Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

STOP (Djvu) Ransomware Virus Infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

STOP (Djvu) Ransomware Virus Infected

Unread postby ravenbeakx » February 24th, 2022, 1:37 am

Issues present: all files encrypted with .ooii extention, i'm able to retrieve files through photorec (www.cgsecurity.org/wiki/PhotoRec) but half are still lost. i deleted some .exe that i think are the problem, and no new files are encrypted. i can't open the resource manager, or if it does open it shuts down shortly. they also got to my discord and steam account but i think i got these under control. my clipboard was disabled too but after a reboot it's back. i'm currently looking to decrypt my hard drives, backup some things and do a factory reset.

ransomware description:

ransomnote_filename: _readme.txt
ransomnote_email: helprestoremanager@airmail.cc
sample_extension: .ooii
sample_bytes: [0x1E58 - 0x1E7E] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D


FRST.txt:

关于...的扫描结果 Farbar Recovery Scan Tool (FRST) (x64) 版本: 14-02-2022 01
通过...运行 19183 (管理员) 启动 DESKTOP-7QJUT0M (HASEE Computer K650D) (24-02-2022 12:24:32)
从运行 C:\Users\19183\Downloads
加载的配置文件: 19183
平台: Microsoft Windows 11 家庭中文版 版本 21H2 22000.493 (X64) 语言: 中文(简体,中国)
默认浏览器: Chrome
启动模式: Normal

==================== 进程 (将列入优先名单) =================

(如果条目包含在固定列表中,则该过程将被关闭。该文件不会被移动。)

(AutoIt Consulting Ltd -> AutoIt Team) C:\Users\19183\AppData\Local\Temp\jkdXJLIvaE\SgCcDkvIFK.exe.pif
(C:\Program Files (x86)\Hotkey\HkeyTray.exe ->) (CLEVO CO. -> CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.56\msedgewebview2.exe <6>
(D:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ->) (OpenVPN Technologies, Inc. -> The OpenVPN Project) D:\Program Files (x86)\OpenVPN\bin\openvpn.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_22aac1442d387216\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_22aac1442d387216\igfxEM.exe
(explorer.exe ->) (C-MEDIA ELECTRONICS INC. -> ) C:\Program Files\HECATE GAMING HEADSET\CPL\Hecate Gaming Center_x64.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25>
(explorer.exe ->) (Guangzhou Ugee Computers Technology Co.,Ltd -> ) D:\Program Files (x86)\Pentablet\PenTablet.exe
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2112.32.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (OpenVPN Technologies, Inc. -> ) D:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe
(explorer.exe ->) (Spotify AB -> Spotify Ltd) C:\Users\19183\AppData\Roaming\Spotify\Spotify.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(rundll32.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(RuntimeBroker.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(services.exe ->) (CLEVO CO.) [文件未签名] C:\Program Files (x86)\Hotkey\HotkeyService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_22aac1442d387216\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6829d8fabc87530c\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6829d8fabc87530c\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_538e668538abf17f\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (OpenVPN Technologies, Inc. -> The OpenVPN Project) D:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (Tencent Technology(Shenzhen) Company Limited -> Tencent) C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe
(svchost.exe ->) () [文件未签名] C:\Program Files (x86)\Hotkey\HkeyTray.exe
(svchost.exe ->) () [文件未签名] C:\Users\19183\AppData\Roaming\Windows Folder\Windows Service.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe

==================== 档案 (将列入优先名单) ===================

(如果条目包含在固定列表中,则注册表项目将恢复为默认或删除。 文件不会被移除。)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1164080 2020-09-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-02-26] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [PenTablet] => D:\Program Files (x86)\Pentablet\PenTablet.exe [775648 2020-10-09] (Guangzhou Ugee Computers Technology Co.,Ltd -> )
HKLM\...\Run: [EDG2] => C:\Program Files\HECATE GAMING HEADSET\CPL\Hecate Gaming Center_x64.exe [2576672 2018-12-20] (C-MEDIA ELECTRONICS INC. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true (无文件)
HKLM-x32\...\Run: [SDTray] => E:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: 限制 <==== 注意
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [BaiduYunDetect] => C:\Users\19183\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe [1133560 2020-12-16] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [Steam] => C:\Users\19183\AppData\Roaming\NVIDIA\dllhost.exe [17408 2022-02-23] () [文件未签名] <==== 注意
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [Wechat] => C:\Users\19183\WeChat\WeChat.exe [572360 2022-02-08] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [Dingtalk] => F:\Systemx64\DingDing\DingtalkLauncher.exe /autorun (无文件)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [TIM] => E:\Program Files\Bin\TIM.exe [68680 2021-09-07] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [Spotify] => C:\Users\19183\AppData\Roaming\Spotify\Spotify.exe [19438520 2022-02-19] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [RegHost] => C:\Users\19183\AppData\Roaming\Microsoft\RegHost.exe [7622144 2022-02-24] (Nvidia Corporation -> ) [文件未签名]
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [MSASCui] => C:\Users\19183\AppData\Roaming\Microsoft\MSASCui.exe (无文件)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [dwm] => C:\Users\19183\AppData\Roaming\Microsoft\dwm.exe (无文件) <==== 注意
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [1] => C:\Users\19183\AppData\Roaming\1.exe [220160 2022-02-24] () [文件未签名]
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "D:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-17] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
InternetURL: C:\Users\19183\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SgCcDkvIFK.url -> URL: "C:\Users\19183\AppData\Local\Temp\jkdXJLIvaE\SaEEwXVIrtc.js"
GroupPolicy: 限制 - Chrome <==== 注意
Policies: C:\ProgramData\NTUSER.pol: 限制 <==== 注意
HKLM\SOFTWARE\Policies\Google: 限制 <==== 注意

==================== 以安排的任务 (将列入优先名单) ============

(如果一个条目包含在固定列表中,它将从注册表中删除。 除非单独列出,否则文件将不会被移动。.)

Task: {02990CCF-3719-4B56-9E29-2C384E549D95} - System32\Tasks\Firefox Default Browser Agent 84AD216232B00CE1 => C:\Users\19183\AppData\Roaming\wgteivv.exe (无文件) <==== 注意
Task: {09E116B3-9DD5-4D42-9FE0-61D47B5932EC} - \Online Application V2G2 -> 无文件 <==== 注意
Task: {0A939AF9-8832-41A0-8A1C-9FA0F0E56110} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => E:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {0F7BEDE7-4500-46BB-B362-3F2791419924} - System32\Tasks\WindowsServiceUpload => C:\Users\19183\AppData\Roaming\Windows [Argument = Folder\Windows Service.exe]
Task: {100CAC06-7582-409F-AC87-18AC4753EACA} - \Online Application V2G6 -> 无文件 <==== 注意
Task: {1257F6BC-14AD-4718-A2BE-DFE24F586D86} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-10-26] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {21F15E93-7D87-40B0-B2EF-5F3D57F90E04} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BCCC4DB-5890-4E35-8019-2C3A1F8AD042} - \Online Application V2G5 -> 无文件 <==== 注意
Task: {2C6D6E1E-FDDE-4F58-A6A9-706CF47029CA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {47149F94-DC37-4ECD-8715-FCBFC410AFEC} - \AdvancedWindowsManager -> 无文件 <==== 注意
Task: {47FAC595-F8FC-4409-95BA-4B6B60E01C20} - \Online Application V2G3 -> 无文件 <==== 注意
Task: {4E42A10B-B471-47CD-9230-2BA06EC06E5F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F7E35B8-960C-40A3-A9A0-5C30B0894FC1} - System32\Tasks\WindowsService => C:\Users\19183\AppData\Roaming\Windows [Argument = Folder\Windows Service.exe]
Task: {55A76147-5C58-4638-8C99-9F07EFCAF97D} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ToolSystemInfo => C:\Users\19183\AppData\Roaming\\sysinfotool\\sitool.exe [82432 2018-01-12] () [文件未签名] <==== 注意
Task: {73866E1B-5C60-4D5B-86F2-B93A91742489} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {821A928A-78C1-4D92-B5EA-673C45A6CDE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-05-19] (Google Inc -> Google Inc.)
Task: {85403C9D-F5A7-46D5-8AD4-E8BBC00E9D11} - \Online Application V2G4 -> 无文件 <==== 注意
Task: {8E2C0ED4-8322-4ACD-9FC8-901B825268A2} - \Online Application V2G1 -> 无文件 <==== 注意
Task: {94E5BE62-0C3D-4B70-A951-2AB4C2E9BFCC} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --sapCode=PRLD --productVersion=9.0 --productPlatform=win64 --appletID=AppsPanel_BL --appletVersion=1.0 --appMode=Uninstall (无文件)
Task: {9BF14E1B-BD3A-45BC-BC59-5D11ED8F0B93} - \AdvancedUpdater -> 无文件 <==== 注意
Task: {B586E745-2FF1-43D4-82D0-0E6F393359B8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => E:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {C7381011-9122-4CD5-B68E-597C3DD4D997} - \Updater_Online_Application -> 无文件 <==== 注意
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (无文件)
Task: {D4377313-8684-4BA5-8413-A7446B69B3D6} - System32\Tasks\HkeyTrayLaunch => C:\Program Files (x86)\Hotkey\Hkeytray.exe [1183232 2019-01-25] () [文件未签名]
Task: {DDB6F20E-1208-4B8E-B913-2624D1BC58EE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => E:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {E2381335-91A8-46C3-AFAE-669076E265E1} - System32\Tasks\Microsoft\Windows\Device Information\SOFTMONMO => RUNDLL32 "C:\Program Files (x86)\Common Files\CoreDemo\NoolDatioa\nater_revP_168.dll" IBPnId_Hklib
Task: {F27241B6-6C0A-4CF7-80D2-51BC1FDB8B30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-05-19] (Google Inc -> Google Inc.)
Task: {F3F2CBA7-ECF6-4EF5-BEFB-8C79080F9367} - System32\Tasks\Cache-S-21-2946144819-3e21f723-50a5 => C:\Users\19183\AppData\Local\cache\libcurl.exe (无文件)
Task: {F78A2E5A-37DA-489F-B5CF-39851BB034AA} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186} => C:\Users\19183\AppData\Local\CrashDumps\subst.exe [103320 2021-06-05] (Microsoft Corporation -> Microsoft Corporation)

(如果在固定列表中包含一个条目,则将移动任务(.Cob)文件。将不会移动由任务运行的文件。)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== 注意

==================== Internet (将列入优先名单) ====================

(如果项目包含在固定列表中,如果它是注册表项目,它将被删除或恢复为默认值。)

Tcpip\Parameters: [DhcpNameServer] 162.252.172.57 149.154.159.92
Tcpip\..\Interfaces\{70d9cb16-4e4e-42de-8bae-7955327c8fba}: [DhcpNameServer] 61.132.163.68 202.102.213.68
Tcpip\..\Interfaces\{a7dfd8f7-4850-4dde-b51b-54ae929bb8e2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c48f614e-3f1c-46bd-a6b1-8507b04d06f5}: [DhcpNameServer] 162.252.172.57 149.154.159.92

Edge:
=======
DownloadDir: C:\Users\19183\Downloads
Edge Extension: (未命名) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [未发现]
Edge Extension: (未命名) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [未发现]
Edge Extension: (未命名) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [未发现]
Edge Extension: (未命名) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [未发现]
Edge DefaultProfile: Default
Edge Profile: C:\Users\19183\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-24]
Edge DownloadDir: Default -> C:\Users\19183\Downloads
Edge StartupUrls: Default -> "hxxps://go.microsoft.com/fwlink/?LinkId=625115"
Edge DefaultSearchURL: Default -> hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
Edge DefaultSearchKeyword: Default -> baidu.com
Edge Session Restore: Default -> 已启用
Edge Extension: (帮您淘优惠) - C:\Users\19183\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cikpljiicfjjopjkbmidbdnghodplnig [2021-07-24]
Edge HKLM-x32\...\Edge\Extension: [eofogjfkadmolbbmnlbohhbkhbodcjjm]

FireFox:
========
FF DefaultProfile: cwvkt1ti.default
FF ProfilePath: C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\cwvkt1ti.default [2019-10-28]
FF ProfilePath: C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release [2022-02-24]
FF Extension: (Firefox Homepage) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\cehomepage@mozillaonline.com.xpi [2019-10-28] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (COBA) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\coba@mozilla.com.cn.xpi [2019-10-28] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json]
FF Extension: (Addons Manager) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\cpmanager@mozillaonline.com.xpi [2019-10-28] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (Easy Screenshot) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\easyscreenshot@mozillaonline.com.xpi [2019-10-28]
FF Extension: (Tab Tweak) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\tabtweak@mozillaonline.com.xpi [2019-10-28] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (WeChat Helper by MoCoCN) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\wx-assistant@mozillaonline.com.xpi [2019-10-28] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [无文件]
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\19183\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll [2020-12-16] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> Baidu.com, Inc.)
FF Plugin-x32: @cmbchina.com/npcmbedit -> C:\WINDOWS\system32\NPCMBEdit.dll [无文件]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> D:\Program Files (x86)\Foxit\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [无文件]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> D:\Program Files (x86)\Foxit\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [无文件]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [无文件]
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QzoneMusic\npQzoneMusic.dll [2016-02-26] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.5.41\Bin\npSSOAxCtrlForPTLogin.dll [2019-12-03] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [无文件]
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [无文件]
FF Plugin-x32: @xunlei.com/npaplayer -> C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll [无文件]
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [无文件]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [无文件]
FF Plugin HKU\S-1-5-21-2099732615-3400469919-2622180112-1001: @1.qq.com/npqqwebgame -> C:\Users\19183\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.3\npqqwebgame.dll [2015-10-20] (Tencent Technology(Shenzhen) Company Limited -> )
FF Plugin HKU\S-1-5-21-2099732615-3400469919-2622180112-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [无文件]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default [2022-02-24]
CHR Notifications: Default -> hxxps://ko-fi.com; hxxps://mail-notification.info; hxxps://mas.to; hxxps://talisma.uottawa.ca; hxxps://www.youtube.com
CHR Session Restore: Default -> 已启用
CHR Extension: (Google Translate) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\aieoplapobidheellikiicjfpamacpfd [2022-02-23]
CHR Extension: (Honey) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-02-09]
CHR Extension: (Tampermonkey) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2022-02-09]
CHR Extension: (EditThisCookie) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2021-09-09]
CHR Extension: (Chrome 远程桌面) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2020-01-20]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2021-04-14]
CHR Extension: (Looper for YouTube - 自动重播) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2021-05-29]
CHR Extension: (EPUBReader) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhclmfgfllimlhabjkgkeebkbiadflb [2021-09-18]
CHR Extension: (暴力猴) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinjaccalgkegednnccohejagnlnfdag [2021-07-18]
CHR Extension: (Thumbnail Download) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneejojicokbocbckkdccbfnhppcbfee [2021-04-14]
CHR Extension: (Little Alchemy) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2020-01-20]
CHR Extension: (Until AM Web App) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2020-01-20]
CHR Extension: (Video DownloadHelper) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-01-29]
CHR Extension: (Toucan - 语言学习) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\lokjgaehpcnlmkebpmjiofccpklbmoci [2022-02-23]
CHR Extension: (Video Downloader PLUS) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgehaondchbmjmajphnhlojfnbfokng [2022-02-13]
CHR Extension: (Chrome 网上应用店付款系统) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2022-02-17]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2022-02-23]
CHR Extension: (Enhancer for YouTube™) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2022-01-22]
CHR Profile: C:\Users\19183\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-27]
CHR Profile: C:\Users\19183\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-27]
CHR HKLM-x32\...\Chrome\Extension: [ncennffkjdiamlpmcbajkmaiiiddgioo] - C:\Users\19183\AppData\Local\ChromeExtensionCache\xl_ext_chrome.crx [2019-06-27]

==================== 服务 (将列入优先名单) ===================

(如果一个条目包含在固定列表中,它将从注册表中删除。 除非单独列出,否则文件将不会被移动。.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
S2 AppServicea; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiceb; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicec; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiced; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicee; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicef; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiceg; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiceh; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicei; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicej; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicek; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicem; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicen; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiceo; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiceq; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicer; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8646752 2020-07-22] (BattlEye Innovations e.K. -> )
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-02-04] (Microsoft Corporation -> Microsoft Corporation)
S4 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [421728 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.)
S4 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-12-27] (Huawei Technologies Co., Ltd. -> ) [文件未签名]
S3 OpenVPNService; D:\Program Files (x86)\OpenVPN\bin\openvpnserv2.exe [15872 2018-03-01] () [文件未签名]
R2 OpenVPNServiceInteractive; D:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; D:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [34304 2017-12-25] (CLEVO CO.) [文件未签名]
R2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [116848 2021-09-07] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
R2 SDScannerService; E:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; E:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; E:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [文件未签名]
R2 UWPService; C:\WINDOWS\SysWOW64\Creative.UWPRPCService.exe [357288 2020-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 IAStorDataMgrSvc; "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_538e668538abf17f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_538e668538abf17f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== 驱动器 (将列入优先名单) ===================

(如果一个条目包含在固定列表中,它将从注册表中删除。 除非单独列出,否则文件将不会被移动。.)

R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [320728 2021-10-26] (Bluestack Systems, Inc -> Bluestack System Inc.)
R2 CMB8100; C:\WINDOWS\SysWOW64\Drivers\CertClient.dat [13048 2016-07-11] (China Merchants Bank Co., Ltd -> )
R2 CMBProtector; C:\WINDOWS\SysWOW64\Drivers\CMBProtector.dat [12320 2016-07-11] (China Merchants Bank -> )
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 HECATEG2_SERVICE; C:\WINDOWS\System32\drivers\HECATEG2.sys [3820728 2019-01-22] (WDKTestCert cm356,131360245853607688 -> EDIFIER Technology Co.,Ltd)
R3 HKKbdFltr; C:\WINDOWS\system32\DRIVERS\HKKbdFltr.sys [47416 2018-12-12] (WDKTestCert stone.cheng,131710889793483852 -> Insyde Software Corp.)
R3 HKMouFltr; C:\WINDOWS\system32\DRIVERS\HKMouFltr.sys [46208 2018-12-12] (WDKTestCert stone.cheng,131710889912565784 -> Insyde Software Corp.)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-02-01] (Microsoft Windows -> Microsoft Corporation)
R3 MBfilt; C:\WINDOWS\system32\drivers\MBfilt64.sys [43456 2019-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 monectdevices; C:\WINDOWS\System32\drivers\monectdevices.sys [15768 2013-12-03] (Kasherlab Technology Inc. -> )
R2 QQProtectX64; C:\Windows\system32\drivers\QQProtectX64.sys [121344 2021-09-07] (Tencent Technology (Shenzhen) Company Limited -> Tencent)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-29] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2020-04-13] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2022-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [438520 2022-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-23] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (将列入优先名单) ===================

(如果一个条目包含在固定列表中,它将从注册表中删除。 除非单独列出,否则文件将不会被移动。.)


==================== 一个月 (创建成功) (将列入优先名单) =========

(如果条目包含在固定列表中,则文件/文件夹将被移动。.)

2022-02-24 12:24 - 2022-02-24 12:25 - 000037604 _____ C:\Users\19183\Downloads\FRST.txt
2022-02-24 12:24 - 2022-02-24 12:24 - 000000000 ____D C:\FRST
2022-02-24 12:08 - 2022-02-24 12:08 - 002312192 _____ (Farbar) C:\Users\19183\Downloads\FRST64.exe
2022-02-24 03:47 - 2022-02-24 03:47 - 139460608 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-02-24 03:30 - 2022-02-24 03:47 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-02-24 03:26 - 2022-02-24 03:26 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-24 03:22 - 2022-02-24 03:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-02-24 03:21 - 2022-02-24 03:21 - 002419896 _____ (Malwarebytes) C:\Users\19183\Downloads\MBSetup.exe
2022-02-24 03:17 - 2022-02-24 03:17 - 001656900 _____ C:\WINDOWS\Minidump\022422-53421-01.dmp
2022-02-24 02:14 - 2022-02-24 02:14 - 000000000 ____D C:\Users\19183\Desktop\openvpn config
2022-02-24 01:51 - 2022-02-24 01:51 - 000220160 _____ () C:\Users\19183\AppData\Roaming\1.exe
2022-02-24 01:10 - 2022-02-24 01:10 - 000000000 ____D C:\WINDOWS\system32\clip
2022-02-23 21:40 - 2022-02-24 11:57 - 000003430 _____ C:\WINDOWS\system32\Tasks\WindowsService
2022-02-23 20:36 - 2022-02-23 20:36 - 000000000 ____D C:\Users\19183\Downloads\testdisk-7.2-WIP.win64
2022-02-23 20:35 - 2022-02-23 20:35 - 000000000 ____D C:\Users\19183\AppData\Local\Safer-Networking Ltd
2022-02-23 20:27 - 2022-02-23 20:16 - 000655360 _____ C:\Users\19183\Documents\wrzepjob.kdw
2022-02-23 20:15 - 2022-02-23 20:15 - 000563660 _____ C:\WINDOWS\Minidump\022322-81671-01.dmp
2022-02-23 20:12 - 2022-02-23 20:12 - 000646980 _____ C:\WINDOWS\Minidump\022322-20109-01.dmp
2022-02-23 20:08 - 2022-02-24 03:17 - 000000000 ____D C:\WINDOWS\Minidump
2022-02-23 20:08 - 2022-02-23 20:08 - 000544876 _____ C:\WINDOWS\Minidump\022322-19812-01.dmp
2022-02-23 20:07 - 2022-02-24 03:16 - 1825845049 ____N C:\WINDOWS\MEMORY.DMP
2022-02-23 20:04 - 2022-02-23 20:12 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-02-23 19:52 - 2022-02-23 19:52 - 000000000 __SHD C:\Users\19183\AppData\Roaming\ServiceApi
2022-02-23 19:51 - 2022-02-23 19:51 - 000003634 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186}
2022-02-23 19:34 - 2022-02-23 19:34 - 000001115 _____ C:\Users\19183\_readme.txt
2022-02-23 19:34 - 2022-02-23 19:34 - 000000557 _____ C:\Users\19183\AppData\Local\bowsakkdestx.txt
2022-02-23 19:34 - 2022-02-23 19:34 - 000000000 ____D C:\SystemID
2022-02-23 19:33 - 2022-02-24 03:43 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\2YP3AM7LNL.tmp
2022-02-23 19:22 - 2022-02-23 19:22 - 000003626 _____ C:\WINDOWS\system32\Tasks\Cache-S-21-2946144819-3e21f723-50a5
2022-02-23 19:20 - 2022-02-24 11:57 - 000003698 _____ C:\WINDOWS\system32\Tasks\WindowsServiceUpload
2022-02-23 19:20 - 2022-02-23 19:37 - 000000000 ____D C:\Users\19183\AppData\Roaming\Windows Folder
2022-02-23 19:19 - 2022-02-23 19:19 - 000000000 ____D C:\Users\19183\AppData\Local\3377e1bc-0a5d-4bf5-b34f-a616482bdeb9
2022-02-23 19:18 - 2022-02-23 19:18 - 000000000 ____D C:\Users\19183\AppData\Roaming\ProfCleaner
2022-02-23 19:17 - 2022-02-24 03:50 - 000003728 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent 84AD216232B00CE1
2022-02-23 19:17 - 2022-02-23 21:46 - 000000000 ____D C:\Users\19183\AppData\Local\Yandex
2022-02-23 19:06 - 2022-02-23 19:06 - 000000000 ____D C:\Users\19183\AppData\Roaming\SysInfoTool
2022-02-21 20:49 - 2022-02-21 20:49 - 000000388 _____ C:\Users\19183\Downloads\syyRQDl1z9mJe-Oe.m3u8
2022-02-21 19:58 - 2022-02-21 20:02 - 048640435 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham & Elsie Fisher of 'Eighth Grade' Have All the Answers Requestions TRL-MZWGMsehtHI-1080p-1645443492033.mp4
2022-02-19 23:29 - 2022-02-19 23:30 - 003756560 _____ C:\Users\19183\Downloads\tumblr_qume2b4xf31uf0x4m_720.mp4
2022-02-19 23:27 - 2022-02-19 23:30 - 042818269 _____ C:\Users\19183\Downloads\Y2Mate.is - 'Eighth Grade's' Bo Burnham & Elsie Fisher Want to Meet Lady Gaga & Bradley Cooper Golden Globes-UYFGFebFyv8-1080p-1645284440101.mp4
2022-02-19 20:10 - 2022-02-19 20:11 - 000585433 _____ C:\Users\19183\Downloads\Snaptik_6970766877626731782_tik-toker.mp4
2022-02-19 20:04 - 2022-02-19 20:05 - 000601744 _____ C:\Users\19183\Downloads\Snaptik_7010755385560796421_emily.mp4
2022-02-19 19:25 - 2022-02-19 19:25 - 000000309 _____ C:\Users\19183\Downloads\jpfEYgoRBLd9sKOy.m3u8
2022-02-19 02:54 - 2022-02-19 02:54 - 015067895 _____ C:\Users\19183\Downloads\Y2Mate.is - ASU Film + Bo Burnham’s Eighth Grade-WuxZc8CzURM-720p-1645210431547.mp4
2022-02-19 02:53 - 2022-02-19 02:53 - 030141641 _____ C:\Users\19183\Downloads\Y2Mate.is - Eighth Grade's Stars Have a Fan in Mary Poppins (aka Emily Blunt!)-i9cwaksLB7E-1080p-1645209920392.mp4
2022-02-18 15:49 - 2022-02-18 15:50 - 003226993 _____ C:\Users\19183\Downloads\Screen_Recording_20220217-222524_Twitter.mov
2022-02-17 20:02 - 2022-02-17 20:02 - 001914404 _____ C:\Users\19183\Downloads\RPReplay_Final1643710379.mov
2022-02-17 02:29 - 2022-02-17 02:30 - 117364440 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham interview with Adam Shapiro-RTfjzPRSKbI-720p-1645036153528.mp4
2022-02-17 02:26 - 2022-02-17 02:27 - 055201015 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham talk about Promising Young Woman & Sundance Film Festival-X_PpIGG-n0M-1080p-1645035992122.mp4
2022-02-15 19:10 - 2022-02-15 19:13 - 004525499 _____ C:\Users\19183\Downloads\RPReplay_Final1644920462.mov
2022-02-15 19:10 - 2022-02-15 19:10 - 000609966 _____ C:\Users\19183\Downloads\trim.55C33BCC-204B-4A91-813F-4A15B3F9BED0.mov
2022-02-15 15:41 - 2022-02-15 16:30 - 167579420 _____ C:\Users\19183\Downloads\uc_ui_boburnham_pg_19min37sec.mp4
2022-02-15 14:27 - 2022-02-15 14:31 - 006811031 _____ C:\Users\19183\Downloads\RPReplay_Final1644899652.mov
2022-02-15 02:03 - 2022-02-15 02:05 - 005981354 _____ C:\Users\19183\Downloads\RPReplay_Final1644856339 (1).mov
2022-02-15 00:49 - 2022-02-15 00:54 - 242203723 _____ C:\Users\19183\Downloads\Y2Mate.is - Promising Young Woman premiere Q&A @ Sundance 2020 - & I ask a question!-hXxOd8Qh6t4-1080p-1644857262718.mp4
2022-02-14 19:05 - 2022-02-14 19:05 - 003149057 _____ C:\Users\19183\Downloads\Illustration4.clip
2022-02-13 22:36 - 2022-02-13 22:39 - 014504400 _____ C:\Users\19183\Downloads\UMBC - New Math.mp4
2022-02-13 22:28 - 2022-02-13 22:29 - 033792467 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham - Testing The Boundaries-M-0JDiYMyVs-720p-1644762473414.mp4
2022-02-13 22:24 - 2022-02-13 22:29 - 045396228 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham Takes Down Bonnaroo!-2VY1EXzeD4Y-720p-1644762241938.mp4
2022-02-13 22:23 - 2022-02-13 22:26 - 015491489 _____ C:\Users\19183\Downloads\UMBC - Garage Band.mp4
2022-02-13 22:11 - 2022-02-13 22:11 - 006414858 _____ C:\Users\19183\Downloads\umbc oh bo.mp4
2022-02-13 17:47 - 2022-02-13 17:48 - 053740511 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham - Rant-8_cIsmiXnc0-720p-1644745646849.mp4
2022-02-13 01:41 - 2022-02-13 01:41 - 000751961 _____ C:\Users\19183\Downloads\271631762_291530146285048_2880228855824278917_n_x264.mp4
2022-02-13 01:39 - 2022-02-13 01:39 - 016426339 _____ C:\Users\19183\Downloads\257719745_196606972647340_4439068700832784233_n_x264.mp4
2022-02-13 01:25 - 2022-02-13 01:25 - 013921610 _____ C:\Users\19183\Downloads\257719745_196606972647340_4439068700832784233_n.mp4
2022-02-13 01:09 - 2022-02-13 01:09 - 001843275 _____ C:\Users\19183\Downloads\Eighth-Grade-fdown.net.mp4
2022-02-13 01:09 - 2022-02-13 01:09 - 001843275 _____ C:\Users\19183\Downloads\54261483_791764011688781_4127850715958516456_n.mp4
2022-02-13 00:27 - 2022-02-13 00:27 - 000508615 _____ C:\Users\19183\Downloads\271631762_291530146285048_2880228855824278917_n.mp4
2022-02-12 22:20 - 2022-02-12 22:25 - 021951239 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham- RANT-sHeE_kCNOHI-480p-1644675579923.mp4
2022-02-12 22:10 - 2022-02-12 22:12 - 008685976 _____ C:\Users\19183\Downloads\bo burnham live! (who cares_) 01_18_10 12_27PM.mp4
2022-02-12 18:20 - 2022-02-12 18:24 - 032842096 _____ C:\Users\19183\Downloads\bo burnham live! (who cares_) 09_30_09 07_30PM.mp4
2022-02-12 18:17 - 2022-02-12 18:18 - 013206436 _____ C:\Users\19183\Downloads\Arizona Blues.mp4
2022-02-11 22:04 - 2022-02-11 22:51 - 000001404 _____ C:\Users\19183\AppData\Local\Adobe 存储为 Web 所用格式 13.0 Prefs
2022-02-11 20:27 - 2022-02-11 20:27 - 079244937 _____ C:\Users\19183\Downloads\yt5s.com-15 MONTHS-(1080p).mp4
2022-02-11 19:47 - 2022-02-11 19:47 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk
2022-02-11 19:43 - 2022-02-11 19:43 - 000000000 ____D C:\Program Files\Adobe
2022-02-11 19:31 - 2022-02-11 19:32 - 079246378 _____ C:\Users\19183\Downloads\Y2Mate.is - 15 MONTHS-5L8O1jIzAlM-1080p-1644579109395.mp4
2022-02-11 02:47 - 2022-02-11 02:47 - 051234083 _____ C:\Users\19183\Downloads\Y2Mate.is - I Made A Movie-hphNHwnTPVs-1080p-1644513290002.mp4
2022-02-09 23:38 - 2022-02-09 23:38 - 000015020 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-09 23:36 - 2022-02-09 23:36 - 000000000 ___HD C:\$WinREAgent
2022-02-09 16:48 - 2022-02-09 16:48 - 000000733 _____ C:\Users\19183\Documents\下载 - 快捷方式.lnk
2022-02-09 12:40 - 2022-02-09 12:40 - 026852237 _____ C:\Users\19183\Downloads\Bo Burnham Reads from Egghead.mp4
2022-02-08 01:57 - 2022-02-08 01:57 - 001164703 _____ C:\Users\19183\Downloads\Bo Burnham “Waking Next to Bae” Vine.zip
2022-02-08 01:57 - 2022-02-08 01:57 - 000769587 _____ C:\Users\19183\Downloads\Bo Burnham “Rhymes with Jesus” VINE.zip
2022-02-07 17:50 - 2022-02-07 18:01 - 488390724 _____ C:\Users\19183\Downloads\3 Peens Charity Stream.mp4
2022-02-06 00:03 - 2022-02-06 00:03 - 000034201 _____ C:\Users\19183\Downloads\yoshi mlem.m4a
2022-02-04 00:23 - 2022-02-04 00:25 - 006656733 _____ C:\Users\19183\Downloads\videoplayback (6).m4a
2022-02-02 16:22 - 2022-02-02 16:24 - 085605891 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) 'Scream' MV-FKlGHHhTOsQ-1080p-1638401372990.mp4
2022-02-02 16:20 - 2022-02-02 16:21 - 043271842 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) '데자부 (Deja Vu)' MV-W761DtH1oRg-1080p-1636963716662.mp4
2022-02-02 16:17 - 2022-02-02 16:19 - 066752423 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) 'What' MV-pN0dkjp1deQ-1080p-1643102644579 (1).mp4
2022-02-02 16:16 - 2022-02-02 16:16 - 077094608 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) 'YOU AND I' MV-LFxjwBfFIiY-1080p-1643789756520.mp4
2022-02-02 16:13 - 2022-02-02 16:14 - 086609496 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) 'Odd Eye' MV-1QD0FeZyDtQ-1080p-1643694084209.mp4
2022-02-02 16:13 - 2022-02-02 16:14 - 065757041 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) 'BEcause' MV-PEKkdIT8JPM-1080p-1643789550683.mp4
2022-02-02 00:36 - 2022-02-02 00:36 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2022-02-01 23:36 - 2022-02-01 23:36 - 000311296 _____ C:\WINDOWS\system32\EsclScan.dll
2022-02-01 23:36 - 2022-02-01 23:36 - 000188416 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-02-01 23:36 - 2022-02-01 23:36 - 000077824 _____ C:\WINDOWS\system32\APMonUI.dll
2022-02-01 23:35 - 2022-02-01 23:35 - 000339968 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-01 21:26 - 2022-02-01 21:27 - 000913904 _____ C:\Users\19183\Downloads\videoplayback (11).mp4
2022-01-29 22:45 - 2022-02-24 02:06 - 000000000 ____D C:\Users\19183\dwhelper
2022-01-29 22:45 - 2022-01-29 22:45 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
2022-01-29 22:21 - 2022-01-29 22:21 - 000002563 _____ C:\Users\19183\Downloads\072018-wcl-bo-burnham-vid_web.m3u8
2022-01-27 17:10 - 2022-01-27 17:10 - 000180233 _____ C:\Users\19183\Downloads\episode-935-bo-burhnam-david-sedaris-audios-mp3_rf_27187074_1.html

==================== 一个月 (已修改) ==================

(如果条目包含在固定列表中,则文件/文件夹将被移动。.)

2022-02-24 12:24 - 2021-06-05 20:09 - 000000000 ____D C:\WINDOWS\INF
2022-02-24 12:14 - 2019-05-19 12:49 - 000000000 ____D C:\Users\19183\AppData\Local\D3DSCache
2022-02-24 12:05 - 2019-05-19 12:16 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-24 12:00 - 2021-11-03 18:21 - 002448472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-24 12:00 - 2021-11-03 17:39 - 000832466 _____ C:\WINDOWS\system32\perfh00C.dat
2022-02-24 12:00 - 2021-11-03 17:39 - 000166108 _____ C:\WINDOWS\system32\perfc00C.dat
2022-02-24 12:00 - 2021-06-06 01:51 - 000414570 _____ C:\WINDOWS\system32\prfh0804.dat
2022-02-24 12:00 - 2021-06-06 01:51 - 000139694 _____ C:\WINDOWS\system32\prfc0804.dat
2022-02-24 11:59 - 2021-12-08 00:45 - 000000000 ____D C:\Users\19183\AppData\Local\Spotify
2022-02-24 11:59 - 2021-12-08 00:30 - 000000000 ____D C:\Users\19183\AppData\Roaming\Spotify
2022-02-24 11:59 - 2021-11-03 18:19 - 000004122 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{0B7719C6-E66D-4689-8F13-1902FFD5E6F2}
2022-02-24 11:59 - 2019-05-26 23:02 - 000000000 ___HD C:\Users\19183\AppData\Local\CrashDumps
2022-02-24 11:58 - 2019-05-19 12:55 - 000000000 ____D C:\Users\19183\Documents\Tencent Files
2022-02-24 11:57 - 2021-11-03 18:09 - 000000000 ____D C:\Users\19183
2022-02-24 11:57 - 2019-05-19 12:13 - 000000000 __SHD C:\Users\19183\IntelGraphicsProfiles
2022-02-24 11:55 - 2021-06-05 20:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-24 11:54 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-02-24 11:53 - 2021-11-03 18:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-24 11:53 - 2021-11-03 18:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-24 11:53 - 2019-04-27 08:17 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-24 03:48 - 2021-06-05 20:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-02-24 03:43 - 2021-06-05 20:01 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-24 03:25 - 2021-04-04 00:34 - 000000000 ___HD C:\Users\19183\AppData\Local\cache
2022-02-24 02:24 - 2021-07-24 10:07 - 000000000 ____D C:\Users\19183\AppData\Roaming\discord
2022-02-24 02:13 - 2019-05-25 23:05 - 000000000 ____D C:\Users\19183\AppData\Roaming\Aegisub
2022-02-24 01:37 - 2021-07-24 10:07 - 000000000 ____D C:\Users\19183\AppData\Local\Discord
2022-02-24 00:35 - 2020-08-27 22:43 - 000000000 ____D C:\Users\19183\Documents\WeChat Files
2022-02-23 22:21 - 2019-01-24 19:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-23 20:35 - 2021-01-30 02:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-02-23 20:27 - 2019-05-19 12:49 - 000000000 ____D C:\Users\19183\AppData\Roaming\NVIDIA
2022-02-23 20:15 - 2019-05-19 13:20 - 000000000 ____D C:\Program Files (x86)\Steam
2022-02-23 20:12 - 2020-01-26 01:28 - 000000000 ____D C:\Users\19183\AppData\Local\ElevatedDiagnostics
2022-02-23 19:59 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-23 19:42 - 2020-08-27 22:42 - 000000000 ____D C:\Users\19183\WeChat
2022-02-23 19:34 - 2021-01-30 02:31 - 000000000 ____D C:\Safer-Networking Ltd
2022-02-23 19:34 - 2021-01-11 12:34 - 000000000 ____D C:\OneDriveTemp
2022-02-23 19:34 - 2020-04-03 14:13 - 000000000 ____D C:\KMPlayer
2022-02-23 19:34 - 2019-06-27 13:45 - 000000000 ____D C:\TDDownload
2022-02-23 19:34 - 2019-06-01 21:10 - 000000000 ____D C:\Temp
2022-02-23 19:34 - 2019-05-19 12:13 - 000000000 ____D C:\Users\19183\AppData\Local\VirtualStore
2022-02-23 19:32 - 2019-11-18 10:46 - 000000000 ____D C:\Users\19183\AppData\Roaming\BitComet
2022-02-23 19:17 - 2020-02-09 04:08 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2022-02-23 16:16 - 2021-06-05 20:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-22 23:57 - 2019-05-19 13:27 - 000000000 ____D C:\Users\19183\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-02-21 14:47 - 2019-01-24 19:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-02-20 01:17 - 2020-05-01 22:22 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-20 01:17 - 2020-05-01 22:22 - 000002267 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-02-19 19:43 - 2021-07-24 10:07 - 000002238 _____ C:\Users\19183\Desktop\Discord.lnk
2022-02-18 19:21 - 2021-06-16 23:47 - 000000000 ____D C:\Users\19183\AppData\Roaming\audacity
2022-02-18 18:25 - 2019-05-19 13:11 - 000001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\网易云音乐.lnk
2022-02-17 07:07 - 2021-12-13 04:42 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2099732615-3400469919-2622180112-1001
2022-02-17 07:07 - 2021-11-03 18:19 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2099732615-3400469919-2622180112-1001
2022-02-17 07:07 - 2021-02-06 04:34 - 000002296 _____ C:\Users\19183\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-17 05:05 - 2019-05-19 12:17 - 000002280 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-12 17:19 - 2019-04-27 08:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-02-12 17:18 - 2019-05-19 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2022-02-11 22:16 - 2021-01-11 12:52 - 000000000 ____D C:\Users\19183\Documents\Adobe
2022-02-11 22:16 - 2019-05-19 12:13 - 000000000 ____D C:\Users\19183\AppData\Roaming\Adobe
2022-02-11 19:52 - 2020-08-02 22:33 - 000000000 ____D C:\ProgramData\Adobe
2022-02-11 19:46 - 2021-01-10 15:17 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-02-11 19:43 - 2021-02-01 19:18 - 000000000 ____D C:\Program Files (x86)\Adobe
2022-02-11 00:05 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-02-10 03:24 - 2021-11-03 18:07 - 000753712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-10 03:23 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-10 03:23 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-09 23:39 - 2021-06-05 20:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-09 13:03 - 2020-05-12 01:54 - 000000000 ____D C:\Users\19183\AppData\Roaming\osu
2022-02-09 13:01 - 2021-02-15 03:55 - 000000000 ____D C:\Users\19183\AppData\Local\osulazer
2022-02-09 13:01 - 2020-05-12 01:54 - 000000000 ____D C:\Users\19183\AppData\Local\SquirrelTemp
2022-02-09 07:04 - 2019-05-19 14:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-09 06:58 - 2019-05-19 14:31 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-07 21:54 - 2021-12-01 12:28 - 000001531 _____ C:\Users\19183\Desktop\writing prompt.txt
2022-02-07 02:15 - 2021-01-25 22:21 - 000002600 _____ C:\Users\19183\Desktop\新建文本文档 (2).txt
2022-02-05 06:00 - 2020-10-06 17:02 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-02 00:36 - 2021-06-05 20:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-02-02 00:36 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-02 00:36 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-02 00:36 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-02 00:36 - 2021-06-05 20:01 - 000000000 ____D C:\WINDOWS\servicing
2022-02-01 23:35 - 2021-11-03 18:09 - 003087360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-01-30 16:50 - 2020-04-09 21:51 - 000000000 ____D C:\Users\19183\AppData\Local\osu!
2022-01-29 03:11 - 2021-11-18 07:54 - 000003038 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7d09ba3325b74
2022-01-29 03:11 - 2021-11-03 18:19 - 000003132 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

==================== 某些目录的根目录中的文件 ========

2022-02-24 01:51 - 2022-02-24 01:51 - 000220160 _____ () C:\Users\19183\AppData\Roaming\1.exe
2020-02-26 00:09 - 2020-02-26 00:11 - 000000190 _____ () C:\Users\19183\AppData\Roaming\GlobalMgr.db
2020-05-03 01:33 - 2020-05-03 01:39 - 000017284 _____ () C:\Users\19183\AppData\Roaming\SpeedRunnersLog.txt
2020-08-27 22:44 - 2020-08-27 22:44 - 000045056 _____ () C:\Users\19183\AppData\Roaming\Web Data
2020-08-27 22:44 - 2020-08-27 22:44 - 000000000 _____ () C:\Users\19183\AppData\Roaming\Web Data-journal
2019-12-31 01:36 - 2019-12-31 01:36 - 001392663 _____ () C:\Users\19183\AppData\Roaming\JPEG_20191231_013558_3122578599552070693.jpg
2022-02-23 19:22 - 2022-02-23 19:22 - 000151552 _____ () C:\Users\19183\AppData\Roaming\Microsoft\RegData.exe
2022-02-23 19:22 - 2022-02-24 03:15 - 007622144 _____ () C:\Users\19183\AppData\Roaming\Microsoft\RegHost.exe
2022-02-23 19:22 - 2022-02-23 19:22 - 005493520 _____ () C:\Users\19183\AppData\Roaming\Microsoft\RegModule.exe
2019-12-17 21:11 - 2019-12-18 21:25 - 000001456 _____ () C:\Users\19183\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-02-11 22:04 - 2022-02-11 22:51 - 000001404 _____ () C:\Users\19183\AppData\Local\Adobe 存储为 Web 所用格式 13.0 Prefs
2022-02-23 19:34 - 2022-02-23 19:34 - 000000557 _____ () C:\Users\19183\AppData\Local\bowsakkdestx.txt
2019-05-25 22:59 - 2019-05-26 22:26 - 000013824 _____ () C:\Users\19183\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-11-21 21:47 - 2020-12-23 19:01 - 000002557 _____ () C:\Users\19183\AppData\Local\krita-sysinfo.log
2020-02-20 20:57 - 2020-12-23 19:01 - 000149933 _____ () C:\Users\19183\AppData\Local\krita.log
2020-02-20 20:58 - 2020-02-21 00:24 - 000045130 _____ () C:\Users\19183\AppData\Local\kritacrash.log
2020-12-23 19:01 - 2020-12-23 19:01 - 000000152 _____ () C:\Users\19183\AppData\Local\kritadisplayrc
2019-05-19 13:04 - 2020-12-23 19:01 - 000021733 _____ () C:\Users\19183\AppData\Local\kritarc
2019-12-18 21:36 - 2021-05-23 18:00 - 000000205 _____ () C:\Users\19183\AppData\Local\oobelibMkey.log
2020-03-13 06:48 - 2021-06-11 14:38 - 000007606 _____ () C:\Users\19183\AppData\Local\Resmon.ResmonCfg
2020-09-04 01:14 - 2020-09-04 01:14 - 000017408 _____ () C:\Users\19183\AppData\Local\WebpageIcons.db

==================== SigCheck ============================

(对于尚未通过验证的文件无自动修复。.)

==================== 结束 在 FRST.txt ========================
You do not have the required permissions to view the files attached to this post.
ravenbeakx
Active Member
 
Posts: 1
Joined: February 24th, 2022, 12:02 am
Advertisement
Register to Remove

Re: STOP (Djvu) Ransomware Virus Infected

Unread postby Gary R » February 24th, 2022, 2:13 am

Decrypting any encrypted files is a specialist task, and the best people to advise you on whether this is possible can be found at Bleepin Computer

https://www.bleepingcomputer.com/forums ... try3964407

Sadly that is not always possible, and if you have removed any of the infection files, then this will likely be the case. However open a topic at BC, and let their experts advise you, as they have the most up to date knowledge on this subject.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware