| |
| |||||||
Log-Analyse und Auswertung: TrojanDropper:Win64/Tnega!MSR (Windows 10)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.02.2021, 20:45
| #3 |
 |  TrojanDropper:Win64/Tnega!MSR (Windows 10)Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 19.02.21
Scan-Zeit: 11:33
Protokolldatei: da3aa7c8-729d-11eb-bb8a-0492265d3edd.json
-Softwaredaten-
Version: 4.3.0.98
Komponentenversion: 1.0.1173
Version des Aktualisierungspakets: 1.0.37293
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19041.804)
CPU: x64
Dateisystem: NTFS
Benutzer: nils-pc\nils
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 381596
Erkannte Bedrohungen: 39
In die Quarantäne verschobene Bedrohungen: 39
Abgelaufene Zeit: 3 Min., 18 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 14
PUP.Optional.Segurazo, HKLM\SOFTWARE\SegOption, In Quarantäne, 13533, 757809, 1.0.37293, , ame, , ,
RiskWare.Script, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils, In Quarantäne, 8534, 901769, 1.0.37293, , ame, , ,
RiskWare.Script.MZreg, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils1, In Quarantäne, 16671, 884748, 1.0.37293, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\CSASTATS\ic, In Quarantäne, 112, 586068, 1.0.37293, , ame, , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , ,
PUP.Optional.Conduit, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, 1.0.37293, , ame, , ,
PUP.Optional.WinYahoo, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}, In Quarantäne, 2683, 254682, 1.0.37293, , ame, , ,
PUP.Optional.StartPage, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{510A6C65-1EB9-40FA-875E-0CE4E3F57394}, In Quarantäne, 571, 597952, 1.0.37293, , ame, , ,
PUP.Optional.ChipDe, HKLM\SYSTEM\SETUP\FIRSTBOOT\SERVICES\chip1click, In Quarantäne, 9554, 567244, 1.0.37293, , ame, , ,
PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, In Quarantäne, 9554, 463412, 1.0.37293, , ame, , ,
PUP.Optional.SearchManager.BITSRST, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , ,
PUP.Optional.SearchManager.BITSRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , ,
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , ,
Registrierungswert: 9
RiskWare.Script.Powershell, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\ENVIRONMENT|NILS, In Quarantäne, 16611, 911451, 1.0.37293, , ame, , ,
RiskWare.Script, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils|653, In Quarantäne, 8534, 901769, 1.0.37293, , ame, , ,
RiskWare.Script.MZreg, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils1|0, In Quarantäne, 16671, 884748, 1.0.37293, , ame, , ,
PUP.Optional.Conduit, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, 139, 236865, 1.0.37293, , ame, , ,
PUP.Optional.Conduit, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, In Quarantäne, 139, 236865, 1.0.37293, , ame, , ,
PUP.Optional.WinYahoo, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, In Quarantäne, 2683, 254682, 1.0.37293, , ame, , ,
PUP.Optional.StartPage, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{510A6C65-1EB9-40FA-875E-0CE4E3F57394}|URL, In Quarantäne, 571, 597952, 1.0.37293, , ame, , ,
RiskWare.Script.Powershell, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|NILS, In Quarantäne, 16611, 903622, 1.0.37293, , ame, , ,
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , ,
Registrierungsdaten: 1
PUP.Optional.StartPage, HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\MICROSOFTEDGE\MAIN|HOMEBUTTONPAGE, Ersetzt, 571, 597950, 1.0.37293, , ame, , ,
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 2
PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CODHFLFNIDHLKPHOGDMHFHJMKEHLFJJK, In Quarantäne, 8885, 626728, 1.0.37293, , ame, , ,
PUP.Optional.StartPage, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 571, 597949, , , , , ,
Datei: 13
PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Ersetzt, 8885, 626728, , , , , CF2BBB8886C341C616494F11704EE666, 0EAFC4492C1F33FCFC6CB08D07E03C7199559B63F104375E9B9BA291C0969C9F
PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CODHFLFNIDHLKPHOGDMHFHJMKEHLFJJK\10.1.4.64_0\MANIFEST.JSON, In Quarantäne, 8885, 626728, 1.0.37293, , ame, , 9159BEE1FCF32F7BC161633901C06409, 284A594C16B09FFBA77044BAA826213DB846A1799B49B4E8AB06733F6A1D1340
PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CODHFLFNIDHLKPHOGDMHFHJMKEHLFJJK\10.1.4.64_0\RESPONSECONFIG.JSON, In Quarantäne, 8885, 626727, 1.0.37293, , ame, , 7D0C421C97814F8B0936718C269BEC84, 1D6DDBE800526B1E1F7BA80F90764FF3301F4841C0110BB54FFCFFE5F86C90A9
PUP.Optional.ChipDe, C:\USERS\NILS\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{31AD8258-894C-48D5-8149-C47506092754}\CHIP INSTALLER.MSI, In Quarantäne, 9554, 594115, 1.0.37293, , ame, , 09592483D17F4F088723F4084EA94BD0, BC47ABA34B923C9C53F71928F1D57F6211D52EC020FA14DCC145B4919108F781
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, In Quarantäne, 571, 597949, , , , , 9F89A009E185090FF7E5597E05272D49, 9683E0D381254E1F60C4AF7B797CC1C2DB97120A555DB451AE762D51F853A2EC
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001986.log, In Quarantäne, 571, 597949, , , , , 16A3F408568F4452E53BB7F19A5555F7, 64CF5131A8C5BD0DC5904AD529A4BB4484718D8B0DF1F8382E7231B3E0A65D69
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001988.ldb, In Quarantäne, 571, 597949, , , , , 328D6B785CFBC4BA8E507C234F0AC717, 76EE3E2099DCE8A99D0A0B4992CBDA37263538F2E4A5D97BF4C0958790BEAB91
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, In Quarantäne, 571, 597949, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, In Quarantäne, 571, 597949, , , , , ,
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, In Quarantäne, 571, 597949, , , , , 7CA7A528D292F87E65A794F0641796BC, 6140C3BCD3DD01444BEBBABAA65CEB5BD28F06E3676A96FC692AC5D93215C81E
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, In Quarantäne, 571, 597949, , , , , 761AD0F243136D265B79FCF12FFE9FD7, C16CDFBFA07100AD19D70EDD6C00E94E40C36FE5B4AAAD5857916AE2D93FE0B3
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, In Quarantäne, 571, 597949, , , , , 63E9AD2EC3A9B1908E3A783725C3454A, 19424F6A1F5D0A835CBC9201CB4F863018FC89CB52086D1C0941BF8FBE5FF8C6
PUP.Optional.StartPage, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Ersetzt, 571, 597949, 1.0.37293, , ame, , D345B0E7DAFEAB3B9EC6ADA9C4A5124C, DEFE4D91779C197446259B5C943C49BE5965C74A82E35EDD8442862CF135139B
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-19-2021
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 29
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Chromium
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\Digital Communications
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\nils\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\nils\AppData\Local\DOWNLOADED INSTALLATIONS\{31AD8258-894C-48D5-8149-C47506092754}
Deleted C:\Users\nils\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\nils\AppData\Roaming\Tencent
***** [ Files ] *****
Deleted C:\END
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\csastats
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [4805 octets] - [19/02/2021 20:12:15]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01
Ran by nils (administrator) on NILS-PC (19-02-2021 20:36:34)
Running from C:\Users\nils\Desktop\FRST
Loaded Profiles: nils
Platform: Windows 10 Pro Version 2004 19041.804 (X64) Language: Englisch (Großbritannien)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\nils\AppData\Local\Temp\scoped_dir12524_807180866\adwcleaner_8.1.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [Spectrum] => C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\HID.exe [1753104 2020-05-25] (G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.)
HKLM-x32\...\Run: [Inno3D] => C:\Program Files (x86)\INNO3D TuneIT\Inno3D.exe
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62636856 2020-11-13] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32898104 2021-02-16] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Chromium] => "c:\users\nils\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090464 2021-02-17] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [DiscordPTB] => C:\Users\nils\AppData\Local\DiscordPTB\app-0.0.55\DiscordPTB.exe
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2021-01-24] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [104586376 2021-02-18] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Policies\Explorer: [NoWinKeys] 1
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {91727cc2-da62-11ea-bcee-0492265d3edd} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {d80afba4-6f01-11eb-bd49-0492265d3edd} - "E:\OnePlus_setup.exe" /s
HKLM\...\Windows x64\Print Processors\OKX055PP: C:\Windows\System32\spool\prtprocs\x64\OKX055PP.DLL [52224 2015-12-25] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)
HKLM\...\Print\Monitors\EPSON WF-3540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJHE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558080 2011-08-30] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\Oki Language Monitor v2 x64: C:\WINDOWS\system32\OPPFLM64.DLL [24064 2011-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10923ACD-A6F3-46C9-8B05-FA036D45F27C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {14B7AE73-1437-44FC-B4CD-CB064266DC82} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {169A4A9F-5AB2-4859-BB79-105D4F7E0F5B} - System32\Tasks\TaskbarX NILS-PCnils => C:\Users\nils\AppData\Local\Temp\Rar$EXa15592.7440\TaskbarX.exe <==== ATTENTION
Task: {1BB8711B-BE48-42FB-9471-FCFD984EE7F6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CFF092D-CB8C-4697-A22E-C65E98842FAC} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002Core => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe
Task: {21AD196C-E033-4A17-8AB0-51729310AFC0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {247335EE-A7B9-443A-B7C4-14AD5DACB27E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {28EBA2B2-5857-4D18-B83C-B4BEFE4B6B64} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {32197A57-775D-4F2B-BADF-36EAF82B90C2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {334F71AD-EA0A-45C3-A6BF-D23B10278705} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {389005A7-88A2-4A2D-9B0D-221BF3779434} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49B6BC26-85D9-47CD-8037-109C0AE32EE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {64C72E17-56AC-4A10-8359-81CB62CBFA09} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {66CB8C64-C47E-4DE8-BC72-AE4F1B10190B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {6CC840F6-D3B1-4381-80D6-368E821AD608} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {708BEC20-0B26-4F36-9C8B-B3DDB92FF7D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {71112853-AD65-4846-8E55-E40FC38399A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {7478992B-7BB6-4BF1-A873-5E111E4C328B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {776DF5CB-61F3-413A-866C-67864EDC98A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {79FE0BF0-DF6B-4F3F-B627-2641C7B3C431} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7AFBADC6-5A92-4AD1-B4C6-825820AA6735} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498512 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {947A71B9-8265-4202-B1DF-31851FE6ECD4} - System32\Tasks\Opera GX scheduled Autoupdate 1593451427 => C:\Users\nils\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-02-16] (Opera Software AS -> Opera Software)
Task: {96FD5F58-83E0-4F87-BE57-8C5B4AE1AC73} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9755D7FA-2C11-4258-B363-6A045E7D0494} - System32\Tasks\Opera scheduled Autoupdate 1555368081 => C:\Users\nils\AppData\Local\Programs\Opera\launcher.exe
Task: {9C946B4F-522A-4DC7-A9DD-DF2925C43312} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A4035D2D-AABB-427C-B68E-FE5DE8C57307} - System32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe [8577776 2021-01-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A448EED5-27DE-4BDF-837A-18BA2E930140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)
Task: {AF840AC3-BAA2-43A2-9FF4-E39C018BA346} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002UA => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe
Task: {BDDB2636-5C15-45B7-A849-41EBC891643A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)
Task: {C83D387D-761A-4D40-AA38-0274BB58034C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8CDC2F0-A1CE-45E8-A86F-A88504F2F2B8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe
Task: {CAE80F57-588C-4CA0-8489-93BE2E1DC0EE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBFD160A-267A-4AC3-B7F9-BCE4026B204F} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3449150419-271838051-1508037707-1001 => C:\Users\nils\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {CC90B01F-54A3-4F48-9A32-4D63DFA4B7B8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)
Task: {D7486F2D-BB18-4E28-B718-83CF6A9FB91F} - System32\Tasks\{B557B444-21B0-41FD-B838-14D7E070A414} => "c:\windows\system32\launchwinapp.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=404
Task: {DD50F83C-FE08-4203-9695-5DB48F511782} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF3C45B8-B136-41AF-94FF-1A00C6FF1A2C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [784880 2019-09-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{49065b68-8f61-403d-b9dc-f5281de063c8}: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{84ffcfd2-bfa3-4511-899f-7ed5e75b8ecb}: [DhcpNameServer] 192.168.42.129
Edge:
=======
Edge HomeButtonPage: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> hxxp://www.google.com
Edge Profile: C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-19]
Edge HomePage: Default -> hxxp://www.go-setting.com/
Edge Extension: (Search Manager) - C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-07-15]
Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
FireFox:
========
FF DefaultProfile: ncucdlz8.default-1584820434065
FF ProfilePath: C:\Users\nils\AppData\Roaming\Mozilla\Firefox\Profiles\ncucdlz8.default-1584820434065 [2021-02-18]
FF HKLM\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default [2021-02-18]
CHR Notifications: Default -> hxxps://de.softonic.com; hxxps://secrethitler.io; hxxps://vulkanvegas.com; hxxps://www.facebook.com; hxxps://www.royalpanda.com
CHR HomePage: Default -> hxxp://www.go-setting.com/
CHR StartupUrls: Default -> "hxxp://www.go-setting.com/"
CHR Extension: (Präsentationen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-16]
CHR Extension: (BetterTTV) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2020-12-23]
CHR Extension: (Docs) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-16]
CHR Extension: (Google Drive) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-16]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-31]
CHR Extension: (Watch2Gether) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2020-07-31]
CHR Extension: (Tabellen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Material Dark - MKBHD) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiplegjeipnjdpgkeccfccnahofbckad [2020-04-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-10]
CHR Extension: (Global Twitch Emotes) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgniedifoejifjkndekolimjeclnokkb [2020-06-15]
CHR Extension: (Google Mail) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-15]
CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
Opera:
=======
OPR Profile: C:\Users\nils\AppData\Roaming\Opera Software\Opera Stable [2021-02-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
StartMenuInternet: (HKU\S-1-5-21-3449150419-271838051-1508037707-1002) Opera GXStable - "C:\Users\nils\AppData\Local\Programs\Opera GX\Launcher.exe"
Brave:
=======
BRA Profile: C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-02-18]
BRA Extension: (Brave Tracking Protection Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-01-19]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-01-19]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-01-19]
BRA Extension: (Brave Ad Block Updater (DEU: EasyList Germany)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\jmomcjcilfpbaaklkifaijjcnancamde [2019-01-19]
BRA Extension: (PDF Viewer) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-01-19]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-01-19]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe [419264 2019-01-11] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2019-01-19] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe [1919280 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-19] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
S2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [605096 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)
S2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2017-08-12] (Scarlet.Crush Productions) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-07-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2020-12-23] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-12-08] (GOG Sp. z o.o. -> GOG.com)
S3 HnGSteamService; D:\Steam\steamapps\common\Heroes & Generals\hngservice.exe [788776 2021-02-17] (Reto-Moto ApS -> Reto-Moto ApS)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10887816 2021-02-18] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R2 NvBroadcast.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe [873272 2021-01-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1679240 2021-02-16] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Uncheater\ucldr_battlegrounds_gl.exe [6979584 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6862584 2020-12-31] (PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2019-01-19] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-01-19] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [33504 2019-01-01] (ASUSTeK Computer Inc. -> )
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60328 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-19] (CPUID S.A.R.L.U. -> CPUID)
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-19] (Malwarebytes Corporation -> Malwarebytes)
R1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45168 2018-05-07] (Logitech Inc -> Logitech Inc.)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\70065\driver_cpu_temperature\logi_core_temp.sys [25448 2021-02-18] (Logitech Inc. -> Logitech)
R3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [44088 2021-02-18] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2020-08-27] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2020-08-27] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2020-08-27] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-19] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
S3 MpKsl5ab3965f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C797E52-FBBE-450D-A683-B0B9D01D8515}\MpKslDrv.sys [47344 2021-02-18] (Microsoft Windows -> Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-08-12] (Bruce James -> Scarlet.Crush Productions)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2732984 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 ALSysIO; \??\C:\Users\nils\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-19 20:33 - 2021-02-19 20:33 - 000004384 ____C C:\Users\nils\Desktop\AdwCleaner[C00].txt
2021-02-19 20:33 - 2021-02-19 20:33 - 000004384 ____C C:\Users\nils\Desktop\AdwCleaner[C00].txt
2021-02-19 20:14 - 2021-02-19 20:14 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IGDump
2021-02-19 20:14 - 2021-02-19 20:14 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IGDump
2021-02-19 20:11 - 2021-02-19 20:32 - 000000000 ____D C:\AdwCleaner
2021-02-19 20:09 - 2021-02-19 20:11 - 008463216 _____ (Malwarebytes) C:\Users\nils\Desktop\adwcleaner_8.1.exe
2021-02-19 20:09 - 2021-02-19 20:11 - 008463216 _____ (Malwarebytes) C:\Users\nils\Desktop\adwcleaner_8.1.exe
2021-02-19 20:08 - 2021-02-19 20:08 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-19 20:08 - 2021-02-19 20:08 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-19 20:08 - 2021-02-19 20:08 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-19 20:08 - 2021-02-19 20:08 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-19 11:39 - 2021-02-19 11:39 - 000009195 ____C C:\Users\nils\Desktop\MBAM.txt
2021-02-19 11:39 - 2021-02-19 11:39 - 000009195 ____C C:\Users\nils\Desktop\MBAM.txt
2021-02-19 11:32 - 2021-02-19 20:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-19 11:31 - 2021-02-19 11:32 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-19 11:31 - 2021-02-19 11:32 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-19 11:31 - 2021-02-19 11:32 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-19 11:31 - 2021-02-19 11:32 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-19 11:31 - 2021-02-19 11:31 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-19 11:31 - 2021-02-19 11:31 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\Users\nils\AppData\Local\mbam
2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\Users\nils\AppData\Local\mbam
2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-19 11:30 - 2021-02-19 11:30 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-19 00:34 - 2021-02-19 11:43 - 103546880 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-02-19 00:33 - 2021-02-19 00:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-02-18 23:10 - 2021-02-18 23:10 - 000398405 ____N C:\WINDOWS\Minidump\021821-6156-01.dmp
2021-02-18 23:06 - 2021-02-18 23:06 - 000425725 ____N C:\WINDOWS\Minidump\021821-6625-01.dmp
2021-02-18 23:00 - 2021-02-18 23:00 - 000002329 ____C C:\Users\js\Desktop\Microsoft Edge.lnk
2021-02-18 23:00 - 2021-02-18 23:00 - 000002329 ____C C:\Users\js\Desktop\Microsoft Edge.lnk
2021-02-18 23:00 - 2021-02-18 23:00 - 000002324 ____C C:\Users\js\Desktop\Google Chrome.lnk
2021-02-18 23:00 - 2021-02-18 23:00 - 000002324 ____C C:\Users\js\Desktop\Google Chrome.lnk
2021-02-18 23:00 - 2021-02-18 23:00 - 000000020 ___SH C:\Users\js\ntuser.ini
2021-02-18 23:00 - 2021-02-18 23:00 - 000000020 ___SH C:\Users\js\ntuser.ini
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ___RD C:\Users\js\3D Objects
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ___RD C:\Users\js\3D Objects
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Roaming\NVIDIA
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Roaming\NVIDIA
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\NVIDIA
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\NVIDIA
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\Google
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\Google
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\ansel
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\ansel
2021-02-18 22:59 - 2021-02-18 22:59 - 000354567 ____N C:\WINDOWS\Minidump\021821-5750-01.dmp
2021-02-18 22:55 - 2021-02-18 22:55 - 000402001 ____N C:\WINDOWS\Minidump\021821-6000-01.dmp
2021-02-18 22:50 - 2021-02-18 22:50 - 000496531 ____N C:\WINDOWS\Minidump\021821-6640-01.dmp
2021-02-18 22:46 - 2021-02-18 22:46 - 000461205 ____N C:\WINDOWS\Minidump\021821-6515-01.dmp
2021-02-18 22:41 - 2021-02-18 22:41 - 000460721 ____N C:\WINDOWS\Minidump\021821-7000-01.dmp
2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB
2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB
2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB
2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB
2021-02-18 21:01 - 2021-02-18 21:01 - 004451384 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_render_apo.dll
2021-02-18 21:01 - 2021-02-18 21:01 - 002174656 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_capture_apo.dll
2021-02-18 21:01 - 2021-02-18 21:01 - 000000722 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2021-02-18 21:01 - 2021-02-18 21:01 - 000000722 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\Program Files\LGHUB
2021-02-18 21:00 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\LGHUB
2021-02-18 21:00 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\LGHUB
2021-02-18 20:59 - 2021-02-18 20:59 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-02-18 18:17 - 2021-02-18 18:17 - 000058855 _____ C:\Users\nils\Downloads\FRST (1).txt
2021-02-18 18:17 - 2021-02-18 18:17 - 000058855 _____ C:\Users\nils\Downloads\FRST (1).txt
2021-02-18 16:13 - 2021-02-18 16:14 - 000068315 _____ C:\Users\nils\Downloads\Addition.txt
2021-02-18 16:13 - 2021-02-18 16:14 - 000068315 _____ C:\Users\nils\Downloads\Addition.txt
2021-02-18 16:12 - 2021-02-18 16:14 - 000057813 _____ C:\Users\nils\Downloads\FRST.txt
2021-02-18 16:12 - 2021-02-18 16:14 - 000057813 _____ C:\Users\nils\Downloads\FRST.txt
2021-02-18 16:11 - 2021-02-19 20:36 - 000000000 ___DC C:\Users\nils\Desktop\FRST
2021-02-18 16:11 - 2021-02-19 20:36 - 000000000 ___DC C:\Users\nils\Desktop\FRST
2021-02-18 16:06 - 2021-02-19 20:36 - 000000000 ____D C:\FRST
2021-02-18 10:20 - 2021-02-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-02-18 10:20 - 2021-02-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-02-17 16:43 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Mario
2021-02-17 16:43 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Mario
2021-02-17 16:42 - 2021-02-17 16:43 - 017165629 _____ C:\Users\nils\Desktop\New Super Mario Bros. (Europe) (En,Fr,De,Es,It).zip
2021-02-17 16:42 - 2021-02-17 16:43 - 017165629 _____ C:\Users\nils\Desktop\New Super Mario Bros. (Europe) (En,Fr,De,Es,It).zip
2021-02-17 10:09 - 2021-02-16 12:58 - 000000883 ____C C:\Users\nils\Desktop\WiinUSoft.lnk
2021-02-17 10:09 - 2021-02-16 12:58 - 000000883 ____C C:\Users\nils\Desktop\WiinUSoft.lnk
2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe
2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe
2021-02-16 15:20 - 2021-02-16 15:20 - 000001986 _____ C:\Users\nils\Desktop\pokemon_sonne_und_mond_kostenlos_downloaden.zip
2021-02-16 15:20 - 2021-02-16 15:20 - 000001986 _____ C:\Users\nils\Desktop\pokemon_sonne_und_mond_kostenlos_downloaden.zip
2021-02-16 15:10 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Saves
2021-02-16 15:10 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Saves
2021-02-16 13:32 - 2021-02-16 13:32 - 000000000 ___DC C:\Users\nils\Documents\Server
2021-02-16 13:32 - 2021-02-16 13:32 - 000000000 ___DC C:\Users\nils\Documents\Server
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft
2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft
2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\Program Files\WiinUSoft
2021-02-16 12:58 - 2017-08-12 17:47 - 000039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys
2021-02-15 20:02 - 2021-02-16 15:05 - 000000000 ___DC C:\Users\nils\Desktop\Pokemon
2021-02-15 20:02 - 2021-02-16 15:05 - 000000000 ___DC C:\Users\nils\Desktop\Pokemon
2021-02-15 20:01 - 2021-02-15 20:02 - 050974335 _____ C:\Users\nils\Downloads\Pokemon - Platin-Edition (Germany).zip
2021-02-15 20:01 - 2021-02-15 20:02 - 050974335 _____ C:\Users\nils\Downloads\Pokemon - Platin-Edition (Germany).zip
2021-02-15 14:22 - 2021-02-15 14:22 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01 (1).mp4
2021-02-15 14:22 - 2021-02-15 14:22 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01 (1).mp4
2021-02-15 14:20 - 2021-02-15 14:20 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01.mp4
2021-02-15 14:20 - 2021-02-15 14:20 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01.mp4
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-02-13 01:39 - 2021-02-13 01:39 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2021-02-12 20:39 - 2021-02-12 20:39 - 000000000 ____D C:\Users\nils\.ngrok2
2021-02-12 20:39 - 2021-02-12 20:39 - 000000000 ____D C:\Users\nils\.ngrok2
2021-02-12 20:36 - 2021-02-12 20:36 - 013819230 _____ C:\Users\nils\Downloads\ngrok-stable-windows-amd64.zip
2021-02-12 20:36 - 2021-02-12 20:36 - 013819230 _____ C:\Users\nils\Downloads\ngrok-stable-windows-amd64.zip
2021-02-12 20:29 - 2021-02-12 20:32 - 000000051 ____C C:\Users\nils\Desktop\start.bat
2021-02-12 20:29 - 2021-02-12 20:32 - 000000051 ____C C:\Users\nils\Desktop\start.bat
2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 17:16 - 2021-02-12 17:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-12 17:16 - 2021-02-12 17:16 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-12 17:16 - 2021-02-12 17:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-10 15:40 - 2021-02-10 15:40 - 000052800 _____ C:\Users\nils\Downloads\9692940_2021_Nr.001_Kontoauszug_vom_29.01.2021_20210210034041.pdf
2021-02-10 15:40 - 2021-02-10 15:40 - 000052800 _____ C:\Users\nils\Downloads\9692940_2021_Nr.001_Kontoauszug_vom_29.01.2021_20210210034041.pdf
2021-02-01 18:41 - 2019-08-14 11:07 - 000000000 ____D C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6
2021-02-01 18:41 - 2019-08-14 11:07 - 000000000 ____D C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ C:\Users\nils\AppData\Roaming\winscp.rnd
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ C:\Users\nils\AppData\Roaming\winscp.rnd
2021-02-01 18:39 - 2021-02-01 18:39 - 011155568 _____ (Martin Prikryl ) C:\Users\nils\Downloads\WinSCP-5.17.10-Setup.exe
2021-02-01 18:39 - 2021-02-01 18:39 - 011155568 _____ (Martin Prikryl ) C:\Users\nils\Downloads\WinSCP-5.17.10-Setup.exe
2021-02-01 18:39 - 2021-02-01 18:39 - 000001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2021-02-01 18:39 - 2021-02-01 18:39 - 000001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2021-02-01 18:39 - 2021-02-01 18:39 - 000000000 ____D C:\Program Files (x86)\WinSCP
2021-02-01 18:38 - 2021-02-01 18:39 - 292897167 _____ C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6.zip
2021-02-01 18:38 - 2021-02-01 18:39 - 292897167 _____ C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6.zip
2021-02-01 18:26 - 2021-02-01 18:26 - 005835761 _____ C:\Users\nils\Downloads\OptiFine_1.16.5_HD_U_G6.jar
2021-02-01 18:26 - 2021-02-01 18:26 - 005835761 _____ C:\Users\nils\Downloads\OptiFine_1.16.5_HD_U_G6.jar
2021-01-30 01:27 - 2021-02-19 20:08 - 000002170 ____C C:\Users\nils\Desktop\CurseForge.lnk
2021-01-30 01:27 - 2021-02-19 20:08 - 000002170 ____C C:\Users\nils\Desktop\CurseForge.lnk
2021-01-30 01:27 - 2021-02-08 15:59 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000004382 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ____D C:\ProgramData\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ____D C:\ProgramData\Overwolf
2021-01-30 01:26 - 2021-01-30 01:26 - 001386784 _____ (Overwolf Ltd.) C:\Users\nils\Downloads\CurseForge - LP-Installer.exe
2021-01-30 01:26 - 2021-01-30 01:26 - 001386784 _____ (Overwolf Ltd.) C:\Users\nils\Downloads\CurseForge - LP-Installer.exe
2021-01-29 22:08 - 2021-01-29 22:08 - 000000000 ____D C:\Users\nils\AppData\Roaming\twitch-desktop-electron-platform
2021-01-29 22:08 - 2021-01-29 22:08 - 000000000 ____D C:\Users\nils\AppData\Roaming\twitch-desktop-electron-platform
2021-01-27 21:38 - 2021-01-27 21:38 - 000002271 _____ C:\ProgramData\Desktop\NVIDIA Broadcast.lnk
2021-01-27 21:38 - 2021-01-27 21:38 - 000002271 _____ C:\ProgramData\Desktop\NVIDIA Broadcast.lnk
2021-01-27 21:34 - 2021-01-27 21:35 - 245764976 _____ (NVIDIA Corporation) C:\Users\nils\Downloads\nvidia_broadcast_v1.1.0.20.exe
2021-01-27 21:34 - 2021-01-27 21:35 - 245764976 _____ (NVIDIA Corporation) C:\Users\nils\Downloads\nvidia_broadcast_v1.1.0.20.exe
2021-01-27 17:30 - 2021-01-27 17:30 - 000055780 _____ C:\Users\nils\Downloads\9692940_2020_Nr.012_Kontoauszug_vom_31.12.2020_20210127053005.pdf
2021-01-27 17:30 - 2021-01-27 17:30 - 000055780 _____ C:\Users\nils\Downloads\9692940_2020_Nr.012_Kontoauszug_vom_31.12.2020_20210127053005.pdf
2021-01-27 17:30 - 2021-01-27 17:30 - 000041755 _____ C:\Users\nils\Downloads\9692940_2020_Mitteilung_vom_31.12.2020_20210127053013.pdf
2021-01-27 17:30 - 2021-01-27 17:30 - 000041755 _____ C:\Users\nils\Downloads\9692940_2020_Mitteilung_vom_31.12.2020_20210127053013.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-19 20:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-19 20:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\Program Files (x86)\IObit
2021-02-19 20:32 - 2018-07-28 12:38 - 000000000 ___DC C:\Users\nils\AppData\Local\Downloaded Installations
2021-02-19 20:32 - 2018-07-28 12:38 - 000000000 ___DC C:\Users\nils\AppData\Local\Downloaded Installations
2021-02-19 20:32 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-19 20:32 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-19 20:12 - 2020-09-15 07:57 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-19 20:12 - 2020-09-15 00:13 - 000741490 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-19 20:12 - 2020-09-15 00:13 - 000149740 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-19 20:12 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-19 20:09 - 2018-06-27 19:54 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-19 20:08 - 2020-09-15 07:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-19 20:08 - 2019-11-01 23:12 - 000000000 ____D C:\Users\nils\AppData\Local\Battle.net
2021-02-19 20:08 - 2019-11-01 23:12 - 000000000 ____D C:\Users\nils\AppData\Local\Battle.net
2021-02-19 20:08 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf
2021-02-19 20:08 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf
2021-02-19 20:08 - 2019-01-22 14:43 - 000000000 ____D C:\Intel
2021-02-19 11:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-19 11:43 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-19 11:43 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-19 11:42 - 2020-12-02 02:05 - 000003124 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2021-02-19 11:39 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps
2021-02-19 11:39 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps
2021-02-19 11:38 - 2020-09-15 07:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-19 11:32 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-18 23:46 - 2020-10-11 02:45 - 000000000 ___DC C:\Users\nils\Documents\Impulse
2021-02-18 23:46 - 2020-10-11 02:45 - 000000000 ___DC C:\Users\nils\Documents\Impulse
2021-02-18 23:36 - 2019-11-25 22:30 - 000000000 ____D C:\Users\nils\AppData\Local\Dropbox
2021-02-18 23:36 - 2019-11-25 22:30 - 000000000 ____D C:\Users\nils\AppData\Local\Dropbox
2021-02-18 23:33 - 2020-09-15 00:33 - 000000000 ____D C:\Users\nils
2021-02-18 23:23 - 2019-11-02 17:50 - 000000000 ____D C:\WINDOWS\ShellNew
2021-02-18 23:21 - 2017-11-02 01:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-18 23:21 - 2017-11-02 01:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-18 23:10 - 2020-12-03 09:29 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-18 23:00 - 2020-09-15 00:33 - 000000000 ____D C:\Users\js
2021-02-18 23:00 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-18 23:00 - 2017-11-02 01:43 - 000000000 ___DC C:\Users\js\AppData\Local\NVIDIA Corporation
2021-02-18 23:00 - 2017-11-02 01:43 - 000000000 ___DC C:\Users\js\AppData\Local\NVIDIA Corporation
2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\Packages
2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\Packages
2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\ConnectedDevicesPlatform
2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\ConnectedDevicesPlatform
2021-02-18 22:40 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord
2021-02-18 22:40 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord
2021-02-18 21:56 - 2018-06-29 21:37 - 000000000 ____D C:\ProgramData\Riot Games
2021-02-18 21:56 - 2018-06-29 21:37 - 000000000 ____D C:\ProgramData\Riot Games
2021-02-18 21:01 - 2020-03-30 22:10 - 000044088 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_audio_surround.sys
2021-02-18 20:06 - 2019-11-05 22:23 - 000000000 ____D C:\Program Files (x86)\Overwatch
2021-02-18 15:49 - 2020-09-15 07:58 - 000004184 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1593451427
2021-02-18 15:49 - 2020-06-29 18:23 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2021-02-18 15:49 - 2020-06-29 18:23 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2021-02-18 15:26 - 2020-12-28 16:14 - 000000000 ____D C:\Users\nils\AppData\Local\Deployment
2021-02-18 15:26 - 2020-12-28 16:14 - 000000000 ____D C:\Users\nils\AppData\Local\Deployment
2021-02-18 15:26 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages
2021-02-18 15:26 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages
2021-02-18 10:20 - 2019-11-25 22:30 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-02-17 17:12 - 2019-10-12 17:22 - 000000000 ____D C:\Users\nils\AppData\Roaming\Twitch
2021-02-17 17:12 - 2019-10-12 17:22 - 000000000 ____D C:\Users\nils\AppData\Roaming\Twitch
2021-02-17 09:39 - 2019-11-01 23:12 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-02-16 13:09 - 2018-11-05 15:51 - 000000000 ___DC C:\Users\nils\AppData\Local\ElevatedDiagnostics
2021-02-16 13:09 - 2018-11-05 15:51 - 000000000 ___DC C:\Users\nils\AppData\Local\ElevatedDiagnostics
2021-02-16 12:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-16 12:45 - 2020-11-12 00:19 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-02-15 18:44 - 2018-12-16 00:08 - 000000000 ___DC C:\Users\nils\AppData\Roaming\obs-studio
2021-02-15 18:44 - 2018-12-16 00:08 - 000000000 ___DC C:\Users\nils\AppData\Roaming\obs-studio
2021-02-14 21:26 - 2019-06-21 23:19 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-13 01:39 - 2020-09-15 07:53 - 000636904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-13 01:39 - 2020-09-15 07:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-13 01:39 - 2019-11-25 22:30 - 000001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-02-13 01:39 - 2019-11-25 22:30 - 000001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-02-13 01:38 - 2019-12-07 15:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 01:38 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-12 22:24 - 2020-07-15 11:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-12 22:24 - 2020-07-15 11:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-12 20:58 - 2019-11-25 21:18 - 000000000 ____D C:\Users\nils\AppData\Roaming\.minecraft
2021-02-12 20:58 - 2019-11-25 21:18 - 000000000 ____D C:\Users\nils\AppData\Roaming\.minecraft
2021-02-12 20:46 - 2019-11-25 21:18 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-02-12 17:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 17:11 - 2018-06-27 20:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-12 17:10 - 2018-06-27 20:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-11 23:29 - 2018-06-27 19:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 12:18 - 2020-09-15 07:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 12:18 - 2020-09-15 07:58 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-10 21:30 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin
2021-02-10 21:30 - 2019-02-18 21:21 - 000000000 ____D C:\ProgramData\Origin
2021-02-10 21:30 - 2019-02-18 21:21 - 000000000 ____D C:\ProgramData\Origin
2021-02-10 18:17 - 2018-07-29 22:29 - 000000000 ___DC C:\Users\nils\Documents\Soundaufnahmen
2021-02-10 18:17 - 2018-07-29 22:29 - 000000000 ___DC C:\Users\nils\Documents\Soundaufnahmen
2021-02-09 21:11 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-09 21:11 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-08 15:28 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache
2021-02-08 15:28 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache
2021-02-05 20:58 - 2020-09-15 07:58 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 20:58 - 2020-09-15 07:58 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-05 13:43 - 2020-12-11 01:42 - 000001372 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk
2021-02-05 13:43 - 2020-12-11 01:42 - 000001372 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk
2021-02-05 13:43 - 2020-12-11 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]
2021-02-05 13:43 - 2020-12-11 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]
2021-02-01 01:22 - 2018-06-27 20:26 - 000000000 ___DC C:\Users\nils\AppData\Local\NVIDIA
2021-02-01 01:22 - 2018-06-27 20:26 - 000000000 ___DC C:\Users\nils\AppData\Local\NVIDIA
2021-01-27 22:05 - 2019-01-11 23:11 - 000000000 ____D C:\Temp
2021-01-27 21:38 - 2020-12-01 13:33 - 000003662 _____ C:\WINDOWS\system32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-24 18:33 - 2020-08-25 22:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-24 05:14 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Roaming\Origin
2021-01-24 05:14 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Roaming\Origin
2021-01-23 19:41 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-23 19:41 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Local\Origin
2021-01-23 19:41 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Local\Origin
2021-01-22 11:16 - 2020-09-15 07:58 - 000004286 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-01-22 11:16 - 2020-09-15 07:58 - 000004054 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-01-22 10:45 - 2018-06-27 19:45 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
==================== Files in the root of some directories ========
2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe
2020-10-11 02:54 - 2020-10-11 03:01 - 003228672 _____ () C:\Users\nils\AppData\Roaming\ScriptHookV.dll
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ () C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ () C:\Users\nils\AppData\Roaming\winscp.rnd
2020-10-21 00:43 - 2020-10-21 00:43 - 000002221 _____ () C:\Users\nils\AppData\Local\recently-used.xbel
2019-02-19 20:35 - 2020-12-24 19:44 - 000007607 _____ () C:\Users\nils\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition folgt |
| Themen zu TrojanDropper:Win64/Tnega!MSR (Windows 10) |
| .exe, appdata, bedrohung, benachrichtigung, blockiert, dankbar, dropper, entfern, entfernt, hilfe, hilfe!, jedesmal, local, local\temp, nvcontainer.exe, status, temp, troja, trojandropper, users, vermutlich, win, win64/tnega!msr, windows, windows 10, windows-sicherheit |
Baum-Darstellung