SDN:Issuing SDN query for \\?\C:\Users\vieru\Downloads\Activate-it.exe (\\?\C:\Users\vieru\Downloads\Activate-it.exe) (sha1=9752ab4c2fee84880708ea9f8340ef671f52accb, sha2=c04b66f2274a84268dc7c7e7b9e98f706fa9ff1a1f1726c2f822115e2d8f2378)
2021-12-16T11:59:45.451Z [Cloud] SubmitReport(CMpSpyDssContext), ShouldSendEvenOnPaidNetworks: 1
2021-12-16T11:59:45.452Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T11:59:45.452Z [Cloud] Queued cloud request.
2021-12-16T11:59:45.452Z [Cloud] MpEngineCloudRequest(). hr = 0
2021-12-16T11:59:45.452Z [Cloud] Dequeued cloud request.
2021-12-16T11:59:45.452Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T11:59:45.534Z SDN:SDN query completed: 00000000
2021-12-16T11:59:45.534Z [Cloud] End of cloud request.
Begin Resource Scan
Scan ID:{061AEC04-DB03-410B-A6AE-873763007AE6}
Scan Source:3
Start Time:12-16-2021 12:59:45
End Time:12-16-2021 12:59:45
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T11:59:45.538Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T11:59:45.538Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T11:59:45.538Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4868 milliseconds. 1 detections to be cleaned.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T11:59:48.086Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T11:59:48.097Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T11:59:48.124Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{3F4DCAF1-5BE8-482F-B1A3-58298E746EA4}
Scan Source:3
Start Time:12-16-2021 12:59:48
End Time:12-16-2021 12:59:48
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T11:59:50.421Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T11:59:50.449Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{9B0029F4-2CC8-458E-BF21-BB9A1EA73BEF}
Scan Source:6
Start Time:12-16-2021 12:59:50
End Time:12-16-2021 12:59:50
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T11:59:50.490Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T11:59:52.470Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:52.471Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T11:59:52.471Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:54.483Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:54.484Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T11:59:54.484Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:56.500Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:56.500Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T11:59:56.501Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:59.787Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
Begin Resource Scan
Scan ID:{8F5733EE-5A0B-4E49-9BF4-3F736C75B271}
Scan Source:6
Start Time:12-16-2021 12:59:50
End Time:12-16-2021 12:59:59
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:00:00.068Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:00.076Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:00:00.076Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:00.076Z [Cloud] Queued cloud request.
2021-12-16T12:00:00.076Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:00:00
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:00:00
Result:0
2021-12-16T12:00:00.076Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:00:00.084Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:00.134Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:00.134Z [Cloud] End of cloud request.
2021-12-16T12:00:02.089Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:02.089Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:02.090Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:00:05.431Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:05.431Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:05.459Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{7FC2E7B4-978D-4E8C-A007-2BFE5DCCF364}
Scan Source:3
Start Time:12-16-2021 13:00:05
End Time:12-16-2021 13:00:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T12:00:05.474Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:05.474Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:00:05.474Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4957 milliseconds. 1 detections to be cleaned.
2021-12-16T12:00:10.443Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:10.470Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{2A6FA2F6-8B46-4E75-8ABE-7C10728E5019}
Scan Source:6
Start Time:12-16-2021 13:00:10
End Time:12-16-2021 13:00:10
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:10.513Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:11.832Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
2021-12-16T12:00:12.492Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:12.493Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:12.493Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:14.886Z [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build.
2021-12-16T12:00:14.886Z [SFC] System file cache build is not needed (already completed)
Begin Resource Scan
Scan ID:{B31B23D1-CDAF-4C20-AEE7-D353CCFBDB81}
Scan Source:6
Start Time:12-16-2021 13:00:10
End Time:12-16-2021 13:00:15
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:00:15.761Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:15.763Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:00:15.763Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:15.763Z [Cloud] Queued cloud request.
2021-12-16T12:00:15.763Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:00:15
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:00:15
Result:0
2021-12-16T12:00:15.763Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:00:15.772Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:15.901Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:15.901Z [Cloud] End of cloud request.
2021-12-16T12:00:16.988Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:00:17.020Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:17.020Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:17.049Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{1E096C92-46D6-4392-9C4C-90FF5D479BD3}
Scan Source:3
Start Time:12-16-2021 13:00:17
End Time:12-16-2021 13:00:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T12:00:17.064Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:17.064Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:00:17.064Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4955 milliseconds. 1 detections to be cleaned.
2021-12-16T12:00:17.777Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:17.777Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:17.778Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:19.065Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Internal signature match:subtype=Lowfi, sigseq=0x000010803F8A68B6, sigsha=0d3673bb431352020de83988c86b361fcdaf017f, cached=false, source=0, resourceid=0xe2f95ec7
Internal signature match:subtype=Lowfi, sigseq=0x00001080E79BF4F0, sigsha=3b6774368da489b60074063fce18866057be36d3, cached=false, source=0, resourceid=0xe2f95ec7
2021-12-16T12:00:22.032Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:22.058Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{287749D1-A954-4E34-9BE8-5342B892DF6F}
Scan Source:6
Start Time:12-16-2021 13:00:22
End Time:12-16-2021 13:00:22
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:22.101Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:24.081Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:24.082Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:24.083Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{28C581ED-B4F2-4F57-9871-6F3895B59825}
Scan Source:6
Start Time:12-16-2021 13:00:22
End Time:12-16-2021 13:00:27
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:00:27.434Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:27.436Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:00:27.436Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:27.436Z [Cloud] Queued cloud request.
2021-12-16T12:00:27.436Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:00:27
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:00:27
Result:0
2021-12-16T12:00:27.437Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:00:27.445Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:27.523Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:27.523Z [Cloud] End of cloud request.
2021-12-16T12:00:29.450Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:29.450Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:29.451Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:30.106Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:30.125Z DETECTIONEVENT MPSOURCE_SYSTEM Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:30.126Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
Begin Resource Scan
Scan ID:{3C3E0C60-0861-4EAF-9540-541D689A4DFD}
Scan Source:10
Start Time:12-16-2021 13:00:30
End Time:12-16-2021 13:00:30
Explicit resource to scan
Resource Schema:samplefileremediationcheckpoint
Resource Path:D719C219E3C8EE8BB4ACB8A02ED0A374
Result Count:2
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
Unknown File
Identifier:567862423197843454
Number of Resources:1
Resource Schema:samplefileremediationcheckpoint
Resource Path:D719C219E3C8EE8BB4ACB8A02ED0A374
Extended Info - SigSeq:0000000000000000
Extended Info - SigSha:da39a3ee5e6b4b0d3255bfef95601890afd80709
End Scan
************************************************************

2021-12-16T12:00:30.126Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4998 milliseconds. 1 detections to be cleaned.
2021-12-16T12:00:30.141Z UnknownTelemetryScan triggered, type: 1 (1 - Unknown, 2- Lofi), flags: 0 (0 - Regular, 1 - MemScan), 1 resources, RtpIoavOnly: FALSE
2021-12-16T12:00:30.161Z [Cloud] SubmitReport(CMpUnknownSpyNetReportContext)
2021-12-16T12:00:30.161Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:30.161Z [Cloud] Queued cloud request.
2021-12-16T12:00:30.161Z [Cloud] Dequeued cloud request.
2021-12-16T12:00:30.170Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:30.183Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:30.183Z [Cloud] End of cloud request.
2021-12-16T12:00:33.618Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:33.649Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:35.131Z [RoutineClean] Threat status changed to 0x40 (threatId: 8003d7d1). Skipping automatic remediation.
Internal signature match:subtype=Lowfi, sigseq=0x00003B9663B694BC, sigsha=453d7010a1da1384f3668f77d4026c6d12766501, cached=false, source=0, resourceid=0xf810c38e
2021-12-16T12:00:38.337Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
2021-12-16T12:00:38.338Z [Mini-filter] Unsuccessful scan status(#230): \Device\HarddiskVolume3\$Recycle.Bin\S-1-5-21-84713171-1761078591-1079883020-1001\$IKT40OL.exe. Process: \Device\HarddiskVolume3\Windows\explorer.exe, Status: 0xc0000001, State: 0, ScanRequest #13579, FileId: 0x1100000002ad49, Reason: OnClose, IoStatusBlockForNewFile: 0x2, DesiredAccess:0x0, FileAttributes:0x20, ScanAttributes:0x10, AccessStateFlags:0x801, BackingFileInfo: 0x0, 0x0, 0x0:0\0x0:0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:00:38.368Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:38.369Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:38.395Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{7CB8DC55-2590-47BB-82F6-6B1EBB726B1F}
Scan Source:3
Start Time:12-16-2021 13:00:38
End Time:12-16-2021 13:00:38
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T12:00:38.408Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:38.408Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
Begin Resource Scan
Scan ID:{9EA783B0-7E8E-4685-84AC-10030482353C}
Scan Source:6
Start Time:12-16-2021 13:00:33
End Time:12-16-2021 13:00:38
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:00:38.940Z DETECTION_CLEANEVENT MPSOURCE_SYSTEM MP_THREAT_ACTION_REMOVE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:38.942Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:00:38.942Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:38.942Z [Cloud] Queued cloud request.
2021-12-16T12:00:38.942Z [Cloud] Dequeued cloud request.
2021-12-16T12:00:38.943Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:38.943Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4426 milliseconds. 1 detections to be cleaned.
2021-12-16T12:00:38.953Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:39.049Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:39.050Z [Cloud] End of cloud request.
2021-12-16T12:00:39.800Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
2021-12-16T12:00:42.464Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
2021-12-16T12:00:43.371Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:43.397Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:43.409Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Begin Resource Scan
Scan ID:{787329AC-EDA4-4A8A-8B29-02C717CF2521}
Scan Source:6
Start Time:12-16-2021 13:00:43
End Time:12-16-2021 13:00:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:00:43.440Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:43.440Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:43.441Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:43.467Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{84DB194D-5113-4142-BBC4-ACDC5C36E664}
Scan Source:3
Start Time:12-16-2021 13:00:43
End Time:12-16-2021 13:00:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T12:00:43.480Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:43.481Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:00:44.926Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
2021-12-16T12:00:45.420Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:45.421Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:45.421Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{AA5645EF-2F1D-4287-BEDB-9FA9784E1F74}
Scan Source:6
Start Time:12-16-2021 13:00:43
End Time:12-16-2021 13:00:48
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:00:48.824Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:48.832Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:00:48.832Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:48.832Z [Cloud] Queued cloud request.
2021-12-16T12:00:48.832Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:00:48
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:00:48
Result:0
2021-12-16T12:00:48.832Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:00:48.842Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:48.945Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:48.945Z [Cloud] End of cloud request.
2021-12-16T12:00:50.835Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:50.836Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:50.836Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Beginning threat actions
Start time:12-16-2021 13:00:38
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:remove
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:00:38
Result:0
2021-12-16T12:00:53.217Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
2021-12-16T12:01:00.445Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:01:00.474Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:01:00.475Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:00.500Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{4872C2AC-8BBB-4FB1-9527-9E9EE3E6EA08}
Scan Source:3
Start Time:12-16-2021 13:01:00
End Time:12-16-2021 13:01:00
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T12:01:00.513Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:01:00.514Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:01:00.514Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4960 milliseconds. 1 detections to be cleaned.
2021-12-16T12:01:01.802Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Internal signature match:subtype=Lowfi, sigseq=0x00003B9663B694BC, sigsha=453d7010a1da1384f3668f77d4026c6d12766501, cached=true, source=0, resourceid=0x2440a323
2021-12-16T12:01:05.483Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:05.509Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{ECB046ED-C85D-44E2-895B-12BC3C967789}
Scan Source:6
Start Time:12-16-2021 13:01:05
End Time:12-16-2021 13:01:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:05.552Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:01:07.532Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:07.533Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:01:07.533Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{3E5FC2A9-ED61-4B7A-A094-7350C9FB7DB7}
Scan Source:6
Start Time:12-16-2021 13:01:05
End Time:12-16-2021 13:01:10
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:01:10.878Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:01:10.880Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:01:10.880Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:01:10.880Z [Cloud] Queued cloud request.
2021-12-16T12:01:10.880Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:01:10
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:01:10
Result:0
2021-12-16T12:01:10.880Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:01:10.889Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:01:11.004Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:01:11.004Z [Cloud] End of cloud request.
2021-12-16T12:01:12.247Z Engine:Triggered AR EMS scan
2021-12-16T12:01:12.250Z Engine:EMS scan for process: lsass pid: 1016, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.261Z Engine:EMS scan for process: svchost pid: 1032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.273Z Engine:EMS scan for process: svchost pid: 1136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.275Z Engine:EMS scan for process: svchost pid: 1176, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.277Z Engine:EMS scan for process: svchost pid: 1492, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.279Z Engine:EMS scan for process: svchost pid: 1508, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.281Z Engine:EMS scan for process: svchost pid: 1560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.285Z Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.286Z Engine:EMS scan for process: svchost pid: 1660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.287Z Engine:EMS scan for process: svchost pid: 1712, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.292Z Engine:EMS scan for process: svchost pid: 1760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.293Z Engine:EMS scan for process: svchost pid: 1852, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.296Z Engine:EMS scan for process: svchost pid: 1984, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.297Z Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.299Z Engine:EMS scan for process: svchost pid: 1736, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.300Z Engine:EMS scan for process: svchost pid: 2084, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.301Z Engine:EMS scan for process: svchost pid: 2092, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.303Z Engine:EMS scan for process: svchost pid: 2100, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.304Z Engine:EMS scan for process: svchost pid: 2352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.306Z Engine:EMS scan for process: svchost pid: 2364, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.308Z Engine:EMS scan for process: svchost pid: 2416, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.311Z Engine:EMS scan for process: svchost pid: 2424, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.313Z Engine:EMS scan for process: svchost pid: 2432, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.314Z Engine:EMS scan for process: svchost pid: 2548, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.315Z Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.323Z Engine:EMS scan for process: svchost pid: 2884, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.328Z Engine:EMS scan for process: svchost pid: 2940, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.332Z Engine:EMS scan for process: svchost pid: 3032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.333Z Engine:EMS scan for process: svchost pid: 3040, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.336Z Engine:EMS scan for process: svchost pid: 2504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.339Z Engine:EMS scan for process: svchost pid: 3228, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.343Z Engine:EMS scan for process: svchost pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.344Z Engine:EMS scan for process: svchost pid: 3496, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.347Z Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.351Z Engine:EMS scan for process: svchost pid: 3516, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.352Z Engine:EMS scan for process: svchost pid: 3524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.353Z Engine:EMS scan for process: svchost pid: 3532, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.364Z Engine:EMS scan for process: svchost pid: 3544, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.366Z Engine:EMS scan for process: svchost pid: 3552, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.370Z Engine:EMS scan for process: svchost pid: 3560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.375Z Engine:EMS scan for process: svchost pid: 4020, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.378Z Engine:EMS scan for process: svchost pid: 3760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.381Z Engine:EMS scan for process: svchost pid: 4220, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.383Z Engine:EMS scan for process: svchost pid: 5388, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.387Z Engine:EMS scan for process: svchost pid: 5660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.389Z Engine:EMS scan for process: svchost pid: 5360, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.390Z Engine:EMS scan for process: svchost pid: 5308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.395Z Engine:EMS scan for process: svchost pid: 6392, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.403Z Engine:EMS scan for process: svchost pid: 6584, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.417Z Engine:EMS scan for process: svchost pid: 6332, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.419Z Engine:EMS scan for process: svchost pid: 10484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.420Z Engine:EMS scan for process: svchost pid: 11352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.423Z Engine:EMS scan for process: svchost pid: 12904, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.425Z Engine:EMS scan for process: svchost pid: 12752, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.426Z Engine:EMS scan for process: svchost pid: 4484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.428Z Engine:EMS scan for process: svchost pid: 8936, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.430Z Engine:EMS scan for process: svchost pid: 11780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.433Z Engine:EMS scan for process: svchost pid: 4136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.444Z Engine:EMS scan for process: svchost pid: 6524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.446Z Engine:EMS scan for process: svchost pid: 7788, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.455Z Engine:EMS scan for process: svchost pid: 16160, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.456Z Engine:EMS scan for process: svchost pid: 8292, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.464Z Engine:EMS scan for process: svchost pid: 14376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.466Z Engine:EMS scan for process: svchost pid: 7864, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.467Z Engine:EMS scan for process: svchost pid: 7308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.473Z Engine:EMS scan for process: svchost pid: 9652, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.473Z Bm signature throttled:0x000019b3378537b0
2021-12-16T12:01:12.493Z Engine:EMS scan for process: explorer pid: 15060, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.692Z Engine:EMS scan for process: svchost pid: 15808, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.702Z Engine:EMS scan for process: svchost pid: 11444, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.702Z Bm signature throttled:0x000019b3378537b0
2021-12-16T12:01:12.702Z Engine:EMS scan for process: dllhost pid: 9756, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.703Z Bm signature throttled:0x000019b3378537b0
2021-12-16T12:01:12.704Z Engine:EMS scan for process: svchost pid: 8732, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.706Z Engine:EMS scan for process: svchost pid: 5684, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.707Z Engine:EMS scan for process: svchost pid: 12252, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.736Z Engine:EMS scan for process: svchost pid: 14872, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.739Z Engine:EMS scan for process: svchost pid: 13376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.745Z Engine:EMS scan for process: dllhost pid: 9836, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.747Z Engine:EMS scan for process: dllhost pid: 3248, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.748Z Engine:EMS scan for process: svchost pid: 12884, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.749Z Engine:EMS scan for process: svchost pid: 15164, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.753Z Engine:EMS scan for process: svchost pid: 17256, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.761Z Engine:EMS scan for process: svchost pid: 7640, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.888Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:12.889Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:01:12.889Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:18.860Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:01:18.879Z DETECTIONEVENT MPSOURCE_SYSTEM Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:01:18.880Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
Begin Resource Scan
Scan ID:{8307B78B-BB6C-4165-8EC9-47D8903B3522}
Scan Source:10
Start Time:12-16-2021 13:01:18
End Time:12-16-2021 13:01:18
Explicit resource to scan
Resource Schema:samplefileremediationcheckpoint
Resource Path:0309F47D4FDD96E283A53D335977990A
Result Count:2
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
Unknown File
Identifier:6050605033735585790
Number of Resources:1
Resource Schema:samplefileremediationcheckpoint
Resource Path:0309F47D4FDD96E283A53D335977990A
Extended Info - SigSeq:0000000000000000
Extended Info - SigSha:da39a3ee5e6b4b0d3255bfef95601890afd80709
End Scan
************************************************************

2021-12-16T12:01:18.880Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4998 milliseconds. 1 detections to be cleaned.
2021-12-16T12:01:18.895Z UnknownTelemetryScan triggered, type: 1 (1 - Unknown, 2- Lofi), flags: 0 (0 - Regular, 1 - MemScan), 1 resources, RtpIoavOnly: FALSE
2021-12-16T12:01:18.902Z [Cloud] SubmitReport(CMpUnknownSpyNetReportContext)
2021-12-16T12:01:18.902Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:01:18.902Z [Cloud] Queued cloud request.
2021-12-16T12:01:18.902Z [Cloud] Dequeued cloud request.
2021-12-16T12:01:18.908Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:01:18.920Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:01:18.920Z [Cloud] End of cloud request.
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0x59305e1a
2021-12-16T12:01:23.886Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:23.913Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{97E74903-D631-42BC-981D-18B0AA81B76F}
Scan Source:6
Start Time:12-16-2021 13:01:23
End Time:12-16-2021 13:01:23
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:23.956Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:01:25.935Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:25.936Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:01:25.936Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:26.572Z [RtpConfig] Config change detected, type: 32
2021-12-16T12:01:26.572Z Duplicating the current plugin configuration object...
2021-12-16T12:01:26.572Z CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ...
2021-12-16T12:01:26.572Z Updating plugin configuration due to recent config changes (0x20) ...
2021-12-16T12:01:26.572Z No config change detected. Not updating plugin configuration.
2021-12-16T12:01:26.572Z No config changes found. No configuration switch.
2021-12-16T12:01:26.572Z RefreshPluginConfiguration completed succesfully. Requested: 0x20, Changed: 0
Begin Resource Scan
Scan ID:{13ED9244-B42B-4F48-AA00-267B4BCB4F40}
Scan Source:6
Start Time:12-16-2021 13:01:23
End Time:12-16-2021 13:01:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:01:29.308Z DETECTION_CLEANEVENT MPSOURCE_SYSTEM MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:01:29.311Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:01:29.311Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:01:29.311Z [Cloud] Queued cloud request.
2021-12-16T12:01:29.311Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:01:29
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:01:29
Result:0
2021-12-16T12:01:29.311Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:01:29.319Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:01:29.426Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:01:29.426Z [Cloud] End of cloud request.
2021-12-16T12:01:31.319Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:31.319Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:01:31.320Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:32.596Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
2021-12-16T12:01:57.191Z [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build.
2021-12-16T12:01:57.191Z [SFC] System file cache build is not needed (already completed)
2021-12-16T12:02:00.701Z Engine:Triggered AR EMS scan

2021-12-16T12:02:00.704Z Engine:EMS scan for process: lsass pid: 1016, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.715Z Engine:EMS scan for process: svchost pid: 1032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.725Z Engine:EMS scan for process: svchost pid: 1136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.727Z Engine:EMS scan for process: svchost pid: 1176, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.729Z Engine:EMS scan for process: svchost pid: 1492, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.731Z Engine:EMS scan for process: svchost pid: 1508, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.732Z Engine:EMS scan for process: svchost pid: 1560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.736Z Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.737Z Engine:EMS scan for process: svchost pid: 1660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.737Z Engine:EMS scan for process: svchost pid: 1712, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.743Z Engine:EMS scan for process: svchost pid: 1760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.743Z Engine:EMS scan for process: svchost pid: 1852, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.746Z Engine:EMS scan for process: svchost pid: 1984, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.747Z Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.749Z Engine:EMS scan for process: svchost pid: 1736, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.750Z Engine:EMS scan for process: svchost pid: 2084, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.751Z Engine:EMS scan for process: svchost pid: 2092, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.753Z Engine:EMS scan for process: svchost pid: 2100, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.754Z Engine:EMS scan for process: svchost pid: 2352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.755Z Engine:EMS scan for process: svchost pid: 2364, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.757Z Engine:EMS scan for process: svchost pid: 2416, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.760Z Engine:EMS scan for process: svchost pid: 2424, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.763Z Engine:EMS scan for process: svchost pid: 2432, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.764Z Engine:EMS scan for process: svchost pid: 2548, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.765Z Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.772Z Engine:EMS scan for process: svchost pid: 2884, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.777Z Engine:EMS scan for process: svchost pid: 2940, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.780Z Engine:EMS scan for process: svchost pid: 3032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.781Z Engine:EMS scan for process: svchost pid: 3040, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.783Z Engine:EMS scan for process: svchost pid: 2504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.786Z Engine:EMS scan for process: svchost pid: 3228, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.789Z Engine:EMS scan for process: svchost pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.790Z Engine:EMS scan for process: svchost pid: 3496, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.793Z Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.797Z Engine:EMS scan for process: svchost pid: 3516, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.798Z Engine:EMS scan for process: svchost pid: 3524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.798Z Engine:EMS scan for process: svchost pid: 3532, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.805Z Engine:EMS scan for process: svchost pid: 3544, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.807Z Engine:EMS scan for process: svchost pid: 3552, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.811Z Engine:EMS scan for process: svchost pid: 3560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.815Z Engine:EMS scan for process: svchost pid: 4020, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.818Z Engine:EMS scan for process: svchost pid: 3760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.820Z Engine:EMS scan for process: svchost pid: 4220, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.822Z Engine:EMS scan for process: svchost pid: 5388, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.825Z Engine:EMS scan for process: svchost pid: 5660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.827Z Engine:EMS scan for process: svchost pid: 5360, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.828Z Engine:EMS scan for process: svchost pid: 5308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.831Z Engine:EMS scan for process: svchost pid: 6392, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.838Z Engine:EMS scan for process: svchost pid: 6584, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.844Z Engine:EMS scan for process: svchost pid: 6332, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.845Z Engine:EMS scan for process: svchost pid: 10484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.847Z Engine:EMS scan for process: svchost pid: 11352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.849Z Engine:EMS scan for process: svchost pid: 12904, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.850Z Engine:EMS scan for process: svchost pid: 12752, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.852Z Engine:EMS scan for process: svchost pid: 4484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.853Z Engine:EMS scan for process: svchost pid: 8936, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.854Z Engine:EMS scan for process: svchost pid: 11780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.857Z Engine:EMS scan for process: svchost pid: 4136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.862Z Engine:EMS scan for process: svchost pid: 6524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.863Z Engine:EMS scan for process: svchost pid: 7788, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.869Z Engine:EMS scan for process: svchost pid: 16160, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.870Z Engine:EMS scan for process: svchost pid: 8292, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.874Z Engine:EMS scan for process: svchost pid: 14376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.875Z Engine:EMS scan for process: svchost pid: 7864, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.876Z Engine:EMS scan for process: svchost pid: 7308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.882Z Engine:EMS scan for process: svchost pid: 9652, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.900Z Engine:EMS scan for process: explorer pid: 15060, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.997Z Engine:EMS scan for process: svchost pid: 15808, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.005Z Engine:EMS scan for process: svchost pid: 11444, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.005Z Engine:EMS scan for process: dllhost pid: 9756, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.007Z Engine:EMS scan for process: svchost pid: 8732, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.008Z Engine:EMS scan for process: svchost pid: 5684, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.010Z Engine:EMS scan for process: svchost pid: 12252, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.021Z Engine:EMS scan for process: svchost pid: 14872, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.023Z Engine:EMS scan for process: svchost pid: 13376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.027Z Engine:EMS scan for process: dllhost pid: 9836, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.029Z Engine:EMS scan for process: dllhost pid: 3248, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.030Z Engine:EMS scan for process: svchost pid: 12884, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.030Z Engine:EMS scan for process: svchost pid: 15164, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.033Z Engine:EMS scan for process: svchost pid: 17256, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:07.703Z [RtpConfig] Config change detected, type: 32
2021-12-16T12:02:07.703Z Duplicating the current plugin configuration object...
2021-12-16T12:02:07.703Z CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ...
2021-12-16T12:02:07.703Z Updating plugin configuration due to recent config changes (0x20) ...
2021-12-16T12:02:07.703Z No config change detected. Not updating plugin configuration.
2021-12-16T12:02:07.703Z No config changes found. No configuration switch.
2021-12-16T12:02:07.703Z RefreshPluginConfiguration completed succesfully. Requested: 0x20, Changed: 0
2021-12-16T12:02:10.957Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:02:15.952Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:15.953Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
2021-12-16T12:02:15.953Z [Mini-filter] Blocked file(#240): \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. Process: \Device\HarddiskVolume3\Windows\explorer.exe, Status: 0x0, State: 16, ScanRequest #13668, FileId: 0x1600000002ad18, Reason: OnOpen, IoStatusBlockForNewFile: 0xffffffff, DesiredAccess:0x120089, FileAttributes:0x20, ScanAttributes:0x0, AccessStateFlags:0x801, BackingFileInfo: 0x0, 0x0, 0x0:0\0x0:0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:15.979Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{9571843B-D210-410E-9571-3A8188A3C379}
Scan Source:3
Start Time:12-16-2021 13:02:15
End Time:12-16-2021 13:02:15
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T12:02:15.992Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:15.993Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:02:15.993Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4959 milliseconds. 1 detections to be cleaned.
2021-12-16T12:02:20.957Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:20.986Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{F028031B-7881-4168-80CE-6390D64C2309}
Scan Source:6
Start Time:12-16-2021 13:02:20
End Time:12-16-2021 13:02:20
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:21.028Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:23.006Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:23.007Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:23.007Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:23.745Z UtilCleanOpen MPSOURCE_USER, cleaning 2 threats, hr = 0x80508023
Begin Resource Scan
Scan ID:{2F3D0EAF-0E9C-4A49-AF6C-F930E9239ACC}
Scan Source:6
Start Time:12-16-2021 13:02:20
End Time:12-16-2021 13:02:26
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:02:26.334Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:26.342Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:02:26.342Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:02:26.342Z [Cloud] Queued cloud request.
2021-12-16T12:02:26.342Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:02:26
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:02:26
Result:0
2021-12-16T12:02:26.342Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:02:26.350Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:02:26.521Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:02:26.521Z [Cloud] End of cloud request.
2021-12-16T12:02:28.357Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:28.357Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:28.357Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:02:33.679Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:33.679Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:33.711Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{17DBEACC-6CE0-4187-9805-103AF53E9D5A}
Scan Source:3
Start Time:12-16-2021 13:02:33
End Time:12-16-2021 13:02:33
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T12:02:33.724Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:33.725Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:02:33.725Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4954 milliseconds. 1 detections to be cleaned.
2021-12-16T12:02:38.693Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:38.721Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{1C60C566-5E27-4CD9-AE08-24DF34D24633}
Scan Source:6
Start Time:12-16-2021 13:02:38
End Time:12-16-2021 13:02:38
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:38.763Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:39.558Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:02:39.590Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:39.590Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:39.617Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{FBBBAC29-05C5-422E-9504-3A75281BBB8A}
Scan Source:3
Start Time:12-16-2021 13:02:39
End Time:12-16-2021 13:02:39
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T12:02:39.631Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:39.631Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:02:40.741Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:40.742Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:40.742Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{08744032-AD56-4B26-B1DB-05F9C49DB6F0}
Scan Source:6
Start Time:12-16-2021 13:02:38
End Time:12-16-2021 13:02:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:02:44.054Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:44.056Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:02:44.056Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:02:44.056Z [Cloud] Queued cloud request.
2021-12-16T12:02:44.056Z [Cloud] Dequeued cloud request.
2021-12-16T12:02:44.057Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
Beginning threat actions
Start time:12-16-2021 13:02:44
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:02:44
Result:0
2021-12-16T12:02:44.057Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:02:44.057Z [RoutineClean] Routine cleaning timer rescheduled to fire in 533 milliseconds. 1 detections remaining to be cleaned.
2021-12-16T12:02:44.065Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:02:44.145Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:02:44.146Z [Cloud] End of cloud request.
2021-12-16T12:02:44.597Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:44.626Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{499CEA53-1290-4BEC-82FA-7D65CECEFDFB}
Scan Source:6
Start Time:12-16-2021 13:02:44
End Time:12-16-2021 13:02:44
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:44.671Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:46.072Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:46.073Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:46.073Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:48.089Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:48.090Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:48.091Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{FAC80C4D-0BDF-4DDC-BCD4-463ABA5460E9}
Scan Source:6
Start Time:12-16-2021 13:02:44
End Time:12-16-2021 13:02:49
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:02:49.888Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:49.891Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:02:49.891Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:02:49.891Z [Cloud] Queued cloud request.
2021-12-16T12:02:49.891Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:02:49
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:02:49
Result:0
2021-12-16T12:02:49.891Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:02:49.899Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:02:50.277Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:02:50.277Z [Cloud] End of cloud request.
2021-12-16T12:02:51.907Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:51.907Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:51.908Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:53.013Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:56.379Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:56.399Z DETECTIONEVENT MPSOURCE_SYSTEM Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:56.400Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
Begin Resource Scan
Scan ID:{3F769B85-EE70-429F-9676-F3F1C98610CA}
Scan Source:10
Start Time:12-16-2021 13:02:56
End Time:12-16-2021 13:02:56
Explicit resource to scan
Resource Schema:samplefileremediationcheckpoint
Resource Path:6471C5F45A8066BB52850839FE59DB1F
Result Count:2
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
Unknown File
Identifier:8268595517701750782
Number of Resources:1
Resource Schema:samplefileremediationcheckpoint
Resource Path:6471C5F45A8066BB52850839FE59DB1F
Extended Info - SigSeq:0000000000000000
Extended Info - SigSha:da39a3ee5e6b4b0d3255bfef95601890afd80709
End Scan
************************************************************

2021-12-16T12:02:56.400Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4998 milliseconds. 1 detections to be cleaned.
2021-12-16T12:02:56.411Z UnknownTelemetryScan triggered, type: 1 (1 - Unknown, 2- Lofi), flags: 0 (0 - Regular, 1 - MemScan), 1 resources, RtpIoavOnly: FALSE
2021-12-16T12:02:56.418Z [Cloud] SubmitReport(CMpUnknownSpyNetReportContext)
2021-12-16T12:02:56.418Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:02:56.418Z [Cloud] Queued cloud request.
2021-12-16T12:02:56.418Z [Cloud] Dequeued cloud request.
2021-12-16T12:02:56.425Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:02:56.453Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:02:56.453Z [Cloud] End of cloud request.
2021-12-16T12:03:01.398Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:03:01.431Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{8579889D-9688-4D26-A48D-F4D38E75B407}
Scan Source:6
Start Time:12-16-2021 13:03:01
End Time:12-16-2021 13:03:01
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:03:01.484Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:03:03.448Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:03:03.448Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:03:03.449Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{61D95EF8-599A-4592-A766-372AB9708BB0}
Scan Source:6
Start Time:12-16-2021 13:03:01
End Time:12-16-2021 13:03:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:03:06.989Z DETECTION_CLEANEVENT MPSOURCE_SYSTEM MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:03:06.991Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:03:06.991Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:03:06.991Z [Cloud] Queued cloud request.
2021-12-16T12:03:06.991Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:03:06
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:03:06
Result:0
2021-12-16T12:03:06.992Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:03:07.000Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:03:07.103Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:03:07.103Z [Cloud] End of cloud request.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E57D754FD, sigsha=fa916f6b5489a0a412a116b150394d7d0bbe4253, cached=false, source=2, resourceid=0xd18e4c35
2021-12-16T12:03:09.001Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:03:09.002Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:03:09.002Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E57D754FD, sigsha=fa916f6b5489a0a412a116b150394d7d0bbe4253, cached=false, source=0, resourceid=0xc58ebe84
2021-12-16T12:03:31.777Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
Internal signature match:subtype=Lowfi, sigseq=0x0000D1781D549931, sigsha=2807f46942e428cf0f18f775612fd12bcb2f3f68, cached=false, source=2, resourceid=0x8f3af6b8
2021-12-16T12:03:47.148Z [Mini-filter] Injection into process 1432 from process 5996 is BLOCKED.
2021-12-16T12:03:47.149Z [Mini-filter] Injection into process 3980 from process 5996 is BLOCKED.
2021-12-16T12:05:47.630Z [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build.
2021-12-16T12:05:47.630Z [SFC] System file cache build is not needed (already completed)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E57D754FD, sigsha=fa916f6b5489a0a412a116b150394d7d0bbe4253, cached=true, source=0, resourceid=0x6e54f7cb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E57D754FD, sigsha=fa916f6b5489a0a412a116b150394d7d0bbe4253, cached=false, source=0, resourceid=0xc58ebe84
2021-12-16T12:05:51.628Z Engine:Triggered AR EMS scan

2021-12-16T12:05:51.631Z Engine:EMS scan for process: lsass pid: 1016, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.642Z Engine:EMS scan for process: svchost pid: 1032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.653Z Engine:EMS scan for process: svchost pid: 1136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.655Z Engine:EMS scan for process: svchost pid: 1176, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.656Z Engine:EMS scan for process: svchost pid: 1492, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.659Z Engine:EMS scan for process: svchost pid: 1508, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.660Z Engine:EMS scan for process: svchost pid: 1560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.663Z Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.664Z Engine:EMS scan for process: svchost pid: 1660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.665Z Engine:EMS scan for process: svchost pid: 1712, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.670Z Engine:EMS scan for process: svchost pid: 1760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.671Z Engine:EMS scan for process: svchost pid: 1852, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.674Z Engine:EMS scan for process: svchost pid: 1984, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.675Z Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.676Z Engine:EMS scan for process: svchost pid: 1736, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.677Z Engine:EMS scan for process: svchost pid: 2084, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.678Z Engine:EMS scan for process: svchost pid: 2092, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.680Z Engine:EMS scan for process: svchost pid: 2100, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.681Z Engine:EMS scan for process: svchost pid: 2352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.683Z Engine:EMS scan for process: svchost pid: 2364, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.684Z Engine:EMS scan for process: svchost pid: 2416, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.687Z Engine:EMS scan for process: svchost pid: 2424, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.690Z Engine:EMS scan for process: svchost pid: 2432, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.691Z Engine:EMS scan for process: svchost pid: 2548, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.692Z Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.698Z Engine:EMS scan for process: svchost pid: 2884, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.703Z Engine:EMS scan for process: svchost pid: 2940, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.706Z Engine:EMS scan for process: svchost pid: 3032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.707Z Engine:EMS scan for process: svchost pid: 3040, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.709Z Engine:EMS scan for process: svchost pid: 2504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.712Z Engine:EMS scan for process: svchost pid: 3228, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.715Z Engine:EMS scan for process: svchost pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.716Z Engine:EMS scan for process: svchost pid: 3496, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.718Z Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.721Z Engine:EMS scan for process: svchost pid: 3516, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.722Z Engine:EMS scan for process: svchost pid: 3524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.723Z Engine:EMS scan for process: svchost pid: 3532, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.728Z Engine:EMS scan for process: svchost pid: 3544, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.730Z Engine:EMS scan for process: svchost pid: 3552, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.734Z Engine:EMS scan for process: svchost pid: 3560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.739Z Engine:EMS scan for process: svchost pid: 4020, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.741Z Engine:EMS scan for process: svchost pid: 3760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.744Z Engine:EMS scan for process: svchost pid: 4220, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.746Z Engine:EMS scan for process: svchost pid: 5388, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.749Z Engine:EMS scan for process: svchost pid: 5660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.751Z Engine:EMS scan for process: svchost pid: 5360, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.752Z Engine:EMS scan for process: svchost pid: 5308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.754Z Engine:EMS scan for process: svchost pid: 6392, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.761Z Engine:EMS scan for process: svchost pid: 6584, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.767Z Engine:EMS scan for process: svchost pid: 6332, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.768Z Engine:EMS scan for process: svchost pid: 10484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.770Z Engine:EMS scan for process: svchost pid: 11352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.772Z Engine:EMS scan for process: svchost pid: 12904, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.774Z Engine:EMS scan for process: svchost pid: 12752, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.775Z Engine:EMS scan for process: svchost pid: 4484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.776Z Engine:EMS scan for process: svchost pid: 8936, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.778Z Engine:EMS scan for process: svchost pid: 11780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.781Z Engine:EMS scan for process: svchost pid: 4136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.786Z Engine:EMS scan for process: svchost pid: 6524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.788Z Engine:EMS scan for process: svchost pid: 7788, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.791Z Engine:EMS scan for process: svchost pid: 16160, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.792Z Engine:EMS scan for process: svchost pid: 8292, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.796Z Engine:EMS scan for process: svchost pid: 14376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.797Z Engine:EMS scan for process: svchost pid: 7864, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.798Z Engine:EMS scan for process: svchost pid: 7308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.804Z Engine:EMS scan for process: svchost pid: 9652, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.823Z Engine:EMS scan for process: explorer pid: 15060, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.920Z Engine:EMS scan for process: svchost pid: 15808, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.928Z Engine:EMS scan for process: svchost pid: 11444, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.929Z Engine:EMS scan for process: dllhost pid: 9756, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.930Z Engine:EMS scan for process: svchost pid: 8732, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.932Z Engine:EMS scan for process: svchost pid: 5684, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.933Z Engine:EMS scan for process: svchost pid: 12252, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.945Z Engine:EMS scan for process: svchost pid: 14872, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.947Z Engine:EMS scan for process: svchost pid: 13376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.951Z Engine:EMS scan for process: dllhost pid: 9836, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.952Z Engine:EMS scan for process: dllhost pid: 3248, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:06:02.967Z [RtpConfig] Config change detected, type: 32
2021-12-16T12:06:02.967Z Duplicating the current plugin configuration object...
2021-12-16T12:06:02.967Z CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ...
2021-12-16T12:06:02.967Z Updating plugin configuration due to recent config changes (0x20) ...
2021-12-16T12:06:02.967Z No config change detected. Not updating plugin configuration.
2021-12-16T12:06:02.967Z No config changes found. No configuration switch.
2021-12-16T12:06:02.967Z RefreshPluginConfiguration completed succesfully. Requested: 0x20, Changed: 0
2021-12-16T12:06:17.819Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:06:17.820Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:06:17.820Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:09:32.828Z [EmergencySigManager] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config or paid network)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:13:27.712Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:13:27.712Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:13:27.741Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{ABE51D66-C2AA-4CC1-BC87-FC02774676E2}
Scan Source:3
Start Time:12-16-2021 13:13:27
End Time:12-16-2021 13:13:27
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

2021-12-16T12:13:27.756Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:13:27.756Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:13:27.756Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4956 milliseconds. 1 detections to be cleaned.
2021-12-16T12:13:32.724Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:13:32.751Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{969B7C23-6955-4EEB-89F3-CB3FA987C925}
Scan Source:6
Start Time:12-16-2021 13:13:32
End Time:12-16-2021 13:13:32
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:13:32.795Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:13:34.773Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:13:34.774Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:13:34.774Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:13:40.018Z [Mini-filter] Injection into process 1432 from process 5996 is BLOCKED.
2021-12-16T12:13:40.018Z [Mini-filter] Injection into process 3980 from process 5996 is BLOCKED.
2021-12-16T12:13:40.229Z [Mini-filter] Injection into process 1432 from process 5996 is BLOCKED.
2021-12-16T12:13:40.229Z [Mini-filter] Injection into process 3980 from process 5996 is BLOCKED.
2021-12-16T12:13:41.439Z Task(GetDeviceTicket -AccessKey C3EACF32-2F7B-5980-FCDE-BA40FA16784F ) launched as network service
2021-12-16T12:13:41.468Z [Cloud] SubmitReport(CMpHeartbeatSpyNetReportContext - Force), ShouldSendEvenOnPaidNetworks: 1
2021-12-16T12:13:41.468Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:13:41.468Z [Cloud] Queued cloud request.
2021-12-16T12:13:41.468Z [Cloud] Dequeued cloud request.
2021-12-16T12:13:41.469Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:13:41.478Z [Mini-filter] Denied access to file: \ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe, from process '\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe' (PID: 5996)
2021-12-16T12:13:41.479Z [Mini-filter] Denied access to file: \ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe, from process '\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe' (PID: 5996)
2021-12-16T12:13:41.527Z [Mini-filter] Denied access to file: \Program Files\Windows Defender\MpCmdRun.exe, from process '\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe' (PID: 5996)
2021-12-16T12:13:41.675Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:13:41.676Z [Cloud] End of cloud request.
2021-12-16T12:13:41.680Z WDDisable called. Sense: 0, SmartLocker: 0, PassiveModePolicy: 0.
2021-12-16T12:13:41.680Z WDDisable: setting DisableAS to 1 ...
2021-12-16T12:13:41.680Z WDDisable: setting DisableAV to 1 ...
2021-12-16T12:13:42.191Z Product needs to be disabled.
2021-12-16T12:13:42.191Z RTP suspended.
2021-12-16T12:13:42.191Z [Service] Disabling IOAV/IEV/ShellExt/EtwLogger registrations ...
2021-12-16T12:13:42.191Z [Service] Enabling AutoLoggers ...
2021-12-16T12:13:42.192Z DefenderApiLogger config verified (1) - no change needed.
2021-12-16T12:13:42.192Z [Service] Disabling AMSI registration ...
2021-12-16T12:13:42.192Z [Service] Leaving EnableIOAVWorker(0, 1) with hr = 0
2021-12-16T12:13:42.192Z Removing scheduled tasks...
2021-12-16T12:13:42.201Z Disabling service ...
2021-12-16T12:13:42.203Z Task(-DisableService) launched as PPL process
2021-12-16T12:13:42.205Z [RtpConfig] Config change detected, type: 1024
2021-12-16T12:13:42.205Z Duplicating the current plugin configuration object...
2021-12-16T12:13:42.205Z CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ...
2021-12-16T12:13:42.205Z Updating plugin configuration due to recent config changes (0x400) ...
2021-12-16T12:13:42.205Z No config change detected. Not updating plugin configuration.
2021-12-16T12:13:42.205Z No config changes found. No configuration switch.
2021-12-16T12:13:42.205Z RefreshPluginConfiguration completed succesfully. Requested: 0x400, Changed: 0
2021-12-16T12:13:42.228Z Service stop requested (ServiceError: 0). Calling CleanupMpService ...
2021-12-16T12:13:42.231Z Shutdowning WscLib, update=1, snooze=0
2021-12-16T12:13:42.235Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2021-12-16T12:13:42.236Z IWscAVStatus4: 1, 2, 1. hr = 0x0
2021-12-16T12:13:42.237Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2021-12-16T12:13:42.237Z On demand scan closed without completion. Current scan state: 1. ScanSource: 6, Scan flags:0x10050004. NumberOfResources:1. bRemoveFromList:1
2021-12-16T12:13:42.345Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:13:42.345Z [RbM] Rollback manager shutdown called.
2021-12-16T12:13:42.345Z [RbM] Rollback manager shutdown complete.
2021-12-16T12:13:42.345Z [RbM] Entering CMpRollbackManager::BlockedVersionsPlatformConfigCallback.
2021-12-16T12:13:42.345Z [RbM] CMpRollbackManager::BlockedVersionsPlatformConfigCallback cannot continue, m_fShutdown == TRUE.
2021-12-16T12:13:42.345Z
         

Alt 17.12.2021, 16:08   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Standard

Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.



Windows reagiert teilweise sehr bescheuert, wenn ein Prozess noch seine Griffel auf eine Datei hat. Jedenfalls wurde immer nur diese Datei activate-it.exe in Downloads angemeckert, keine andere, vermutlich hatte der Entpacker-Prozess seine Griffel drauf und der WD griff ein.
__________________
Logs bitte immer in CODE-Tags posten

Alt 17.12.2021, 16:12   #9
ViErus0815
 
Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Standard

Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.



Okay dann scheint ja alles nochmal gutgegangen zu sein.

Vielen Dank für die schnelle Hilfe.

Alt 18.12.2021, 13:42   #10
M-K-D-B
/// TB-Ausbilder
 
Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Standard

Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.



Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.


Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:




Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...
Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.


Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.











Wir sind froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.
__________________
Bitte bei Problemen mit Malware beachten:
Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Thema geschlossen

Themen zu Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.
antivirus, computer, defender, desktop, firefox, frage, home, internet, internet explorer, mozilla, netzwerk, performance, problem, prozesse, realtek, registry, rundll, scan, software, trojan, trojaner, udp, updates, wacatac.b!ml, warnung, windows, windows 11



Ähnliche Themen: Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden.


  1. Trojan:Script/Wacatac.B!ml + Backdoor:Win32/Bladabindi!ml
    Log-Analyse und Auswertung - 27.08.2021 (4)
  2. TrojanDropper:Win64/Tnega!MSR und Trojan:Win32/Wacatac.D0!ml auf Windows 10 20H2
    Log-Analyse und Auswertung - 09.02.2021 (16)
  3. Meldung von Windows Defender: Trojan:Win32/Ludicrouz.Q wurde gefunden
    Log-Analyse und Auswertung - 30.01.2021 (12)
  4. Windows 10, Trojan:Script/Wacatac.B!ml und TrojanDownloader:O97M/Emotet.CSK!MTB
    Plagegeister aller Art und deren Bekämpfung - 06.01.2021 (20)
  5. Windows 10 Microsoft Defender Antivirus hat 2 Trojaner erkannt: Win32/Woreflint.A!cl und Win32/Wacatac.D2!ml
    Plagegeister aller Art und deren Bekämpfung - 02.01.2021 (17)
  6. Trojan:Win32/Wacatac.D2!ml wieder aufgetaucht, selbes Netzwerk, anderer WIN 10 Rechner
    Log-Analyse und Auswertung - 02.01.2021 (34)
  7. Windows Defender erkennt Trojan:Win32/Skeeyah.A!rfn und andere
    Mülltonne - 24.09.2020 (34)
  8. Win10: Trojan:Win32/Wacatac.DE!ml
    Log-Analyse und Auswertung - 02.07.2020 (8)
  9. Windows Defender Trojan:Win32/Vigorf.A User Malware
    Log-Analyse und Auswertung - 18.04.2020 (17)
  10. Windows Defender meldet Trojan:Win32/Occamy.C
    Log-Analyse und Auswertung - 25.05.2019 (17)
  11. Windows Defender fand Trojan:Win32/Skeeyah.A!rfn
    Plagegeister aller Art und deren Bekämpfung - 22.02.2018 (27)
  12. Windows Defender findet Trojan:Win32/Vigorf.A & Trojan:Win32/Azden.A!cl
    Alles rund um Windows - 11.01.2018 (12)
  13. Windows Defender hat Trojan:Win32/Tilken.B!cl | Fuery.A!cl und Bitrep.B gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.11.2017 (2)
  14. Windows10 - Windows Defender findet Trojan: Win32/Vigorf.A
    Log-Analyse und Auswertung - 31.10.2017 (2)
  15. Windows 10: Windows defender findet Trojan:Win32/Skeeyah.A!rfn
    Plagegeister aller Art und deren Bekämpfung - 16.04.2017 (8)
  16. Windows Defender: Problem beim Entfernen von Trojan:Win32/Necurs.A und Trojan:WinNT/Necurs.A unter Windows 7
    Log-Analyse und Auswertung - 11.04.2014 (52)
  17. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)

Zum Thema Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. - Hallo Zusammen, Leider habe ich heute dummerweise eine unsichere RAR DDatei entpackt, woraufhin ich promt eine Meldung vom Defender bekam, dass Trojan:Win32/Wacatac.B!ml erkannt wurde. Dann wurde mir vorgeschlagen, die Datei - Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden....
Archiv
Du betrachtest: Windows 11 Defender Trojan:Win32/Wacatac.B!ml gedunden. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.