TrojanDropper:Win64/Tnega!MSR (Windows 10)

NTorak · 18.02.2021, 17:23

Hallo,
es geht vermutlich um Schadsoftware.

Bei jedem Windows-Neustart bekomme ich von Windows-Sicherheit die Benachrichtigung, dass eine Bedrohung
(TrojanDropper:Win64/Tnega!MSR in C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe) blockiert wurde. Als Status steht jedesmal "Entfernt" dabei.

Ich bin dankbar für jede Hilfe!

Edit:
FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01
Ran by nils (administrator) on NILS-PC (18-02-2021 17:19:43)
Running from C:\Users\nils\Desktop\FRST
Loaded Profiles: nils
Platform: Windows 10 Pro Version 2004 19041.804 (X64) Language: Englisch (Großbritannien)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe <4>
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7269\Agent.exe
(Charles Milette) C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj\TranslucentTB\TranslucentTB.exe
(Chip Digital GmbH) [File not signed] C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.x64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdLauncher.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\116.4.368\QtWebEngineProcess.exe <3>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.) C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\hid.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe <2>
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Idera, Inc. -> Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\logi_crashpad_handler.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NvVirtualCamera\NVIDIA Virtual Camera.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera.exe <20>
(Opera Software AS -> Opera Software) C:\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera_crashreporter.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.165.0.28\OverwolfHelper.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.165.0.28\OverwolfHelper64.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe <3>
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Overwolf Ltd -> Overwolf LTD) C:\Users\nils\AppData\Local\Overwolf\ProcessCache\0.165.0.28\cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj\curseforge.exe
(Python Software Foundation -> Python Software Foundation) C:\Program Files (x86)\GOG Galaxy\python\python.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Scarlet.Crush Productions) [File not signed] C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe <5>
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [Spectrum] => C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\HID.exe [1753104 2020-05-25] (G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.)
HKLM-x32\...\Run: [Inno3D] => C:\Program Files (x86)\INNO3D TuneIT\Inno3D.exe
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62636856 2020-11-13] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32898104 2021-02-16] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Chromium] => "c:\users\nils\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090464 2021-02-17] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [DiscordPTB] => C:\Users\nils\AppData\Local\DiscordPTB\app-0.0.55\DiscordPTB.exe
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14858824 2020-12-23] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792272 2021-01-20] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2021-01-24] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\RunOnce: [nils] => powershell -Win Hi -Command "$r = [Environment]::GetEnvironmentVariable('nils', 'User').split();$p=$r[0];$r[0]='';Start-Process $p -ArgumentList ($r -join ' ') -Win Hi" <==== ATTENTION
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Policies\Explorer: [NoWinKeys] 1
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {91727cc2-da62-11ea-bcee-0492265d3edd} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {d80afba4-6f01-11eb-bd49-0492265d3edd} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Environment: [nils] "powershell.exe"        -windowstyle hidden  -En "PAAjACAAaABnAGwAcABrAGUAdgB5AGkAaQAgACMAPgAkAHUAPQAkAGUAbgB2ADoAVQBzAGUAcgBOAGEAbQBlADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgADEAMwAwADAAOwAkAG (the data entry has 1251 more characters). <==== ATTENTION
RegKey: [HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\nils] <==== ATTENTION
RegKey: [HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\nils1] <==== ATTENTION
HKLM\...\Windows x64\Print Processors\OKX055PP: C:\Windows\System32\spool\prtprocs\x64\OKX055PP.DLL [52224 2015-12-25] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)
HKLM\...\Print\Monitors\EPSON WF-3540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJHE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558080 2011-08-30] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\Oki Language Monitor v2 x64: C:\WINDOWS\system32\OPPFLM64.DLL [24064 2011-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02FDCE56-8527-49E2-98BD-3770C480E46A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {10923ACD-A6F3-46C9-8B05-FA036D45F27C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {11A870C3-2CBD-47B1-8AC5-F468354C4D5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14B7AE73-1437-44FC-B4CD-CB064266DC82} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {169A4A9F-5AB2-4859-BB79-105D4F7E0F5B} - System32\Tasks\TaskbarX NILS-PCnils => C:\Users\nils\AppData\Local\Temp\Rar$EXa15592.7440\TaskbarX.exe <==== ATTENTION
Task: {1BB8711B-BE48-42FB-9471-FCFD984EE7F6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CFF092D-CB8C-4697-A22E-C65E98842FAC} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002Core => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe
Task: {21AD196C-E033-4A17-8AB0-51729310AFC0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {247335EE-A7B9-443A-B7C4-14AD5DACB27E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {28EBA2B2-5857-4D18-B83C-B4BEFE4B6B64} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {32197A57-775D-4F2B-BADF-36EAF82B90C2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {334F71AD-EA0A-45C3-A6BF-D23B10278705} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {389005A7-88A2-4A2D-9B0D-221BF3779434} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49B6BC26-85D9-47CD-8037-109C0AE32EE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {64C72E17-56AC-4A10-8359-81CB62CBFA09} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {66CB8C64-C47E-4DE8-BC72-AE4F1B10190B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {6CC840F6-D3B1-4381-80D6-368E821AD608} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {708BEC20-0B26-4F36-9C8B-B3DDB92FF7D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {71112853-AD65-4846-8E55-E40FC38399A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {7478992B-7BB6-4BF1-A873-5E111E4C328B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {776DF5CB-61F3-413A-866C-67864EDC98A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {79FE0BF0-DF6B-4F3F-B627-2641C7B3C431} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7AFBADC6-5A92-4AD1-B4C6-825820AA6735} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498512 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {877AE2EB-BE60-4E41-AB1F-9565FBF74AC2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {947A71B9-8265-4202-B1DF-31851FE6ECD4} - System32\Tasks\Opera GX scheduled Autoupdate 1593451427 => C:\Users\nils\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-02-16] (Opera Software AS -> Opera Software)
Task: {96FD5F58-83E0-4F87-BE57-8C5B4AE1AC73} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9755D7FA-2C11-4258-B363-6A045E7D0494} - System32\Tasks\Opera scheduled Autoupdate 1555368081 => C:\Users\nils\AppData\Local\Programs\Opera\launcher.exe
Task: {9C946B4F-522A-4DC7-A9DD-DF2925C43312} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A4035D2D-AABB-427C-B68E-FE5DE8C57307} - System32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe [8577776 2021-01-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A448EED5-27DE-4BDF-837A-18BA2E930140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)
Task: {AF840AC3-BAA2-43A2-9FF4-E39C018BA346} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002UA => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe
Task: {BDDB2636-5C15-45B7-A849-41EBC891643A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)
Task: {C83D387D-761A-4D40-AA38-0274BB58034C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8CDC2F0-A1CE-45E8-A86F-A88504F2F2B8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe
Task: {C9F333EA-34B6-44BE-86AE-88A58D72697B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CA280454-7A5D-4076-8599-A3A896B98721} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [784880 2019-09-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {CAE80F57-588C-4CA0-8489-93BE2E1DC0EE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBFD160A-267A-4AC3-B7F9-BCE4026B204F} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3449150419-271838051-1508037707-1001 => C:\Users\nils\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {CC90B01F-54A3-4F48-9A32-4D63DFA4B7B8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)
Task: {D7486F2D-BB18-4E28-B718-83CF6A9FB91F} - System32\Tasks\{B557B444-21B0-41FD-B838-14D7E070A414} => "c:\windows\system32\launchwinapp.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=404
Task: {DD50F83C-FE08-4203-9695-5DB48F511782} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{49065b68-8f61-403d-b9dc-f5281de063c8}: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{84ffcfd2-bfa3-4511-899f-7ed5e75b8ecb}: [DhcpNameServer] 192.168.42.129

Edge: 
=======
Edge HomeButtonPage: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> hxxp://www.go-setting.com/
Edge Profile: C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-18]
Edge HomePage: Default -> hxxp://www.go-setting.com/
Edge Extension: (Search Manager) - C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-07-15]
Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]

FireFox:
========
FF DefaultProfile: ncucdlz8.default-1584820434065
FF ProfilePath: C:\Users\nils\AppData\Roaming\Mozilla\Firefox\Profiles\ncucdlz8.default-1584820434065 [2021-02-18]
FF HKLM\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default [2021-02-18]
CHR Notifications: Default -> hxxps://de.softonic.com; hxxps://secrethitler.io; hxxps://vulkanvegas.com; hxxps://www.facebook.com; hxxps://www.royalpanda.com
CHR HomePage: Default -> hxxp://www.go-setting.com/
CHR StartupUrls: Default -> "hxxp://www.go-setting.com/"
CHR Extension: (Präsentationen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-16]
CHR Extension: (BetterTTV) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2020-12-23]
CHR Extension: (Docs) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-16]
CHR Extension: (Google Drive) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-16]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-31]
CHR Extension: (Watch2Gether) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2020-07-31]
CHR Extension: (Search Manager) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\codhflfnidhlkphogdmhfhjmkehlfjjk [2020-03-15]
CHR Extension: (Tabellen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Material Dark - MKBHD) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiplegjeipnjdpgkeccfccnahofbckad [2020-04-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-10]
CHR Extension: (Global Twitch Emotes) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgniedifoejifjkndekolimjeclnokkb [2020-06-15]
CHR Extension: (Google Mail) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-15]
CHR HKLM\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]
CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]
CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM-x32\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]
CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]

Opera: 
=======
OPR Profile: C:\Users\nils\AppData\Roaming\Opera Software\Opera Stable [2021-02-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
StartMenuInternet: (HKU\S-1-5-21-3449150419-271838051-1508037707-1002) Opera GXStable - "C:\Users\nils\AppData\Local\Programs\Opera GX\Launcher.exe"

Brave: 
=======
BRA Profile: C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-02-18]
BRA Extension: (Brave Tracking Protection Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-01-19]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-01-19]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-01-19]
BRA Extension: (Brave Ad Block Updater (DEU: EasyList Germany)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\jmomcjcilfpbaaklkifaijjcnancamde [2019-01-19]
BRA Extension: (PDF Viewer) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-01-19]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-01-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe [419264 2019-01-11] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2019-01-19] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe [1919280 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-19] (BattlEye Innovations e.K. -> )
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-10-31] (BitRaider LLC -> BitRaider, LLC)
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2018-10-25] (Chip Digital GmbH) [File not signed] <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [605096 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2017-08-12] (Scarlet.Crush Productions) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-07-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2020-12-23] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-12-08] (GOG Sp. z o.o. -> GOG.com)
S3 HnGSteamService; D:\Steam\steamapps\common\Heroes & Generals\hngservice.exe [788776 2021-02-17] (Reto-Moto ApS -> Reto-Moto ApS)
R2 NvBroadcast.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe [873272 2021-01-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1679240 2021-02-16] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Uncheater\ucldr_battlegrounds_gl.exe [6979584 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6862584 2020-12-31] (PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2019-01-19] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-01-19] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [33504 2019-01-01] (ASUSTeK Computer Inc. -> )
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2018-11-02] (BitRaider -> BitRaider)
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60328 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-18] (CPUID S.A.R.L.U. -> CPUID)
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45168 2018-05-07] (Logitech Inc -> Logitech Inc.)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\73248\driver_cpu_temperature\logi_core_temp.sys [25448 2021-01-20] (Logitech Inc. -> Logitech)
R3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [44096 2021-01-20] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2020-08-27] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2020-08-27] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2020-08-27] (Logitech Inc -> Logitech)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-08-12] (Bruce James -> Scarlet.Crush Productions)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [49976 2020-09-08] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2732984 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 ALSysIO; \??\C:\Users\nils\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-18 16:13 - 2021-02-18 16:14 - 000068315 _____ C:\Users\nils\Downloads\Addition.txt
2021-02-18 16:12 - 2021-02-18 16:14 - 000057813 _____ C:\Users\nils\Downloads\FRST.txt
2021-02-18 16:11 - 2021-02-18 17:19 - 000000000 ___DC C:\Users\nils\Desktop\FRST
2021-02-18 16:06 - 2021-02-18 17:20 - 000000000 ____D C:\FRST
2021-02-18 10:20 - 2021-02-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-02-17 16:43 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Mario
2021-02-17 16:42 - 2021-02-17 16:43 - 017165629 _____ C:\Users\nils\Desktop\New Super Mario Bros. (Europe) (En,Fr,De,Es,It).zip
2021-02-17 10:09 - 2021-02-16 12:58 - 000000883 ____C C:\Users\nils\Desktop\WiinUSoft.lnk
2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe
2021-02-16 15:20 - 2021-02-16 15:20 - 000001986 _____ C:\Users\nils\Desktop\pokemon_sonne_und_mond_kostenlos_downloaden.zip
2021-02-16 15:10 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Saves
2021-02-16 13:32 - 2021-02-16 13:32 - 000000000 ___DC C:\Users\nils\Documents\Server
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft
2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\Program Files\WiinUSoft
2021-02-16 12:58 - 2017-08-12 17:47 - 000039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys
2021-02-15 20:02 - 2021-02-16 15:05 - 000000000 ___DC C:\Users\nils\Desktop\Pokemon
2021-02-15 20:01 - 2021-02-15 20:02 - 050974335 _____ C:\Users\nils\Downloads\Pokemon - Platin-Edition (Germany).zip
2021-02-15 14:22 - 2021-02-15 14:22 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01 (1).mp4
2021-02-15 14:20 - 2021-02-15 14:20 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01.mp4
2021-02-15 03:36 - 2021-02-15 03:36 - 000002429 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NiceHash Miner.lnk
2021-02-15 03:36 - 2021-02-15 03:36 - 000002421 ____C C:\Users\nils\Desktop\NiceHash Miner.lnk
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-02-13 01:39 - 2021-02-13 01:39 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2021-02-12 20:39 - 2021-02-12 20:39 - 000000000 ____D C:\Users\nils\.ngrok2
2021-02-12 20:36 - 2021-02-12 20:36 - 013819230 _____ C:\Users\nils\Downloads\ngrok-stable-windows-amd64.zip
2021-02-12 20:29 - 2021-02-12 20:32 - 000000051 ____C C:\Users\nils\Desktop\start.bat
2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 17:16 - 2021-02-12 17:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-12 17:16 - 2021-02-12 17:16 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-12 17:16 - 2021-02-12 17:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-10 15:40 - 2021-02-10 15:40 - 000052800 _____ C:\Users\nils\Downloads\9692940_2021_Nr.001_Kontoauszug_vom_29.01.2021_20210210034041.pdf
2021-02-01 18:41 - 2019-08-14 11:07 - 000000000 ____D C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ C:\Users\nils\AppData\Roaming\winscp.rnd
2021-02-01 18:39 - 2021-02-01 18:39 - 011155568 _____ (Martin Prikryl ) C:\Users\nils\Downloads\WinSCP-5.17.10-Setup.exe
2021-02-01 18:39 - 2021-02-01 18:39 - 000001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2021-02-01 18:39 - 2021-02-01 18:39 - 000000000 ____D C:\Program Files (x86)\WinSCP
2021-02-01 18:38 - 2021-02-01 18:39 - 292897167 _____ C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6.zip
2021-02-01 18:26 - 2021-02-01 18:26 - 005835761 _____ C:\Users\nils\Downloads\OptiFine_1.16.5_HD_U_G6.jar
2021-01-30 01:27 - 2021-02-18 17:06 - 000002170 ____C C:\Users\nils\Desktop\CurseForge.lnk
2021-01-30 01:27 - 2021-02-08 15:59 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000004382 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ____D C:\ProgramData\Overwolf
2021-01-30 01:26 - 2021-01-30 01:26 - 001386784 _____ (Overwolf Ltd.) C:\Users\nils\Downloads\CurseForge - LP-Installer.exe
2021-01-29 22:08 - 2021-01-29 22:08 - 000000000 ____D C:\Users\nils\AppData\Roaming\twitch-desktop-electron-platform
2021-01-27 21:38 - 2021-01-27 21:38 - 000002271 _____ C:\ProgramData\Desktop\NVIDIA Broadcast.lnk
2021-01-27 21:34 - 2021-01-27 21:35 - 245764976 _____ (NVIDIA Corporation) C:\Users\nils\Downloads\nvidia_broadcast_v1.1.0.20.exe
2021-01-27 17:30 - 2021-01-27 17:30 - 000055780 _____ C:\Users\nils\Downloads\9692940_2020_Nr.012_Kontoauszug_vom_31.12.2020_20210127053005.pdf
2021-01-27 17:30 - 2021-01-27 17:30 - 000041755 _____ C:\Users\nils\Downloads\9692940_2020_Mitteilung_vom_31.12.2020_20210127053013.pdf
2021-01-20 23:39 - 2021-01-20 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-01-20 23:39 - 2021-01-20 23:39 - 000000000 ____D C:\Program Files\LGHUB
2021-01-20 15:51 - 2021-01-20 15:51 - 004451384 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_render_apo.dll
2021-01-20 15:51 - 2021-01-20 15:51 - 002174656 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_capture_apo.dll
2021-01-19 17:44 - 2021-01-19 17:44 - 000048048 _____ C:\Users\nils\Downloads\4109392600_2020_Nr.003_Kontoauszug_vom_31.07.2020_20210119054406.pdf
2021-01-19 17:44 - 2021-01-19 17:44 - 000045641 _____ C:\Users\nils\Downloads\4109392600_2020_Mitteilung_vom_30.06.2020_20210119054421.pdf
2021-01-19 17:44 - 2021-01-19 17:44 - 000045639 _____ C:\Users\nils\Downloads\4109392600_2020_Mitteilung_vom_27.10.2020_20210119054429.pdf
2021-01-19 17:43 - 2021-01-19 17:43 - 000048092 _____ C:\Users\nils\Downloads\4109392600_2020_Nr.002_Kontoauszug_vom_30.06.2020_20210119054348.pdf
2021-01-19 17:43 - 2021-01-19 17:43 - 000047637 _____ C:\Users\nils\Downloads\4109392600_2020_Nr.001_Kontoauszug_vom_29.05.2020_20210119054333.pdf
2021-01-19 00:40 - 2021-02-18 17:12 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB
2021-01-19 00:40 - 2021-02-18 17:05 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB
2021-01-19 00:39 - 2021-01-19 00:40 - 000000000 ____D C:\ProgramData\LGHUB

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-18 17:16 - 2019-11-01 23:12 - 000000000 ____D C:\Users\nils\AppData\Local\Battle.net
2021-02-18 17:09 - 2020-09-15 07:57 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-18 17:09 - 2020-09-15 00:13 - 000741490 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-18 17:09 - 2020-09-15 00:13 - 000149740 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-18 17:09 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-18 17:07 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-18 17:06 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf
2021-02-18 17:05 - 2020-09-15 07:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-18 17:05 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-18 17:05 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-18 17:05 - 2019-01-22 14:43 - 000000000 ____D C:\Intel
2021-02-18 17:05 - 2018-06-27 19:54 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-18 16:57 - 2020-12-02 02:05 - 000003124 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2021-02-18 16:46 - 2020-10-11 02:45 - 000000000 ___DC C:\Users\nils\Documents\Impulse
2021-02-18 15:55 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps
2021-02-18 15:49 - 2020-09-15 07:58 - 000004184 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1593451427
2021-02-18 15:49 - 2020-06-29 18:23 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2021-02-18 15:43 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord
2021-02-18 15:26 - 2020-12-28 16:14 - 000000000 ____D C:\Users\nils\AppData\Local\Deployment
2021-02-18 15:26 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages
2021-02-18 14:11 - 2020-09-15 07:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-18 12:33 - 2018-06-29 21:37 - 000000000 ____D C:\ProgramData\Riot Games
2021-02-18 10:20 - 2019-11-25 22:30 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-02-18 08:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-17 17:12 - 2019-10-12 17:22 - 000000000 ____D C:\Users\nils\AppData\Roaming\Twitch
2021-02-17 09:39 - 2019-11-01 23:12 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-02-16 13:09 - 2018-11-05 15:51 - 000000000 ___DC C:\Users\nils\AppData\Local\ElevatedDiagnostics
2021-02-16 12:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-16 12:45 - 2020-11-12 00:19 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-02-15 18:44 - 2018-12-16 00:08 - 000000000 ___DC C:\Users\nils\AppData\Roaming\obs-studio
2021-02-15 04:51 - 2020-09-15 00:33 - 000000000 ____D C:\Users\nils
2021-02-15 00:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-14 21:26 - 2019-06-21 23:19 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-13 01:39 - 2020-09-15 07:53 - 000636904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-13 01:39 - 2020-09-15 07:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-13 01:39 - 2019-11-25 22:30 - 000001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-02-13 01:39 - 2019-11-25 22:30 - 000001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-02-13 01:38 - 2019-12-07 15:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 01:38 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-12 22:24 - 2020-07-15 11:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-12 20:58 - 2019-11-25 21:18 - 000000000 ____D C:\Users\nils\AppData\Roaming\.minecraft
2021-02-12 20:46 - 2019-11-25 21:18 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-02-12 17:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 17:11 - 2018-06-27 20:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-12 17:10 - 2018-06-27 20:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-11 23:29 - 2018-06-27 19:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 20:51 - 2019-11-05 22:23 - 000000000 ____D C:\Program Files (x86)\Overwatch
2021-02-11 12:18 - 2020-09-15 07:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 12:18 - 2020-09-15 07:58 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-10 21:30 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin
2021-02-10 21:30 - 2019-02-18 21:21 - 000000000 ____D C:\ProgramData\Origin
2021-02-10 18:17 - 2018-07-29 22:29 - 000000000 ___DC C:\Users\nils\Documents\Soundaufnahmen
2021-02-09 21:11 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-08 15:28 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache
2021-02-05 20:58 - 2020-09-15 07:58 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 20:58 - 2020-09-15 07:58 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-05 13:43 - 2020-12-11 01:42 - 000001372 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk
2021-02-05 13:43 - 2020-12-11 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]
2021-02-01 01:22 - 2018-06-27 20:26 - 000000000 ___DC C:\Users\nils\AppData\Local\NVIDIA
2021-01-27 22:05 - 2019-01-11 23:11 - 000000000 ____D C:\Temp
2021-01-27 21:38 - 2020-12-01 13:33 - 000003662 _____ C:\WINDOWS\system32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-24 18:33 - 2020-08-25 22:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-24 05:14 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Roaming\Origin
2021-01-23 19:41 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-23 19:41 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Local\Origin
2021-01-22 11:16 - 2020-09-15 07:58 - 000004286 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-01-22 11:16 - 2020-09-15 07:58 - 000004054 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-01-22 10:45 - 2018-06-27 19:45 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-20 15:51 - 2020-03-30 22:10 - 000044096 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_audio_surround.sys

==================== Files in the root of some directories ========

2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe
2020-10-11 02:54 - 2020-10-11 03:01 - 003228672 _____ () C:\Users\nils\AppData\Roaming\ScriptHookV.dll
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ () C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ () C:\Users\nils\AppData\Roaming\winscp.rnd
2020-10-21 00:43 - 2020-10-21 00:43 - 000002221 _____ () C:\Users\nils\AppData\Local\recently-used.xbel
2019-02-19 20:35 - 2020-12-24 19:44 - 000007607 _____ () C:\Users\nils\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

--- --- ---

M-K-D-B · 19.02.2021, 15:56

Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.

Schritt 1
Führe Malwarebytes' AntiMalware (MBAM) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.

Schritt 2
Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.

Schritt 3

Starte FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort:

die Logdatei von MBAM
die Logdatei von AdwCleaner
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

NTorak · 19.02.2021, 20:45

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 19.02.21
Scan-Zeit: 11:33
Protokolldatei: da3aa7c8-729d-11eb-bb8a-0492265d3edd.json

-Softwaredaten-
Version: 4.3.0.98
Komponentenversion: 1.0.1173
Version des Aktualisierungspakets: 1.0.37293
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 19041.804)
CPU: x64
Dateisystem: NTFS
Benutzer: nils-pc\nils

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 381596
Erkannte Bedrohungen: 39
In die Quarantäne verschobene Bedrohungen: 39
Abgelaufene Zeit: 3 Min., 18 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 14
PUP.Optional.Segurazo, HKLM\SOFTWARE\SegOption, In Quarantäne, 13533, 757809, 1.0.37293, , ame, , , 
RiskWare.Script, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils, In Quarantäne, 8534, 901769, 1.0.37293, , ame, , , 
RiskWare.Script.MZreg, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils1, In Quarantäne, 16671, 884748, 1.0.37293, , ame, , , 
PUP.Optional.InstallCore, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\CSASTATS\ic, In Quarantäne, 112, 586068, 1.0.37293, , ame, , , 
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , , 
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , , 
PUP.Optional.Conduit, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, 1.0.37293, , ame, , , 
PUP.Optional.WinYahoo, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}, In Quarantäne, 2683, 254682, 1.0.37293, , ame, , , 
PUP.Optional.StartPage, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{510A6C65-1EB9-40FA-875E-0CE4E3F57394}, In Quarantäne, 571, 597952, 1.0.37293, , ame, , , 
PUP.Optional.ChipDe, HKLM\SYSTEM\SETUP\FIRSTBOOT\SERVICES\chip1click, In Quarantäne, 9554, 567244, 1.0.37293, , ame, , , 
PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, In Quarantäne, 9554, 463412, 1.0.37293, , ame, , , 
PUP.Optional.SearchManager.BITSRST, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , , 
PUP.Optional.SearchManager.BITSRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , , 
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , , 

Registrierungswert: 9
RiskWare.Script.Powershell, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\ENVIRONMENT|NILS, In Quarantäne, 16611, 911451, 1.0.37293, , ame, , , 
RiskWare.Script, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils|653, In Quarantäne, 8534, 901769, 1.0.37293, , ame, , , 
RiskWare.Script.MZreg, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils1|0, In Quarantäne, 16671, 884748, 1.0.37293, , ame, , , 
PUP.Optional.Conduit, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, 139, 236865, 1.0.37293, , ame, , , 
PUP.Optional.Conduit, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, In Quarantäne, 139, 236865, 1.0.37293, , ame, , , 
PUP.Optional.WinYahoo, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, In Quarantäne, 2683, 254682, 1.0.37293, , ame, , , 
PUP.Optional.StartPage, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{510A6C65-1EB9-40FA-875E-0CE4E3F57394}|URL, In Quarantäne, 571, 597952, 1.0.37293, , ame, , , 
RiskWare.Script.Powershell, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|NILS, In Quarantäne, 16611, 903622, 1.0.37293, , ame, , , 
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , , 

Registrierungsdaten: 1
PUP.Optional.StartPage, HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\MICROSOFTEDGE\MAIN|HOMEBUTTONPAGE, Ersetzt, 571, 597950, 1.0.37293, , ame, , , 

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 2
PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CODHFLFNIDHLKPHOGDMHFHJMKEHLFJJK, In Quarantäne, 8885, 626728, 1.0.37293, , ame, , , 
PUP.Optional.StartPage, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 571, 597949, , , , , , 

Datei: 13
PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Ersetzt, 8885, 626728, , , , , CF2BBB8886C341C616494F11704EE666, 0EAFC4492C1F33FCFC6CB08D07E03C7199559B63F104375E9B9BA291C0969C9F
PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CODHFLFNIDHLKPHOGDMHFHJMKEHLFJJK\10.1.4.64_0\MANIFEST.JSON, In Quarantäne, 8885, 626728, 1.0.37293, , ame, , 9159BEE1FCF32F7BC161633901C06409, 284A594C16B09FFBA77044BAA826213DB846A1799B49B4E8AB06733F6A1D1340
PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CODHFLFNIDHLKPHOGDMHFHJMKEHLFJJK\10.1.4.64_0\RESPONSECONFIG.JSON, In Quarantäne, 8885, 626727, 1.0.37293, , ame, , 7D0C421C97814F8B0936718C269BEC84, 1D6DDBE800526B1E1F7BA80F90764FF3301F4841C0110BB54FFCFFE5F86C90A9
PUP.Optional.ChipDe, C:\USERS\NILS\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{31AD8258-894C-48D5-8149-C47506092754}\CHIP INSTALLER.MSI, In Quarantäne, 9554, 594115, 1.0.37293, , ame, , 09592483D17F4F088723F4084EA94BD0, BC47ABA34B923C9C53F71928F1D57F6211D52EC020FA14DCC145B4919108F781
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, In Quarantäne, 571, 597949, , , , , 9F89A009E185090FF7E5597E05272D49, 9683E0D381254E1F60C4AF7B797CC1C2DB97120A555DB451AE762D51F853A2EC
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001986.log, In Quarantäne, 571, 597949, , , , , 16A3F408568F4452E53BB7F19A5555F7, 64CF5131A8C5BD0DC5904AD529A4BB4484718D8B0DF1F8382E7231B3E0A65D69
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001988.ldb, In Quarantäne, 571, 597949, , , , , 328D6B785CFBC4BA8E507C234F0AC717, 76EE3E2099DCE8A99D0A0B4992CBDA37263538F2E4A5D97BF4C0958790BEAB91
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, In Quarantäne, 571, 597949, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, In Quarantäne, 571, 597949, , , , , , 
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, In Quarantäne, 571, 597949, , , , , 7CA7A528D292F87E65A794F0641796BC, 6140C3BCD3DD01444BEBBABAA65CEB5BD28F06E3676A96FC692AC5D93215C81E
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, In Quarantäne, 571, 597949, , , , , 761AD0F243136D265B79FCF12FFE9FD7, C16CDFBFA07100AD19D70EDD6C00E94E40C36FE5B4AAAD5857916AE2D93FE0B3
PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, In Quarantäne, 571, 597949, , , , , 63E9AD2EC3A9B1908E3A783725C3454A, 19424F6A1F5D0A835CBC9201CB4F863018FC89CB52086D1C0941BF8FBE5FF8C6
PUP.Optional.StartPage, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Ersetzt, 571, 597949, 1.0.37293, , ame, , D345B0E7DAFEAB3B9EC6ADA9C4A5124C, DEFE4D91779C197446259B5C943C49BE5965C74A82E35EDD8442862CF135139B

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-01-11.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-19-2021
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  29
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Chromium
Deleted       C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\Digital Communications
Deleted       C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted       C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\Users\nils\AppData\LocalLow\IObit\Advanced SystemCare
Deleted       C:\Users\nils\AppData\Local\DOWNLOADED INSTALLATIONS\{31AD8258-894C-48D5-8149-C47506092754}
Deleted       C:\Users\nils\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\nils\AppData\Roaming\Tencent

***** [ Files ] *****

Deleted       C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\csastats
Deleted       HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted       HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4805 octets] - [19/02/2021 20:12:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01
Ran by nils (administrator) on NILS-PC (19-02-2021 20:36:34)
Running from C:\Users\nils\Desktop\FRST
Loaded Profiles: nils
Platform: Windows 10 Pro Version 2004 19041.804 (X64) Language: Englisch (Großbritannien)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\nils\AppData\Local\Temp\scoped_dir12524_807180866\adwcleaner_8.1.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [Spectrum] => C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\HID.exe [1753104 2020-05-25] (G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.)
HKLM-x32\...\Run: [Inno3D] => C:\Program Files (x86)\INNO3D TuneIT\Inno3D.exe
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62636856 2020-11-13] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32898104 2021-02-16] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Chromium] => "c:\users\nils\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090464 2021-02-17] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [DiscordPTB] => C:\Users\nils\AppData\Local\DiscordPTB\app-0.0.55\DiscordPTB.exe
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2021-01-24] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [104586376 2021-02-18] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Policies\Explorer: [NoWinKeys] 1
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {91727cc2-da62-11ea-bcee-0492265d3edd} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {d80afba4-6f01-11eb-bd49-0492265d3edd} - "E:\OnePlus_setup.exe" /s
HKLM\...\Windows x64\Print Processors\OKX055PP: C:\Windows\System32\spool\prtprocs\x64\OKX055PP.DLL [52224 2015-12-25] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)
HKLM\...\Print\Monitors\EPSON WF-3540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJHE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558080 2011-08-30] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\Oki Language Monitor v2 x64: C:\WINDOWS\system32\OPPFLM64.DLL [24064 2011-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10923ACD-A6F3-46C9-8B05-FA036D45F27C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {14B7AE73-1437-44FC-B4CD-CB064266DC82} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {169A4A9F-5AB2-4859-BB79-105D4F7E0F5B} - System32\Tasks\TaskbarX NILS-PCnils => C:\Users\nils\AppData\Local\Temp\Rar$EXa15592.7440\TaskbarX.exe <==== ATTENTION
Task: {1BB8711B-BE48-42FB-9471-FCFD984EE7F6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CFF092D-CB8C-4697-A22E-C65E98842FAC} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002Core => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe
Task: {21AD196C-E033-4A17-8AB0-51729310AFC0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {247335EE-A7B9-443A-B7C4-14AD5DACB27E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {28EBA2B2-5857-4D18-B83C-B4BEFE4B6B64} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {32197A57-775D-4F2B-BADF-36EAF82B90C2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {334F71AD-EA0A-45C3-A6BF-D23B10278705} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {389005A7-88A2-4A2D-9B0D-221BF3779434} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49B6BC26-85D9-47CD-8037-109C0AE32EE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {64C72E17-56AC-4A10-8359-81CB62CBFA09} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {66CB8C64-C47E-4DE8-BC72-AE4F1B10190B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {6CC840F6-D3B1-4381-80D6-368E821AD608} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {708BEC20-0B26-4F36-9C8B-B3DDB92FF7D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {71112853-AD65-4846-8E55-E40FC38399A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {7478992B-7BB6-4BF1-A873-5E111E4C328B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {776DF5CB-61F3-413A-866C-67864EDC98A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {79FE0BF0-DF6B-4F3F-B627-2641C7B3C431} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7AFBADC6-5A92-4AD1-B4C6-825820AA6735} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498512 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {947A71B9-8265-4202-B1DF-31851FE6ECD4} - System32\Tasks\Opera GX scheduled Autoupdate 1593451427 => C:\Users\nils\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-02-16] (Opera Software AS -> Opera Software)
Task: {96FD5F58-83E0-4F87-BE57-8C5B4AE1AC73} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9755D7FA-2C11-4258-B363-6A045E7D0494} - System32\Tasks\Opera scheduled Autoupdate 1555368081 => C:\Users\nils\AppData\Local\Programs\Opera\launcher.exe
Task: {9C946B4F-522A-4DC7-A9DD-DF2925C43312} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A4035D2D-AABB-427C-B68E-FE5DE8C57307} - System32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe [8577776 2021-01-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A448EED5-27DE-4BDF-837A-18BA2E930140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)
Task: {AF840AC3-BAA2-43A2-9FF4-E39C018BA346} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002UA => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe
Task: {BDDB2636-5C15-45B7-A849-41EBC891643A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)
Task: {C83D387D-761A-4D40-AA38-0274BB58034C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8CDC2F0-A1CE-45E8-A86F-A88504F2F2B8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe
Task: {CAE80F57-588C-4CA0-8489-93BE2E1DC0EE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBFD160A-267A-4AC3-B7F9-BCE4026B204F} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3449150419-271838051-1508037707-1001 => C:\Users\nils\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {CC90B01F-54A3-4F48-9A32-4D63DFA4B7B8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)
Task: {D7486F2D-BB18-4E28-B718-83CF6A9FB91F} - System32\Tasks\{B557B444-21B0-41FD-B838-14D7E070A414} => "c:\windows\system32\launchwinapp.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=404
Task: {DD50F83C-FE08-4203-9695-5DB48F511782} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF3C45B8-B136-41AF-94FF-1A00C6FF1A2C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [784880 2019-09-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{49065b68-8f61-403d-b9dc-f5281de063c8}: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{84ffcfd2-bfa3-4511-899f-7ed5e75b8ecb}: [DhcpNameServer] 192.168.42.129

Edge: 
=======
Edge HomeButtonPage: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> hxxp://www.google.com
Edge Profile: C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-19]
Edge HomePage: Default -> hxxp://www.go-setting.com/
Edge Extension: (Search Manager) - C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-07-15]
Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]

FireFox:
========
FF DefaultProfile: ncucdlz8.default-1584820434065
FF ProfilePath: C:\Users\nils\AppData\Roaming\Mozilla\Firefox\Profiles\ncucdlz8.default-1584820434065 [2021-02-18]
FF HKLM\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default [2021-02-18]
CHR Notifications: Default -> hxxps://de.softonic.com; hxxps://secrethitler.io; hxxps://vulkanvegas.com; hxxps://www.facebook.com; hxxps://www.royalpanda.com
CHR HomePage: Default -> hxxp://www.go-setting.com/
CHR StartupUrls: Default -> "hxxp://www.go-setting.com/"
CHR Extension: (Präsentationen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-16]
CHR Extension: (BetterTTV) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2020-12-23]
CHR Extension: (Docs) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-16]
CHR Extension: (Google Drive) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-16]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-31]
CHR Extension: (Watch2Gether) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2020-07-31]
CHR Extension: (Tabellen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Material Dark - MKBHD) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiplegjeipnjdpgkeccfccnahofbckad [2020-04-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-10]
CHR Extension: (Global Twitch Emotes) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgniedifoejifjkndekolimjeclnokkb [2020-06-15]
CHR Extension: (Google Mail) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-15]
CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]

Opera: 
=======
OPR Profile: C:\Users\nils\AppData\Roaming\Opera Software\Opera Stable [2021-02-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
StartMenuInternet: (HKU\S-1-5-21-3449150419-271838051-1508037707-1002) Opera GXStable - "C:\Users\nils\AppData\Local\Programs\Opera GX\Launcher.exe"

Brave: 
=======
BRA Profile: C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-02-18]
BRA Extension: (Brave Tracking Protection Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-01-19]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-01-19]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-01-19]
BRA Extension: (Brave Ad Block Updater (DEU: EasyList Germany)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\jmomcjcilfpbaaklkifaijjcnancamde [2019-01-19]
BRA Extension: (PDF Viewer) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-01-19]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-01-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe [419264 2019-01-11] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2019-01-19] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe [1919280 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-19] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
S2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [605096 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)
S2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2017-08-12] (Scarlet.Crush Productions) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-07-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2020-12-23] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-12-08] (GOG Sp. z o.o. -> GOG.com)
S3 HnGSteamService; D:\Steam\steamapps\common\Heroes & Generals\hngservice.exe [788776 2021-02-17] (Reto-Moto ApS -> Reto-Moto ApS)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10887816 2021-02-18] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R2 NvBroadcast.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe [873272 2021-01-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1679240 2021-02-16] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Uncheater\ucldr_battlegrounds_gl.exe [6979584 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6862584 2020-12-31] (PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2019-01-19] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-01-19] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [33504 2019-01-01] (ASUSTeK Computer Inc. -> )
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60328 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-19] (CPUID S.A.R.L.U. -> CPUID)
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-19] (Malwarebytes Corporation -> Malwarebytes)
R1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45168 2018-05-07] (Logitech Inc -> Logitech Inc.)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\70065\driver_cpu_temperature\logi_core_temp.sys [25448 2021-02-18] (Logitech Inc. -> Logitech)
R3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [44088 2021-02-18] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2020-08-27] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2020-08-27] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2020-08-27] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-19] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
S3 MpKsl5ab3965f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C797E52-FBBE-450D-A683-B0B9D01D8515}\MpKslDrv.sys [47344 2021-02-18] (Microsoft Windows -> Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-08-12] (Bruce James -> Scarlet.Crush Productions)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2732984 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 ALSysIO; \??\C:\Users\nils\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-19 20:33 - 2021-02-19 20:33 - 000004384 ____C C:\Users\nils\Desktop\AdwCleaner[C00].txt
2021-02-19 20:33 - 2021-02-19 20:33 - 000004384 ____C C:\Users\nils\Desktop\AdwCleaner[C00].txt
2021-02-19 20:14 - 2021-02-19 20:14 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IGDump
2021-02-19 20:14 - 2021-02-19 20:14 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IGDump
2021-02-19 20:11 - 2021-02-19 20:32 - 000000000 ____D C:\AdwCleaner
2021-02-19 20:09 - 2021-02-19 20:11 - 008463216 _____ (Malwarebytes) C:\Users\nils\Desktop\adwcleaner_8.1.exe
2021-02-19 20:09 - 2021-02-19 20:11 - 008463216 _____ (Malwarebytes) C:\Users\nils\Desktop\adwcleaner_8.1.exe
2021-02-19 20:08 - 2021-02-19 20:08 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-19 20:08 - 2021-02-19 20:08 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-19 20:08 - 2021-02-19 20:08 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-19 20:08 - 2021-02-19 20:08 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-19 11:39 - 2021-02-19 11:39 - 000009195 ____C C:\Users\nils\Desktop\MBAM.txt
2021-02-19 11:39 - 2021-02-19 11:39 - 000009195 ____C C:\Users\nils\Desktop\MBAM.txt
2021-02-19 11:32 - 2021-02-19 20:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-19 11:31 - 2021-02-19 11:32 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-19 11:31 - 2021-02-19 11:32 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-19 11:31 - 2021-02-19 11:32 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-19 11:31 - 2021-02-19 11:32 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-19 11:31 - 2021-02-19 11:31 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-19 11:31 - 2021-02-19 11:31 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\Users\nils\AppData\Local\mbam
2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\Users\nils\AppData\Local\mbam
2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-19 11:30 - 2021-02-19 11:30 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-19 00:34 - 2021-02-19 11:43 - 103546880 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-02-19 00:33 - 2021-02-19 00:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-02-18 23:10 - 2021-02-18 23:10 - 000398405 ____N C:\WINDOWS\Minidump\021821-6156-01.dmp
2021-02-18 23:06 - 2021-02-18 23:06 - 000425725 ____N C:\WINDOWS\Minidump\021821-6625-01.dmp
2021-02-18 23:00 - 2021-02-18 23:00 - 000002329 ____C C:\Users\js\Desktop\Microsoft Edge.lnk
2021-02-18 23:00 - 2021-02-18 23:00 - 000002329 ____C C:\Users\js\Desktop\Microsoft Edge.lnk
2021-02-18 23:00 - 2021-02-18 23:00 - 000002324 ____C C:\Users\js\Desktop\Google Chrome.lnk
2021-02-18 23:00 - 2021-02-18 23:00 - 000002324 ____C C:\Users\js\Desktop\Google Chrome.lnk
2021-02-18 23:00 - 2021-02-18 23:00 - 000000020 ___SH C:\Users\js\ntuser.ini
2021-02-18 23:00 - 2021-02-18 23:00 - 000000020 ___SH C:\Users\js\ntuser.ini
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ___RD C:\Users\js\3D Objects
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ___RD C:\Users\js\3D Objects
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Roaming\NVIDIA
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Roaming\NVIDIA
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\NVIDIA
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\NVIDIA
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\Google
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\Google
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\ansel
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\ansel
2021-02-18 22:59 - 2021-02-18 22:59 - 000354567 ____N C:\WINDOWS\Minidump\021821-5750-01.dmp
2021-02-18 22:55 - 2021-02-18 22:55 - 000402001 ____N C:\WINDOWS\Minidump\021821-6000-01.dmp
2021-02-18 22:50 - 2021-02-18 22:50 - 000496531 ____N C:\WINDOWS\Minidump\021821-6640-01.dmp
2021-02-18 22:46 - 2021-02-18 22:46 - 000461205 ____N C:\WINDOWS\Minidump\021821-6515-01.dmp
2021-02-18 22:41 - 2021-02-18 22:41 - 000460721 ____N C:\WINDOWS\Minidump\021821-7000-01.dmp
2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB
2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB
2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB
2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB
2021-02-18 21:01 - 2021-02-18 21:01 - 004451384 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_render_apo.dll
2021-02-18 21:01 - 2021-02-18 21:01 - 002174656 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_capture_apo.dll
2021-02-18 21:01 - 2021-02-18 21:01 - 000000722 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2021-02-18 21:01 - 2021-02-18 21:01 - 000000722 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\Program Files\LGHUB
2021-02-18 21:00 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\LGHUB
2021-02-18 21:00 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\LGHUB
2021-02-18 20:59 - 2021-02-18 20:59 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-02-18 18:17 - 2021-02-18 18:17 - 000058855 _____ C:\Users\nils\Downloads\FRST (1).txt
2021-02-18 18:17 - 2021-02-18 18:17 - 000058855 _____ C:\Users\nils\Downloads\FRST (1).txt
2021-02-18 16:13 - 2021-02-18 16:14 - 000068315 _____ C:\Users\nils\Downloads\Addition.txt
2021-02-18 16:13 - 2021-02-18 16:14 - 000068315 _____ C:\Users\nils\Downloads\Addition.txt
2021-02-18 16:12 - 2021-02-18 16:14 - 000057813 _____ C:\Users\nils\Downloads\FRST.txt
2021-02-18 16:12 - 2021-02-18 16:14 - 000057813 _____ C:\Users\nils\Downloads\FRST.txt
2021-02-18 16:11 - 2021-02-19 20:36 - 000000000 ___DC C:\Users\nils\Desktop\FRST
2021-02-18 16:11 - 2021-02-19 20:36 - 000000000 ___DC C:\Users\nils\Desktop\FRST
2021-02-18 16:06 - 2021-02-19 20:36 - 000000000 ____D C:\FRST
2021-02-18 10:20 - 2021-02-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-02-18 10:20 - 2021-02-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-02-17 16:43 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Mario
2021-02-17 16:43 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Mario
2021-02-17 16:42 - 2021-02-17 16:43 - 017165629 _____ C:\Users\nils\Desktop\New Super Mario Bros. (Europe) (En,Fr,De,Es,It).zip
2021-02-17 16:42 - 2021-02-17 16:43 - 017165629 _____ C:\Users\nils\Desktop\New Super Mario Bros. (Europe) (En,Fr,De,Es,It).zip
2021-02-17 10:09 - 2021-02-16 12:58 - 000000883 ____C C:\Users\nils\Desktop\WiinUSoft.lnk
2021-02-17 10:09 - 2021-02-16 12:58 - 000000883 ____C C:\Users\nils\Desktop\WiinUSoft.lnk
2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe
2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe
2021-02-16 15:20 - 2021-02-16 15:20 - 000001986 _____ C:\Users\nils\Desktop\pokemon_sonne_und_mond_kostenlos_downloaden.zip
2021-02-16 15:20 - 2021-02-16 15:20 - 000001986 _____ C:\Users\nils\Desktop\pokemon_sonne_und_mond_kostenlos_downloaden.zip
2021-02-16 15:10 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Saves
2021-02-16 15:10 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Saves
2021-02-16 13:32 - 2021-02-16 13:32 - 000000000 ___DC C:\Users\nils\Documents\Server
2021-02-16 13:32 - 2021-02-16 13:32 - 000000000 ___DC C:\Users\nils\Documents\Server
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft
2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft
2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\Program Files\WiinUSoft
2021-02-16 12:58 - 2017-08-12 17:47 - 000039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys
2021-02-15 20:02 - 2021-02-16 15:05 - 000000000 ___DC C:\Users\nils\Desktop\Pokemon
2021-02-15 20:02 - 2021-02-16 15:05 - 000000000 ___DC C:\Users\nils\Desktop\Pokemon
2021-02-15 20:01 - 2021-02-15 20:02 - 050974335 _____ C:\Users\nils\Downloads\Pokemon - Platin-Edition (Germany).zip
2021-02-15 20:01 - 2021-02-15 20:02 - 050974335 _____ C:\Users\nils\Downloads\Pokemon - Platin-Edition (Germany).zip
2021-02-15 14:22 - 2021-02-15 14:22 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01 (1).mp4
2021-02-15 14:22 - 2021-02-15 14:22 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01 (1).mp4
2021-02-15 14:20 - 2021-02-15 14:20 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01.mp4
2021-02-15 14:20 - 2021-02-15 14:20 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01.mp4
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-02-13 01:39 - 2021-02-13 01:39 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2021-02-12 20:39 - 2021-02-12 20:39 - 000000000 ____D C:\Users\nils\.ngrok2
2021-02-12 20:39 - 2021-02-12 20:39 - 000000000 ____D C:\Users\nils\.ngrok2
2021-02-12 20:36 - 2021-02-12 20:36 - 013819230 _____ C:\Users\nils\Downloads\ngrok-stable-windows-amd64.zip
2021-02-12 20:36 - 2021-02-12 20:36 - 013819230 _____ C:\Users\nils\Downloads\ngrok-stable-windows-amd64.zip
2021-02-12 20:29 - 2021-02-12 20:32 - 000000051 ____C C:\Users\nils\Desktop\start.bat
2021-02-12 20:29 - 2021-02-12 20:32 - 000000051 ____C C:\Users\nils\Desktop\start.bat
2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 17:16 - 2021-02-12 17:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-12 17:16 - 2021-02-12 17:16 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-12 17:16 - 2021-02-12 17:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-10 15:40 - 2021-02-10 15:40 - 000052800 _____ C:\Users\nils\Downloads\9692940_2021_Nr.001_Kontoauszug_vom_29.01.2021_20210210034041.pdf
2021-02-10 15:40 - 2021-02-10 15:40 - 000052800 _____ C:\Users\nils\Downloads\9692940_2021_Nr.001_Kontoauszug_vom_29.01.2021_20210210034041.pdf
2021-02-01 18:41 - 2019-08-14 11:07 - 000000000 ____D C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6
2021-02-01 18:41 - 2019-08-14 11:07 - 000000000 ____D C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ C:\Users\nils\AppData\Roaming\winscp.rnd
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ C:\Users\nils\AppData\Roaming\winscp.rnd
2021-02-01 18:39 - 2021-02-01 18:39 - 011155568 _____ (Martin Prikryl ) C:\Users\nils\Downloads\WinSCP-5.17.10-Setup.exe
2021-02-01 18:39 - 2021-02-01 18:39 - 011155568 _____ (Martin Prikryl ) C:\Users\nils\Downloads\WinSCP-5.17.10-Setup.exe
2021-02-01 18:39 - 2021-02-01 18:39 - 000001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2021-02-01 18:39 - 2021-02-01 18:39 - 000001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2021-02-01 18:39 - 2021-02-01 18:39 - 000000000 ____D C:\Program Files (x86)\WinSCP
2021-02-01 18:38 - 2021-02-01 18:39 - 292897167 _____ C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6.zip
2021-02-01 18:38 - 2021-02-01 18:39 - 292897167 _____ C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6.zip
2021-02-01 18:26 - 2021-02-01 18:26 - 005835761 _____ C:\Users\nils\Downloads\OptiFine_1.16.5_HD_U_G6.jar
2021-02-01 18:26 - 2021-02-01 18:26 - 005835761 _____ C:\Users\nils\Downloads\OptiFine_1.16.5_HD_U_G6.jar
2021-01-30 01:27 - 2021-02-19 20:08 - 000002170 ____C C:\Users\nils\Desktop\CurseForge.lnk
2021-01-30 01:27 - 2021-02-19 20:08 - 000002170 ____C C:\Users\nils\Desktop\CurseForge.lnk
2021-01-30 01:27 - 2021-02-08 15:59 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000004382 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ____D C:\ProgramData\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ____D C:\ProgramData\Overwolf
2021-01-30 01:26 - 2021-01-30 01:26 - 001386784 _____ (Overwolf Ltd.) C:\Users\nils\Downloads\CurseForge - LP-Installer.exe
2021-01-30 01:26 - 2021-01-30 01:26 - 001386784 _____ (Overwolf Ltd.) C:\Users\nils\Downloads\CurseForge - LP-Installer.exe
2021-01-29 22:08 - 2021-01-29 22:08 - 000000000 ____D C:\Users\nils\AppData\Roaming\twitch-desktop-electron-platform
2021-01-29 22:08 - 2021-01-29 22:08 - 000000000 ____D C:\Users\nils\AppData\Roaming\twitch-desktop-electron-platform
2021-01-27 21:38 - 2021-01-27 21:38 - 000002271 _____ C:\ProgramData\Desktop\NVIDIA Broadcast.lnk
2021-01-27 21:38 - 2021-01-27 21:38 - 000002271 _____ C:\ProgramData\Desktop\NVIDIA Broadcast.lnk
2021-01-27 21:34 - 2021-01-27 21:35 - 245764976 _____ (NVIDIA Corporation) C:\Users\nils\Downloads\nvidia_broadcast_v1.1.0.20.exe
2021-01-27 21:34 - 2021-01-27 21:35 - 245764976 _____ (NVIDIA Corporation) C:\Users\nils\Downloads\nvidia_broadcast_v1.1.0.20.exe
2021-01-27 17:30 - 2021-01-27 17:30 - 000055780 _____ C:\Users\nils\Downloads\9692940_2020_Nr.012_Kontoauszug_vom_31.12.2020_20210127053005.pdf
2021-01-27 17:30 - 2021-01-27 17:30 - 000055780 _____ C:\Users\nils\Downloads\9692940_2020_Nr.012_Kontoauszug_vom_31.12.2020_20210127053005.pdf
2021-01-27 17:30 - 2021-01-27 17:30 - 000041755 _____ C:\Users\nils\Downloads\9692940_2020_Mitteilung_vom_31.12.2020_20210127053013.pdf
2021-01-27 17:30 - 2021-01-27 17:30 - 000041755 _____ C:\Users\nils\Downloads\9692940_2020_Mitteilung_vom_31.12.2020_20210127053013.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-19 20:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-19 20:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\Program Files (x86)\IObit
2021-02-19 20:32 - 2018-07-28 12:38 - 000000000 ___DC C:\Users\nils\AppData\Local\Downloaded Installations
2021-02-19 20:32 - 2018-07-28 12:38 - 000000000 ___DC C:\Users\nils\AppData\Local\Downloaded Installations
2021-02-19 20:32 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-19 20:32 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-19 20:12 - 2020-09-15 07:57 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-19 20:12 - 2020-09-15 00:13 - 000741490 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-19 20:12 - 2020-09-15 00:13 - 000149740 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-19 20:12 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-19 20:09 - 2018-06-27 19:54 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-19 20:08 - 2020-09-15 07:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-19 20:08 - 2019-11-01 23:12 - 000000000 ____D C:\Users\nils\AppData\Local\Battle.net
2021-02-19 20:08 - 2019-11-01 23:12 - 000000000 ____D C:\Users\nils\AppData\Local\Battle.net
2021-02-19 20:08 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf
2021-02-19 20:08 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf
2021-02-19 20:08 - 2019-01-22 14:43 - 000000000 ____D C:\Intel
2021-02-19 11:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-19 11:43 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-19 11:43 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-19 11:42 - 2020-12-02 02:05 - 000003124 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2021-02-19 11:39 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps
2021-02-19 11:39 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps
2021-02-19 11:38 - 2020-09-15 07:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-19 11:32 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-18 23:46 - 2020-10-11 02:45 - 000000000 ___DC C:\Users\nils\Documents\Impulse
2021-02-18 23:46 - 2020-10-11 02:45 - 000000000 ___DC C:\Users\nils\Documents\Impulse
2021-02-18 23:36 - 2019-11-25 22:30 - 000000000 ____D C:\Users\nils\AppData\Local\Dropbox
2021-02-18 23:36 - 2019-11-25 22:30 - 000000000 ____D C:\Users\nils\AppData\Local\Dropbox
2021-02-18 23:33 - 2020-09-15 00:33 - 000000000 ____D C:\Users\nils
2021-02-18 23:23 - 2019-11-02 17:50 - 000000000 ____D C:\WINDOWS\ShellNew
2021-02-18 23:21 - 2017-11-02 01:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-18 23:21 - 2017-11-02 01:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-18 23:10 - 2020-12-03 09:29 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-18 23:00 - 2020-09-15 00:33 - 000000000 ____D C:\Users\js
2021-02-18 23:00 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-18 23:00 - 2017-11-02 01:43 - 000000000 ___DC C:\Users\js\AppData\Local\NVIDIA Corporation
2021-02-18 23:00 - 2017-11-02 01:43 - 000000000 ___DC C:\Users\js\AppData\Local\NVIDIA Corporation
2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\Packages
2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\Packages
2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\ConnectedDevicesPlatform
2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\ConnectedDevicesPlatform
2021-02-18 22:40 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord
2021-02-18 22:40 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord
2021-02-18 21:56 - 2018-06-29 21:37 - 000000000 ____D C:\ProgramData\Riot Games
2021-02-18 21:56 - 2018-06-29 21:37 - 000000000 ____D C:\ProgramData\Riot Games
2021-02-18 21:01 - 2020-03-30 22:10 - 000044088 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_audio_surround.sys
2021-02-18 20:06 - 2019-11-05 22:23 - 000000000 ____D C:\Program Files (x86)\Overwatch
2021-02-18 15:49 - 2020-09-15 07:58 - 000004184 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1593451427
2021-02-18 15:49 - 2020-06-29 18:23 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2021-02-18 15:49 - 2020-06-29 18:23 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2021-02-18 15:26 - 2020-12-28 16:14 - 000000000 ____D C:\Users\nils\AppData\Local\Deployment
2021-02-18 15:26 - 2020-12-28 16:14 - 000000000 ____D C:\Users\nils\AppData\Local\Deployment
2021-02-18 15:26 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages
2021-02-18 15:26 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages
2021-02-18 10:20 - 2019-11-25 22:30 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-02-17 17:12 - 2019-10-12 17:22 - 000000000 ____D C:\Users\nils\AppData\Roaming\Twitch
2021-02-17 17:12 - 2019-10-12 17:22 - 000000000 ____D C:\Users\nils\AppData\Roaming\Twitch
2021-02-17 09:39 - 2019-11-01 23:12 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-02-16 13:09 - 2018-11-05 15:51 - 000000000 ___DC C:\Users\nils\AppData\Local\ElevatedDiagnostics
2021-02-16 13:09 - 2018-11-05 15:51 - 000000000 ___DC C:\Users\nils\AppData\Local\ElevatedDiagnostics
2021-02-16 12:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-16 12:45 - 2020-11-12 00:19 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-02-15 18:44 - 2018-12-16 00:08 - 000000000 ___DC C:\Users\nils\AppData\Roaming\obs-studio
2021-02-15 18:44 - 2018-12-16 00:08 - 000000000 ___DC C:\Users\nils\AppData\Roaming\obs-studio
2021-02-14 21:26 - 2019-06-21 23:19 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-13 01:39 - 2020-09-15 07:53 - 000636904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-13 01:39 - 2020-09-15 07:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-13 01:39 - 2019-11-25 22:30 - 000001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-02-13 01:39 - 2019-11-25 22:30 - 000001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-02-13 01:38 - 2019-12-07 15:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 01:38 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-12 22:24 - 2020-07-15 11:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-12 22:24 - 2020-07-15 11:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-12 20:58 - 2019-11-25 21:18 - 000000000 ____D C:\Users\nils\AppData\Roaming\.minecraft
2021-02-12 20:58 - 2019-11-25 21:18 - 000000000 ____D C:\Users\nils\AppData\Roaming\.minecraft
2021-02-12 20:46 - 2019-11-25 21:18 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-02-12 17:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 17:11 - 2018-06-27 20:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-12 17:10 - 2018-06-27 20:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-11 23:29 - 2018-06-27 19:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 12:18 - 2020-09-15 07:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 12:18 - 2020-09-15 07:58 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-10 21:30 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin
2021-02-10 21:30 - 2019-02-18 21:21 - 000000000 ____D C:\ProgramData\Origin
2021-02-10 21:30 - 2019-02-18 21:21 - 000000000 ____D C:\ProgramData\Origin
2021-02-10 18:17 - 2018-07-29 22:29 - 000000000 ___DC C:\Users\nils\Documents\Soundaufnahmen
2021-02-10 18:17 - 2018-07-29 22:29 - 000000000 ___DC C:\Users\nils\Documents\Soundaufnahmen
2021-02-09 21:11 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-09 21:11 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-08 15:28 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache
2021-02-08 15:28 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache
2021-02-05 20:58 - 2020-09-15 07:58 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 20:58 - 2020-09-15 07:58 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-05 13:43 - 2020-12-11 01:42 - 000001372 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk
2021-02-05 13:43 - 2020-12-11 01:42 - 000001372 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk
2021-02-05 13:43 - 2020-12-11 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]
2021-02-05 13:43 - 2020-12-11 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]
2021-02-01 01:22 - 2018-06-27 20:26 - 000000000 ___DC C:\Users\nils\AppData\Local\NVIDIA
2021-02-01 01:22 - 2018-06-27 20:26 - 000000000 ___DC C:\Users\nils\AppData\Local\NVIDIA
2021-01-27 22:05 - 2019-01-11 23:11 - 000000000 ____D C:\Temp
2021-01-27 21:38 - 2020-12-01 13:33 - 000003662 _____ C:\WINDOWS\system32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-24 18:33 - 2020-08-25 22:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-24 05:14 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Roaming\Origin
2021-01-24 05:14 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Roaming\Origin
2021-01-23 19:41 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-23 19:41 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Local\Origin
2021-01-23 19:41 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Local\Origin
2021-01-22 11:16 - 2020-09-15 07:58 - 000004286 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-01-22 11:16 - 2020-09-15 07:58 - 000004054 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-01-22 10:45 - 2018-06-27 19:45 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories ========

2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe
2020-10-11 02:54 - 2020-10-11 03:01 - 003228672 _____ () C:\Users\nils\AppData\Roaming\ScriptHookV.dll
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ () C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ () C:\Users\nils\AppData\Roaming\winscp.rnd
2020-10-21 00:43 - 2020-10-21 00:43 - 000002221 _____ () C:\Users\nils\AppData\Local\recently-used.xbel
2019-02-19 20:35 - 2020-12-24 19:44 - 000007607 _____ () C:\Users\nils\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

--- --- ---

Addition folgt

NTorak · 19.02.2021, 20:46

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-02-2021 01
Ran by nils (19-02-2021 20:37:22)
Running from C:\Users\nils\Desktop\FRST
Windows 10 Pro Version 2004 19041.804 (X64) (2020-09-15 06:58:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3449150419-271838051-1508037707-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3449150419-271838051-1508037707-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3449150419-271838051-1508037707-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3449150419-271838051-1508037707-501 - Limited - Disabled)
js (S-1-5-21-3449150419-271838051-1508037707-1001 - Administrator - Enabled) => C:\Users\js
nils (S-1-5-21-3449150419-271838051-1508037707-1002 - Administrator - Enabled) => C:\Users\nils
WDAGUtilityAccount (S-1-5-21-3449150419-271838051-1508037707-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.2.12.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{71667bbb-81ab-429c-aeb4-e43c31e8fe14}) (Version: 2.2.12.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{36aa03d4-9606-4f04-bf3e-a70ebe6650f3}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.9 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{2d85b111-aee4-468b-874b-a9272712f69b}) (Version: 1.0.9 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{ac3dc320-7e5e-4f22-9572-4c2119fcdf85}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.31 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{b31aaf98-0562-411d-a962-0c3d16a3527a}) (Version: 1.0.31 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM-x32\...\{a29279dc-f417-4442-8225-4db77f7d35b5}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.1.7 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{4f18ae01-4390-4b41-be3a-54ef4eacdd91}) (Version: 0.0.1.7 - ASUSTek COMPUTER INC. ) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{548dd834-70c5-4426-8065-fbeabdd2bb5d}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden
ASUS GPU TweakII (HKLM-x32\...\{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.0.3.1 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.0.3.1 - ASUSTek COMPUTER INC.)
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{210cdd08-c947-43a2-9378-bc288f651e41}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{3e9b91eb-5bb0-4272-8670-f88d353eb68b}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{add3bacc-578f-4bf9-97e3-a0f0c3ae3323}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM-x32\...\{cc37f609-4db9-4ce3-9e37-9cb1b432452e}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.26 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{dded177f-c7b2-4212-9c64-74884f3fd53b}) (Version: 1.0.26 - ASUS) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.64.43202 - Electronic Arts)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version:  - Blizzard Entertainment)
Camera (NVIDIA Broadcast) (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvVirtualCamera) (Version: 1.1.0.20 - NVIDIA Corporation) Hidden
Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
CORSAIR iCUE Software (HKLM-x32\...\{229E0F5D-0FE7-4468-B856-DDF1B089345F}) (Version: 3.33.246 - Corsair)
CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
CPUID HWMonitor 1.42 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.42 - CPUID, Inc.)
CurseForge (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.167.2.7 - Overwolf app)
Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: Build_3276551Change_4218285 - GOG.com)
Discord (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 116.4.368 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{8DA1B230-D82E-4A24-9237-363E2E1E2695}) (Version: 1.0.21.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{bb670f8d-3d66-4f36-8e60-02b71bb0a4e9}) (Version: 1.0.21.0 - Ene Tech.) Hidden
Epic Games Launcher (HKLM-x32\...\{42ECB1DB-6B44-4AEC-B112-98ECFF460EF6}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
FileZilla Client 3.39.0 (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\FileZilla Client) (Version: 3.39.0 - Tim Kosse)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Geeks3D FurMark 1.20.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2215.0 - Rockstar Games)
INNO3D TuneIT version 3.02 (HKLM-x32\...\INNO3D TuneIT_is1) (Version: 3.02 - )
inst (HKLM-x32\...\{F818E3E8-4C16-4D3B-894B-D8805F56D7DB}) (Version: 1.0.0.0 - Creative Software Solutions GmbH)
Intel(R) Computing Improvement Program (HKLM\...\{44C40B2E-7285-4A9F-A9BC-DF433772AAEE}) (Version: 2.4.05929 - Intel Corporation)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{d6cac989-7570-43fd-b147-e31d6280a3a6}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Legends of Runeterra (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Riot Game bacon.live) (Version:  - Riot Games, Inc)
LibreOffice 6.3.2.2 (HKLM\...\{6110D2CC-70B4-415E-AF5A-7BB496AB264B}) (Version: 6.3.2.2 - The Document Foundation)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:  - Logitech)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13628.20380 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 81.0.1 (x64 de) (HKLM\...\Mozilla Firefox 81.0.1 (x64 de)) (Version: 81.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
MSI Afterburner 4.6.2 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.2 Beta 3 - MSI Co., LTD)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA Broadcast (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIABroadcast) (Version: 1.1.0.20 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.45.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.45.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 22.0.2 - OBS Project)
OCCT 4.5.1 (HKLM-x32\...\OCCT) (Version: 4.5.1 - Ocbase.com)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20380 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
Opera GX Stable 73.0.3856.400 (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Opera GX 73.0.3856.400) (Version: 73.0.3856.400 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.92.46430 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.165.0.28 - Overwolf Ltd.)
Patriot Viper RGB (HKLM\...\{E42E13B0-071E-49C1-B1CC-58198E82F302}) (Version: 1.00.05 - Patriot Memory) Hidden
PBE (HKLM-x32\...\PBE 1.0) (Version: 1.0 - Riot Games, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.34.337 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
Sparialo (HKLM-x32\...\{3D581B7A-5251-4E7E-B381-ED890B068F04}) (Version: 1.0.0.0 - Sparialo)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SSDlife Free (HKLM-x32\...\{18302BF2-AA3C-46E3-B039-996FD0DB5639}) (Version: 2.5.82 - BinarySense Inc.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.10 - TeamSpeak Systems GmbH)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
TreeSize Free V4.4.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.1 - JAM Software)
Trident Z Lighting Control (HKLM-x32\...\{97CD7AFC-0ED3-41B8-9CCD-22717E8631D0}_is1) (Version: 1.00.18 - ENG)
Twitch (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version:  - Ubisoft)
WiinUSoft version 3.4 (HKLM\...\{1BFC4F9F-BB85-4CE3-AC22-0CBFF78D5EE4}_is1) (Version: 3.4 - Justin Keys)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Windows-Treiberpaket - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)
WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Epson Print and Scan -> C:\Program Files\WindowsApps\SEIKOEPSONCORPORATION.EpsonPrintandScan_1.1.0.0_x64__ezaqdwkaef94e [2019-07-23] (SEIKO EPSON CORPORATION)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-24] (Microsoft Corporation)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2020-12-31] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-18] (INTEL CORP)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-23] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10111.5575.0_x64__8wekyb3d8bbwe [2021-02-15] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21059.0_x64__8wekyb3d8bbwe [2021-02-15] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-01-22] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-22] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0 [2021-02-09] (Spotify AB) [Startup Task]
TranslucentTB -> C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj [2020-11-27] (Charles Milette) [Startup Task]
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2020-05-08] (VideoLAN)
Xbox Insider Hub -> C:\Program Files\WindowsApps\Microsoft.FlightDashboard_476.2101.8001.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\nils\Documents\Dropbox [2019-11-25 22:31]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-01-19 00:31 - 2019-01-19 00:30 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\libprotobufd.dll
2019-01-19 00:31 - 2019-01-19 00:30 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.31\ASACPI.DLL
2017-11-02 00:46 - 2011-08-30 13:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2017-11-02 00:46 - 2011-08-01 18:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
2020-07-29 10:46 - 2020-07-29 10:46 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\nils:Heroes & Generals [38]
AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> DefaultScope {510A6C65-1EB9-40FA-875E-0CE4E3F57394} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2021-02-18 17:03 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Android;C:\Windows\System32;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3449150419-271838051-1508037707-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3449150419-271838051-1508037707-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\nils\Pictures\Hintergründe\Texture_Multicolor_526935_2560x1440.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D10E5BF0-3FC3-415E-8EDF-292C4EAC8DC7}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{66F5097C-3590-48EA-B02C-0E4C18CE2AC4}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F517EA94-2023-4D32-8524-08315AB1385E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4C8A7E44-3ED5-4DFB-88AB-9AF7BB704C79}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{DE9FF1E0-97D0-4768-ABEF-C06F372ED0D6}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{5D6BCAE2-30E8-401E-97A8-1E81370F85D6}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{8204281B-BC5C-46A9-8AE6-572B21924ABA}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{5F5DE5A5-AFA9-40B7-A04A-ADB3DD6493FE}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{6F070B32-AABF-4919-95CC-CEC3AB299526}C:\users\nils\appdata\local\programs\opera gx\73.0.3856.400\opera.exe] => (Allow) C:\users\nils\appdata\local\programs\opera gx\73.0.3856.400\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{C88C55D4-119B-4F2A-985D-BE44538F6290}C:\users\nils\appdata\local\programs\opera gx\73.0.3856.400\opera.exe] => (Allow) C:\users\nils\appdata\local\programs\opera gx\73.0.3856.400\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{6D2C1D95-EC37-4439-92DF-413E190E3AF1}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{C2BEE2F4-A7C3-4C1E-8EAF-90B260BDFF48}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{DBCB13EE-084C-4D99-9DCF-EE9EA30ABDDA}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{04ADB42F-4FE8-4808-83AA-7F477CEC9113}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)

==================== Restore Points =========================

16-02-2021 12:59:17 DirectX wurde installiert
18-02-2021 20:59:53 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127
18-02-2021 21:00:00 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/19/2021 08:25:50 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/19/2021 08:22:28 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: NILS-PC)
Description: microsoft.windows.cortana_cw5n1h2txyewy-2147024893

Error: (02/19/2021 08:13:45 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/19/2021 08:12:21 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/19/2021 08:09:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: NILS-PC)
Description: microsoft.windows.cortana_cw5n1h2txyewy-2147024893

Error: (02/19/2021 08:09:02 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: NILS-PC)
Description: microsoft.windows.cortana_cw5n1h2txyewy-2147024893

Error: (02/19/2021 08:08:48 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/19/2021 08:08:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Users\nils\AppData\Local\chromium\Application\chrome.exe".
Die abhängige Assemblierung "63.0.3235.0,language="&#x2a;",type="win32",version="63.0.3235.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "LGHUB Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Corsair Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Restart the service.

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Graphics Command Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Restart the service.

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Restart the service.

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "DbxSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Windows Defender:
===============
Date: 2021-02-19 11:26:01
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Severe
Kategorie: Trojan Dropper
Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: NILS-PC\nils
Prozessname: C:\Users\nils\AppData\Roaming\nils.exe
Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-19 10:29:08
Description: 
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Pictures zu ändern.
Erkennungszeit: 2021-02-19T09:29:08.655Z
Benutzer: NILS-PC\nils
Pfad: %userprofile%\Pictures
Prozessname: C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Sicherheitsversion: 1.331.1308.0
Modulversion: 1.1.17800.5
Produktversion: 4.18.2101.9

Date: 2021-02-19 10:25:21
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Severe
Kategorie: Trojan Dropper
Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: NILS-PC\nils
Prozessname: C:\Users\nils\AppData\Roaming\nils.exe
Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-19 10:23:23
Description: 
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Pictures zu ändern.
Erkennungszeit: 2021-02-19T09:23:23.325Z
Benutzer: NILS-PC\nils
Pfad: %userprofile%\Pictures
Prozessname: C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Sicherheitsversion: 1.331.1308.0
Modulversion: 1.1.17800.5
Produktversion: 4.18.2101.9

Date: 2021-02-19 10:12:13
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Severe
Kategorie: Trojan Dropper
Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: NILS-PC\nils
Prozessname: C:\Users\nils\AppData\Roaming\nils.exe
Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Event[0]:

Date: 2021-02-18 22:51:33
Description: 
Fehler von Microsoft Defender Antivirus beim Herunterladen und Konfigurieren von Microsoft Defender Offline.
Fehlercode: 0x8000000a
Fehlerbeschreibung: The data necessary to complete this operation is not yet available. 

Date: 2021-02-18 22:51:06
Description: 
Fehler von Microsoft Defender Antivirus beim Herunterladen und Konfigurieren von Microsoft Defender Offline.
Fehlercode: 0x8000000a
Fehlerbeschreibung: The data necessary to complete this operation is not yet available. 

CodeIntegrity:
===============
Date: 2021-02-19 20:08:48
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.165.0.28\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-19 11:32:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-19 10:19:45
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.165.0.28\OWExplorer.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0411 09/21/2018
Motherboard: ASUSTeK COMPUTER INC. PRIME Z370-P II
Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 29%
Total physical RAM: 16313.35 MB
Available physical RAM: 11419.71 MB
Total Virtual: 38841.35 MB
Available Virtual: 32302.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.44 GB) (Free:57.33 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:176.29 GB) NTFS
Drive e: () (Removable) (Total:57.75 GB) (Free:57.74 GB) exFAT

\\?\Volume{52079eb2-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.47 GB) (Free:0.43 GB) NTFS
\\?\Volume{52079eb2-0000-0000-0000-101e00000000}\ (Volume) (Fixed) (Total:0.02 GB) (Free:0.01 GB) NTFS
\\?\Volume{52079eb2-0000-0000-0060-603b74000000}\ () (Fixed) (Total:0.83 GB) (Free:0.4 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 52079EB2)
Partition 1: (Active) - (Size=479 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=21 MB) - (Type=05)
Partition 3: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=852 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2FE87EA9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 57.8 GB) (Disk ID: 0F13A0A0)
Partition 1: (Not Active) - (Size=57.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

M-K-D-B · 19.02.2021, 21:39

Gut gemacht!

Schritt 1
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!

Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.

Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
CloseProcesses:
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Policies\Explorer: [NoWinKeys] 1
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
CMD: reg query "HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions" /S
CMD: reg query "HKLM\SOFTWARE\Microsoft\Edge\Extensions" /S
CMD: reg query "HKLM\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions"" /S
CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox" /S
CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox" /S
Edge HomePage: Default -> hxxp://www.go-setting.com/
C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh
Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
FF HKLM\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found
CHR Notifications: Default -> hxxps://de.softonic.com; hxxps://secrethitler.io; hxxps://vulkanvegas.com; hxxps://www.facebook.com; hxxps://www.royalpanda.com
CHR HomePage: Default -> hxxp://www.go-setting.com/
CHR StartupUrls: Default -> "hxxp://www.go-setting.com/"
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\Program Files (x86)\IObit
C:\Users\nils\AppData\Roaming\nils.exe
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
AlternateDataStreams: C:\Users\nils:Heroes & Generals [38]
AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16]
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> DefaultScope {510A6C65-1EB9-40FA-875E-0CE4E3F57394} URL = 
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
Hosts:
RemoveProxy:
SystemRestore: On 
EmptyTemp:
End::

Starte nun FRST und klicke direkt den Reparieren Button.
Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2

Starte FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort:

die Logdatei des FRST-Fix (fixlog.txt)
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

NTorak · 20.02.2021, 11:21

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-02-2021 01
Ran by nils (20-02-2021 11:10:21) Run:3
Running from C:\Users\nils\Desktop\FRST
Loaded Profiles: defaultuser0 & js & nils
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Policies\Explorer: [NoWinKeys] 1
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
CMD: reg query "HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions" /S
CMD: reg query "HKLM\SOFTWARE\Microsoft\Edge\Extensions" /S
CMD: reg query "HKLM\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions"" /S
CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox" /S
CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox" /S
Edge HomePage: Default -> hxxp://www.go-setting.com/
C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh
Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
FF HKLM\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found
CHR Notifications: Default -> hxxps://de.softonic.com; hxxps://secrethitler.io; hxxps://vulkanvegas.com; hxxps://www.facebook.com; hxxps://www.royalpanda.com
CHR HomePage: Default -> hxxp://www.go-setting.com/
CHR StartupUrls: Default -> "hxxp://www.go-setting.com/"
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit
2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\Program Files (x86)\IObit
C:\Users\nils\AppData\Roaming\nils.exe
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
AlternateDataStreams: C:\Users\nils:Heroes & Generals [38]
AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16]
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> DefaultScope {510A6C65-1EB9-40FA-875E-0CE4E3F57394} URL = 
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
Hosts:
RemoveProxy:
SystemRestore: On 
EmptyTemp:

*****************

Processes closed successfully.
"HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => removed successfully
"HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWinKeys" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"C:\ProgramData\NTUSER.pol" => not found

========= reg query "HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions" /S =========


HKEY_USERS\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh
    update_url    REG_SZ    https://extensionwebstorebase.edgesv.net/v1/crx


========= End of CMD: =========


========= reg query "HKLM\SOFTWARE\Microsoft\Edge\Extensions" /S =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh
    update_url    REG_SZ    https://extensionwebstorebase.edgesv.net/v1/crx


========= End of CMD: =========


========= reg query "HKLM\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions"" /S =========


========= End of CMD: =========


========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox" /S =========


HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
    {a06de0b3-b00f-472c-a34e-3a74b64d1747}    REG_SZ    C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs
    C:\Program Files\Mozilla Firefox    REG_SZ    308046B0AF4A39CB


========= End of CMD: =========


========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox" /S =========


HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox\Extensions
    {a06de0b3-b00f-472c-a34e-3a74b64d1747}    REG_SZ    C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox\TaskBarIDs
    C:\Program Files\Mozilla Firefox    REG_SZ    308046B0AF4A39CB


========= End of CMD: =========

"Edge HomePage" => removed successfully
C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh => moved successfully
HKLM\SOFTWARE\Microsoft\Edge\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh => removed successfully
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh => removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{a06de0b3-b00f-472c-a34e-3a74b64d1747}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{a06de0b3-b00f-472c-a34e-3a74b64d1747}" => removed successfully
"Chrome Notifications" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
C:\Users\nils\AppData\Roaming\IObit => moved successfully
"C:\Users\nils\AppData\Roaming\IObit" => not found
C:\Users\nils\AppData\LocalLow\IObit => moved successfully
"C:\Users\nils\AppData\LocalLow\IObit" => not found
C:\ProgramData\IObit => moved successfully
"C:\ProgramData\IObit" => not found
C:\Program Files (x86)\IObit => moved successfully
C:\Users\nils\AppData\Roaming\nils.exe => moved successfully
HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145} => removed successfully
HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
C:\Users\nils => ":Heroes & Generals" ADS removed successfully
C:\Users\nils\Anwendungsdaten => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
"C:\Users\nils\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
C:\Users\nils\AppData\Local\Temp => ":$DATA" ADS removed successfully
"C:\Users\nils\Anwendungsdaten" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"C:\Users\nils\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"C:\Users\nils\AppData\Local\Temp" => ":$DATA" ADS not found.
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Internet Explorer\Main\\"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully

========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= End of CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= End of CMD: =========


========= netsh advfirewall reset =========

OK.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= Set-MpPreference -PUAProtection Enabled =========

Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -PUAProtection Enabled
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 

========= End of Powershell: =========


========= Set-MpPreference -DisableScanningNetworkFiles 0 =========

Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -DisableScanningNetworkFiles 0
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 

========= End of Powershell: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3449150419-271838051-1508037707-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3449150419-271838051-1508037707-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

SystemRestore: On => completed

=========== EmptyTemp: ==========

BITS transfer queue => 12083200 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 61646431 B
Java, Flash, Steam htmlcache => 14118442 B
Windows/system/drivers => 227934944 B
Edge => 0 B
Chrome => 0 B
Brave => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 32134 B
NetworkService => 41678 B
defaultuser0 => 41678 B
js => 3243242 B
nils => 4595571 B

RecycleBin => 93925814 B
EmptyTemp: => 398.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:10:32 ====

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01
Ran by nils (administrator) on NILS-PC (20-02-2021 11:12:57)
Running from C:\Users\nils\Desktop\FRST
Loaded Profiles: nils
Platform: Windows 10 Pro Version 2004 19041.804 (X64) Language: Englisch (Großbritannien)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe <4>
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7269\Agent.exe
(Charles Milette) C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj\TranslucentTB\TranslucentTB.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.x64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdLauncher.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.) C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\hid.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Logitech Inc -> ) C:\Program Files\LGHUB\logi_analytics_client.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe <2>
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\upfc.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NvVirtualCamera\NVIDIA Virtual Camera.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Users\nils\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.165.0.28\OverwolfHelper.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.165.0.28\OverwolfHelper64.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe <3>
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Scarlet.Crush Productions) [File not signed] C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe <5>
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <4>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [Spectrum] => C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\HID.exe [1753104 2020-05-25] (G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.)
HKLM-x32\...\Run: [Inno3D] => C:\Program Files (x86)\INNO3D TuneIT\Inno3D.exe
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62636856 2020-11-13] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32898104 2021-02-16] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Chromium] => "c:\users\nils\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090464 2021-02-17] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [DiscordPTB] => C:\Users\nils\AppData\Local\DiscordPTB\app-0.0.55\DiscordPTB.exe
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2021-01-24] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [104586376 2021-02-18] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {91727cc2-da62-11ea-bcee-0492265d3edd} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {d80afba4-6f01-11eb-bd49-0492265d3edd} - "E:\OnePlus_setup.exe" /s
HKLM\...\Windows x64\Print Processors\OKX055PP: C:\Windows\System32\spool\prtprocs\x64\OKX055PP.DLL [52224 2015-12-25] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)
HKLM\...\Print\Monitors\EPSON WF-3540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJHE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558080 2011-08-30] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\Oki Language Monitor v2 x64: C:\WINDOWS\system32\OPPFLM64.DLL [24064 2011-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10923ACD-A6F3-46C9-8B05-FA036D45F27C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {14B7AE73-1437-44FC-B4CD-CB064266DC82} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {1555F223-102C-4FD6-B6AA-3FF7ED98058A} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [784880 2019-09-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {169A4A9F-5AB2-4859-BB79-105D4F7E0F5B} - System32\Tasks\TaskbarX NILS-PCnils => C:\Users\nils\AppData\Local\Temp\Rar$EXa15592.7440\TaskbarX.exe <==== ATTENTION
Task: {1BB8711B-BE48-42FB-9471-FCFD984EE7F6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CFF092D-CB8C-4697-A22E-C65E98842FAC} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002Core => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe
Task: {21AD196C-E033-4A17-8AB0-51729310AFC0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {247335EE-A7B9-443A-B7C4-14AD5DACB27E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {28EBA2B2-5857-4D18-B83C-B4BEFE4B6B64} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {32197A57-775D-4F2B-BADF-36EAF82B90C2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {334F71AD-EA0A-45C3-A6BF-D23B10278705} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {389005A7-88A2-4A2D-9B0D-221BF3779434} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49B6BC26-85D9-47CD-8037-109C0AE32EE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {64C72E17-56AC-4A10-8359-81CB62CBFA09} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {66CB8C64-C47E-4DE8-BC72-AE4F1B10190B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {6CC840F6-D3B1-4381-80D6-368E821AD608} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
Task: {708BEC20-0B26-4F36-9C8B-B3DDB92FF7D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {71112853-AD65-4846-8E55-E40FC38399A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {7478992B-7BB6-4BF1-A873-5E111E4C328B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {776DF5CB-61F3-413A-866C-67864EDC98A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {79FE0BF0-DF6B-4F3F-B627-2641C7B3C431} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7AFBADC6-5A92-4AD1-B4C6-825820AA6735} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498512 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {947A71B9-8265-4202-B1DF-31851FE6ECD4} - System32\Tasks\Opera GX scheduled Autoupdate 1593451427 => C:\Users\nils\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-02-16] (Opera Software AS -> Opera Software)
Task: {96FD5F58-83E0-4F87-BE57-8C5B4AE1AC73} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9755D7FA-2C11-4258-B363-6A045E7D0494} - System32\Tasks\Opera scheduled Autoupdate 1555368081 => C:\Users\nils\AppData\Local\Programs\Opera\launcher.exe
Task: {9C946B4F-522A-4DC7-A9DD-DF2925C43312} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A4035D2D-AABB-427C-B68E-FE5DE8C57307} - System32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe [8577776 2021-01-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A448EED5-27DE-4BDF-837A-18BA2E930140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)
Task: {AF840AC3-BAA2-43A2-9FF4-E39C018BA346} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002UA => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe
Task: {BDDB2636-5C15-45B7-A849-41EBC891643A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)
Task: {C83D387D-761A-4D40-AA38-0274BB58034C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8CDC2F0-A1CE-45E8-A86F-A88504F2F2B8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe
Task: {CAE80F57-588C-4CA0-8489-93BE2E1DC0EE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBFD160A-267A-4AC3-B7F9-BCE4026B204F} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3449150419-271838051-1508037707-1001 => C:\Users\nils\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {CC90B01F-54A3-4F48-9A32-4D63DFA4B7B8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)
Task: {D7486F2D-BB18-4E28-B718-83CF6A9FB91F} - System32\Tasks\{B557B444-21B0-41FD-B838-14D7E070A414} => "c:\windows\system32\launchwinapp.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=404
Task: {DD50F83C-FE08-4203-9695-5DB48F511782} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{49065b68-8f61-403d-b9dc-f5281de063c8}: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{84ffcfd2-bfa3-4511-899f-7ed5e75b8ecb}: [DhcpNameServer] 192.168.42.129

Edge: 
=======
Edge HomeButtonPage: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> hxxp://www.google.com
Edge Profile: C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-20]

FireFox:
========
FF DefaultProfile: ncucdlz8.default-1584820434065
FF ProfilePath: C:\Users\nils\AppData\Roaming\Mozilla\Firefox\Profiles\ncucdlz8.default-1584820434065 [2021-02-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default [2021-02-20]
CHR Extension: (Präsentationen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-16]
CHR Extension: (BetterTTV) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2020-12-23]
CHR Extension: (Docs) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-16]
CHR Extension: (Google Drive) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-16]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-31]
CHR Extension: (Watch2Gether) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2020-07-31]
CHR Extension: (Tabellen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Material Dark - MKBHD) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiplegjeipnjdpgkeccfccnahofbckad [2020-04-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-10]
CHR Extension: (Global Twitch Emotes) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgniedifoejifjkndekolimjeclnokkb [2020-06-15]
CHR Extension: (Google Mail) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-15]
CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]

Opera: 
=======
OPR Profile: C:\Users\nils\AppData\Roaming\Opera Software\Opera Stable [2021-02-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
StartMenuInternet: (HKU\S-1-5-21-3449150419-271838051-1508037707-1002) Opera GXStable - "C:\Users\nils\AppData\Local\Programs\Opera GX\Launcher.exe"

Brave: 
=======
BRA Profile: C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-02-18]
BRA Extension: (Brave Tracking Protection Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-01-19]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-01-19]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-01-19]
BRA Extension: (Brave Ad Block Updater (DEU: EasyList Germany)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\jmomcjcilfpbaaklkifaijjcnancamde [2019-01-19]
BRA Extension: (PDF Viewer) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-01-19]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-01-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe [419264 2019-01-11] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2019-01-19] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe [1919280 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-19] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [605096 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2017-08-12] (Scarlet.Crush Productions) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-07-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2020-12-23] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-12-08] (GOG Sp. z o.o. -> GOG.com)
S3 HnGSteamService; D:\Steam\steamapps\common\Heroes & Generals\hngservice.exe [788776 2021-02-17] (Reto-Moto ApS -> Reto-Moto ApS)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10887816 2021-02-18] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R2 NvBroadcast.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe [873272 2021-01-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1679240 2021-02-16] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Uncheater\ucldr_battlegrounds_gl.exe [6979584 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6862584 2020-12-31] (PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2019-01-19] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-01-19] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [33504 2019-01-01] (ASUSTeK Computer Inc. -> )
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60328 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-20] (CPUID S.A.R.L.U. -> CPUID)
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-19] (Malwarebytes Corporation -> Malwarebytes)
R1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45168 2018-05-07] (Logitech Inc -> Logitech Inc.)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\70065\driver_cpu_temperature\logi_core_temp.sys [25448 2021-02-18] (Logitech Inc. -> Logitech)
R3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [44088 2021-02-18] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2020-08-27] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2020-08-27] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2020-08-27] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-20] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-19] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-20] (Malwarebytes Inc -> Malwarebytes)
S3 MpKsl5ab3965f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C797E52-FBBE-450D-A683-B0B9D01D8515}\MpKslDrv.sys [47344 2021-02-18] (Microsoft Windows -> Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-08-12] (Bruce James -> Scarlet.Crush Productions)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2732984 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 ALSysIO; \??\C:\Users\nils\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-20 11:11 - 2021-02-20 11:11 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-20 11:11 - 2021-02-20 11:11 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-20 11:11 - 2021-02-20 11:11 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-20 11:11 - 2021-02-20 11:11 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-20 11:11 - 2021-02-20 11:11 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-02-20 11:09 - 2021-02-20 11:08 - 000006284 ____C C:\Users\nils\Desktop\Repair.txt
2021-02-19 20:11 - 2021-02-19 20:32 - 000000000 ____D C:\AdwCleaner
2021-02-19 20:09 - 2021-02-19 20:11 - 008463216 _____ (Malwarebytes) C:\Users\nils\Desktop\adwcleaner_8.1.exe
2021-02-19 11:32 - 2021-02-19 20:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-19 11:31 - 2021-02-19 11:32 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-19 11:31 - 2021-02-19 11:32 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-19 11:31 - 2021-02-19 11:31 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-19 11:31 - 2021-02-19 11:31 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\Users\nils\AppData\Local\mbam
2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-19 11:30 - 2021-02-19 11:30 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-19 00:34 - 2021-02-20 11:11 - 104071168 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-02-19 00:33 - 2021-02-19 00:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-02-18 23:10 - 2021-02-18 23:10 - 000398405 ____N C:\WINDOWS\Minidump\021821-6156-01.dmp
2021-02-18 23:06 - 2021-02-18 23:06 - 000425725 ____N C:\WINDOWS\Minidump\021821-6625-01.dmp
2021-02-18 23:00 - 2021-02-18 23:00 - 000002329 ____C C:\Users\js\Desktop\Microsoft Edge.lnk
2021-02-18 23:00 - 2021-02-18 23:00 - 000002324 ____C C:\Users\js\Desktop\Google Chrome.lnk
2021-02-18 23:00 - 2021-02-18 23:00 - 000000020 ___SH C:\Users\js\ntuser.ini
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ___RD C:\Users\js\3D Objects
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Roaming\NVIDIA
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\NVIDIA
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\Google
2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\ansel
2021-02-18 22:59 - 2021-02-18 22:59 - 000354567 ____N C:\WINDOWS\Minidump\021821-5750-01.dmp
2021-02-18 22:55 - 2021-02-18 22:55 - 000402001 ____N C:\WINDOWS\Minidump\021821-6000-01.dmp
2021-02-18 22:50 - 2021-02-18 22:50 - 000496531 ____N C:\WINDOWS\Minidump\021821-6640-01.dmp
2021-02-18 22:46 - 2021-02-18 22:46 - 000461205 ____N C:\WINDOWS\Minidump\021821-6515-01.dmp
2021-02-18 22:41 - 2021-02-18 22:41 - 000460721 ____N C:\WINDOWS\Minidump\021821-7000-01.dmp
2021-02-18 21:01 - 2021-02-20 11:11 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB
2021-02-18 21:01 - 2021-02-20 11:11 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB
2021-02-18 21:01 - 2021-02-18 21:01 - 004451384 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_render_apo.dll
2021-02-18 21:01 - 2021-02-18 21:01 - 002174656 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_capture_apo.dll
2021-02-18 21:01 - 2021-02-18 21:01 - 000000722 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\Program Files\LGHUB
2021-02-18 21:00 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\LGHUB
2021-02-18 20:59 - 2021-02-18 20:59 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-02-18 18:17 - 2021-02-18 18:17 - 000058855 _____ C:\Users\nils\Downloads\FRST (1).txt
2021-02-18 16:13 - 2021-02-18 16:14 - 000068315 _____ C:\Users\nils\Downloads\Addition.txt
2021-02-18 16:12 - 2021-02-18 16:14 - 000057813 _____ C:\Users\nils\Downloads\FRST.txt
2021-02-18 16:11 - 2021-02-20 11:12 - 000000000 ___DC C:\Users\nils\Desktop\FRST
2021-02-18 16:06 - 2021-02-20 11:13 - 000000000 ____D C:\FRST
2021-02-18 10:20 - 2021-02-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-02-17 16:43 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Mario
2021-02-17 16:42 - 2021-02-17 16:43 - 017165629 _____ C:\Users\nils\Desktop\New Super Mario Bros. (Europe) (En,Fr,De,Es,It).zip
2021-02-17 10:09 - 2021-02-16 12:58 - 000000883 ____C C:\Users\nils\Desktop\WiinUSoft.lnk
2021-02-16 15:20 - 2021-02-16 15:20 - 000001986 _____ C:\Users\nils\Desktop\pokemon_sonne_und_mond_kostenlos_downloaden.zip
2021-02-16 15:10 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Saves
2021-02-16 13:32 - 2021-02-16 13:32 - 000000000 ___DC C:\Users\nils\Documents\Server
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft
2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\Program Files\WiinUSoft
2021-02-16 12:58 - 2017-08-12 17:47 - 000039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys
2021-02-15 20:02 - 2021-02-16 15:05 - 000000000 ___DC C:\Users\nils\Desktop\Pokemon
2021-02-15 20:01 - 2021-02-15 20:02 - 050974335 _____ C:\Users\nils\Downloads\Pokemon - Platin-Edition (Germany).zip
2021-02-15 14:22 - 2021-02-15 14:22 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01 (1).mp4
2021-02-15 14:20 - 2021-02-15 14:20 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01.mp4
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-02-14 04:12 - 2021-02-14 04:12 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-02-13 01:39 - 2021-02-13 01:39 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2021-02-12 20:39 - 2021-02-12 20:39 - 000000000 ____D C:\Users\nils\.ngrok2
2021-02-12 20:36 - 2021-02-12 20:36 - 013819230 _____ C:\Users\nils\Downloads\ngrok-stable-windows-amd64.zip
2021-02-12 20:29 - 2021-02-12 20:32 - 000000051 ____C C:\Users\nils\Desktop\start.bat
2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 17:16 - 2021-02-12 17:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-12 17:16 - 2021-02-12 17:16 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-12 17:16 - 2021-02-12 17:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-10 15:40 - 2021-02-10 15:40 - 000052800 _____ C:\Users\nils\Downloads\9692940_2021_Nr.001_Kontoauszug_vom_29.01.2021_20210210034041.pdf
2021-02-01 18:41 - 2019-08-14 11:07 - 000000000 ____D C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ C:\Users\nils\AppData\Roaming\winscp.rnd
2021-02-01 18:39 - 2021-02-01 18:39 - 011155568 _____ (Martin Prikryl ) C:\Users\nils\Downloads\WinSCP-5.17.10-Setup.exe
2021-02-01 18:39 - 2021-02-01 18:39 - 000001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2021-02-01 18:39 - 2021-02-01 18:39 - 000000000 ____D C:\Program Files (x86)\WinSCP
2021-02-01 18:38 - 2021-02-01 18:39 - 292897167 _____ C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6.zip
2021-02-01 18:26 - 2021-02-01 18:26 - 005835761 _____ C:\Users\nils\Downloads\OptiFine_1.16.5_HD_U_G6.jar
2021-01-30 01:27 - 2021-02-20 11:11 - 000002170 ____C C:\Users\nils\Desktop\CurseForge.lnk
2021-01-30 01:27 - 2021-02-08 15:59 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000004382 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ____D C:\ProgramData\Overwolf
2021-01-30 01:26 - 2021-01-30 01:26 - 001386784 _____ (Overwolf Ltd.) C:\Users\nils\Downloads\CurseForge - LP-Installer.exe
2021-01-29 22:08 - 2021-01-29 22:08 - 000000000 ____D C:\Users\nils\AppData\Roaming\twitch-desktop-electron-platform
2021-01-27 21:38 - 2021-01-27 21:38 - 000002271 _____ C:\ProgramData\Desktop\NVIDIA Broadcast.lnk
2021-01-27 21:34 - 2021-01-27 21:35 - 245764976 _____ (NVIDIA Corporation) C:\Users\nils\Downloads\nvidia_broadcast_v1.1.0.20.exe
2021-01-27 17:30 - 2021-01-27 17:30 - 000055780 _____ C:\Users\nils\Downloads\9692940_2020_Nr.012_Kontoauszug_vom_31.12.2020_20210127053005.pdf
2021-01-27 17:30 - 2021-01-27 17:30 - 000041755 _____ C:\Users\nils\Downloads\9692940_2020_Mitteilung_vom_31.12.2020_20210127053013.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-20 11:13 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-20 11:11 - 2020-09-15 07:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-20 11:11 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-20 11:11 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf
2021-02-20 11:11 - 2019-01-22 14:43 - 000000000 ____D C:\Intel
2021-02-20 11:11 - 2018-06-27 19:54 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-20 11:10 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-20 11:10 - 2016-07-16 12:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-02-20 10:52 - 2020-12-02 02:05 - 000003124 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2021-02-20 00:22 - 2020-09-15 07:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-19 20:32 - 2018-07-28 12:38 - 000000000 ___DC C:\Users\nils\AppData\Local\Downloaded Installations
2021-02-19 20:12 - 2020-09-15 07:57 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-19 20:12 - 2020-09-15 00:13 - 000741490 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-19 20:12 - 2020-09-15 00:13 - 000149740 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-19 20:12 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-19 20:08 - 2019-11-01 23:12 - 000000000 ____D C:\Users\nils\AppData\Local\Battle.net
2021-02-19 11:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-19 11:43 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-19 11:39 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps
2021-02-19 11:32 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-18 23:46 - 2020-10-11 02:45 - 000000000 ___DC C:\Users\nils\Documents\Impulse
2021-02-18 23:36 - 2019-11-25 22:30 - 000000000 ____D C:\Users\nils\AppData\Local\Dropbox
2021-02-18 23:33 - 2020-09-15 00:33 - 000000000 ____D C:\Users\nils
2021-02-18 23:23 - 2019-11-02 17:50 - 000000000 ____D C:\WINDOWS\ShellNew
2021-02-18 23:21 - 2017-11-02 01:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-18 23:10 - 2020-12-03 09:29 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-18 23:00 - 2020-09-15 00:33 - 000000000 ____D C:\Users\js
2021-02-18 23:00 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-18 23:00 - 2017-11-02 01:43 - 000000000 ___DC C:\Users\js\AppData\Local\NVIDIA Corporation
2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\Packages
2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\ConnectedDevicesPlatform
2021-02-18 22:40 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord
2021-02-18 21:56 - 2018-06-29 21:37 - 000000000 ____D C:\ProgramData\Riot Games
2021-02-18 21:01 - 2020-03-30 22:10 - 000044088 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_audio_surround.sys
2021-02-18 20:06 - 2019-11-05 22:23 - 000000000 ____D C:\Program Files (x86)\Overwatch
2021-02-18 15:49 - 2020-09-15 07:58 - 000004184 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1593451427
2021-02-18 15:49 - 2020-06-29 18:23 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2021-02-18 15:26 - 2020-12-28 16:14 - 000000000 ____D C:\Users\nils\AppData\Local\Deployment
2021-02-18 15:26 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages
2021-02-18 10:20 - 2019-11-25 22:30 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-02-17 17:12 - 2019-10-12 17:22 - 000000000 ____D C:\Users\nils\AppData\Roaming\Twitch
2021-02-17 09:39 - 2019-11-01 23:12 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-02-16 13:09 - 2018-11-05 15:51 - 000000000 ___DC C:\Users\nils\AppData\Local\ElevatedDiagnostics
2021-02-16 12:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-16 12:45 - 2020-11-12 00:19 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-02-15 18:44 - 2018-12-16 00:08 - 000000000 ___DC C:\Users\nils\AppData\Roaming\obs-studio
2021-02-14 21:26 - 2019-06-21 23:19 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-13 01:39 - 2020-09-15 07:53 - 000636904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-13 01:39 - 2020-09-15 07:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-13 01:39 - 2019-11-25 22:30 - 000001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-02-13 01:39 - 2019-11-25 22:30 - 000001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-02-13 01:38 - 2019-12-07 15:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 01:38 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-12 22:24 - 2020-07-15 11:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-12 20:58 - 2019-11-25 21:18 - 000000000 ____D C:\Users\nils\AppData\Roaming\.minecraft
2021-02-12 20:46 - 2019-11-25 21:18 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-02-12 17:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 17:11 - 2018-06-27 20:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-12 17:10 - 2018-06-27 20:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-11 23:29 - 2018-06-27 19:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 12:18 - 2020-09-15 07:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 12:18 - 2020-09-15 07:58 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-10 21:30 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin
2021-02-10 21:30 - 2019-02-18 21:21 - 000000000 ____D C:\ProgramData\Origin
2021-02-10 18:17 - 2018-07-29 22:29 - 000000000 ___DC C:\Users\nils\Documents\Soundaufnahmen
2021-02-09 21:11 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-08 15:28 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache
2021-02-05 20:58 - 2020-09-15 07:58 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 20:58 - 2020-09-15 07:58 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-05 13:43 - 2020-12-11 01:42 - 000001372 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk
2021-02-05 13:43 - 2020-12-11 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]
2021-02-01 01:22 - 2018-06-27 20:26 - 000000000 ___DC C:\Users\nils\AppData\Local\NVIDIA
2021-01-27 22:05 - 2019-01-11 23:11 - 000000000 ____D C:\Temp
2021-01-27 21:38 - 2020-12-01 13:33 - 000003662 _____ C:\WINDOWS\system32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-24 18:33 - 2020-08-25 22:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-24 05:14 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Roaming\Origin
2021-01-23 19:41 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-23 19:41 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Local\Origin
2021-01-22 11:16 - 2020-09-15 07:58 - 000004286 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-01-22 11:16 - 2020-09-15 07:58 - 000004054 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-01-22 10:45 - 2018-06-27 19:45 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories ========

2020-10-11 02:54 - 2020-10-11 03:01 - 003228672 _____ () C:\Users\nils\AppData\Roaming\ScriptHookV.dll
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ () C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ () C:\Users\nils\AppData\Roaming\winscp.rnd
2020-10-21 00:43 - 2020-10-21 00:43 - 000002221 _____ () C:\Users\nils\AppData\Local\recently-used.xbel
2019-02-19 20:35 - 2020-12-24 19:44 - 000007607 _____ () C:\Users\nils\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

--- --- ---

Addition folgt

NTorak · 20.02.2021, 11:22

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-02-2021 01
Ran by nils (20-02-2021 11:14:04)
Running from C:\Users\nils\Desktop\FRST
Windows 10 Pro Version 2004 19041.804 (X64) (2020-09-15 06:58:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3449150419-271838051-1508037707-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3449150419-271838051-1508037707-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3449150419-271838051-1508037707-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3449150419-271838051-1508037707-501 - Limited - Disabled)
js (S-1-5-21-3449150419-271838051-1508037707-1001 - Administrator - Enabled) => C:\Users\js
nils (S-1-5-21-3449150419-271838051-1508037707-1002 - Administrator - Enabled) => C:\Users\nils
WDAGUtilityAccount (S-1-5-21-3449150419-271838051-1508037707-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.2.12.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{71667bbb-81ab-429c-aeb4-e43c31e8fe14}) (Version: 2.2.12.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{36aa03d4-9606-4f04-bf3e-a70ebe6650f3}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.9 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{2d85b111-aee4-468b-874b-a9272712f69b}) (Version: 1.0.9 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{ac3dc320-7e5e-4f22-9572-4c2119fcdf85}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.31 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{b31aaf98-0562-411d-a962-0c3d16a3527a}) (Version: 1.0.31 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM-x32\...\{a29279dc-f417-4442-8225-4db77f7d35b5}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.1.7 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{4f18ae01-4390-4b41-be3a-54ef4eacdd91}) (Version: 0.0.1.7 - ASUSTek COMPUTER INC. ) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{548dd834-70c5-4426-8065-fbeabdd2bb5d}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden
ASUS GPU TweakII (HKLM-x32\...\{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.0.3.1 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.0.3.1 - ASUSTek COMPUTER INC.)
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{210cdd08-c947-43a2-9378-bc288f651e41}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{3e9b91eb-5bb0-4272-8670-f88d353eb68b}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{add3bacc-578f-4bf9-97e3-a0f0c3ae3323}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM-x32\...\{cc37f609-4db9-4ce3-9e37-9cb1b432452e}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.26 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{dded177f-c7b2-4212-9c64-74884f3fd53b}) (Version: 1.0.26 - ASUS) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.64.43202 - Electronic Arts)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version:  - Blizzard Entertainment)
Camera (NVIDIA Broadcast) (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvVirtualCamera) (Version: 1.1.0.20 - NVIDIA Corporation) Hidden
Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
CORSAIR iCUE Software (HKLM-x32\...\{229E0F5D-0FE7-4468-B856-DDF1B089345F}) (Version: 3.33.246 - Corsair)
CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
CPUID HWMonitor 1.42 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.42 - CPUID, Inc.)
CurseForge (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.167.2.7 - Overwolf app)
Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: Build_3276551Change_4218285 - GOG.com)
Discord (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 116.4.368 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{8DA1B230-D82E-4A24-9237-363E2E1E2695}) (Version: 1.0.21.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{bb670f8d-3d66-4f36-8e60-02b71bb0a4e9}) (Version: 1.0.21.0 - Ene Tech.) Hidden
Epic Games Launcher (HKLM-x32\...\{42ECB1DB-6B44-4AEC-B112-98ECFF460EF6}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
FileZilla Client 3.39.0 (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\FileZilla Client) (Version: 3.39.0 - Tim Kosse)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Geeks3D FurMark 1.20.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2215.0 - Rockstar Games)
INNO3D TuneIT version 3.02 (HKLM-x32\...\INNO3D TuneIT_is1) (Version: 3.02 - )
inst (HKLM-x32\...\{F818E3E8-4C16-4D3B-894B-D8805F56D7DB}) (Version: 1.0.0.0 - Creative Software Solutions GmbH)
Intel(R) Computing Improvement Program (HKLM\...\{44C40B2E-7285-4A9F-A9BC-DF433772AAEE}) (Version: 2.4.05929 - Intel Corporation)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{d6cac989-7570-43fd-b147-e31d6280a3a6}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Legends of Runeterra (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Riot Game bacon.live) (Version:  - Riot Games, Inc)
LibreOffice 6.3.2.2 (HKLM\...\{6110D2CC-70B4-415E-AF5A-7BB496AB264B}) (Version: 6.3.2.2 - The Document Foundation)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:  - Logitech)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13628.20380 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 81.0.1 (x64 de) (HKLM\...\Mozilla Firefox 81.0.1 (x64 de)) (Version: 81.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
MSI Afterburner 4.6.2 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.2 Beta 3 - MSI Co., LTD)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA Broadcast (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIABroadcast) (Version: 1.1.0.20 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.45.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.45.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 22.0.2 - OBS Project)
OCCT 4.5.1 (HKLM-x32\...\OCCT) (Version: 4.5.1 - Ocbase.com)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20380 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
Opera GX Stable 73.0.3856.400 (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Opera GX 73.0.3856.400) (Version: 73.0.3856.400 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.92.46430 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.165.0.28 - Overwolf Ltd.)
Patriot Viper RGB (HKLM\...\{E42E13B0-071E-49C1-B1CC-58198E82F302}) (Version: 1.00.05 - Patriot Memory) Hidden
PBE (HKLM-x32\...\PBE 1.0) (Version: 1.0 - Riot Games, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.34.337 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
Sparialo (HKLM-x32\...\{3D581B7A-5251-4E7E-B381-ED890B068F04}) (Version: 1.0.0.0 - Sparialo)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SSDlife Free (HKLM-x32\...\{18302BF2-AA3C-46E3-B039-996FD0DB5639}) (Version: 2.5.82 - BinarySense Inc.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.10 - TeamSpeak Systems GmbH)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
TreeSize Free V4.4.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.1 - JAM Software)
Trident Z Lighting Control (HKLM-x32\...\{97CD7AFC-0ED3-41B8-9CCD-22717E8631D0}_is1) (Version: 1.00.18 - ENG)
Twitch (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version:  - Ubisoft)
WiinUSoft version 3.4 (HKLM\...\{1BFC4F9F-BB85-4CE3-AC22-0CBFF78D5EE4}_is1) (Version: 3.4 - Justin Keys)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Windows-Treiberpaket - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)
WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Epson Print and Scan -> C:\Program Files\WindowsApps\SEIKOEPSONCORPORATION.EpsonPrintandScan_1.1.0.0_x64__ezaqdwkaef94e [2019-07-23] (SEIKO EPSON CORPORATION)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-24] (Microsoft Corporation)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2020-12-31] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-18] (INTEL CORP)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-23] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10111.5575.0_x64__8wekyb3d8bbwe [2021-02-15] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21059.0_x64__8wekyb3d8bbwe [2021-02-15] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-01-22] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-22] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0 [2021-02-09] (Spotify AB) [Startup Task]
TranslucentTB -> C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj [2020-11-27] (Charles Milette) [Startup Task]
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2020-05-08] (VideoLAN)
Xbox Insider Hub -> C:\Program Files\WindowsApps\Microsoft.FlightDashboard_476.2101.8001.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\nils\Documents\Dropbox [2019-11-25 22:31]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-01-19 00:31 - 2019-01-19 00:30 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\libprotobufd.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 104873984 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\libcef.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000112128 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\libEGL.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 006227456 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\libGLESv2.dll
2020-08-31 19:30 - 2020-08-31 19:30 - 000351744 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll
2020-08-31 18:56 - 2020-08-31 18:56 - 000759296 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll
2020-08-31 18:57 - 2020-08-31 18:57 - 000743424 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll
2020-08-31 18:55 - 2020-08-31 18:55 - 000530944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll
2020-08-31 18:56 - 2020-08-31 18:56 - 000200704 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll
2020-08-31 18:55 - 2020-08-31 18:55 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2020-08-31 18:55 - 2020-08-31 18:55 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2019-09-29 18:18 - 2019-09-29 18:18 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-09-29 18:18 - 2019-09-29 18:18 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-09-29 18:18 - 2019-09-29 18:18 - 000650240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-09-29 18:18 - 2019-09-29 18:18 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-09-29 18:18 - 2019-09-29 18:18 - 000369664 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2019-01-19 00:31 - 2019-01-19 00:30 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.31\ASACPI.DLL
2020-11-27 00:47 - 2020-11-27 00:47 - 000059392 _____ (by nICO (chick80@libero.it) - 2004. Modified by TranslucentTB devs) [File not signed] C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj\TranslucentTB\CPicker.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000095744 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000212992 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000438272 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL
2017-11-02 00:46 - 2013-12-24 01:00 - 000385024 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000536576 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000274432 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000327680 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000253952 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2017-11-02 00:46 - 2013-12-23 17:00 - 000081920 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2017-11-02 00:46 - 2013-12-23 17:00 - 000090112 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2017-11-02 00:46 - 2013-12-23 17:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2017-11-02 00:46 - 2013-12-23 17:00 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2017-11-02 00:46 - 2013-12-23 17:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2017-11-02 00:46 - 2013-12-23 17:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2017-11-02 00:46 - 2011-08-30 13:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2017-11-02 00:46 - 2011-08-01 18:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
2017-11-02 00:46 - 2013-12-24 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll
2020-07-29 10:46 - 2020-07-29 10:46 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-06-16 16:28 - 2020-06-16 16:28 - 001918464 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000810496 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\chrome_elf.dll
2020-11-19 01:51 - 2020-11-19 01:50 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-11-19 01:51 - 2020-11-19 01:50 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-07-29 22:51 - 2020-07-29 22:51 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2020-07-29 22:51 - 2020-07-29 22:51 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
2020-11-19 01:51 - 2020-11-19 01:50 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-02-10 21:30 - 2020-11-19 01:50 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-02-10 21:30 - 2020-11-19 01:50 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-02-10 21:30 - 2020-11-19 01:50 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-02-10 21:30 - 2020-11-19 01:50 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-02-10 21:30 - 2020-11-19 01:50 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-02-10 21:30 - 2020-11-19 01:50 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qgif.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qico.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qjpeg.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000223744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qmng.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qsvg.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qtiff.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 001140224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\platforms\qwindows.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000041984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQml\Models.2\modelsplugin.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick.2\qtquick2plugin.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000084480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000071680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000211456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick\Window.2\windowplugin.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 004943360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Core.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 005022208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Gui.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000626176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Multimedia.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000877056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Network.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 002908672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Qml.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 003078656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Quick.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000096256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5QuickControls2.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000681472 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5QuickTemplates2.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000259072 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Svg.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 004718080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Widgets.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000439296 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5WinExtras.dll
2021-02-17 00:29 - 2021-02-17 00:29 - 000159232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2021-02-20 11:10 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Android;C:\Windows\System32;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3449150419-271838051-1508037707-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3449150419-271838051-1508037707-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\nils\Pictures\Hintergründe\Texture_Multicolor_526935_2560x1440.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{EC468066-6BDB-4FCF-AF52-EA95A7571FD5}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{0B3E8262-EE89-49CB-8A64-25FCBBE49790}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{82BB0DDE-66E1-4A65-91D4-2177D6945DDC}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{FAFD95A1-BC3E-4A8E-82F6-22D1B0D7A038}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

16-02-2021 12:59:17 DirectX wurde installiert
18-02-2021 20:59:53 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127
18-02-2021 21:00:00 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/20/2021 11:13:56 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/20/2021 11:11:55 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/20/2021 11:11:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Users\nils\AppData\Local\chromium\Application\chrome.exe".
Die abhängige Assemblierung "63.0.3235.0,language="&#x2a;",type="win32",version="63.0.3235.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/20/2021 11:07:48 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: NILS-PC)
Description: microsoft.windows.cortana_cw5n1h2txyewy-2147024893

Error: (02/20/2021 10:58:40 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/20/2021 10:55:38 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/20/2021 10:53:37 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/20/2021 10:53:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Users\nils\AppData\Local\chromium\Application\chrome.exe".
Die abhängige Assemblierung "63.0.3235.0,language="&#x2a;",type="win32",version="63.0.3235.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/20/2021 11:11:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "cplspcon" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler

Error: (02/20/2021 11:10:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das Medium ist schreibgeschützt.

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Corsair Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Restart the service.

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Corsair LLA Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Restart the service.

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Broadcast LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Restart the service.

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "DbxSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Restart the service.

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "LGHUB Updater Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.


Windows Defender:
===============
Date: 2021-02-19 11:26:01
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Severe
Kategorie: Trojan Dropper
Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: NILS-PC\nils
Prozessname: C:\Users\nils\AppData\Roaming\nils.exe
Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-19 10:29:08
Description: 
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Pictures zu ändern.
Erkennungszeit: 2021-02-19T09:29:08.655Z
Benutzer: NILS-PC\nils
Pfad: %userprofile%\Pictures
Prozessname: C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Sicherheitsversion: 1.331.1308.0
Modulversion: 1.1.17800.5
Produktversion: 4.18.2101.9

Date: 2021-02-19 10:25:21
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Severe
Kategorie: Trojan Dropper
Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: NILS-PC\nils
Prozessname: C:\Users\nils\AppData\Roaming\nils.exe
Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-19 10:23:23
Description: 
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Pictures zu ändern.
Erkennungszeit: 2021-02-19T09:23:23.325Z
Benutzer: NILS-PC\nils
Pfad: %userprofile%\Pictures
Prozessname: C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Sicherheitsversion: 1.331.1308.0
Modulversion: 1.1.17800.5
Produktversion: 4.18.2101.9

Date: 2021-02-19 10:12:13
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Severe
Kategorie: Trojan Dropper
Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: NILS-PC\nils
Prozessname: C:\Users\nils\AppData\Roaming\nils.exe
Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Event[0]:

Date: 2021-02-18 22:51:33
Description: 
Fehler von Microsoft Defender Antivirus beim Herunterladen und Konfigurieren von Microsoft Defender Offline.
Fehlercode: 0x8000000a
Fehlerbeschreibung: The data necessary to complete this operation is not yet available. 

Date: 2021-02-18 22:51:06
Description: 
Fehler von Microsoft Defender Antivirus beim Herunterladen und Konfigurieren von Microsoft Defender Offline.
Fehlercode: 0x8000000a
Fehlerbeschreibung: The data necessary to complete this operation is not yet available. 

CodeIntegrity:
===============
Date: 2021-02-19 20:08:48
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.165.0.28\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-19 11:32:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-19 10:19:45
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.165.0.28\OWExplorer.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0411 09/21/2018
Motherboard: ASUSTeK COMPUTER INC. PRIME Z370-P II
Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 36%
Total physical RAM: 16313.35 MB
Available physical RAM: 10381.97 MB
Total Virtual: 38841.35 MB
Available Virtual: 28946.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.44 GB) (Free:56.45 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:176.29 GB) NTFS
Drive e: () (Removable) (Total:57.75 GB) (Free:57.73 GB) exFAT

\\?\Volume{52079eb2-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.47 GB) (Free:0.43 GB) NTFS
\\?\Volume{52079eb2-0000-0000-0000-101e00000000}\ (Volume) (Fixed) (Total:0.02 GB) (Free:0.01 GB) NTFS
\\?\Volume{52079eb2-0000-0000-0060-603b74000000}\ () (Fixed) (Total:0.83 GB) (Free:0.4 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 52079EB2)
Partition 1: (Active) - (Size=479 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=21 MB) - (Type=05)
Partition 3: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=852 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2FE87EA9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 57.8 GB) (Disk ID: 0F13A0A0)
Partition 1: (Not Active) - (Size=57.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

M-K-D-B · 20.02.2021, 11:43

Gut gemacht!
Wir haben es bald geschafft.

Schritt 1
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!

Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.

Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
cmd: dir /a c:\users
Unlock: C:\FRST\Quarantine\C\Users\nils
Zip: C:\FRST\Quarantine\C\Users\nils\AppData
Reboot:
End::

Starte nun FRST und klicke direkt den Reparieren Button.
Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Mit Schritt 1 wurde ein .zip Archiv mit dem Schema < Datum_Uhrzeit.zip > (z. B. 20.02.2021_11.33.52.zip) auf deinem Desktop bzw. dem Ordner, in dem sich FRST befindet, erstellt.

Besuche die Seite Submit a Malware Sample auf BleepingComputer.
Klicke auf Durchsuchen.
Wähle das erstellte .zip Archiv aus und klicke auf Öffnen.
Schreibe in das untere, leere Textfeld für M-K-D-B hinein und klicke auf den darunter liegenden Button Daten absenden.
Vielen Dank für deine Mitarbeit. Die hochgeladenen Dateien dienen zur Verbesserung der verwendeten Programme.

Schritt 3
Führe RogueKiller Anti-Malware gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.

Bitte poste mit deiner nächsten Antwort:

die Logdatei des FRST-Fix (fixlog.txt)
eine Rückmeldung bezüglich des Hochladens des .zip Archivs
die Logdatei von RogueKiller

NTorak · 20.02.2021, 12:11

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-02-2021
Ran by nils (20-02-2021 11:51:04) Run:4
Running from C:\Users\nils\Desktop\FRST
Loaded Profiles: nils
Boot Mode: Normal
==============================================

fixlist content:
*****************
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
cmd: dir /a c:\users
Unlock: C:\FRST\Quarantine\C\Users\nils
Zip: C:\FRST\Quarantine\C\Users\nils\AppData
Reboot:

*****************

C:\ProgramData\NTUSER.pol => moved successfully

========= dir /a c:\users =========

  V o l u m e   i n   L a u f w e r k   C :   h a t   k e i n e   B e z e i c h n u n g . 
 
   V o l u m e s e r i e n n u m m e r :   6 0 3 3 - 2 7 1 C 
 
 
 
   V e r z e i c h n i s   v o n   c : \ u s e r s 
 
 
 
 1 5 . 0 9 . 2 0 2 0     0 0 : 3 3         < D I R >                     . 
 
 1 5 . 0 9 . 2 0 2 0     0 0 : 3 3         < D I R >                     . . 
 
 0 7 . 1 2 . 2 0 1 9     1 0 : 3 0         < S Y M L I N K D >           A l l   U s e r s   [ C : \ P r o g r a m D a t a ] 
 
 1 5 . 0 9 . 2 0 2 0     0 7 : 5 8         < D I R >                     D e f a u l t 
 
 0 7 . 1 2 . 2 0 1 9     1 0 : 3 0         < J U N C T I O N >           D e f a u l t   U s e r   [ C : \ U s e r s \ D e f a u l t ] 
 
 1 5 . 0 9 . 2 0 2 0     0 7 : 5 5         < D I R >                     d e f a u l t u s e r 0 
 
 0 7 . 1 2 . 2 0 1 9     1 0 : 1 2                               1 7 4   d e s k t o p . i n i 
 
 1 8 . 0 2 . 2 0 2 1     2 3 : 0 0         < D I R >                     j s 
 
 1 8 . 0 2 . 2 0 2 1     2 3 : 3 3         < D I R >                     n i l s 
 
 1 5 . 0 9 . 2 0 2 0     0 7 : 5 2         < D I R >                     P u b l i c 
 
                               1   D a t e i ( e n ) ,                         1 7 4   B y t e s 
 
                               9   V e r z e i c h n i s ( s e ) ,   6 0 . 4 9 7 . 0 3 9 . 3 6 0   B y t e s   f r e i 
 
 
========= End of CMD: =========

"C:\FRST\Quarantine\C\Users\nils" => was unlocked
================== Zip: ===================
C:\FRST\Quarantine\C\Users\nils\AppData -> copied successfully to C:\Users\nils\Desktop\20.02.2021_11.51.04.zip
=========== Zip: End ===========


The system needed a reboot.

==== End of Fixlog 11:51:06 ====

Das .zip Archiv habe ich nach Anleitung hochgeladen, hat einwandfrei funktioniert.

Code:

ATTFilter

RogueKiller Anti-Malware V14.8.5.0 (x64) [Feb 12 2021] (Free) von Adlice Software
Mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Betriebssystem : Windows 10 (10.0.19041) 64 bits
Gestartet in : Normaler Modus
Benutzer : nils [Administrator]
Gestartet von : C:\Users\nils\Desktop\RogueKiller_portable64.exe
Signaturen : 20210219_090434, Treiber : Geladen
Modus : Standard-Scan, Löschen -- Datum : 2021/02/20 12:03:12 (Dauer : 00:04:49)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Löschen ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potenziell bösartig)] \TaskbarX NILS-PCnils -- C:\Users\nils\AppData\Local\Temp\Rar$EXa15592.7440\TaskbarX.exe (-tbs=0 -color=0;0;0;50 -as=cubiceaseinout -obas=cubiceaseinout -asp=300 -ptbo=0 -stbo=0 -lr=400 -oblr=400 -sr=0 -cpo=1 -ftotc=1) -> Gelöscht
[PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\.DEFAULT\Software\OCS --  -> Gelöscht
[PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-21-3449150419-271838051-1508037707-1002\Software\OCS --  -> Gelöscht
[PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Tencent --  -> Gelöscht
[PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-18\Software\OCS --  -> Gelöscht
[PUP.Gen1 (Potenziell bösartig)] HKEY_LOCAL_MACHINE\Software\AppDataLow\Tencent --  -> Gelöscht
[PUP.Gen1 (Potenziell bösartig)] HKEY_LOCAL_MACHINE\Software\AppDataLow\Tencent --  -> Gelöscht
[PUM.Policies (Potenziell bösartig)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin --  -> Ersetzt (2)

Eine Frage habe ich:
RogueKiller hat TaskbarX als potenziell bösartig identifiziert und gelöscht. Kann ich mir das Programm wieder herunterladen oder sollte ich davon lieber die Finger lassen?

M-K-D-B · 20.02.2021, 15:54

Zitat:

Zitat von NTorak

RogueKiller hat TaskbarX als potenziell bösartig identifiziert und gelöscht. Kann ich mir das Programm wieder herunterladen oder sollte ich davon lieber die Finger lassen?

Das scheint ein Fehlalarm gewesen zu sein, das kannst du wieder verwenden.
Ich werde das an den Entwickler weiterleiten, damit er das beheben kann.

Danke für den Upload!

Schritt 1

Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
Kopiere den gesamten Inhalt der folgenden Code-Box:
Code:
ATTFilter
```
Start::
DeleteQuarantine:
Unlock: C:\FRST
Reboot:
End::
         
```
Starte nun FRST und klicke direkt den Reparieren Button.
Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Auf deinem Computer fehlt das aktuelle Funktionsupdate Version 20H2.

Zitat:

Platform: Windows 10 Pro Version 2004

Folge dem Pfad Start > Einstellungen > Update und Sicherheit > Windows Update und klicke auf Nach Updates suchen.
Wähle das Funktionsupdates aus, downloade und installiere es.
Alternativ kannst du auch mit dem Update Assistenten deine Windows-Version auf den neuesten Stand bringen.
Klicke dazu auf Jetzt aktualisieren, lade dir den Update-Assistenten herunter und führe ihn aus.

Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:

Lesestoff:
Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners

Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...

Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.

Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

NTorak · 20.02.2021, 16:21

Der letzte Log:

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-02-2021 01
Ran by nils (20-02-2021 15:58:02) Run:5
Running from C:\Users\nils\Desktop\FRST
Loaded Profiles: nils
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteQuarantine:
Unlock: C:\FRST
Reboot:

*****************

"C:\FRST\Quarantine" => removed successfully
"C:\FRST" => was unlocked


The system needed a reboot.

==== End of Fixlog 15:58:02 ====

Windows ist jetzt aktualisiert. Lesestoff habe ich jetzt auch durch.

Ich danke vielmals für die Hilfe!
Kompetente Hilfe zu bekommen ist immer schön. Das Forum schaue ich mir jetzt auch noch ein wenig an, gibt ja schließlich als Nutzer vieles was man noch positiv veränden kann.
Ich werde auf euer Forum verweisen, falls Bekannte von mir mal ähnliche Probleme haben sollten.

PS:Eine kleine Spende gibts von mir auch noch.

M-K-D-B · 20.02.2021, 17:52

Vielen Dank für die Spende. Sie dient zur Erhaltung des Forums.

Wir sind froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

20.02.2021, 17:52	#12
M-K-D-B /// TB-Ausbilder	TrojanDropper:Win64/Tnega!MSR (Windows 10) Vielen Dank für die Spende. Sie dient zur Erhaltung des Forums. Wir sind froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

TrojanDropper:Win64/Tnega!MSR (Windows 10)

Log-Analyse und Auswertung: TrojanDropper:Win64/Tnega!MSR (Windows 10)