Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-05-2020
durchgeführt von Admin (06-05-2020 18:02:37)
Gestartet von C:\Users\Admin\Downloads
Windows 10 Pro Version 1909 18363.815 (X64) (2020-04-10 09:14:06)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Admin (S-1-5-21-3854084222-4285785828-2850556555-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3854084222-4285785828-2850556555-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3854084222-4285785828-2850556555-503 - Limited - Disabled)
Gast (S-1-5-21-3854084222-4285785828-2850556555-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3854084222-4285785828-2850556555-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 20.00 alpha (x64) (HKLM\...\7-Zip) (Version: 20.00 alpha - Igor Pavlov)
AIDA64 (HKLM-x32\...\AIDA64) (Version: 6.25.5400 - FinalWire Ltd.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.3.5 - Electronic Arts, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.3.2405 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
CWClient, версия 1.0 (HKLM-x32\...\{4D64BA0F-CF7B-4A53-AA81-6E5F33510B04}_is1) (Version: 1.0 - AbsolutSoft)
Discord (HKU\S-1-5-21-3854084222-4285785828-2850556555-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
DOOM Eternal (HKLM-x32\...\DOOM Eternal_is1) (Version: - )
Geeks3D FurMark 1.21.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
IObit Driver Booster 7.4.0.721 (HKLM-x32\...\IObit Driver Booster_is1) (Version: 7.4.0.721 - lrepacks.ru)
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
Mount & Blade II Bannerlord v. e1.2.0 hotfix 2 BETA (HKLM-x32\...\Mount & Blade II Bannerlord_is1) (Version: - )
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NordVPN (HKLM-x32\...\{A87972CF-28AE-43DD-ACB5-16EBD1ED70C3}) (Version: 6.29.7 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.29.7) (Version: 6.29.7 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{77DA107A-7AE4-497D-A84A-B143C3A21676}) (Version: 1.0.0 - NordVPN)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.6 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.2.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Grafiktreiber 445.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 445.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 10.5.69.40136 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{ae36b9b5-4ce6-4b1d-a515-55fadefde91d}) (Version: latest - ppy Pty Ltd)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8746.1 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
SKILLER MECH SGK3 (HKLM-x32\...\{12F382E1-63D4-4B94-BD32-5F845E74FC79}) (Version: 1.01.17.01 - Sharkoon Technologies)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TP-Link Archer T4U Driver (HKLM-x32\...\{4805DC86-DEBF-4A5C-B9C4-291FA6441548}) (Version: 2.1.0 - TP-Link)
Uninstall Tool (HKLM-x32\...\Uninstall Tool 3.5.10 Build 5670) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 29.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Warface (HKU\S-1-5-21-3854084222-4285785828-2850556555-1001\...\Warface) (Version: 1.349 - Mail.ru)
WindowsWord 2020.5 (HKLM-x32\...\{CA7FE095-E7CF-40FF-9F2C-69AF3C7342BF}}_is1) (Version: - ScandinavianByte OU)
Игровой центр (HKU\S-1-5-21-3854084222-4285785828-2850556555-1001\...\GameCenter) (Version: 4.1567 - ООО Мэйл.Ру)
Packages:
=========
NVIDIA Control Panel -> C:\Program Files\WindowsApps\nvidiacorp.nvidiacontrolpanel_8.1.956.0_x64__56jybvy8sckqj [2020-04-10] (NVIDIA Corp.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Keine Datei
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-02-06] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-04-21] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Keine Datei
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Keine Datei
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> Keine Datei
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-02-06] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_95bdb3a23d6478de\nvshext.dll [2020-04-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-02-06] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Keine Datei
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [Datei ist nicht signiert]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Datei ist nicht signiert]
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.ru\Игровой центр.lnk -> C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe () <==== Cyrillic
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-04-21 17:46 - 2020-02-06 15:00 - 000076800 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll
2020-04-22 18:18 - 2020-04-22 18:17 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-04-22 18:18 - 2020-04-22 18:17 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\ssleay32.dll
2020-04-22 18:18 - 2020-04-22 18:17 - 001611264 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-05-01 00:12 - 2020-04-22 18:17 - 005487104 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-05-01 00:12 - 2020-04-22 18:17 - 005841920 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-05-01 00:12 - 2020-04-22 18:17 - 001179136 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-05-01 00:12 - 2020-04-22 18:17 - 000146432 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-05-01 00:12 - 2020-04-22 18:17 - 005089792 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-05-01 00:12 - 2020-04-22 18:17 - 000184832 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Admin\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Admin\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ==========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3854084222-4285785828-2850556555-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3854084222-4285785828-2850556555-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2020-04-22 18:41 - 2020-05-06 17:10 - 000001310 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70
www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70
www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70
www.fitgirl-repack.com # Fake FitGirl site
0.0.0.0 serius.mwbsys.com
0.0.0.0 keystone.mwbsys.com
2020-04-21 17:34 - 2020-05-06 17:25 - 000000510 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-G75MQVV.mshome.net # 2025 5 1 5 15 25 36 225
192.168.137.112 Galaxy-A40.mshome.net # 2020 5 3 13 15 25 36 225
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3854084222-4285785828-2850556555-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{FA19F039-8C6A-4EB5-BA43-38EFE700E821}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BBDDE383-A224-47F6-A159-2FFDD7DBA919}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{790F4E06-FB69-4E36-89D9-7C14F70046C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5FAF37A0-2532-4462-98E8-E48AB8CED2DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F1EEA439-CF76-43E6-BE66-CCB4F10A97A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{87CC3EEA-1C3B-4247-888C-F7594AD929C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3760490E-704C-43CC-94CE-D13B64A9E0BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FA55750A-F72A-4EB4-B48C-1BA2D4C56B78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9C8E395C-79F1-4379-A74F-9ADFAADFD682}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [Datei ist nicht signiert]
FirewallRules: [{89CF1951-71E5-43F3-9E91-42DC254E8AA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{22A575DE-477D-4930-9FA2-78488DA3636E}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{D5F1F507-EE41-448D-A7E2-E4D653D2F3D0}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{390EC865-3BE3-43BE-B383-1BAF0BDB6A2F}D:\gamesmailru\warface\bin64release\game.exe] => (Allow) D:\gamesmailru\warface\bin64release\game.exe (warface -> Crytek GmbH)
FirewallRules: [UDP Query User{97ECE459-F72B-4787-8D9D-836B57BB7010}D:\gamesmailru\warface\bin64release\game.exe] => (Allow) D:\gamesmailru\warface\bin64release\game.exe (warface -> Crytek GmbH)
FirewallRules: [{77E2032A-7DBE-43F0-8AB8-5053C92FBD54}] => (Allow) D:\Games\SteamLibrary\steamapps\common\This War of Mine\This War of Mine.exe () [Datei ist nicht signiert]
FirewallRules: [{EAE297A8-3730-415D-92B2-A09E2305038D}] => (Allow) D:\Games\SteamLibrary\steamapps\common\This War of Mine\This War of Mine.exe () [Datei ist nicht signiert]
FirewallRules: [{652D9262-4AB7-40EF-B323-A0224EC6525C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\This War of Mine\Storyteller.exe () [Datei ist nicht signiert]
FirewallRules: [{C44F31DD-D2F3-4246-A145-E25B32809864}] => (Allow) D:\Games\SteamLibrary\steamapps\common\This War of Mine\Storyteller.exe () [Datei ist nicht signiert]
FirewallRules: [{E4B0421B-D7DB-4F87-98CB-F037CC32CA9D}] => (Allow) D:\Games\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG CORPORATION -> PUBG Corporation )
FirewallRules: [{2395CFA0-9F43-4A43-ACA3-B60DE12F763E}] => (Allow) D:\Games\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG CORPORATION -> PUBG Corporation )
FirewallRules: [{CEE8957A-90B5-4DE6-A2AC-9B69C8ED76F1}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{C1DBEE05-6F63-454B-A90E-093A6DBAF2BE}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0332500D-CE33-4EF9-8791-BB5C093F8883}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [Datei ist nicht signiert]
FirewallRules: [{2282BA96-08BD-4BF0-BA69-3655BD806EF5}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{D687B34A-B69E-4C79-BF89-E0A4894E0933}D:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [UDP Query User{9063C817-4882-4E65-B72C-5F75C85F4FB6}D:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [{DB6811C1-0695-4DD0-BB22-60204708868D}] => (Block) D:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [{30E55D8D-919B-4BDA-A2E0-86F741050892}] => (Block) D:\games\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [{4E05DFA6-1F8B-41A9-BEB6-F4036DFE6BB8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{8F25A68F-B47D-42C4-87F2-8938F02F4C3A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [TCP Query User{78B9654A-762A-49FA-830C-7923E390F46F}D:\games\steamlibrary\steamapps\common\for honor\forhonor.exe] => (Allow) D:\games\steamlibrary\steamapps\common\for honor\forhonor.exe (Blue Byte GmbH -> Ubisoft)
FirewallRules: [UDP Query User{30C7401C-BF07-4432-B393-F277340B9746}D:\games\steamlibrary\steamapps\common\for honor\forhonor.exe] => (Allow) D:\games\steamlibrary\steamapps\common\for honor\forhonor.exe (Blue Byte GmbH -> Ubisoft)
FirewallRules: [{0D0C1F81-996B-45ED-8830-E50E48E5AD7B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C514D70D-4AAB-41B1-AE91-442FB908F6CC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{336F146B-2C52-4DB0-B71D-69B141425502}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{95EE8EF2-A9E6-4D7E-80D8-9E1971F2A01B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{AA14715E-C32D-480D-8D2F-81A3FF5E22FD}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{8EF1AF9C-19DC-4A6C-B1E4-2BD482D7A6AD}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{D88F892E-3B3A-4D8C-95C8-8629F8E78936}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{8D493627-0469-45DA-A85F-8E161920DEBA}] => (Block) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{9AFCB0D9-5BE0-4120-BCBE-2FCA59182F64}] => (Block) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{64C8A394-6F64-4EC1-8D82-FC2A4FB88334}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{57BF3273-171C-41BD-A48A-65DF83E79F82}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{6BF6EF78-13F3-470E-89AD-8A0531E63281}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{9A2E641E-061C-4B0E-9221-142C48FE8883}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{1B45CC67-9313-4405-8479-87A93CEF5EB7}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{05188034-BE20-47FC-A04E-D279FBAA4EE2}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{ACEFEA74-D7B0-48B0-B8F4-B40FD6C85390}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{B698A87D-E680-4C73-90BE-6FB38FF51D4C}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{7800CAB4-6F79-45A1-9E50-2CCDBC541C69}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{4B9AA015-E9BF-43A2-875F-F6850B862F42}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{10B743B9-9AA1-4D77-A86F-14A1DADC518A}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{F7445967-2B80-4067-A974-815EEFD4B676}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{D34584AE-7856-43A3-9DB0-EA6434130E2D}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{353D6AF5-1DDD-40B7-9D2B-08C891FDE78A}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{BC0D96AF-86C6-41D4-9433-8A5497BF5773}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{853C7914-F884-4693-89C9-8986A185101B}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{2F8BF16C-D975-43CE-BAC5-906DF88ADD40}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{019B8B57-DE74-44A2-95F1-180F38B6C281}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [{0AB3EE82-AE71-44FD-9A10-C89EE5257C70}] => (Allow) %systemroot%\system32\alg.exe Keine Datei
FirewallRules: [TCP Query User{E0475F88-FAB7-44B0-867F-DE19CAF7D9A9}C:\users\admin\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\admin\appdata\local\gamecenter\gamecenter.exe (Mail.Ru LLC -> )
FirewallRules: [UDP Query User{E3F22230-C470-4AA7-867C-4CC980C02FFC}C:\users\admin\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\admin\appdata\local\gamecenter\gamecenter.exe (Mail.Ru LLC -> )
FirewallRules: [{CF53696B-A0C2-490B-B97E-B9ADAEF4A44D}] => (Block) C:\users\admin\appdata\local\gamecenter\gamecenter.exe (Mail.Ru LLC -> )
FirewallRules: [{CB95075B-DEEF-43E6-8356-2C98E9AB3E5C}] => (Block) C:\users\admin\appdata\local\gamecenter\gamecenter.exe (Mail.Ru LLC -> )
==================== Wiederherstellungspunkte =========================
25-04-2020 13:35:42 Installed DirectX
25-04-2020 16:18:51 Driver Booster : Microsoft Visual C++ 2013 Redistributable (x64)
01-05-2020 15:54:54 Installed DirectX
04-05-2020 21:27:39 Installed DirectX
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (05/06/2020 05:54:47 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (05/06/2020 04:21:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CWClient.exe, version: 4.1.5.1944, time stamp: 0x51b0ce73
Faulting module name: CWClient.exe, version: 4.1.5.1944, time stamp: 0x51b0ce73
Exception code: 0xc0000005
Fault offset: 0x0031a2eb
Faulting process id: 0x1214
Faulting application start time: 0x01d623af89e61298
Faulting application path: C:\Games\CWClient\CWClient.exe
Faulting module path: C:\Games\CWClient\CWClient.exe
Report Id: 4ac03fc6-2890-4d06-98c0-a8db3d924812
Faulting package full name:
Faulting package-relative application ID:
Error: (05/06/2020 02:16:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Pascal ABC.exe, version: 3.0.1.35, time stamp: 0x2a425e19
Faulting module name: Pascal ABC.exe, version: 3.0.1.35, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00004c9a
Faulting process id: 0x1be8
Faulting application start time: 0x01d6239febd09ba4
Faulting application path: C:\Users\Admin\Desktop\Pascal ABC 3.0.1 Rus Portable\Pascal ABC.exe
Faulting module path: C:\Users\Admin\Desktop\Pascal ABC 3.0.1 Rus Portable\Pascal ABC.exe
Report Id: 431899de-602c-4f0d-9caa-dc16d0ee63df
Faulting package full name:
Faulting package-relative application ID:
Error: (05/06/2020 02:16:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Pascal ABC.exe, version: 3.0.1.35, time stamp: 0x2a425e19
Faulting module name: Pascal ABC.exe, version: 3.0.1.35, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00004c9a
Faulting process id: 0x2dac
Faulting application start time: 0x01d6239ffc1a75b1
Faulting application path: C:\Users\Admin\Desktop\Pascal ABC 3.0.1 Rus Portable\Pascal ABC.exe
Faulting module path: C:\Users\Admin\Desktop\Pascal ABC 3.0.1 Rus Portable\Pascal ABC.exe
Report Id: a561748d-d925-4fe4-bf95-4c69c6775370
Faulting package full name:
Faulting package-relative application ID:
Error: (05/05/2020 07:09:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinWord.exe version 2020.5.0.2428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 994
Start Time: 01d622cebaa201b9
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\WindowsWord\WinWord.exe
Report Id: 40117725-38e3-44f7-b417-27652387d870
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (05/04/2020 09:27:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary WinQuic.
System Error:
Das Ressourcenladeprogramm konnte die MUI-Datei nicht finden.
.
Error: (05/03/2020 07:17:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CWClientLauncher.exe, version: 1.0.0.0, time stamp: 0x5952289c
Faulting module name: KERNELBASE.dll, version: 10.0.18362.815, time stamp: 0x67005c2a
Exception code: 0xe0434352
Fault offset: 0x00114402
Faulting process id: 0x1e40
Faulting application start time: 0x01d6216eab19c686
Faulting application path: C:\Games\CWClient\CWClientLauncher.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7d1f083a-cf68-43ca-943e-9e2b033bba32
Faulting package full name:
Faulting package-relative application ID:
Error: (05/03/2020 07:17:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CWClientLauncher.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
at System.Diagnostics.Process.Start()
at CWClientLauncher.StartGameControl.StartGame()
at CWClientLauncher.StartGameControl.<.ctor>b__0_0(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs)
at System.Windows.UIElement.OnMouseLeftButtonUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
at System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)
at System.Windows.UIElement.OnMouseUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
at System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs, Boolean)
at System.Windows.Input.InputManager.ProcessStagingArea()
at System.Windows.Input.InputManager.ProcessInput(System.Windows.Input.InputEventArgs)
at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at CWClientLauncher.App.Main()
Systemfehler:
=============
Error: (05/06/2020 05:57:29 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (05/06/2020 05:57:29 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (05/06/2020 05:56:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The nordvpn-service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (05/06/2020 02:13:55 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 11 failed to bind to its provider.
Error: (05/04/2020 11:05:53 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 11 failed to bind to its provider.
Error: (05/03/2020 07:30:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (05/03/2020 07:30:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys
Error: (05/03/2020 07:30:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Windows Defender:
===================================
Date: 2020-05-06 16:06:41.690
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\HO_UJPLHPJ9.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Games\CWClient\CWClient.exe
Security intelligence Version: AV: 1.315.83.0, AS: 1.315.83.0, NIS: 1.315.83.0
Engine Version: AM: 1.1.17000.7, NIS: 1.1.17000.7
Date: 2020-05-05 18:38:05.000
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {07076EDA-04A1-4472-9B29-7B48CC209698}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-05-04 14:45:22.764
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Admin\Desktop\cl_storm3.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.313.2880.0, AS: 1.313.2880.0, NIS: 1.313.2880.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-05-04 14:27:19.962
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.D!ml
ID: 2147749373
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\Admin\Downloads\setup_new cw hack v16_9288094810.iso; file:_C:\Users\Admin\Downloads\setup_new cw hack v16_9288094810.iso->setup_new cw hack v16_9288094810.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.313.2826.0, AS: 1.313.2826.0, NIS: 1.313.2826.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-05-03 19:31:10.118
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.D!ml
ID: 2147749373
Severity: Severe
Category: Trojan
Path: file:_C:\$Recycle.Bin\S-1-5-21-3854084222-4285785828-2850556555-1001\$RFROR12.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Admin\Downloads\esetonlinescanner.exe
Security intelligence Version: AV: 1.313.2826.0, AS: 1.313.2826.0, NIS: 1.313.2826.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
Date: 2020-04-30 11:06:42.313
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2486.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-04-30 11:06:42.313
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2486.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-04-30 11:06:42.313
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2486.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-04-30 11:06:42.308
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2486.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2020-04-30 11:06:42.308
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2486.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2020-05-06 18:02:12.021
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-06 18:02:11.878
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-06 18:02:11.539
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-06 18:02:11.528
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-06 18:01:44.002
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-06 18:01:42.040
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-06 18:01:42.036
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-06 18:01:35.873
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 0402 04/18/2018
Hauptplatine: ASUSTeK COMPUTER INC. PRIME H310M-A
Prozessor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 16300.84 MB
Verfügbarer physikalischer RAM: 12922.41 MB
Summe virtueller Speicher: 19884.84 MB
Verfügbarer virtueller Speicher: 14962.14 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:446.06 GB) (Free:146.36 GB) NTFS
Drive d: (Volume) (Fixed) (Total:1862.89 GB) (Free:1662.82 GB) NTFS
\\?\Volume{5adff2c2-78e7-4720-80ee-9786f7d6f035}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{094bc5fd-adee-45de-9c09-b6b8d473954f}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{c201314e-f734-463b-af26-5a65acc5448a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 447.1 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================