Windows 11 Pro: Policy in Edge Browser nicht deaktivierbar, lädt activeserachbar.me Hijacker Erweiterung

M-K-D-B · 26.06.2022, 09:50

Vielen Dank.

Schritt 1

Starte Microsoft Edge.
Klicke Rechts oben auf Einstellungen und mehr.
Klicke auf Einstellungen.
Klicke auf Datenschutz, Suche und Dienste.
Klicke im Bereich Browserdaten löschen auf Zu löschende Elemente auswählen.
Wähle Gesamte Zeit aus und setze überall ein Häkchen und klicke auf Jetzt löschen.
Schließe Microsoft Edge wieder.

Schritt 2
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!

Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.

Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\eb1a0fbb-fc70-428e-97f1-fa7080894806
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eb1a0fbb-fc70-428e-97f1-fa7080894806
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\eb1a0fbb-fc70-428e-97f1-fa7080894806
DeleteKey: HKEY_USERS\S-1-5-21-1424437550-2087844553-323541659-1001\Software\eb1a0fbb-fc70-428e-97f1-fa7080894806
C:\Windows\ShellServiceLog
CMD: type "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Setup.lnk"
Unlock: C:\Users\Pauli\AppData\Roaming\Setup
Folder: C:\Users\Pauli\AppData\Roaming\Setup
Unlock: C:\Users\Pauli\AppData\Local\setup-updater
Folder: C:\Users\Pauli\AppData\Local\setup-updater
EmptyTemp:
End::

Starte nun FRST und klicke direkt den Reparieren Button.
Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort:

eine Rückmeldung bezüglich Edge
die Logdatei des FRST-Fix (fixlog.txt)

metoo003 · 26.06.2022, 13:23

Edge wurde zurückgesetzt bzw. alle Browserdaten, gelöscht (Schritt 1).

Fixlog wurde inkl. Reboot, durchgeführt.

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-06-2022 01
Ran by Administrator (26-06-2022 14:20:02) Run:4
Running from C:\Users\Pauli\Desktop
Loaded Profiles: Pauli & Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\eb1a0fbb-fc70-428e-97f1-fa7080894806
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eb1a0fbb-fc70-428e-97f1-fa7080894806
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\eb1a0fbb-fc70-428e-97f1-fa7080894806
DeleteKey: HKEY_USERS\S-1-5-21-1424437550-2087844553-323541659-1001\Software\eb1a0fbb-fc70-428e-97f1-fa7080894806
C:\Windows\ShellServiceLog
CMD: type "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Setup.lnk"
Unlock: C:\Users\Pauli\AppData\Roaming\Setup
Folder: C:\Users\Pauli\AppData\Roaming\Setup
Unlock: C:\Users\Pauli\AppData\Local\setup-updater
Folder: C:\Users\Pauli\AppData\Local\setup-updater
EmptyTemp:

*****************

HKEY_LOCAL_MACHINE\SOFTWARE\eb1a0fbb-fc70-428e-97f1-fa7080894806 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eb1a0fbb-fc70-428e-97f1-fa7080894806 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\eb1a0fbb-fc70-428e-97f1-fa7080894806 => removed successfully
HKEY_USERS\S-1-5-21-1424437550-2087844553-323541659-1001\Software\eb1a0fbb-fc70-428e-97f1-fa7080894806 => removed successfully
C:\Windows\ShellServiceLog => moved successfully

========= type "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Setup.lnk" =========

Das System kann die angegebene Datei nicht finden.

========= End of CMD: =========

"C:\Users\Pauli\AppData\Roaming\Setup" => was unlocked

========================= Folder: C:\Users\Pauli\AppData\Roaming\Setup ========================

2022-05-13 19:14 - 2022-05-13 19:45 - 000000111 ____A [285252A2F6327D41EAB203DC2F402C67] () C:\Users\Pauli\AppData\Roaming\Setup\Network Persistent State
2022-05-13 19:14 - 2022-06-21 18:11 - 000000054 ____A [CD2A33EF74950D0C2E037A136CB4DCED] () C:\Users\Pauli\AppData\Roaming\Setup\Preferences
2022-05-13 19:14 - 2022-06-21 18:11 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\blob_storage
2022-06-21 18:11 - 2022-06-21 18:11 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\blob_storage\7cd9335b-8831-44da-8904-cfc16c71a7bb
2022-05-13 19:14 - 2022-05-13 19:14 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\Code Cache
2022-05-13 19:14 - 2022-05-13 19:14 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\Code Cache\js
2022-05-13 19:14 - 2022-05-13 19:14 - 000000024 ____A [54CB446F628B2EA4A5BCE5769910512E] () C:\Users\Pauli\AppData\Roaming\Setup\Code Cache\js\index
2022-05-13 19:14 - 2022-05-13 19:14 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\Code Cache\js\index-dir
2022-05-13 19:14 - 2022-05-13 19:14 - 000000048 ____A [D8BF1B1E9493B95E3A46A5AE00F80DDC] () C:\Users\Pauli\AppData\Roaming\Setup\Code Cache\js\index-dir\the-real-index
2022-05-13 19:14 - 2022-05-13 19:14 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\Code Cache\wasm
2022-05-13 19:14 - 2022-05-13 19:14 - 000000024 ____A [54CB446F628B2EA4A5BCE5769910512E] () C:\Users\Pauli\AppData\Roaming\Setup\Code Cache\wasm\index
2022-05-13 19:14 - 2022-05-13 19:14 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\Code Cache\wasm\index-dir
2022-05-13 19:14 - 2022-05-13 19:14 - 000000048 ____A [731C8273EC19DD69F8295A74F1C02F84] () C:\Users\Pauli\AppData\Roaming\Setup\Code Cache\wasm\index-dir\the-real-index
2022-05-13 19:14 - 2022-05-13 19:14 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\Dictionaries
2022-05-13 19:14 - 2022-05-13 19:14 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\GPUCache
2022-05-13 19:14 - 2022-05-13 19:14 - 000008192 ____A [CF89D16BB9107C631DAABF0C0EE58EFB] () C:\Users\Pauli\AppData\Roaming\Setup\GPUCache\data_0
2022-05-13 19:14 - 2022-06-21 18:39 - 000270336 ____A [6535F23BEFA610319418F4B0788D4A90] () C:\Users\Pauli\AppData\Roaming\Setup\GPUCache\data_1
2022-05-13 19:14 - 2022-05-13 19:14 - 000008192 ____A [0962291D6D367570BEE5454721C17E11] () C:\Users\Pauli\AppData\Roaming\Setup\GPUCache\data_2
2022-05-13 19:14 - 2022-05-13 19:14 - 000008192 ____A [41876349CB12D6DB992F1309F22DF3F0] () C:\Users\Pauli\AppData\Roaming\Setup\GPUCache\data_3
2022-05-13 19:14 - 2022-05-13 19:14 - 000262512 ____A [D0B2907CDCD4A361D1FF51D004D93C12] () C:\Users\Pauli\AppData\Roaming\Setup\GPUCache\index
2022-05-13 19:14 - 2022-05-13 19:14 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\Local Storage
2022-05-13 19:14 - 2022-06-21 18:11 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\Local Storage\leveldb
2022-05-13 19:14 - 2022-05-13 19:14 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Pauli\AppData\Roaming\Setup\Local Storage\leveldb\000003.log
2022-05-13 19:14 - 2022-05-13 19:14 - 000000016 ____A [46295CAC801E5D4857D09837238A6394] () C:\Users\Pauli\AppData\Roaming\Setup\Local Storage\leveldb\CURRENT
2022-05-13 19:14 - 2022-05-13 19:14 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Pauli\AppData\Roaming\Setup\Local Storage\leveldb\LOCK
2022-05-13 19:14 - 2022-06-21 18:11 - 000000281 ____A [4BFEB5E7729C3E392905D0B574A53C8E] () C:\Users\Pauli\AppData\Roaming\Setup\Local Storage\leveldb\LOG
2022-05-13 19:14 - 2022-06-12 18:11 - 000000284 ____A [19FC0AEF46061F599DC1FC5F13C5933A] () C:\Users\Pauli\AppData\Roaming\Setup\Local Storage\leveldb\LOG.old
2022-05-13 19:14 - 2022-05-13 19:14 - 000000041 ____A [5AF87DFD673BA2115E2FCF5CFDB727AB] () C:\Users\Pauli\AppData\Roaming\Setup\Local Storage\leveldb\MANIFEST-000001
2022-05-13 19:45 - 2022-05-13 19:48 - 000000000 ____D [00000000000000000000000000000000] C:\Users\Pauli\AppData\Roaming\Setup\Session Storage
2022-05-13 19:45 - 2022-05-13 19:45 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Pauli\AppData\Roaming\Setup\Session Storage\000003.log
2022-05-13 19:45 - 2022-05-13 19:45 - 000000016 ____A [46295CAC801E5D4857D09837238A6394] () C:\Users\Pauli\AppData\Roaming\Setup\Session Storage\CURRENT
2022-05-13 19:45 - 2022-05-13 19:45 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Pauli\AppData\Roaming\Setup\Session Storage\LOCK
2022-05-13 19:45 - 2022-05-13 19:48 - 000000272 ____A [BB9CE32FB7829ABB53BEE3E4AA11EB2D] () C:\Users\Pauli\AppData\Roaming\Setup\Session Storage\LOG
2022-05-13 19:45 - 2022-05-13 19:45 - 000000272 ____A [C9051EF44CF0F3542B7CD06559BB99A2] () C:\Users\Pauli\AppData\Roaming\Setup\Session Storage\LOG.old
2022-05-13 19:45 - 2022-05-13 19:45 - 000000041 ____A [5AF87DFD673BA2115E2FCF5CFDB727AB] () C:\Users\Pauli\AppData\Roaming\Setup\Session Storage\MANIFEST-000001

====== End of Folder: ======

"C:\Users\Pauli\AppData\Local\setup-updater" => was unlocked

========================= Folder: C:\Users\Pauli\AppData\Local\setup-updater ========================


====== End of Folder: ======


=========== EmptyTemp: ==========

BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4209712 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 93491 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9016 B
Pauli => 1662513316 B
Administrator => 1662733900 B

RecycleBin => 0 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:20:08 ====

M-K-D-B · 26.06.2022, 19:33

Ok, nochmal ein Fix und eine Kontrolle mit FRST.
Wie läuft das System nach den beiden Schritten?

Schritt 1
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!

Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.

Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
C:\Users\Pauli\AppData\Local\setup-updater
C:\Users\Pauli\AppData\Roaming\Setup
Reboot:
End::

Starte nun FRST und klicke direkt den Reparieren Button.
Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2

Starte FRST erneut und klicke auf Untersuchen.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort:

die Logdatei des FRST-Fix (fixlog.txt)
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

metoo003 · 27.06.2022, 09:46

System läuft gut.

Gestern habe ich mehrere Stunden mit der ASUS Schrottsofware "Armoury Crate" für LED Steuerung rumgefuhrwerkt, da sich diese in der aktuellen Version nicht mehr installieren lässt, keine Chance...
Sehe jedoch keinen Zusammenhang mit dem ursprünglichen Problem.

[Formatierung der Log Bezeichnungen bekomme ich mit wenig Aufwand nicht anders dargestellt].

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-06-2022 01
Ran by Administrator (27-06-2022 10:25:12) Run:5
Running from C:\Users\Pauli\Desktop
Loaded Profiles: Pauli & Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Pauli\AppData\Local\setup-updater
C:\Users\Pauli\AppData\Roaming\Setup
Reboot:

*****************

C:\Users\Pauli\AppData\Local\setup-updater => moved successfully
C:\Users\Pauli\AppData\Roaming\Setup => moved successfully


The system needed a reboot.

==== End of Fixlog 10:25:12 ====

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2022 01
Ran by Administrator (administrator) on PAULS_GAMING_PC (ASUS System Product Name) (27-06-2022 10:26:31)
Running from C:\Users\Pauli\Desktop
Loaded Profiles: Pauli & Administrator
Platform: Microsoft Windows 11 Pro Version 21H2 22000.778 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\103.0.1264.37\identity_helper.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.CpuIdRemote64.exe
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.DisplayAdapter.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Lively.exe ->) 0 C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Plugins\Cef\Lively.PlayerCefSharp.exe
(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Lively.exe ->) 0 C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Plugins\Watchdog\Lively.Watchdog.exe
(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Plugins\Cef\Lively.PlayerCefSharp.exe ->) 0 C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Plugins\Cef\CefSharp.BrowserSubprocess.exe <4>
(C:\Windows\cc\ctlsysmgr.exe ->) (Salfeld Computer GmbH -> Salfeld Computer GmbH) C:\ProgramData\NFS\v3\NFSccsvc.exe
(C:\Windows\cc\ctlsysmgr.exe ->) (Salfeld Computer GmbH -> Salfeld Computer) C:\Windows\cc\CtlSysUI.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_fdd83e4dd87bcfa1\RtkAudUService64.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.06\atkexComSvc.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe <8>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c43eff7079c4c90c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Salfeld Computer GmbH -> Salfeld Computer) C:\Windows\cc\ctlsysmgr.exe
(services.exe ->) (Salfeld Computer GmbH -> Salfeld Computer) C:\Windows\cc\winctlsvc.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(sihost.exe ->) 0 C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Lively.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_fdd83e4dd87bcfa1\RtkAudUService64.exe [1376856 2021-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [CORSAIR iCUE 4 Software] => C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE Launcher.exe [183968 2022-05-11] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-1424437550-2087844553-323541659-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282328 2022-06-07] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1424437550-2087844553-323541659-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32656336 2022-06-22] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1424437550-2087844553-323541659-1001\...\Run: [MicrosoftEdgeAutoLaunch_0394F9F0D5AFEC0304440CFD4BF5F89C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-1424437550-2087844553-323541659-1001\User: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A50E179-5429-4617-8D86-B363632AD859} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (No File)
Task: {1262B7DC-0442-42D6-B53A-4CC3F16FD136} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Update => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {24515173-3F2C-4D17-8373-BB2208D89A53} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2574E8AB-F789-44F2-87F1-ED77543D8EC0} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe (No File)
Task: {2767F593-63FE-4454-AA12-A285A9D503EE} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (No File)
Task: {4AD1AD68-0494-4673-8E95-51875726705A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-05-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {52639F37-4D8F-4FF0-BEBF-49D722DE0170} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\103.0.1264.37\Installer\setup.exe [3274144 2022-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F5AFCD5-F325-406B-8963-D0E7AA36B741} - System32\Tasks\Opera scheduled assistant Autoupdate 1652464039 => C:\Users\Pauli\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Pauli\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {79F9C73B-37AB-4E8F-A0C9-6CB8CEC67408} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe (No File)
Task: {822F3FA1-B1B0-4A53-8CA5-2F69C2230A19} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-05-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {86969224-86CB-43A9-BA0B-076322AF9A33} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-05-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8C34124A-677E-40AF-9777-AEBAB2B67CFC} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1424437550-2087844553-323541659-1001 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {906980F4-8A9F-4D28-A235-263827E4E846} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-05-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9145E810-BDD3-4F11-83B1-463D45922267} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {91AC97F0-4E7D-43EE-B738-817FF73D2F6D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-05-20] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A122A02B-8BE4-4284-B29F-3D1D78C0550E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A5090704-BD84-49DC-AF13-B0644691F04C} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1424437550-2087844553-323541659-1001 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {AB8BF43F-3023-49DD-97A4-9F29C36D1CE5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-05-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B3B430B3-2568-4730-AEEA-B1052DB2522F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-05-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BA3ED9CB-81C6-414E-958A-B3E7AA529CA8} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-05-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C304A99E-9483-46E3-80F3-39F009791DB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C3779BF0-DC59-4FCF-9A6A-C3383818F113} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DB575289-EE17-4F83-A5D1-325A884A25F8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-05-20] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F24260FF-AF90-4991-8F09-AF84B4EA8435} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{89b7fff4-68ae-400c-b01c-cce359d50f18}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a99b7a34-7b15-42d4-b39d-6c218b5a2543}: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArmouryLiveUpdate; C:\Windows\System32\DriverStore\FileRepository\rogms.inf_amd64_1d3b9add1418e6f7\ArmouryLiveUpdate.exe [577280 2022-05-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.06\atkexComSvc.exe [456008 2022-06-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1164992 2022-06-26] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-05-17] (BattlEye Innovations e.K. -> )
R2 CC-Updater; C:\Windows\cc\WinCtlSvc.exe [7519552 2022-06-22] (Salfeld Computer GmbH -> Salfeld Computer)
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [609848 2022-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe [231584 2022-05-11] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe [82592 2022-05-11] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [224680 2021-09-22] (DTS, Inc. -> DTS Inc.)
R2 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [10968712 2022-06-23] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-05-16] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-05-01] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.)
S2 GameInput Service; C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe [75240 2022-05-25] (Microsoft Corporation -> Microsoft Corporation)
R3 iCUEDevicePluginHost; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe [447136 2022-05-11] (Corsair Memory, Inc. -> Corsair)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [11523704 2022-06-11] (Logitech Inc -> Logitech, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2575624 2022-05-27] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3494672 2022-05-27] (Electronic Arts, Inc. -> Electronic Arts)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1908688 2022-06-16] (Rockstar Games, Inc. -> Rockstar Games)
R2 SCC-Dienst; C:\Windows\cc\ctlsysmgr.exe [7836992 2022-06-22] (Salfeld Computer GmbH -> Salfeld Computer)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6207688 2022-06-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ucldr_Crowz_ST; C:\Program Files\Common Files\Wellbia.com\ucldr_Crowz_ST.exe [5534960 2022-06-05] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S2 upccsvc; C:\Windows\upcc\upccsvc.exe [1683616 2019-02-06] (Salfeld Computer GmbH -> Salfeld GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-11-30] (Intel Corporation -> Intel Corporation)
S2 AsusCertService; "C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c43eff7079c4c90c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c43eff7079c4c90c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [552960 2022-06-25] (Microsoft Windows -> Microsoft Corporation)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [34384 2022-02-10] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43168 2022-03-09] (ASUSTeK Computer Inc. -> )
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [62496 2022-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccessC2D033F14715AA7325305EA42FBFC65BF867CC1D; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CorsairLLAccess64.sys [21752 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [46600 2022-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [22536 2022-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz153; C:\Windows\temp\cpuz153\cpuz153_x64.sys [36864 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
S3 e2f68; C:\Windows\System32\drivers\e2f68.sys [485376 2021-06-01] (Microsoft Windows -> Intel Corporation)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 Hsp; C:\Windows\System32\drivers\Hsp.sys [111960 2022-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_e11257f05c0c2f89\iaLPSS2_GPIO2_ADL.sys [139928 2021-07-29] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_778b19a5f4d49cba\iaLPSS2_I2C_ADL.sys [202896 2021-07-29] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1587376 2021-10-19] (Intel Corporation -> Intel Corporation)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2022-06-26] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
S3 logi_generic_hid_filter; C:\Windows\system32\drivers\logi_generic_hid_filter.sys [55624 2022-05-13] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [33528 2022-04-29] (WDKTestCert builder,132743893872553407 -> Logitech)
S3 logi_joy_hid_filter; C:\Windows\system32\drivers\logi_joy_hid_filter.sys [56656 2022-05-13] (Logitech Inc -> Logitech)
S3 logi_joy_hid_lo; C:\Windows\system32\drivers\logi_joy_hid_lo.sys [41280 2022-04-29] (WDKTestCert builder,132743893872553407 -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [21704 2022-04-29] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [62904 2022-04-29] (WDKTestCert builder,132743893872553407 -> Logitech)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R1 netfltcc; C:\Windows\System32\drivers\netfltcc.sys [95752 2019-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 ROGKB; C:\Windows\System32\DriverStore\FileRepository\rogkb.inf_amd64_7b02b00ea166ec76\ROGKB.sys [38056 2022-05-17] (ASUSTeK COMPUTER INC. -> Windows (R) Win 7 DDK provider)
R3 ROGMS; C:\Windows\System32\DriverStore\FileRepository\rogms.inf_amd64_1d3b9add1418e6f7\ROGMS.sys [37544 2022-05-17] (ASUSTeK COMPUTER INC. -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [1431256 2022-06-05] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S1 EneTechIo; \??\C:\Windows\system32\drivers\ene.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-27 10:06 - 2022-06-27 10:06 - 000000222 _____ C:\Users\Pauli\Desktop\Grand Theft Auto V.url
2022-06-26 18:20 - 2022-06-26 18:20 - 000032304 _____ (Creative Technology Innovation Co., LTd.) C:\Windows\system32\Drivers\CtiAIo64.old
2022-06-26 18:08 - 2022-06-26 18:08 - 000000000 ____D C:\Users\Pauli\AppData\Local\Sonarworks
2022-06-26 18:07 - 2022-06-26 18:07 - 000001171 _____ C:\Users\Public\Desktop\iCUE.lnk
2022-06-26 18:07 - 2022-06-26 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2022-06-26 17:50 - 2022-06-26 18:37 - 000000000 ____D C:\Program Files\ASUS
2022-06-26 17:50 - 2022-06-26 18:37 - 000000000 ____D C:\Program Files (x86)\ASUS
2022-06-26 17:50 - 2022-06-26 17:51 - 000000162 _____ C:\CosairDram.txt
2022-06-26 17:50 - 2019-10-17 11:36 - 000019968 _____ C:\Windows\system32\Drivers\ene.old
2022-06-26 17:26 - 2022-06-26 17:26 - 000015008 _____ (Highresolution Enterprises [www.highrez.co.uk]) C:\Windows\system32\Drivers\inpoutx64.sys
2022-06-26 17:25 - 2022-06-26 17:34 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\OpenRGB
2022-06-26 17:25 - 2022-06-26 17:25 - 000000000 ____D C:\Users\Pauli\Downloads\OpenRGB_0.7_Windows_64_6128731
2022-06-26 17:23 - 2022-06-26 18:37 - 000000000 ____D C:\ProgramData\ASUS
2022-06-26 17:12 - 2022-06-26 18:29 - 000005910 _____ C:\GetDeviceStatus.xml
2022-06-26 17:12 - 2022-06-26 18:29 - 000004205 _____ C:\GetDeviceCap.xml
2022-06-26 17:12 - 2022-06-26 18:29 - 000000857 _____ C:\QueryAllDevice.xml
2022-06-26 17:12 - 2022-06-26 18:29 - 000000228 _____ C:\SetMatrixLEDScript.xml
2022-06-26 15:29 - 2019-04-24 11:25 - 000029368 _____ C:\Windows\system32\Drivers\GLCKIO2.sys
2022-06-26 15:20 - 2022-06-26 15:20 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2022-06-26 15:20 - 2022-06-26 15:20 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2022-06-26 14:55 - 2022-06-26 14:55 - 000000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
2022-06-26 14:13 - 2022-06-26 16:56 - 000000000 ____D C:\Users\Administrator\AppData\Local\AcSdkInsLog
2022-06-26 14:12 - 2022-06-26 14:12 - 000000000 ____D C:\Windows\LastGood.Tmp
2022-06-26 14:11 - 2022-06-07 19:13 - 000041992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2022-06-26 14:10 - 2022-06-08 23:01 - 001905920 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-06-26 14:10 - 2022-06-08 23:01 - 001905920 _____ C:\Windows\system32\vulkaninfo.exe
2022-06-26 14:10 - 2022-06-08 23:01 - 001478400 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-06-26 14:10 - 2022-06-08 23:01 - 001478400 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-06-26 14:10 - 2022-06-08 23:01 - 001432320 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-06-26 14:10 - 2022-06-08 23:01 - 001432320 _____ C:\Windows\system32\vulkan-1.dll
2022-06-26 14:10 - 2022-06-08 23:01 - 001145600 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-06-26 14:10 - 2022-06-08 23:01 - 001145600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-06-26 14:10 - 2022-06-08 23:00 - 001471104 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-06-26 14:10 - 2022-06-08 23:00 - 001212544 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-06-26 14:10 - 2022-06-08 22:57 - 000865784 _____ C:\Windows\system32\nvofapi64.dll
2022-06-26 14:10 - 2022-06-08 22:57 - 000687608 _____ C:\Windows\SysWOW64\nvofapi.dll
2022-06-26 14:10 - 2022-06-08 22:56 - 002126456 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2022-06-26 14:10 - 2022-06-08 22:56 - 001607144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2022-06-26 14:10 - 2022-06-08 22:56 - 001535480 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2022-06-26 14:10 - 2022-06-08 22:56 - 001182200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2022-06-26 14:10 - 2022-06-08 22:56 - 001058416 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2022-06-26 14:10 - 2022-06-08 22:56 - 000844400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-06-26 14:10 - 2022-06-08 22:56 - 000714728 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2022-06-26 14:10 - 2022-06-08 22:55 - 010268792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2022-06-26 14:10 - 2022-06-08 22:55 - 008803304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2022-06-26 14:10 - 2022-06-08 22:55 - 005732344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2022-06-26 14:10 - 2022-06-08 22:55 - 005362680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2022-06-26 14:10 - 2022-06-08 22:55 - 003065984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2022-06-26 14:10 - 2022-06-08 22:55 - 000455288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2022-06-26 14:10 - 2022-06-08 22:54 - 000852072 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2022-06-26 14:10 - 2022-06-07 06:08 - 000093121 _____ C:\Windows\system32\nvinfo.pb
2022-06-25 23:16 - 2022-06-26 00:23 - 000001140 _____ C:\Users\Administrator\Desktop\ESET Online Scanner.lnk
2022-06-25 23:16 - 2022-06-25 23:16 - 000001239 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-06-25 23:16 - 2022-06-25 23:16 - 000000763 _____ C:\Users\Pauli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-06-25 23:16 - 2022-06-25 23:16 - 000000000 ____D C:\Users\Pauli\AppData\Local\ESET
2022-06-25 23:16 - 2022-06-25 23:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2022-06-25 23:15 - 2022-06-25 23:15 - 014562400 _____ (ESET spol. s r.o.) C:\Users\Pauli\Desktop\ESETOnlineScanner_DEU.exe
2022-06-25 23:14 - 2022-06-25 23:14 - 000000000 _____ C:\Users\Pauli\Desktop\Textdokument (neu) (2).txt
2022-06-25 16:13 - 2022-06-25 16:13 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\Vorlagen
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\Startmenü
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\Eigene Dateien
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\Druckumgebung
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\Documents\Eigene Videos
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2022-06-25 16:13 - 2022-06-25 16:13 - 000000000 ____D C:\Users\Administrator
2022-06-25 16:13 - 2021-06-05 14:04 - 000001281 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-06-25 16:13 - 2021-06-05 14:04 - 000000407 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-06-25 16:04 - 2022-06-25 16:04 - 000335872 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-06-25 16:04 - 2022-06-25 16:04 - 000015024 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-06-25 16:02 - 2022-06-25 16:02 - 000000000 ___HD C:\$WinREAgent
2022-06-25 15:51 - 2022-06-25 22:33 - 000004023 _____ C:\Users\Pauli\Desktop\Search.txt
2022-06-25 15:49 - 2022-06-25 15:53 - 000003756 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-25 15:49 - 2022-06-25 15:53 - 000003632 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-06-25 15:49 - 2022-06-25 15:49 - 000004784 _____ C:\Windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-06-25 12:22 - 2022-06-27 10:25 - 000000610 _____ C:\Users\Pauli\Desktop\Fixlog.txt
2022-06-25 12:22 - 2022-06-25 12:22 - 000000000 _____ C:\Users\Pauli\Desktop\Textdokument (neu).txt
2022-06-25 12:00 - 2022-06-25 15:55 - 000049727 _____ C:\Users\Pauli\Desktop\Addition.txt
2022-06-25 11:59 - 2022-06-27 10:26 - 000023143 _____ C:\Users\Pauli\Desktop\FRST.txt
2022-06-25 11:58 - 2022-06-27 10:26 - 000000000 ____D C:\FRST
2022-06-25 11:56 - 2022-06-25 11:56 - 002369024 _____ (Farbar) C:\Users\Pauli\Desktop\FRST64.exe
2022-06-24 11:13 - 2022-06-24 11:13 - 000000000 ____D C:\Users\Pauli\Documents\dying light 2
2022-06-23 12:31 - 2022-06-23 12:31 - 000000222 _____ C:\Users\Pauli\Desktop\Dying Light 2.url
2022-06-22 08:34 - 2022-04-29 22:01 - 004890720 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw10.sys
2022-06-22 08:34 - 2022-04-29 22:01 - 001626208 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter10.dll
2022-06-22 08:34 - 2022-04-29 21:35 - 053613352 _____ C:\Windows\system32\Drivers\Netwfw10.dat
2022-06-20 19:28 - 2022-06-26 20:47 - 000000000 ____D C:\Users\Pauli\AppData\Local\FlightSimulator
2022-06-20 18:42 - 2022-06-20 18:42 - 000000000 ____D C:\ProgramData\Emsisoft
2022-06-20 18:41 - 2022-06-20 18:47 - 000000000 ____D C:\EEK
2022-06-20 17:11 - 2022-06-20 17:11 - 000000000 ____D C:\Users\Pauli\AppData\Local\ArmouryLiveUpdate
2022-06-19 21:42 - 2022-06-19 21:42 - 000001164 _____ C:\Users\Pauli\Desktop\Microsoft Flight Simulator.lnk
2022-06-18 21:34 - 2022-06-18 21:34 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\HelloGames
2022-06-17 14:01 - 2022-06-17 14:01 - 000614400 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-06-17 14:01 - 2022-06-17 14:01 - 000557056 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2022-06-17 14:01 - 2022-06-17 14:01 - 000524288 _____ C:\Windows\system32\AssignedAccessCsp.dll
2022-06-17 14:01 - 2022-06-17 14:01 - 000485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2022-06-17 14:01 - 2022-06-17 14:01 - 000299008 _____ C:\Windows\system32\EsclScan.dll
2022-06-17 14:01 - 2022-06-17 14:01 - 000180224 _____ C:\Windows\system32\EsclProtocol.dll
2022-06-17 14:01 - 2022-06-17 14:01 - 000167936 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll
2022-06-17 14:01 - 2022-06-17 14:01 - 000057344 _____ C:\Windows\system32\uwfservicingapi.dll
2022-06-16 10:33 - 2022-06-16 10:33 - 000000000 ____D C:\Users\Pauli\AppData\LocalLow\Landfall
2022-06-13 16:25 - 2022-06-14 14:01 - 000000000 ____D C:\Users\Pauli\AppData\Local\Fallout4 MS
2022-06-12 14:41 - 2022-06-12 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2022-06-12 14:41 - 2022-06-12 14:41 - 000000000 ____D C:\Program Files\LGHUB
2022-06-11 20:24 - 2022-06-11 20:24 - 000000000 ____D C:\Users\Pauli\AppData\Local\ReadyOrNot
2022-06-11 20:11 - 2022-06-11 20:11 - 000000223 _____ C:\Users\Pauli\Desktop\Ready or Not.url
2022-06-10 12:57 - 2022-06-10 12:57 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\IO Interactive
2022-06-09 19:35 - 2022-06-09 19:35 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2022-06-09 19:35 - 2022-06-09 19:35 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput
2022-06-06 20:49 - 2022-06-06 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Kindersicherung
2022-06-06 20:09 - 2022-06-06 20:10 - 000000000 ____D C:\ProgramData\HitmanPro
2022-06-06 20:09 - 2022-06-06 20:09 - 000000000 ____D C:\Program Files\HitmanPro
2022-06-06 19:58 - 2022-06-23 14:02 - 000001244 _____ C:\Users\Pauli\Desktop\Roblox Studio.lnk
2022-06-06 18:10 - 2022-06-06 18:10 - 000000000 ____D C:\Users\Pauli\AppData\Local\IO Interactive
2022-06-06 15:24 - 2022-06-06 15:24 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\EasyAntiCheat
2022-06-05 16:47 - 2022-06-23 14:02 - 000001421 _____ C:\Users\Pauli\Desktop\Roblox Player.lnk
2022-06-05 16:47 - 2022-06-23 14:02 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-06-05 16:47 - 2022-06-05 22:19 - 000000000 ____D C:\Users\Pauli\AppData\Local\Roblox
2022-06-05 16:47 - 2022-06-05 22:16 - 000000256 _____ C:\Users\Pauli\AppData\LocalLow\rbxcsettings.rbx
2022-06-05 15:22 - 2022-06-05 15:22 - 000000000 ____D C:\Program Files\Common Files\Wellbia.com
2022-06-04 15:54 - 2022-06-04 22:32 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\discord
2022-06-04 15:54 - 2022-06-04 22:19 - 000000000 ____D C:\Users\Pauli\AppData\Local\Discord
2022-06-04 15:54 - 2022-06-04 15:54 - 000002227 _____ C:\Users\Pauli\Desktop\Discord.lnk
2022-06-04 15:54 - 2022-06-04 15:54 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2022-06-04 15:49 - 2022-06-04 15:50 - 000000000 ____D C:\_backup
2022-06-02 19:32 - 2022-06-02 19:33 - 000000000 ____D C:\ProgramData\EA Logs
2022-06-02 19:32 - 2022-06-02 19:32 - 000000000 ____D C:\ProgramData\PopCap Games
2022-06-02 19:32 - 2022-06-02 19:32 - 000000000 ____D C:\ProgramData\EA Core
2022-05-31 19:52 - 2022-05-31 19:52 - 000000000 ____D C:\Users\Pauli\AppData\LocalLow\Curve Digital
2022-05-31 19:31 - 2022-06-08 17:39 - 000000000 ____D C:\Users\Pauli\AppData\Local\Ubisoft Game Launcher
2022-05-31 19:31 - 2022-05-31 19:31 - 000001323 _____ C:\Users\Pauli\Desktop\Ubisoft Connect.lnk
2022-05-31 19:31 - 2022-05-31 19:31 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2022-05-31 19:31 - 2022-05-31 19:31 - 000000000 ____D C:\ProgramData\Ubisoft
2022-05-31 19:30 - 2022-05-31 19:30 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2022-05-31 19:15 - 2022-06-06 20:44 - 000000085 _____ C:\Windows\wininit.ini
2022-05-31 18:35 - 2022-05-31 18:35 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2022-05-31 18:34 - 2022-06-06 20:48 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2022-05-31 18:34 - 2022-06-06 20:44 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-05-31 18:34 - 2022-05-31 18:34 - 000000000 ____D C:\Users\Pauli\AppData\Local\BraveSoftware
2022-05-31 18:34 - 2022-05-31 18:34 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2022-05-31 18:22 - 2022-05-31 18:22 - 000000000 ____D C:\Users\Pauli\AppData\Local\mbam
2022-05-30 19:25 - 2022-06-19 21:32 - 000000000 ____D C:\Users\Pauli\AppData\LocalLow\Ninja Kiwi
2022-05-30 17:00 - 2022-05-30 17:00 - 000000000 ____D C:\Users\Pauli\AppData\Local\GSS2
2022-05-29 17:51 - 2022-05-29 17:52 - 000000000 ____D C:\Users\Pauli\AppData\Local\Sniper Elite 5

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-27 10:26 - 2022-04-08 20:41 - 000000000 ____D C:\Program Files (x86)\Steam
2022-06-27 10:26 - 2022-04-08 19:27 - 000000000 ____D C:\ProgramData\NVIDIA
2022-06-27 10:26 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SystemTemp
2022-06-27 10:25 - 2022-04-08 20:49 - 000000000 ____D C:\Windows\dl
2022-06-27 10:25 - 2022-04-08 20:49 - 000000000 ____D C:\Windows\cc
2022-06-27 10:25 - 2022-04-08 19:19 - 000012288 ___SH C:\DumpStack.log.tmp
2022-06-27 10:25 - 2022-04-08 19:19 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-06-27 10:25 - 2021-06-05 14:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-06-27 10:25 - 2021-06-05 14:01 - 000524288 _____ C:\Windows\system32\config\BBI
2022-06-27 10:08 - 2022-04-08 21:54 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-06-27 10:07 - 2022-04-09 13:01 - 000000000 ____D C:\Program Files\EA Games
2022-06-26 19:55 - 2022-04-08 19:19 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-06-26 19:19 - 2022-04-29 20:04 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\LGHUB
2022-06-26 18:54 - 2022-04-29 20:04 - 000000000 ____D C:\Users\Pauli\AppData\Local\LGHUB
2022-06-26 18:47 - 2022-04-08 19:24 - 001750092 _____ C:\Windows\system32\PerfStringBackup.INI
2022-06-26 18:47 - 2021-06-05 19:52 - 000757084 _____ C:\Windows\system32\perfh007.dat
2022-06-26 18:47 - 2021-06-05 19:52 - 000156276 _____ C:\Windows\system32\perfc007.dat
2022-06-26 18:47 - 2021-06-05 14:09 - 000000000 ____D C:\Windows\INF
2022-06-26 18:39 - 2022-04-09 12:49 - 000000000 ____D C:\Users\Pauli\AppData\Local\CrashDumps
2022-06-26 18:37 - 2022-04-08 19:35 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-06-26 18:37 - 2022-04-08 19:32 - 000000000 ____D C:\ProgramData\Package Cache
2022-06-26 18:37 - 2022-04-08 19:30 - 000000000 ____D C:\Users\Pauli\AppData\Local\Packages
2022-06-26 18:37 - 2022-04-08 19:28 - 000000000 ____D C:\ProgramData\Packages
2022-06-26 18:37 - 2021-06-05 14:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-06-26 18:37 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\AppReadiness
2022-06-26 18:35 - 2022-04-08 19:34 - 000000000 ____D C:\Windows\system32\Tasks\ASUS
2022-06-26 18:17 - 2022-04-08 19:32 - 000000087 _____ C:\Windows\skipsavetoini
2022-06-26 18:15 - 2021-06-05 14:10 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-06-26 18:13 - 2022-04-08 20:17 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\Corsair
2022-06-26 17:20 - 2022-04-08 19:19 - 001223640 _____ () C:\Windows\system32\wpbbin.exe
2022-06-26 17:20 - 2022-04-08 19:19 - 001164992 _____ C:\Windows\system32\AsusUpdateCheck.exe
2022-06-26 15:18 - 2022-04-08 19:30 - 000000000 ____D C:\Users\Pauli\AppData\Local\D3DSCache
2022-06-26 15:03 - 2022-04-08 19:37 - 000000000 ____D C:\Users\Pauli\AppData\Local\ASUS
2022-06-26 14:58 - 2022-04-08 19:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-06-26 14:12 - 2022-04-08 19:27 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-06-26 10:44 - 2022-04-08 22:50 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\.minecraft
2022-06-26 10:43 - 2022-04-09 23:13 - 000000000 ____D C:\ProgramData\TruckersMP
2022-06-25 16:09 - 2022-04-08 19:19 - 000292792 _____ C:\Windows\system32\FNTCACHE.DAT
2022-06-25 16:08 - 2021-06-05 20:00 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\eu-ES
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SystemResources
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\oobe
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\eu-ES
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\Dism
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\appraiser
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\ShellExperiences
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\Provisioning
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-06-25 16:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\bcastdvr
2022-06-25 16:06 - 2021-06-05 14:01 - 000000000 ____D C:\Windows\CbsTemp
2022-06-25 16:04 - 2022-04-08 19:22 - 003101184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-06-25 15:49 - 2022-04-08 19:19 - 000002694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-06-25 15:49 - 2022-04-08 19:19 - 000002532 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-06-25 12:44 - 2022-04-08 20:41 - 002762216 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2022-06-25 12:44 - 2022-04-08 20:41 - 000402920 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2022-06-25 12:44 - 2022-04-08 20:41 - 000234984 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy.dll
2022-06-25 12:44 - 2022-04-08 20:41 - 000198120 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2022-06-25 12:44 - 2022-04-08 20:41 - 000144872 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2022-06-25 12:44 - 2022-04-08 20:41 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2022-06-25 12:44 - 2022-04-08 20:41 - 000062928 _____ (Microsoft Corporation) C:\Windows\system32\gamemodcontrol.exe
2022-06-25 11:30 - 2022-04-08 21:43 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\WeMod
2022-06-23 23:33 - 2022-04-08 19:45 - 000000000 ____D C:\Users\Pauli\AppData\Local\NVIDIA Corporation
2022-06-23 15:48 - 2022-04-13 20:51 - 000000628 _____ C:\Users\Pauli\Documents\HudSight.txt
2022-06-23 12:25 - 2022-04-08 19:19 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-06-20 17:28 - 2021-06-05 14:10 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2022-06-20 11:04 - 2021-06-05 14:10 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-06-19 21:45 - 2022-04-08 21:45 - 000000000 ____D C:\XboxGames
2022-06-19 21:22 - 2022-04-08 19:20 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2022-06-19 21:21 - 2021-06-05 14:18 - 000233808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2022-06-19 21:21 - 2021-06-05 14:18 - 000069960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsc.sys
2022-06-19 21:21 - 2021-06-05 14:18 - 000069952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsp.sys
2022-06-19 21:19 - 2022-04-08 19:32 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1424437550-2087844553-323541659-1001
2022-06-19 21:19 - 2022-04-08 19:32 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1424437550-2087844553-323541659-1001
2022-06-19 21:19 - 2022-04-08 19:32 - 000002395 _____ C:\Users\Pauli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-19 21:08 - 2021-06-05 20:00 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-06-19 21:08 - 2021-06-05 20:00 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ___SD C:\Windows\SysWOW64\F12
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ___SD C:\Windows\system32\F12
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\oobe
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\gl-ES
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\SysWOW64\ca-ES
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\vi-VN
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\lv-LV
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\lt-LT
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\id-ID
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\gl-ES
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\et-EE
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\es-MX
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\DDFs
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\ca-ES
2022-06-19 21:08 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\ShellComponents
2022-06-18 16:39 - 2022-04-08 21:43 - 000002169 _____ C:\Users\Pauli\Desktop\WeMod.lnk
2022-06-18 16:39 - 2022-04-08 21:43 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2022-06-18 16:39 - 2022-04-08 21:43 - 000000000 ____D C:\Users\Pauli\AppData\Local\WeMod
2022-06-18 16:38 - 2022-04-08 21:43 - 000000000 ____D C:\Users\Pauli\AppData\Local\SquirrelTemp
2022-06-17 14:04 - 2022-04-08 19:34 - 000000000 ____D C:\Windows\system32\MRT
2022-06-17 14:03 - 2022-04-08 19:34 - 145918784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-06-15 13:48 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\SecurityHealth
2022-06-13 16:25 - 2022-04-30 13:17 - 000000000 ____D C:\Users\Pauli\Documents\My Games
2022-06-12 14:41 - 2022-05-13 20:23 - 000000000 ____D C:\Program Files\LGHUB.d47858fb-ee82-4f88-8d4f-f004e34df74b
2022-06-11 19:57 - 2022-04-15 19:31 - 000000000 ____D C:\Program Files (x86)\Origin
2022-06-11 19:57 - 2022-04-09 14:33 - 000000000 ____D C:\ProgramData\Origin
2022-06-10 12:48 - 2022-04-09 17:44 - 000000000 ____D C:\Users\Pauli\AppData\Roaming\paradox-launcher-v2
2022-06-08 22:57 - 2022-04-08 19:49 - 000770688 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2022-06-08 22:53 - 2022-04-08 19:27 - 007478288 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2022-06-08 22:53 - 2022-04-08 19:27 - 006362304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2022-06-07 19:13 - 2022-04-08 19:27 - 000129032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2022-06-06 20:49 - 2022-04-08 20:49 - 000000000 ____D C:\Program Files (x86)\Salfeld
2022-06-05 15:34 - 2022-04-14 16:00 - 000000000 ____D C:\Users\Pauli\AppData\Local\EpicGamesLauncher
2022-06-05 15:22 - 2022-04-11 21:20 - 001431256 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys
2022-06-02 19:32 - 2022-04-15 19:31 - 000000000 ____D C:\ProgramData\Electronic Arts
2022-06-02 12:47 - 2021-06-05 14:10 - 000000000 ____D C:\Windows\system32\NDF
2022-06-01 20:51 - 2022-04-08 19:32 - 000000000 ____D C:\Users\Pauli\AppData\Local\PlaceholderTileLogoFolder
2022-05-30 17:01 - 2022-04-09 13:03 - 000000000 ____D C:\Users\Pauli\AppData\Local\UnrealEngine
2022-05-29 17:04 - 2022-04-08 19:33 - 000000000 ____D C:\Users\Pauli\AppData\Local\NVIDIA
2022-05-29 17:02 - 2022-04-08 19:45 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-05-29 17:02 - 2022-04-08 19:45 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-05-29 17:02 - 2022-04-08 19:45 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-05-29 17:02 - 2022-04-08 19:45 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-05-29 17:02 - 2022-04-08 19:45 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-05-29 17:02 - 2022-04-08 19:45 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-05-29 17:02 - 2022-04-08 19:45 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-05-29 17:02 - 2022-04-08 19:45 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-05-29 17:02 - 2022-04-08 19:45 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-05-29 17:02 - 2022-04-08 19:45 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-05-29 17:02 - 2022-04-08 19:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

--- --- ---

--- --- ---

Addition Log:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2022 01
Ran by Administrator (27-06-2022 10:27:09)
Running from C:\Users\Pauli\Desktop
Microsoft Windows 11 Pro Version 21H2 22000.778 (X64) (2022-04-08 17:20:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1424437550-2087844553-323541659-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1424437550-2087844553-323541659-503 - Limited - Disabled)
Gast (S-1-5-21-1424437550-2087844553-323541659-501 - Limited - Disabled)
Pauli (S-1-5-21-1424437550-2087844553-323541659-1001 - Limited - Enabled) => C:\Users\Pauli
WDAGUtilityAccount (S-1-5-21-1424437550-2087844553-323541659-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
CORSAIR iCUE 4 Software (HKLM\...\{BA9A8F9E-984B-4407-86E5-503239A3D892}) (Version: 4.24.193 - Corsair)
Discord (HKU\S-1-5-21-1424437550-2087844553-323541659-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{3FD9F3E6-059D-4E4D-8B5B-EBAE90CA882E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.0.223.5198 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{7e128ed4-7e5b-480d-aeb3-0e178dd9d723}) (Version: 12.0.223.5198 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{5F15891E-8342-47CD-AFFF-89211CFC04D0}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
Farmers Dynasty (HKLM-x32\...\{A87FBF41-2485-4161-9CAB-F97EC1C18E61}) (Version: 1.05.0.0 - TOPLITZ PRODUCTIONS)
FIFA 22 (HKLM-x32\...\{67F7ABF6-2557-4756-923A-AB99086B1490}) (Version: 1.0.76.11607 - Electronic Arts)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2628.2 - Rockstar Games)
HudSight (HKLM-x32\...\HudSight_is1) (Version: 1 - )
Intel(R) Chipset Device Software (HKLM\...\{2EE411D3-03C6-4647-81F5-A3C13F25FDC5}) (Version: 10.1.18838.8284 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{2d8d3782-0c02-4681-87f4-e004b3d4a8f6}) (Version: 10.1.18838.8284 - Intel(R) Corporation)
Intel(R) LMS (HKLM\...\{B76FE067-1B6B-416E-9A99-C1BF5E9A2FC1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2149.16.0.2602 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{3EE91568-6FE3-43AA-9BFC-7496A56D272C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{E4924222-0A39-4EEE-8F7E-8C95BDFDCFCE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{8EC4CB19-850D-4BD4-B914-F63DF7DAD67D}) (Version: 30.100.2131.26 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2131.26 - Intel Corporation)
Kindersicherung (HKLM-x32\...\Salfeld-Kindersicherung_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2022.6.271036 - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.37 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.37 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{A9CFD6A1-C0D3-7F37-C220-8B104867EF15}) (Version: 10.1.22621.1011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1424437550-2087844553-323541659-1001\...\OneDriveSetup.exe) (Version: 22.111.0522.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30133 (HKLM\...\{E699E009-1C3C-4E50-9B57-2B39F0954C7F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30133 (HKLM\...\{6CD9E9ED-906D-4196-8DC3-F987D2F6615F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30133 (HKLM-x32\...\{42667D2E-B054-46C1-9D46-2EE1332C14C1}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30133 (HKLM-x32\...\{EC9807DE-B577-47B1-A024-0251805ACF24}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Grafiktreiber 516.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.40 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.113.50894 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{66DA3501-823A-4F07-A20D-C64495A59DC8}) (Version: 2.1.0 - Paradox Interactive)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9254.1 - Realtek Semiconductor Corp.)
Roblox Player for Pauli (HKU\S-1-5-21-1424437550-2087844553-323541659-1001\...\roblox-player) (Version:  - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.59.842 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.3.7 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 130.1.10657 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
WeMod (HKU\S-1-5-21-1424437550-2087844553-323541659-1001\...\WeMod) (Version: 8.2.0 - WeMod)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c43eff7079c4c90c\nvshext.dll [2022-06-08] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers1_S-1-5-21-1424437550-2087844553-323541659-1001-x32: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ContextMenuHandlers4_S-1-5-21-1424437550-2087844553-323541659-1001-x32: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File
ContextMenuHandlers5_S-1-5-21-1424437550-2087844553-323541659-1001-x32: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\i386\FileSyncShell.dll -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-06-20 15:48 - 2022-06-20 15:48 - 000925184 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\plugins\cef\CefSharp.BrowserSubprocess.Core.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 001395712 _____ () [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\plugins\cef\CefSharp.Core.Runtime.dll
2022-04-08 20:41 - 2022-03-04 04:23 - 126965248 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2022-04-08 20:41 - 2021-11-17 13:38 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2022-04-08 20:41 - 2021-11-17 13:38 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2022-05-11 18:00 - 2022-05-11 18:00 - 000057856 _____ () [File not signed] C:\Program Files\Corsair\CORSAIR iCUE 4 Software\HiResTimers.dll
2022-05-11 18:00 - 2022-05-11 18:00 - 000041472 _____ () [File not signed] C:\Program Files\Corsair\CORSAIR iCUE 4 Software\PowerStateListener.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 149314048 _____ () [File not signed] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\plugins\cef\libcef.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 000357376 _____ () [File not signed] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\plugins\cef\libegl.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 005583872 _____ () [File not signed] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\plugins\cef\libglesv2.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 003519488 _____ () [File not signed] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\plugins\cef\vk_swiftshader.dll
2019-08-13 15:38 - 2019-08-13 15:38 - 000147456 _____ () [File not signed] C:\ProgramData\NFS\v3\nfccapi.dll
2022-04-29 22:57 - 2022-04-29 22:57 - 000057344 _____ (Google) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\GrpcDotNetNamedPipes.dll
2022-04-10 12:52 - 2021-12-26 16:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-04-29 22:57 - 2022-04-29 22:57 - 000056832 _____ (Linearstar) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\RawInput.Sharp.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 000026112 _____ (Lively) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\de\Lively.resources.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 000428032 _____ (Lively) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Lively.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 000111616 _____ (Lively.Common) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Lively.Common.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 000152576 _____ (Lively.Grpc.Common) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Lively.Grpc.Common.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 000042496 _____ (Lively.Models) [File not signed] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\Lively.Models.dll
2022-04-29 22:57 - 2022-04-29 22:57 - 000005120 _____ (Matteo Pagani) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\DesktopBridge.Helpers.dll
2019-08-13 15:38 - 2019-08-13 15:38 - 000373760 _____ (NetFilterSDK.com) [File not signed] C:\ProgramData\NFS\v3\protflt.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 000828928 _____ (NLog) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\NLog.dll
2022-03-28 14:04 - 2022-03-28 14:04 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files\Corsair\CORSAIR iCUE 4 Software\SiUSBXp.dll
2022-04-29 22:57 - 2022-04-29 22:57 - 000032768 _____ (Soroush Falahati (falahati.net)) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\UACHelper.dll
2022-04-08 20:41 - 2022-03-04 04:23 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
2022-06-20 15:48 - 2022-06-20 15:48 - 000990208 _____ (The Chromium Authors) [File not signed] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.122.0_x86__97hta09mmv6hy\Build\plugins\cef\chrome_elf.dll
2022-04-15 19:31 - 2022-04-15 19:31 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2022-04-15 19:31 - 2022-04-15 19:31 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2022-06-23 20:39 - 2022-06-23 20:39 - 002815488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2022-06-23 20:39 - 2022-06-23 20:39 - 000678400 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2019-08-13 15:38 - 2019-08-13 15:38 - 002648576 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\ProgramData\NFS\v3\libcrypto-1_1.dll
2019-08-13 15:38 - 2019-08-13 15:38 - 000640512 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\ProgramData\NFS\v3\libssl-1_1.dll
2022-04-15 19:31 - 2022-04-15 19:31 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2022-06-11 19:57 - 2022-04-15 19:31 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2022-06-11 19:57 - 2022-04-15 19:31 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2022-06-11 19:57 - 2022-04-15 19:31 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2022-06-11 19:57 - 2022-04-15 19:31 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2022-06-11 19:57 - 2022-04-15 19:31 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2022-06-11 19:57 - 2022-04-15 19:31 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2022-06-23 20:39 - 2022-06-23 20:39 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2022-06-23 20:39 - 2022-06-23 20:39 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2022-06-23 20:39 - 2022-06-23 20:39 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2022-06-23 20:39 - 2022-06-23 20:39 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
2022-06-23 20:39 - 2022-06-23 20:39 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 14:08 - 2022-06-25 12:22 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1424437550-2087844553-323541659-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pauli\Downloads\3840x2160-dodge-challenger-srt-in-usa_1565054844.jpg
HKU\S-1-5-21-1424437550-2087844553-323541659-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: CC-Updater => 2
HKU\S-1-5-21-1424437550-2087844553-323541659-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0FC24FCD-1E86-4DC1-8639-7E2E08E35227}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Allow) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe => No File
FirewallRules: [UDP Query User{9C2807E4-1CF0-4E9B-BBFF-983AA335387F}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Allow) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe => No File
FirewallRules: [TCP Query User{41C6B63B-D6B8-46A2-AF14-D825E5C12B39}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Allow) C:\program files (x86)\asus\armourydevice\asus_framework.exe => No File
FirewallRules: [UDP Query User{BEAF3A7D-869A-4918-ACAE-D7894CD6754B}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Allow) C:\program files (x86)\asus\armourydevice\asus_framework.exe => No File
FirewallRules: [{0F8311FA-5A4E-4284-82E1-F3ED00A2A686}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D4FF33F7-1362-43FE-8831-EF308C1E0E97}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A318DA9D-FB5E-4927-94D5-368598ECB351}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CBB66FC5-07E4-4229-A5EC-DDC094E7BC9D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{3D554BBF-1E31-4708-A740-A203766B498D}C:\xboxgames\microsoft flight simulator\content\flightsimulator.exe] => (Allow) C:\xboxgames\microsoft flight simulator\content\flightsimulator.exe (Access Denied)  [File not signed]
FirewallRules: [UDP Query User{BB6DBFCE-1D16-4BF8-9330-1701FFCA4772}C:\xboxgames\microsoft flight simulator\content\flightsimulator.exe] => (Allow) C:\xboxgames\microsoft flight simulator\content\flightsimulator.exe (Access Denied)  [File not signed]
FirewallRules: [{C9E0AA8B-28CD-467F-A61F-26AC16FE6741}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22147.303.1400.1220_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F0CD290C-F17A-48EA-9106-564EC6BBBC64}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22147.303.1400.1220_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C884270-0941-41AD-B385-9041AE83AE05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light 2\ph\work\bin\x64\DyingLightGame_x64_rwdi.exe (Techland S.A. -> Techland)
FirewallRules: [{6D1F26BA-C375-4798-B4BE-6DAC801163D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light 2\ph\work\bin\x64\DyingLightGame_x64_rwdi.exe (Techland S.A. -> Techland)
FirewallRules: [TCP Query User{690BA9F3-A3E8-4F7A-862B-10830C7F2519}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B815A28A-621E-4DB7-9F6B-217012DD9255}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C4A41513-34D0-48E5-8736-8F299CDCCF71}] => (Allow) C:\Program Files\EA Games\FIFA 22\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{81457AE9-CEE2-419A-8D42-476C9FD472DE}] => (Allow) C:\Program Files\EA Games\FIFA 22\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{8AE4F96E-CD1F-4364-9977-47D0AAAFDBEF}C:\xboxgames\forza horizon 5\content\forzahorizon5.exe] => (Allow) C:\xboxgames\forza horizon 5\content\forzahorizon5.exe (Access Denied)  [File not signed]
FirewallRules: [UDP Query User{DC13A1A9-C03C-4E0F-A7BA-D27D51A01932}C:\xboxgames\forza horizon 5\content\forzahorizon5.exe] => (Allow) C:\xboxgames\forza horizon 5\content\forzahorizon5.exe (Access Denied)  [File not signed]
FirewallRules: [{F1CAC9CF-5B9E-44DB-B8C8-63ADB4F99688}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe => No File
FirewallRules: [{C15BDF8C-0A73-453E-B881-BE67633D5FB1}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe => No File
FirewallRules: [{FC79BCDE-C785-42A3-AF13-5CB144C96AB6}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe => No File
FirewallRules: [{F576FEE8-04CC-4B79-B43C-2DD7F14E1598}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe => No File
FirewallRules: [{7451DD3A-54B8-4568-A6CC-0483441CB6D0}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe => No File
FirewallRules: [{18D32FFA-748C-43C2-B553-AC995E271705}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe => No File
FirewallRules: [{42D9AC4C-E0AC-40BC-8FDF-1C7A24AE50FF}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe => No File
FirewallRules: [{6CDCD3EB-F124-470E-89D1-C56E2C07B604}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.37\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9446E306-4C56-4AC7-B66A-19E2FA3DC965}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe => No File
FirewallRules: [{F4D3D716-2FBC-4E91-A963-BA89B6A3B3B6}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe => No File
FirewallRules: [{4B1718F1-7444-4702-B27B-CA1D5BD9CA7E}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe => No File
FirewallRules: [{41329B3A-C7A9-478E-BFFE-8E8193AAB3C2}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe => No File
FirewallRules: [TCP Query User{C7F77E08-0550-41B4-9F8E-BE3312BBAF22}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{5C7E5335-A3DE-47AA-B85E-3FD9B0F24E1C}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)

==================== Restore Points =========================

25-06-2022 16:02:59 Windows Modules Installer
25-06-2022 16:03:22 Windows Modules Installer
26-06-2022 14:26:26 Removed ARMOURY CRATE Lite Service
26-06-2022 15:36:34 Installed ENE RGB HAL
26-06-2022 15:36:41 Installed ENE RGB HAL
26-06-2022 15:37:09 Removed ENE RGB HAL
26-06-2022 16:18:37 Removed ARMOURY CRATE Lite Service
26-06-2022 16:37:25 Removed ARMOURY CRATE Lite Service
26-06-2022 16:38:26 Removed AURA lighting effect add-on
26-06-2022 16:38:40 Removed AURA lighting effect add-on x64
26-06-2022 18:06:22 Installed CORSAIR iCUE 4 Software

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/26/2022 06:39:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RemoveAI3Files.exe, Version: 0.0.0.0, Zeitstempel: 0x620394f2
Name des fehlerhaften Moduls: RemoveAI3Files.exe, Version: 0.0.0.0, Zeitstempel: 0x620394f2
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00014f4b
ID des fehlerhaften Prozesses: 0x3070
Startzeit der fehlerhaften Anwendung: 0x01d8897b2d38a448
Pfad der fehlerhaften Anwendung: C:\Users\Pauli\Downloads\UninstallAI3Tool_1.00.04\UninstallAI3Tool_1.00.04\RemoveAI3Files.exe
Pfad des fehlerhaften Moduls: C:\Users\Pauli\Downloads\UninstallAI3Tool_1.00.04\UninstallAI3Tool_1.00.04\RemoveAI3Files.exe
Berichtskennung: 2cd1de67-9732-4acf-a58b-701a64407803
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/26/2022 06:39:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atkexComSvc.exe, Version: 1.0.0.1, Zeitstempel: 0x607d5366
Name des fehlerhaften Moduls: atkexComSvc.exe, Version: 1.0.0.1, Zeitstempel: 0x607d5366
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001e580
ID des fehlerhaften Prozesses: 0x32d8
Startzeit der fehlerhaften Anwendung: 0x01d8897b4152b389
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\AXSP\4.02.06\atkexComSvc.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\ASUS\AXSP\4.02.06\atkexComSvc.exe
Berichtskennung: b5588d8b-ca64-4fe8-84ca-4b7eeb820da4
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/26/2022 06:37:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Pauls_Gaming_PC)
Description: Die Anwendung oder der Dienst "ARMOURY CRATE Service" konnte nicht neu gestartet werden.

Error: (06/26/2022 06:37:01 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Pauls_Gaming_PC)
Description: Die Anwendung oder der Dienst "ARMOURY CRATE Service" konnte nicht heruntergefahren werden.

Error: (06/26/2022 06:33:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm ArmouryCrate.exe Version 0.0.0.0 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f38

Startzeit: 01d8897a505f931b

Beendigungszeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.1.5.0_x64__qmba6cd70vzyy\ArmouryCrate.exe

Bericht-ID: 97a08ba3-f9ee-4277-a740-3e50fcb72107

Vollständiger Name des fehlerhaften Pakets: B9ECED6F.ArmouryCrate_5.1.5.0_x64__qmba6cd70vzyy

Relative Anwendungs-ID des fehlerhaften Pakets: App

Absturztyp: Quiesce

Error: (06/26/2022 06:30:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm ArmouryCrate.exe Version 0.0.0.0 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 367c

Startzeit: 01d88979637b144c

Beendigungszeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.1.5.0_x64__qmba6cd70vzyy\ArmouryCrate.exe

Bericht-ID: c2da40a8-d77b-4058-b5ab-06efa1bd8aa2

Vollständiger Name des fehlerhaften Pakets: B9ECED6F.ArmouryCrate_5.1.5.0_x64__qmba6cd70vzyy

Relative Anwendungs-ID des fehlerhaften Pakets: App

Absturztyp: Quiesce

Error: (06/26/2022 06:25:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm ArmouryCrate.exe Version 0.0.0.0 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2a28

Startzeit: 01d88978e6ab863f

Beendigungszeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.1.5.0_x64__qmba6cd70vzyy\ArmouryCrate.exe

Bericht-ID: 8f8d13b8-d6f5-4abf-a064-281f899f360f

Vollständiger Name des fehlerhaften Pakets: B9ECED6F.ArmouryCrate_5.1.5.0_x64__qmba6cd70vzyy

Relative Anwendungs-ID des fehlerhaften Pakets: App

Absturztyp: Quiesce

Error: (06/26/2022 05:19:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Pauls_Gaming_PC)
Description: Die Anwendung oder der Dienst "ArmouryCrateService" konnte nicht neu gestartet werden.


System errors:
=============
Error: (06/27/2022 10:26:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (45000 ms) wurde beim Verbindungsversuch mit dem Dienst asComSvc erreicht.

Error: (06/27/2022 10:25:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AsusCertService" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (06/27/2022 10:25:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "cplspcon" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler

Error: (06/27/2022 10:25:16 AM) (Source: DCOM) (EventID: 10010) (User: Pauls_Gaming_PC)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (06/27/2022 10:24:38 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: Pauls_Gaming_PC)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LocalGPO-S-1-5-21-1424437550-2087844553-323541659-1001" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden.

Error: (06/27/2022 10:06:09 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{A99B7A34-7B15-42D4-B39D-6C218B5A2543} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (06/27/2022 09:40:50 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{A99B7A34-7B15-42D4-B39D-6C218B5A2543} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (06/26/2022 09:46:01 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: Pauls_Gaming_PC)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LocalGPO-S-1-5-21-1424437550-2087844553-323541659-1001" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden.


Windows Defender:
================
Date: 2022-06-27 10:06:09
Description: 
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Videos\Tdbswd56spcap zu ändern.
Erkennungszeit: 2022-06-27T08:06:09.661Z
Benutzer: Pauls_Gaming_PC\Pauli
Pfad: %userprofile%\Videos\Tdbswd56spcap
Prozessname: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Sicherheitsversion: 1.369.287.0
Modulversion: 1.1.19300.2
Produktversion: 4.18.2205.7

Date: 2022-06-27 10:06:09
Description: 
C:\Users\Pauli\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Documents\Rockstar Games\GTA V\ zu ändern.
Erkennungszeit: 2022-06-27T08:06:09.660Z
Benutzer: Pauls_Gaming_PC\Pauli
Pfad: %userprofile%\Documents\Rockstar Games\GTA V\
Prozessname: C:\Users\Pauli\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
Sicherheitsversion: 1.369.287.0
Modulversion: 1.1.19300.2
Produktversion: 4.18.2205.7

Date: 2022-06-27 09:48:12
Description: 
C:\Windows\System32\svchost.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Videos zu ändern.
Erkennungszeit: 2022-06-27T07:48:12.012Z
Benutzer: Pauls_Gaming_PC\Pauli
Pfad: %userprofile%\Videos
Prozessname: C:\Windows\System32\svchost.exe
Sicherheitsversion: 1.369.287.0
Modulversion: 1.1.19300.2
Produktversion: 4.18.2205.7

Date: 2022-06-27 09:40:53
Description: 
C:\Users\Pauli\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Documents\Rockstar Games\GTA V\ zu ändern.
Erkennungszeit: 2022-06-27T07:40:53.327Z
Benutzer: Pauls_Gaming_PC\Pauli
Pfad: %userprofile%\Documents\Rockstar Games\GTA V\
Prozessname: C:\Users\Pauli\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
Sicherheitsversion: 1.369.287.0
Modulversion: 1.1.19300.2
Produktversion: 4.18.2205.7

Date: 2022-06-27 09:40:53
Description: 
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Videos\Tdbswd56spcap zu ändern.
Erkennungszeit: 2022-06-27T07:40:53.327Z
Benutzer: Pauls_Gaming_PC\Pauli
Pfad: %userprofile%\Videos\Tdbswd56spcap
Prozessname: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Sicherheitsversion: 1.369.287.0
Modulversion: 1.1.19300.2
Produktversion: 4.18.2205.7

CodeIntegrity:
===============
Date: 2022-06-06 20:42:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-06 20:15:19
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0418 10/12/2021
Motherboard: ASUSTeK COMPUTER INC. TUF GAMING B660-PLUS WIFI D4
Processor: 12th Gen Intel(R) Core(TM) i5-12400
Percentage of memory in use: 18%
Total physical RAM: 32509.4 MB
Available physical RAM: 26488.32 MB
Total Virtual: 37373.4 MB
Available Virtual: 29314.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.79 GB) (Free:94.89 GB) (Model: Samsung SSD 970 EVO Plus 1TB) NTFS

\\?\Volume{0816333f-f890-4581-955e-76fe023609d7}\ () (Fixed) (Total:0.6 GB) (Free:0.08 GB) NTFS
\\?\Volume{77f49904-ead3-4c93-8b25-6a0466739b74}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

--- --- ---

--- --- ---

M-K-D-B · 27.06.2022, 13:33

Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...

Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.

Schritt 1

Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
Rechtsklicke auf FRST64 und wähle Umbenennen.
Benenne FRST64 in Uninstall um.
Starte Uninstall.
FRST und die dazugehörigen Dateien/Odner werden entfernt.
Klicke auf Ok, um den Rechner zum Abschluss neu zu starten.

Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen:

Lesestoff:
Anleitung: Maßnahmen zur Absicherung des Rechners

Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B · 28.06.2022, 16:00

Wir sind froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

28.06.2022, 16:00	#36
M-K-D-B /// TB-Ausbilder	Windows 11 Pro: Policy in Edge Browser nicht deaktivierbar, lädt activeserachbar.me Hijacker Erweiterung Wir sind froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

Windows 11 Pro: Policy in Edge Browser nicht deaktivierbar, lädt activeserachbar.me Hijacker Erweiterung

Log-Analyse und Auswertung: Windows 11 Pro: Policy in Edge Browser nicht deaktivierbar, lädt activeserachbar.me Hijacker Erweiterung