ransomware description:
ransomnote_filename: _readme.txt
ransomnote_email: helprestoremanager@airmail.cc
sample_extension: .ooii
sample_bytes: [0x1E58 - 0x1E7E] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
FRST.txt:
关于...的扫描结果 Farbar Recovery Scan Tool (FRST) (x64) 版本: 14-02-2022 01
通过...运行 19183 (管理员) 启动 DESKTOP-7QJUT0M (HASEE Computer K650D) (24-02-2022 12:24:32)
从运行 C:\Users\19183\Downloads
加载的配置文件: 19183
平台: Microsoft Windows 11 家庭中文版 版本 21H2 22000.493 (X64) 语言: 中文(简体,中国)
默认浏览器: Chrome
启动模式: Normal
==================== 进程 (将列入优先名单) =================
(如果条目包含在固定列表中,则该过程将被关闭。该文件不会被移动。)
(AutoIt Consulting Ltd -> AutoIt Team) C:\Users\19183\AppData\Local\Temp\jkdXJLIvaE\SgCcDkvIFK.exe.pif
(C:\Program Files (x86)\Hotkey\HkeyTray.exe ->) (CLEVO CO. -> CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.56\msedgewebview2.exe <6>
(D:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ->) (OpenVPN Technologies, Inc. -> The OpenVPN Project) D:\Program Files (x86)\OpenVPN\bin\openvpn.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_22aac1442d387216\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_22aac1442d387216\igfxEM.exe
(explorer.exe ->) (C-MEDIA ELECTRONICS INC. -> ) C:\Program Files\HECATE GAMING HEADSET\CPL\Hecate Gaming Center_x64.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25>
(explorer.exe ->) (Guangzhou Ugee Computers Technology Co.,Ltd -> ) D:\Program Files (x86)\Pentablet\PenTablet.exe
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2112.32.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (OpenVPN Technologies, Inc. -> ) D:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe
(explorer.exe ->) (Spotify AB -> Spotify Ltd) C:\Users\19183\AppData\Roaming\Spotify\Spotify.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(rundll32.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(RuntimeBroker.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(services.exe ->) (CLEVO CO.) [文件未签名] C:\Program Files (x86)\Hotkey\HotkeyService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_22aac1442d387216\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6829d8fabc87530c\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6829d8fabc87530c\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_538e668538abf17f\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (OpenVPN Technologies, Inc. -> The OpenVPN Project) D:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) E:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (Tencent Technology(Shenzhen) Company Limited -> Tencent) C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe
(svchost.exe ->) () [文件未签名] C:\Program Files (x86)\Hotkey\HkeyTray.exe
(svchost.exe ->) () [文件未签名] C:\Users\19183\AppData\Roaming\Windows Folder\Windows Service.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== 档案 (将列入优先名单) ===================
(如果条目包含在固定列表中,则注册表项目将恢复为默认或删除。 文件不会被移除。)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1164080 2020-09-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-02-26] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [PenTablet] => D:\Program Files (x86)\Pentablet\PenTablet.exe [775648 2020-10-09] (Guangzhou Ugee Computers Technology Co.,Ltd -> )
HKLM\...\Run: [EDG2] => C:\Program Files\HECATE GAMING HEADSET\CPL\Hecate Gaming Center_x64.exe [2576672 2018-12-20] (C-MEDIA ELECTRONICS INC. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true (无文件)
HKLM-x32\...\Run: [SDTray] => E:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: 限制 <==== 注意
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [BaiduYunDetect] => C:\Users\19183\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe [1133560 2020-12-16] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> )
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [Steam] => C:\Users\19183\AppData\Roaming\NVIDIA\dllhost.exe [17408 2022-02-23] () [文件未签名] <==== 注意
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [Wechat] => C:\Users\19183\WeChat\WeChat.exe [572360 2022-02-08] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [Dingtalk] => F:\Systemx64\DingDing\DingtalkLauncher.exe /autorun (无文件)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [TIM] => E:\Program Files\Bin\TIM.exe [68680 2021-09-07] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [Spotify] => C:\Users\19183\AppData\Roaming\Spotify\Spotify.exe [19438520 2022-02-19] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [RegHost] => C:\Users\19183\AppData\Roaming\Microsoft\RegHost.exe [7622144 2022-02-24] (Nvidia Corporation -> ) [文件未签名]
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [MSASCui] => C:\Users\19183\AppData\Roaming\Microsoft\MSASCui.exe (无文件)
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [dwm] => C:\Users\19183\AppData\Roaming\Microsoft\dwm.exe (无文件) <==== 注意
HKU\S-1-5-21-2099732615-3400469919-2622180112-1001\...\Run: [1] => C:\Users\19183\AppData\Roaming\1.exe [220160 2022-02-24] () [文件未签名]
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "D:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-17] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
InternetURL: C:\Users\19183\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SgCcDkvIFK.url -> URL: "C:\Users\19183\AppData\Local\Temp\jkdXJLIvaE\SaEEwXVIrtc.js"
GroupPolicy: 限制 - Chrome <==== 注意
Policies: C:\ProgramData\NTUSER.pol: 限制 <==== 注意
HKLM\SOFTWARE\Policies\Google: 限制 <==== 注意
==================== 以安排的任务 (将列入优先名单) ============
(如果一个条目包含在固定列表中,它将从注册表中删除。 除非单独列出,否则文件将不会被移动。.)
Task: {02990CCF-3719-4B56-9E29-2C384E549D95} - System32\Tasks\Firefox Default Browser Agent 84AD216232B00CE1 => C:\Users\19183\AppData\Roaming\wgteivv.exe (无文件) <==== 注意
Task: {09E116B3-9DD5-4D42-9FE0-61D47B5932EC} - \Online Application V2G2 -> 无文件 <==== 注意
Task: {0A939AF9-8832-41A0-8A1C-9FA0F0E56110} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => E:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {0F7BEDE7-4500-46BB-B362-3F2791419924} - System32\Tasks\WindowsServiceUpload => C:\Users\19183\AppData\Roaming\Windows [Argument = Folder\Windows Service.exe]
Task: {100CAC06-7582-409F-AC87-18AC4753EACA} - \Online Application V2G6 -> 无文件 <==== 注意
Task: {1257F6BC-14AD-4718-A2BE-DFE24F586D86} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-10-26] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {21F15E93-7D87-40B0-B2EF-5F3D57F90E04} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BCCC4DB-5890-4E35-8019-2C3A1F8AD042} - \Online Application V2G5 -> 无文件 <==== 注意
Task: {2C6D6E1E-FDDE-4F58-A6A9-706CF47029CA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {47149F94-DC37-4ECD-8715-FCBFC410AFEC} - \AdvancedWindowsManager -> 无文件 <==== 注意
Task: {47FAC595-F8FC-4409-95BA-4B6B60E01C20} - \Online Application V2G3 -> 无文件 <==== 注意
Task: {4E42A10B-B471-47CD-9230-2BA06EC06E5F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F7E35B8-960C-40A3-A9A0-5C30B0894FC1} - System32\Tasks\WindowsService => C:\Users\19183\AppData\Roaming\Windows [Argument = Folder\Windows Service.exe]
Task: {55A76147-5C58-4638-8C99-9F07EFCAF97D} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ToolSystemInfo => C:\Users\19183\AppData\Roaming\\sysinfotool\\sitool.exe [82432 2018-01-12] () [文件未签名] <==== 注意
Task: {73866E1B-5C60-4D5B-86F2-B93A91742489} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {821A928A-78C1-4D92-B5EA-673C45A6CDE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-05-19] (Google Inc -> Google Inc.)
Task: {85403C9D-F5A7-46D5-8AD4-E8BBC00E9D11} - \Online Application V2G4 -> 无文件 <==== 注意
Task: {8E2C0ED4-8322-4ACD-9FC8-901B825268A2} - \Online Application V2G1 -> 无文件 <==== 注意
Task: {94E5BE62-0C3D-4B70-A951-2AB4C2E9BFCC} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --sapCode=PRLD --productVersion=9.0 --productPlatform=win64 --appletID=AppsPanel_BL --appletVersion=1.0 --appMode=Uninstall (无文件)
Task: {9BF14E1B-BD3A-45BC-BC59-5D11ED8F0B93} - \AdvancedUpdater -> 无文件 <==== 注意
Task: {B586E745-2FF1-43D4-82D0-0E6F393359B8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => E:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {C7381011-9122-4CD5-B68E-597C3DD4D997} - \Updater_Online_Application -> 无文件 <==== 注意
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (无文件)
Task: {D4377313-8684-4BA5-8413-A7446B69B3D6} - System32\Tasks\HkeyTrayLaunch => C:\Program Files (x86)\Hotkey\Hkeytray.exe [1183232 2019-01-25] () [文件未签名]
Task: {DDB6F20E-1208-4B8E-B913-2624D1BC58EE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => E:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {E2381335-91A8-46C3-AFAE-669076E265E1} - System32\Tasks\Microsoft\Windows\Device Information\SOFTMONMO => RUNDLL32 "C:\Program Files (x86)\Common Files\CoreDemo\NoolDatioa\nater_revP_168.dll" IBPnId_Hklib
Task: {F27241B6-6C0A-4CF7-80D2-51BC1FDB8B30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-05-19] (Google Inc -> Google Inc.)
Task: {F3F2CBA7-ECF6-4EF5-BEFB-8C79080F9367} - System32\Tasks\Cache-S-21-2946144819-3e21f723-50a5 => C:\Users\19183\AppData\Local\cache\libcurl.exe (无文件)
Task: {F78A2E5A-37DA-489F-B5CF-39851BB034AA} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186} => C:\Users\19183\AppData\Local\CrashDumps\subst.exe [103320 2021-06-05] (Microsoft Corporation -> Microsoft Corporation)
(如果在固定列表中包含一个条目,则将移动任务(.Cob)文件。将不会移动由任务运行的文件。)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== 注意
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== 注意
==================== Internet (将列入优先名单) ====================
(如果项目包含在固定列表中,如果它是注册表项目,它将被删除或恢复为默认值。)
Tcpip\Parameters: [DhcpNameServer] 162.252.172.57 149.154.159.92
Tcpip\..\Interfaces\{70d9cb16-4e4e-42de-8bae-7955327c8fba}: [DhcpNameServer] 61.132.163.68 202.102.213.68
Tcpip\..\Interfaces\{a7dfd8f7-4850-4dde-b51b-54ae929bb8e2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c48f614e-3f1c-46bd-a6b1-8507b04d06f5}: [DhcpNameServer] 162.252.172.57 149.154.159.92
Edge:
=======
DownloadDir: C:\Users\19183\Downloads
Edge Extension: (未命名) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [未发现]
Edge Extension: (未命名) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [未发现]
Edge Extension: (未命名) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [未发现]
Edge Extension: (未命名) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [未发现]
Edge DefaultProfile: Default
Edge Profile: C:\Users\19183\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-24]
Edge DownloadDir: Default -> C:\Users\19183\Downloads
Edge StartupUrls: Default -> "hxxps://go.microsoft.com/fwlink/?LinkId=625115"
Edge DefaultSearchURL: Default -> hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
Edge DefaultSearchKeyword: Default -> baidu.com
Edge Session Restore: Default -> 已启用
Edge Extension: (帮您淘优惠) - C:\Users\19183\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cikpljiicfjjopjkbmidbdnghodplnig [2021-07-24]
Edge HKLM-x32\...\Edge\Extension: [eofogjfkadmolbbmnlbohhbkhbodcjjm]
FireFox:
========
FF DefaultProfile: cwvkt1ti.default
FF ProfilePath: C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\cwvkt1ti.default [2019-10-28]
FF ProfilePath: C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release [2022-02-24]
FF Extension: (Firefox Homepage) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\cehomepage@mozillaonline.com.xpi [2019-10-28] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (COBA) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\coba@mozilla.com.cn.xpi [2019-10-28] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json]
FF Extension: (Addons Manager) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\cpmanager@mozillaonline.com.xpi [2019-10-28] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (Easy Screenshot) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\easyscreenshot@mozillaonline.com.xpi [2019-10-28]
FF Extension: (Tab Tweak) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\tabtweak@mozillaonline.com.xpi [2019-10-28] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (WeChat Helper by MoCoCN) - C:\Users\19183\AppData\Roaming\Mozilla\Firefox\Profiles\qxurgsjl.default-release\Extensions\wx-assistant@mozillaonline.com.xpi [2019-10-28] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [无文件]
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\19183\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll [2020-12-16] (Beijing Baidu Netcom Science and Technology Co.,Ltd -> Baidu.com, Inc.)
FF Plugin-x32: @cmbchina.com/npcmbedit -> C:\WINDOWS\system32\NPCMBEdit.dll [无文件]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> D:\Program Files (x86)\Foxit\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [无文件]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> D:\Program Files (x86)\Foxit\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [无文件]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [无文件]
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QzoneMusic\npQzoneMusic.dll [2016-02-26] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.5.41\Bin\npSSOAxCtrlForPTLogin.dll [2019-12-03] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [无文件]
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [无文件]
FF Plugin-x32: @xunlei.com/npaplayer -> C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll [无文件]
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [无文件]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [无文件]
FF Plugin HKU\S-1-5-21-2099732615-3400469919-2622180112-1001: @1.qq.com/npqqwebgame -> C:\Users\19183\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.3\npqqwebgame.dll [2015-10-20] (Tencent Technology(Shenzhen) Company Limited -> )
FF Plugin HKU\S-1-5-21-2099732615-3400469919-2622180112-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [无文件]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default [2022-02-24]
CHR Notifications: Default -> hxxps://ko-fi.com; hxxps://mail-notification.info; hxxps://mas.to; hxxps://talisma.uottawa.ca; hxxps://www.youtube.com
CHR Session Restore: Default -> 已启用
CHR Extension: (Google Translate) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\aieoplapobidheellikiicjfpamacpfd [2022-02-23]
CHR Extension: (Honey) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-02-09]
CHR Extension: (Tampermonkey) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2022-02-09]
CHR Extension: (EditThisCookie) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2021-09-09]
CHR Extension: (Chrome 远程桌面) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2020-01-20]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2021-04-14]
CHR Extension: (Looper for YouTube - 自动重播) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2021-05-29]
CHR Extension: (EPUBReader) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhclmfgfllimlhabjkgkeebkbiadflb [2021-09-18]
CHR Extension: (暴力猴) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinjaccalgkegednnccohejagnlnfdag [2021-07-18]
CHR Extension: (Thumbnail Download) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneejojicokbocbckkdccbfnhppcbfee [2021-04-14]
CHR Extension: (Little Alchemy) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2020-01-20]
CHR Extension: (Until AM Web App) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2020-01-20]
CHR Extension: (Video DownloadHelper) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-01-29]
CHR Extension: (Toucan - 语言学习) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\lokjgaehpcnlmkebpmjiofccpklbmoci [2022-02-23]
CHR Extension: (Video Downloader PLUS) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgehaondchbmjmajphnhlojfnbfokng [2022-02-13]
CHR Extension: (Chrome 网上应用店付款系统) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2022-02-17]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2022-02-23]
CHR Extension: (Enhancer for YouTube™) - C:\Users\19183\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2022-01-22]
CHR Profile: C:\Users\19183\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-27]
CHR Profile: C:\Users\19183\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-27]
CHR HKLM-x32\...\Chrome\Extension: [ncennffkjdiamlpmcbajkmaiiiddgioo] - C:\Users\19183\AppData\Local\ChromeExtensionCache\xl_ext_chrome.crx [2019-06-27]
==================== 服务 (将列入优先名单) ===================
(如果一个条目包含在固定列表中,它将从注册表中删除。 除非单独列出,否则文件将不会被移动。.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
S2 AppServicea; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiceb; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicec; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiced; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicee; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicef; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiceg; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiceh; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicei; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicej; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicek; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicem; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicen; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiceo; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServiceq; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S2 AppServicer; C:\WINDOWS\system32\2YP3AM7LNL.tmp [6144 2022-02-24] (Microsoft Corporation) [文件未签名] <==== 注意
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8646752 2020-07-22] (BattlEye Innovations e.K. -> )
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-02-04] (Microsoft Corporation -> Microsoft Corporation)
S4 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [421728 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.)
S4 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2019-12-27] (Huawei Technologies Co., Ltd. -> ) [文件未签名]
S3 OpenVPNService; D:\Program Files (x86)\OpenVPN\bin\openvpnserv2.exe [15872 2018-03-01] () [文件未签名]
R2 OpenVPNServiceInteractive; D:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; D:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [34304 2017-12-25] (CLEVO CO.) [文件未签名]
R2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [116848 2021-09-07] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
R2 SDScannerService; E:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; E:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; E:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [文件未签名]
R2 UWPService; C:\WINDOWS\SysWOW64\Creative.UWPRPCService.exe [357288 2020-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 IAStorDataMgrSvc; "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_538e668538abf17f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_538e668538abf17f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== 驱动器 (将列入优先名单) ===================
(如果一个条目包含在固定列表中,它将从注册表中删除。 除非单独列出,否则文件将不会被移动。.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [320728 2021-10-26] (Bluestack Systems, Inc -> Bluestack System Inc.)
R2 CMB8100; C:\WINDOWS\SysWOW64\Drivers\CertClient.dat [13048 2016-07-11] (China Merchants Bank Co., Ltd -> )
R2 CMBProtector; C:\WINDOWS\SysWOW64\Drivers\CMBProtector.dat [12320 2016-07-11] (China Merchants Bank -> )
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 HECATEG2_SERVICE; C:\WINDOWS\System32\drivers\HECATEG2.sys [3820728 2019-01-22] (WDKTestCert cm356,131360245853607688 -> EDIFIER Technology Co.,Ltd)
R3 HKKbdFltr; C:\WINDOWS\system32\DRIVERS\HKKbdFltr.sys [47416 2018-12-12] (WDKTestCert stone.cheng,131710889793483852 -> Insyde Software Corp.)
R3 HKMouFltr; C:\WINDOWS\system32\DRIVERS\HKMouFltr.sys [46208 2018-12-12] (WDKTestCert stone.cheng,131710889912565784 -> Insyde Software Corp.)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-02-01] (Microsoft Windows -> Microsoft Corporation)
R3 MBfilt; C:\WINDOWS\system32\drivers\MBfilt64.sys [43456 2019-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 monectdevices; C:\WINDOWS\System32\drivers\monectdevices.sys [15768 2013-12-03] (Kasherlab Technology Inc. -> )
R2 QQProtectX64; C:\Windows\system32\drivers\QQProtectX64.sys [121344 2021-09-07] (Tencent Technology (Shenzhen) Company Limited -> Tencent)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-29] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2020-04-13] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2022-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [438520 2022-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-23] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (将列入优先名单) ===================
(如果一个条目包含在固定列表中,它将从注册表中删除。 除非单独列出,否则文件将不会被移动。.)
==================== 一个月 (创建成功) (将列入优先名单) =========
(如果条目包含在固定列表中,则文件/文件夹将被移动。.)
2022-02-24 12:24 - 2022-02-24 12:25 - 000037604 _____ C:\Users\19183\Downloads\FRST.txt
2022-02-24 12:24 - 2022-02-24 12:24 - 000000000 ____D C:\FRST
2022-02-24 12:08 - 2022-02-24 12:08 - 002312192 _____ (Farbar) C:\Users\19183\Downloads\FRST64.exe
2022-02-24 03:47 - 2022-02-24 03:47 - 139460608 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-02-24 03:30 - 2022-02-24 03:47 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-02-24 03:26 - 2022-02-24 03:26 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-24 03:22 - 2022-02-24 03:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-02-24 03:21 - 2022-02-24 03:21 - 002419896 _____ (Malwarebytes) C:\Users\19183\Downloads\MBSetup.exe
2022-02-24 03:17 - 2022-02-24 03:17 - 001656900 _____ C:\WINDOWS\Minidump\022422-53421-01.dmp
2022-02-24 02:14 - 2022-02-24 02:14 - 000000000 ____D C:\Users\19183\Desktop\openvpn config
2022-02-24 01:51 - 2022-02-24 01:51 - 000220160 _____ () C:\Users\19183\AppData\Roaming\1.exe
2022-02-24 01:10 - 2022-02-24 01:10 - 000000000 ____D C:\WINDOWS\system32\clip
2022-02-23 21:40 - 2022-02-24 11:57 - 000003430 _____ C:\WINDOWS\system32\Tasks\WindowsService
2022-02-23 20:36 - 2022-02-23 20:36 - 000000000 ____D C:\Users\19183\Downloads\testdisk-7.2-WIP.win64
2022-02-23 20:35 - 2022-02-23 20:35 - 000000000 ____D C:\Users\19183\AppData\Local\Safer-Networking Ltd
2022-02-23 20:27 - 2022-02-23 20:16 - 000655360 _____ C:\Users\19183\Documents\wrzepjob.kdw
2022-02-23 20:15 - 2022-02-23 20:15 - 000563660 _____ C:\WINDOWS\Minidump\022322-81671-01.dmp
2022-02-23 20:12 - 2022-02-23 20:12 - 000646980 _____ C:\WINDOWS\Minidump\022322-20109-01.dmp
2022-02-23 20:08 - 2022-02-24 03:17 - 000000000 ____D C:\WINDOWS\Minidump
2022-02-23 20:08 - 2022-02-23 20:08 - 000544876 _____ C:\WINDOWS\Minidump\022322-19812-01.dmp
2022-02-23 20:07 - 2022-02-24 03:16 - 1825845049 ____N C:\WINDOWS\MEMORY.DMP
2022-02-23 20:04 - 2022-02-23 20:12 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-02-23 19:52 - 2022-02-23 19:52 - 000000000 __SHD C:\Users\19183\AppData\Roaming\ServiceApi
2022-02-23 19:51 - 2022-02-23 19:51 - 000003634 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186}
2022-02-23 19:34 - 2022-02-23 19:34 - 000001115 _____ C:\Users\19183\_readme.txt
2022-02-23 19:34 - 2022-02-23 19:34 - 000000557 _____ C:\Users\19183\AppData\Local\bowsakkdestx.txt
2022-02-23 19:34 - 2022-02-23 19:34 - 000000000 ____D C:\SystemID
2022-02-23 19:33 - 2022-02-24 03:43 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\2YP3AM7LNL.tmp
2022-02-23 19:22 - 2022-02-23 19:22 - 000003626 _____ C:\WINDOWS\system32\Tasks\Cache-S-21-2946144819-3e21f723-50a5
2022-02-23 19:20 - 2022-02-24 11:57 - 000003698 _____ C:\WINDOWS\system32\Tasks\WindowsServiceUpload
2022-02-23 19:20 - 2022-02-23 19:37 - 000000000 ____D C:\Users\19183\AppData\Roaming\Windows Folder
2022-02-23 19:19 - 2022-02-23 19:19 - 000000000 ____D C:\Users\19183\AppData\Local\3377e1bc-0a5d-4bf5-b34f-a616482bdeb9
2022-02-23 19:18 - 2022-02-23 19:18 - 000000000 ____D C:\Users\19183\AppData\Roaming\ProfCleaner
2022-02-23 19:17 - 2022-02-24 03:50 - 000003728 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent 84AD216232B00CE1
2022-02-23 19:17 - 2022-02-23 21:46 - 000000000 ____D C:\Users\19183\AppData\Local\Yandex
2022-02-23 19:06 - 2022-02-23 19:06 - 000000000 ____D C:\Users\19183\AppData\Roaming\SysInfoTool
2022-02-21 20:49 - 2022-02-21 20:49 - 000000388 _____ C:\Users\19183\Downloads\syyRQDl1z9mJe-Oe.m3u8
2022-02-21 19:58 - 2022-02-21 20:02 - 048640435 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham & Elsie Fisher of 'Eighth Grade' Have All the Answers Requestions TRL-MZWGMsehtHI-1080p-1645443492033.mp4
2022-02-19 23:29 - 2022-02-19 23:30 - 003756560 _____ C:\Users\19183\Downloads\tumblr_qume2b4xf31uf0x4m_720.mp4
2022-02-19 23:27 - 2022-02-19 23:30 - 042818269 _____ C:\Users\19183\Downloads\Y2Mate.is - 'Eighth Grade's' Bo Burnham & Elsie Fisher Want to Meet Lady Gaga & Bradley Cooper Golden Globes-UYFGFebFyv8-1080p-1645284440101.mp4
2022-02-19 20:10 - 2022-02-19 20:11 - 000585433 _____ C:\Users\19183\Downloads\Snaptik_6970766877626731782_tik-toker.mp4
2022-02-19 20:04 - 2022-02-19 20:05 - 000601744 _____ C:\Users\19183\Downloads\Snaptik_7010755385560796421_emily.mp4
2022-02-19 19:25 - 2022-02-19 19:25 - 000000309 _____ C:\Users\19183\Downloads\jpfEYgoRBLd9sKOy.m3u8
2022-02-19 02:54 - 2022-02-19 02:54 - 015067895 _____ C:\Users\19183\Downloads\Y2Mate.is - ASU Film + Bo Burnham’s Eighth Grade-WuxZc8CzURM-720p-1645210431547.mp4
2022-02-19 02:53 - 2022-02-19 02:53 - 030141641 _____ C:\Users\19183\Downloads\Y2Mate.is - Eighth Grade's Stars Have a Fan in Mary Poppins (aka Emily Blunt!)-i9cwaksLB7E-1080p-1645209920392.mp4
2022-02-18 15:49 - 2022-02-18 15:50 - 003226993 _____ C:\Users\19183\Downloads\Screen_Recording_20220217-222524_Twitter.mov
2022-02-17 20:02 - 2022-02-17 20:02 - 001914404 _____ C:\Users\19183\Downloads\RPReplay_Final1643710379.mov
2022-02-17 02:29 - 2022-02-17 02:30 - 117364440 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham interview with Adam Shapiro-RTfjzPRSKbI-720p-1645036153528.mp4
2022-02-17 02:26 - 2022-02-17 02:27 - 055201015 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham talk about Promising Young Woman & Sundance Film Festival-X_PpIGG-n0M-1080p-1645035992122.mp4
2022-02-15 19:10 - 2022-02-15 19:13 - 004525499 _____ C:\Users\19183\Downloads\RPReplay_Final1644920462.mov
2022-02-15 19:10 - 2022-02-15 19:10 - 000609966 _____ C:\Users\19183\Downloads\trim.55C33BCC-204B-4A91-813F-4A15B3F9BED0.mov
2022-02-15 15:41 - 2022-02-15 16:30 - 167579420 _____ C:\Users\19183\Downloads\uc_ui_boburnham_pg_19min37sec.mp4
2022-02-15 14:27 - 2022-02-15 14:31 - 006811031 _____ C:\Users\19183\Downloads\RPReplay_Final1644899652.mov
2022-02-15 02:03 - 2022-02-15 02:05 - 005981354 _____ C:\Users\19183\Downloads\RPReplay_Final1644856339 (1).mov
2022-02-15 00:49 - 2022-02-15 00:54 - 242203723 _____ C:\Users\19183\Downloads\Y2Mate.is - Promising Young Woman premiere Q&A @ Sundance 2020 - & I ask a question!-hXxOd8Qh6t4-1080p-1644857262718.mp4
2022-02-14 19:05 - 2022-02-14 19:05 - 003149057 _____ C:\Users\19183\Downloads\Illustration4.clip
2022-02-13 22:36 - 2022-02-13 22:39 - 014504400 _____ C:\Users\19183\Downloads\UMBC - New Math.mp4
2022-02-13 22:28 - 2022-02-13 22:29 - 033792467 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham - Testing The Boundaries-M-0JDiYMyVs-720p-1644762473414.mp4
2022-02-13 22:24 - 2022-02-13 22:29 - 045396228 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham Takes Down Bonnaroo!-2VY1EXzeD4Y-720p-1644762241938.mp4
2022-02-13 22:23 - 2022-02-13 22:26 - 015491489 _____ C:\Users\19183\Downloads\UMBC - Garage Band.mp4
2022-02-13 22:11 - 2022-02-13 22:11 - 006414858 _____ C:\Users\19183\Downloads\umbc oh bo.mp4
2022-02-13 17:47 - 2022-02-13 17:48 - 053740511 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham - Rant-8_cIsmiXnc0-720p-1644745646849.mp4
2022-02-13 01:41 - 2022-02-13 01:41 - 000751961 _____ C:\Users\19183\Downloads\271631762_291530146285048_2880228855824278917_n_x264.mp4
2022-02-13 01:39 - 2022-02-13 01:39 - 016426339 _____ C:\Users\19183\Downloads\257719745_196606972647340_4439068700832784233_n_x264.mp4
2022-02-13 01:25 - 2022-02-13 01:25 - 013921610 _____ C:\Users\19183\Downloads\257719745_196606972647340_4439068700832784233_n.mp4
2022-02-13 01:09 - 2022-02-13 01:09 - 001843275 _____ C:\Users\19183\Downloads\Eighth-Grade-fdown.net.mp4
2022-02-13 01:09 - 2022-02-13 01:09 - 001843275 _____ C:\Users\19183\Downloads\54261483_791764011688781_4127850715958516456_n.mp4
2022-02-13 00:27 - 2022-02-13 00:27 - 000508615 _____ C:\Users\19183\Downloads\271631762_291530146285048_2880228855824278917_n.mp4
2022-02-12 22:20 - 2022-02-12 22:25 - 021951239 _____ C:\Users\19183\Downloads\Y2Mate.is - Bo Burnham- RANT-sHeE_kCNOHI-480p-1644675579923.mp4
2022-02-12 22:10 - 2022-02-12 22:12 - 008685976 _____ C:\Users\19183\Downloads\bo burnham live! (who cares_) 01_18_10 12_27PM.mp4
2022-02-12 18:20 - 2022-02-12 18:24 - 032842096 _____ C:\Users\19183\Downloads\bo burnham live! (who cares_) 09_30_09 07_30PM.mp4
2022-02-12 18:17 - 2022-02-12 18:18 - 013206436 _____ C:\Users\19183\Downloads\Arizona Blues.mp4
2022-02-11 22:04 - 2022-02-11 22:51 - 000001404 _____ C:\Users\19183\AppData\Local\Adobe 存储为 Web 所用格式 13.0 Prefs
2022-02-11 20:27 - 2022-02-11 20:27 - 079244937 _____ C:\Users\19183\Downloads\yt5s.com-15 MONTHS-(1080p).mp4
2022-02-11 19:47 - 2022-02-11 19:47 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk
2022-02-11 19:43 - 2022-02-11 19:43 - 000000000 ____D C:\Program Files\Adobe
2022-02-11 19:31 - 2022-02-11 19:32 - 079246378 _____ C:\Users\19183\Downloads\Y2Mate.is - 15 MONTHS-5L8O1jIzAlM-1080p-1644579109395.mp4
2022-02-11 02:47 - 2022-02-11 02:47 - 051234083 _____ C:\Users\19183\Downloads\Y2Mate.is - I Made A Movie-hphNHwnTPVs-1080p-1644513290002.mp4
2022-02-09 23:38 - 2022-02-09 23:38 - 000015020 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-09 23:36 - 2022-02-09 23:36 - 000000000 ___HD C:\$WinREAgent
2022-02-09 16:48 - 2022-02-09 16:48 - 000000733 _____ C:\Users\19183\Documents\下载 - 快捷方式.lnk
2022-02-09 12:40 - 2022-02-09 12:40 - 026852237 _____ C:\Users\19183\Downloads\Bo Burnham Reads from Egghead.mp4
2022-02-08 01:57 - 2022-02-08 01:57 - 001164703 _____ C:\Users\19183\Downloads\Bo Burnham “Waking Next to Bae” Vine.zip
2022-02-08 01:57 - 2022-02-08 01:57 - 000769587 _____ C:\Users\19183\Downloads\Bo Burnham “Rhymes with Jesus” VINE.zip
2022-02-07 17:50 - 2022-02-07 18:01 - 488390724 _____ C:\Users\19183\Downloads\3 Peens Charity Stream.mp4
2022-02-06 00:03 - 2022-02-06 00:03 - 000034201 _____ C:\Users\19183\Downloads\yoshi mlem.m4a
2022-02-04 00:23 - 2022-02-04 00:25 - 006656733 _____ C:\Users\19183\Downloads\videoplayback (6).m4a
2022-02-02 16:22 - 2022-02-02 16:24 - 085605891 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) 'Scream' MV-FKlGHHhTOsQ-1080p-1638401372990.mp4
2022-02-02 16:20 - 2022-02-02 16:21 - 043271842 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) '데자부 (Deja Vu)' MV-W761DtH1oRg-1080p-1636963716662.mp4
2022-02-02 16:17 - 2022-02-02 16:19 - 066752423 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) 'What' MV-pN0dkjp1deQ-1080p-1643102644579 (1).mp4
2022-02-02 16:16 - 2022-02-02 16:16 - 077094608 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) 'YOU AND I' MV-LFxjwBfFIiY-1080p-1643789756520.mp4
2022-02-02 16:13 - 2022-02-02 16:14 - 086609496 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) 'Odd Eye' MV-1QD0FeZyDtQ-1080p-1643694084209.mp4
2022-02-02 16:13 - 2022-02-02 16:14 - 065757041 _____ C:\Users\19183\Downloads\Y2Mate.is - Dreamcatcher(드림캐쳐) 'BEcause' MV-PEKkdIT8JPM-1080p-1643789550683.mp4
2022-02-02 00:36 - 2022-02-02 00:36 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2022-02-01 23:36 - 2022-02-01 23:36 - 000311296 _____ C:\WINDOWS\system32\EsclScan.dll
2022-02-01 23:36 - 2022-02-01 23:36 - 000188416 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-02-01 23:36 - 2022-02-01 23:36 - 000077824 _____ C:\WINDOWS\system32\APMonUI.dll
2022-02-01 23:35 - 2022-02-01 23:35 - 000339968 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-01 21:26 - 2022-02-01 21:27 - 000913904 _____ C:\Users\19183\Downloads\videoplayback (11).mp4
2022-01-29 22:45 - 2022-02-24 02:06 - 000000000 ____D C:\Users\19183\dwhelper
2022-01-29 22:45 - 2022-01-29 22:45 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
2022-01-29 22:21 - 2022-01-29 22:21 - 000002563 _____ C:\Users\19183\Downloads\072018-wcl-bo-burnham-vid_web.m3u8
2022-01-27 17:10 - 2022-01-27 17:10 - 000180233 _____ C:\Users\19183\Downloads\episode-935-bo-burhnam-david-sedaris-audios-mp3_rf_27187074_1.html
==================== 一个月 (已修改) ==================
(如果条目包含在固定列表中,则文件/文件夹将被移动。.)
2022-02-24 12:24 - 2021-06-05 20:09 - 000000000 ____D C:\WINDOWS\INF
2022-02-24 12:14 - 2019-05-19 12:49 - 000000000 ____D C:\Users\19183\AppData\Local\D3DSCache
2022-02-24 12:05 - 2019-05-19 12:16 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-24 12:00 - 2021-11-03 18:21 - 002448472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-24 12:00 - 2021-11-03 17:39 - 000832466 _____ C:\WINDOWS\system32\perfh00C.dat
2022-02-24 12:00 - 2021-11-03 17:39 - 000166108 _____ C:\WINDOWS\system32\perfc00C.dat
2022-02-24 12:00 - 2021-06-06 01:51 - 000414570 _____ C:\WINDOWS\system32\prfh0804.dat
2022-02-24 12:00 - 2021-06-06 01:51 - 000139694 _____ C:\WINDOWS\system32\prfc0804.dat
2022-02-24 11:59 - 2021-12-08 00:45 - 000000000 ____D C:\Users\19183\AppData\Local\Spotify
2022-02-24 11:59 - 2021-12-08 00:30 - 000000000 ____D C:\Users\19183\AppData\Roaming\Spotify
2022-02-24 11:59 - 2021-11-03 18:19 - 000004122 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{0B7719C6-E66D-4689-8F13-1902FFD5E6F2}
2022-02-24 11:59 - 2019-05-26 23:02 - 000000000 ___HD C:\Users\19183\AppData\Local\CrashDumps
2022-02-24 11:58 - 2019-05-19 12:55 - 000000000 ____D C:\Users\19183\Documents\Tencent Files
2022-02-24 11:57 - 2021-11-03 18:09 - 000000000 ____D C:\Users\19183
2022-02-24 11:57 - 2019-05-19 12:13 - 000000000 __SHD C:\Users\19183\IntelGraphicsProfiles
2022-02-24 11:55 - 2021-06-05 20:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-24 11:54 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-02-24 11:53 - 2021-11-03 18:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-24 11:53 - 2021-11-03 18:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-24 11:53 - 2019-04-27 08:17 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-24 03:48 - 2021-06-05 20:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-02-24 03:43 - 2021-06-05 20:01 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-24 03:25 - 2021-04-04 00:34 - 000000000 ___HD C:\Users\19183\AppData\Local\cache
2022-02-24 02:24 - 2021-07-24 10:07 - 000000000 ____D C:\Users\19183\AppData\Roaming\discord
2022-02-24 02:13 - 2019-05-25 23:05 - 000000000 ____D C:\Users\19183\AppData\Roaming\Aegisub
2022-02-24 01:37 - 2021-07-24 10:07 - 000000000 ____D C:\Users\19183\AppData\Local\Discord
2022-02-24 00:35 - 2020-08-27 22:43 - 000000000 ____D C:\Users\19183\Documents\WeChat Files
2022-02-23 22:21 - 2019-01-24 19:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-23 20:35 - 2021-01-30 02:31 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-02-23 20:27 - 2019-05-19 12:49 - 000000000 ____D C:\Users\19183\AppData\Roaming\NVIDIA
2022-02-23 20:15 - 2019-05-19 13:20 - 000000000 ____D C:\Program Files (x86)\Steam
2022-02-23 20:12 - 2020-01-26 01:28 - 000000000 ____D C:\Users\19183\AppData\Local\ElevatedDiagnostics
2022-02-23 19:59 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-23 19:42 - 2020-08-27 22:42 - 000000000 ____D C:\Users\19183\WeChat
2022-02-23 19:34 - 2021-01-30 02:31 - 000000000 ____D C:\Safer-Networking Ltd
2022-02-23 19:34 - 2021-01-11 12:34 - 000000000 ____D C:\OneDriveTemp
2022-02-23 19:34 - 2020-04-03 14:13 - 000000000 ____D C:\KMPlayer
2022-02-23 19:34 - 2019-06-27 13:45 - 000000000 ____D C:\TDDownload
2022-02-23 19:34 - 2019-06-01 21:10 - 000000000 ____D C:\Temp
2022-02-23 19:34 - 2019-05-19 12:13 - 000000000 ____D C:\Users\19183\AppData\Local\VirtualStore
2022-02-23 19:32 - 2019-11-18 10:46 - 000000000 ____D C:\Users\19183\AppData\Roaming\BitComet
2022-02-23 19:17 - 2020-02-09 04:08 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2022-02-23 16:16 - 2021-06-05 20:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-22 23:57 - 2019-05-19 13:27 - 000000000 ____D C:\Users\19183\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-02-21 14:47 - 2019-01-24 19:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-02-20 01:17 - 2020-05-01 22:22 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-20 01:17 - 2020-05-01 22:22 - 000002267 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-02-19 19:43 - 2021-07-24 10:07 - 000002238 _____ C:\Users\19183\Desktop\Discord.lnk
2022-02-18 19:21 - 2021-06-16 23:47 - 000000000 ____D C:\Users\19183\AppData\Roaming\audacity
2022-02-18 18:25 - 2019-05-19 13:11 - 000001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\网易云音乐.lnk
2022-02-17 07:07 - 2021-12-13 04:42 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2099732615-3400469919-2622180112-1001
2022-02-17 07:07 - 2021-11-03 18:19 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2099732615-3400469919-2622180112-1001
2022-02-17 07:07 - 2021-02-06 04:34 - 000002296 _____ C:\Users\19183\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-17 05:05 - 2019-05-19 12:17 - 000002280 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-12 17:19 - 2019-04-27 08:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-02-12 17:18 - 2019-05-19 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2022-02-11 22:16 - 2021-01-11 12:52 - 000000000 ____D C:\Users\19183\Documents\Adobe
2022-02-11 22:16 - 2019-05-19 12:13 - 000000000 ____D C:\Users\19183\AppData\Roaming\Adobe
2022-02-11 19:52 - 2020-08-02 22:33 - 000000000 ____D C:\ProgramData\Adobe
2022-02-11 19:46 - 2021-01-10 15:17 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-02-11 19:43 - 2021-02-01 19:18 - 000000000 ____D C:\Program Files (x86)\Adobe
2022-02-11 00:05 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-02-10 03:24 - 2021-11-03 18:07 - 000753712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-10 03:23 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-10 03:23 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-09 23:39 - 2021-06-05 20:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-09 13:03 - 2020-05-12 01:54 - 000000000 ____D C:\Users\19183\AppData\Roaming\osu
2022-02-09 13:01 - 2021-02-15 03:55 - 000000000 ____D C:\Users\19183\AppData\Local\osulazer
2022-02-09 13:01 - 2020-05-12 01:54 - 000000000 ____D C:\Users\19183\AppData\Local\SquirrelTemp
2022-02-09 07:04 - 2019-05-19 14:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-09 06:58 - 2019-05-19 14:31 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-07 21:54 - 2021-12-01 12:28 - 000001531 _____ C:\Users\19183\Desktop\writing prompt.txt
2022-02-07 02:15 - 2021-01-25 22:21 - 000002600 _____ C:\Users\19183\Desktop\新建文本文档 (2).txt
2022-02-05 06:00 - 2020-10-06 17:02 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-02 00:36 - 2021-06-05 20:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-02-02 00:36 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-02 00:36 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-02 00:36 - 2021-06-05 20:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-02 00:36 - 2021-06-05 20:01 - 000000000 ____D C:\WINDOWS\servicing
2022-02-01 23:35 - 2021-11-03 18:09 - 003087360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-01-30 16:50 - 2020-04-09 21:51 - 000000000 ____D C:\Users\19183\AppData\Local\osu!
2022-01-29 03:11 - 2021-11-18 07:54 - 000003038 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7d09ba3325b74
2022-01-29 03:11 - 2021-11-03 18:19 - 000003132 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
==================== 某些目录的根目录中的文件 ========
2022-02-24 01:51 - 2022-02-24 01:51 - 000220160 _____ () C:\Users\19183\AppData\Roaming\1.exe
2020-02-26 00:09 - 2020-02-26 00:11 - 000000190 _____ () C:\Users\19183\AppData\Roaming\GlobalMgr.db
2020-05-03 01:33 - 2020-05-03 01:39 - 000017284 _____ () C:\Users\19183\AppData\Roaming\SpeedRunnersLog.txt
2020-08-27 22:44 - 2020-08-27 22:44 - 000045056 _____ () C:\Users\19183\AppData\Roaming\Web Data
2020-08-27 22:44 - 2020-08-27 22:44 - 000000000 _____ () C:\Users\19183\AppData\Roaming\Web Data-journal
2019-12-31 01:36 - 2019-12-31 01:36 - 001392663 _____ () C:\Users\19183\AppData\Roaming\JPEG_20191231_013558_3122578599552070693.jpg
2022-02-23 19:22 - 2022-02-23 19:22 - 000151552 _____ () C:\Users\19183\AppData\Roaming\Microsoft\RegData.exe
2022-02-23 19:22 - 2022-02-24 03:15 - 007622144 _____ () C:\Users\19183\AppData\Roaming\Microsoft\RegHost.exe
2022-02-23 19:22 - 2022-02-23 19:22 - 005493520 _____ () C:\Users\19183\AppData\Roaming\Microsoft\RegModule.exe
2019-12-17 21:11 - 2019-12-18 21:25 - 000001456 _____ () C:\Users\19183\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-02-11 22:04 - 2022-02-11 22:51 - 000001404 _____ () C:\Users\19183\AppData\Local\Adobe 存储为 Web 所用格式 13.0 Prefs
2022-02-23 19:34 - 2022-02-23 19:34 - 000000557 _____ () C:\Users\19183\AppData\Local\bowsakkdestx.txt
2019-05-25 22:59 - 2019-05-26 22:26 - 000013824 _____ () C:\Users\19183\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-11-21 21:47 - 2020-12-23 19:01 - 000002557 _____ () C:\Users\19183\AppData\Local\krita-sysinfo.log
2020-02-20 20:57 - 2020-12-23 19:01 - 000149933 _____ () C:\Users\19183\AppData\Local\krita.log
2020-02-20 20:58 - 2020-02-21 00:24 - 000045130 _____ () C:\Users\19183\AppData\Local\kritacrash.log
2020-12-23 19:01 - 2020-12-23 19:01 - 000000152 _____ () C:\Users\19183\AppData\Local\kritadisplayrc
2019-05-19 13:04 - 2020-12-23 19:01 - 000021733 _____ () C:\Users\19183\AppData\Local\kritarc
2019-12-18 21:36 - 2021-05-23 18:00 - 000000205 _____ () C:\Users\19183\AppData\Local\oobelibMkey.log
2020-03-13 06:48 - 2021-06-11 14:38 - 000007606 _____ () C:\Users\19183\AppData\Local\Resmon.ResmonCfg
2020-09-04 01:14 - 2020-09-04 01:14 - 000017408 _____ () C:\Users\19183\AppData\Local\WebpageIcons.db
==================== SigCheck ============================
(对于尚未通过验证的文件无自动修复。.)
==================== 结束 在 FRST.txt ========================