Windows 10: PUP.Adware.Heuristic Hallo zusammen,
seit ein paar Monaten hat sich hin und wieder in meinem Browser (Microsoft Edge) ein Fenster ohne Inhalt kurz geöffnet und schnell wieder geschlossen. Gestern kam es öfter vor und in meinem Suchverlauf habe ich dann gesehen, dass das Fenster durch meine gesamte Historie immer wieder auftaucht, immer mit demselben Link mit einer Zahlenfolge (ging mit 127. los). Ich habe im Anschluss den AdwCleaner durchlaufen lassen und der hat sehr viele Bedrohungen erkannt. Ich habe sie alle in Quarantäne verschoben und gelöscht und den PC neu gestartet, aber die PUP.Adware.Heuristic Malware ist immer wieder erschienen. Ich gehe davon aus, dass der Trojaner über den LaTex-Editor auf meinen PC gelangt ist (ich glaube es waren Texmaker und MikTex Installer, die hatte ein Freund im August runtergeladen.) Ich habe die Programme gestern sofort gelöscht. Gleichzeitig hat sich gestern dann noch mein Dokumente Ordner kurz geöffnet und es erschien kurz "Dokumente kopieren." Ich habe dann den Browser bereinigt und auf seine Standardeinstellungen zurückgesetzt. Über Nacht habe ich meinen Computer zurückgesetzt und Windows wurde neu installiert, aber die Malware ist immer noch drauf. Heute habe ich wieder den AdwCleaner durchlaufen lassen (erschien wieder PUP.Adware.Heuristic) und zusätzlich
Malwarebytes und es wurde wieder viel gefunden (pup.optional.amazon1button, PUP.Optional.ChipDe, pup.optional.bundleinstaller, PUP.Optional.Amazon1Button.AppFlsh). Die Logdateien sind leider zu groß für einen Beitrag, daher folgen mehrere Posts. (Anmerkung zu den Logs von AdwCleaner: die Preinstalled Software habe ich aus der Quarantäne wieder hergestellt.)
FRST.txt
Code:
Alles auswählen Aufklappen ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2025
Ran by Emilie (administrator) on LAPTOP-9AF8ONMC (Acer Aspire VN7-792G) (18-02-2025 09:54:09)
Running from C:\Users\Emilie\Downloads\FRSTEnglish.exe
Loaded Profiles: Emilie
Platform: Microsoft Windows 10 Home Version 22H2 19045.5487 (X64) Language: Deutsch (Deutschland)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe ->) (Acer Incorporated -> Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(C:\Program Files\Acer\Acer Quick Access\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(C:\Program Files\Acer\Acer Quick Access\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe <2>
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(explorer.exe ->) () [File not signed] C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(explorer.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe <4>
(explorer.exe ->) (BINARYLABS LIMITED -> Binarylabs LTD) C:\Windows.old\Users\Emilie\AppData\Roaming\BitCleaner\BitCleaner Tasker.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxEM.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(services.exe ->) (Acer Incorporated -> acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(services.exe ->) (Intel(R) CN -> Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.471.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(services.exe ->) (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\OEM\Preload\FubTracking\FubTracking.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
(svchost.exe ->) (Acer Incorporated -> Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(svchost.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18242040 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489400 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] () [File not signed]
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [1710056 2015-07-14] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated -> Acer Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2862171838-2850908273-2982186409-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [619520 2025-02-17] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\Users\Emilie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitCleaner Tasker.lnk [2025-02-18] <==== ATTENTION
ShortcutTarget: BitCleaner Tasker.lnk -> C:\Windows.old\Users\Emilie\AppData\Roaming\BitCleaner\BitCleaner Tasker.exe (BINARYLABS LIMITED -> Binarylabs LTD) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2025-02-18]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> Gen Digital Inc.)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {25746121-EB7E-4B7E-9BA4-27CAC8316AA5} - \Power Button -> No File <==== ATTENTION
Task: {4F117C79-2706-4FBF-A748-C0259F51CEFA} - \Software Update Application -> No File <==== ATTENTION
Task: {511D4F70-5C34-4428-AFAE-10D347114DCB} - \Microsoft\Windows\Windows Defender\Windows Defender Verification -> No File <==== ATTENTION
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {6A1AECEC-0766-473B-AE79-EAAA31DE758F} - \ACCAgent -> No File <==== ATTENTION
Task: {6A250F7B-4F8A-4FEA-8CAE-31F28DA85202} - \ACCBackgroundApplication -> No File <==== ATTENTION
Task: {6C488413-8509-4D62-94EB-159DC0C33122} - \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan -> No File <==== ATTENTION
Task: {7A003965-A297-4DC6-B15B-852D798391E0} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION
Task: {7F4D5DE3-08C8-4008-AC82-C84BCA4B16DB} - \FUBTrackingByPLD -> No File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {8D20A4DC-B257-40AB-809F-565BEC5D3B5E} - \Quick Access -> No File <==== ATTENTION
Task: {932EC946-767B-4FAA-9B54-A4A4A2DF1822} - \AcerCloud -> No File <==== ATTENTION
Task: {93C99DC9-B400-40D5-A6DF-4310EAF3F1A6} - \Avast SecureLine -> No File <==== ATTENTION
Task: {992AC68E-7168-40E1-B170-A736E71585A5} - \Microsoft\Office\Microsoft Office Touchless Attach Notification -> No File <==== ATTENTION
Task: {A364E297-00AD-490D-900E-22AC34598C71} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION
Task: {BD02C08D-BA88-414E-A5E4-15FAFEB09DF3} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance -> No File <==== ATTENTION
Task: {C33F4607-C279-4257-9039-34FF9FE1F21A} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {E135F27F-CC77-4798-8095-E4F7E716DE31} - \Microsoft\Windows\Windows Defender\Windows Defender Cleanup -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {E98AFDFB-4B5D-4DC1-9DCF-5DD16ED4B901} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {F8006B03-D7A9-4E99-BFB0-2AF3AE5864F6} - \UbtFrameworkService -> No File <==== ATTENTION
Task: {FBE1992D-A1B2-44DD-9601-A1A2F799B096} - \ACC -> No File <==== ATTENTION
Task: {FCC7232B-E99C-4A76-A1EE-F33DDD5CAE59} - \Power Management -> No File <==== ATTENTION
Task: {09512DFD-84D4-449F-9D11-9917471A5AA3} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [6077736 2025-02-18] (Avast Software s.r.o. -> Gen Digital Inc.) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramDat (the data entry has 80 more characters).
Task: {CC8E2FDE-48E1-4B14-B607-F03B518B236F} - System32\Tasks\Avast Software\Avast SecureLine VPN Emergency Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [3954984 2025-02-18] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {9D08D3AC-8019-46E8-9835-EE375177789D} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [8289064 2025-01-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {EF900057-1F28-42A8-90CF-6AE22A491782} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => C:\WINDOWS\system32\ResetEngine.exe [21480 2025-02-17] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3bea1b67-1567-4514-9a7e-1d29d203c030}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3bea1b67-1567-4514-9a7e-1d29d203c030}: [DhcpDomain] local
Tcpip\..\Interfaces\{e74f9852-4b1d-4422-9e19-da6e72942a19}: [DhcpNameServer] 192.17.128.24
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Emilie\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-18]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Emilie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-02-18]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
FireFox:
========
FF DefaultProfile: now364od.default
FF ProfilePath: C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default [2025-02-18]
FF Extension: (Amazon 1Button App for Firefox) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\abb@amazon.com [2025-02-18] [Legacy] [not signed]
FF Extension: (العربية Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-ar@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (български Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-bg@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-cs@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Dansk (da) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-da@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-de@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Greek (GR) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-el@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-en-US@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Español (España) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-es-ES@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Estonian Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-et@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Finnish Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-fi@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Français Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-fr@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-he@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-hu@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-it@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Japanese Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-ja@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Korean (KR) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-ko@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Lietuvių Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-lt@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Norsk bokmål (NO) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-nb-NO@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-nl@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Polski Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-pl@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Português Brasileiro Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-pt-BR@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Português (Portugal) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-pt-PT@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Russian (RU) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-ru@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Slovak (SK) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-sk@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-sl@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (српски (sr) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-sr@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-sv-SE@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Thai Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-th@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Türkçe (TR) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-tr@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Ukrainian (UA) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-uk@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-zh-CN@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\langpack-zh-TW@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\Emilie\AppData\Roaming\Mozilla\Firefox\Profiles\now364od.default\Extensions\partnerdefaults@mozilla.com [2025-02-18] [Legacy]
FF Extension: (العربية Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ar@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (български Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-bg@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Czech (CZ) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-cs@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Dansk (da) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-da@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Deutsch (DE) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-de@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Greek (GR) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-el@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Español (España) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-es-ES@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Estonian Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-et@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Finnish Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-fi@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Français Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-fr@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Hebrew (IL) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-he@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Magyar (HU) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-hu@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Italiano (IT) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-it@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Japanese Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ja@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Korean (KR) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ko@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Lietuvių Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-lt@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Norsk bokmål (NO) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-nb-NO@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Nederlands (NL) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-nl@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Polski Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pl@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Português Brasileiro Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pt-BR@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Português (Portugal) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pt-PT@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Russian (RU) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ru@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Slovak (SK) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sk@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Slovenski jezik Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sl@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (српски (sr) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sr@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Svenska (SE) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sv-SE@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Thai Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-th@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Türkçe (TR) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-tr@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Ukrainian (UA) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-uk@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-zh-CN@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-zh-TW@firefox.mozilla.org [2025-02-18] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2025-02-18] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2025-02-18] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-07-16] (McAfee, Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-07-16] (McAfee, Inc. -> )
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] (WildTangent Inc -> )
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-06] (Acer Incorporated -> Acer Incorporated)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163336 2016-09-19] (Dolby Laboratories, Inc. -> )
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated -> Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent Inc -> WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9483456 2025-02-18] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-02-18] (Malwarebytes Inc. -> Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754792 2015-07-16] (McAfee, Inc. -> McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-20] (McAfee, Inc. -> McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.471.0\McCSPServiceHost.exe [207344 2015-04-27] (McAfee, Inc. -> McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc. -> McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [232656 2015-06-29] (McAfee, Inc. -> McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [373704 2015-07-30] (McAfee, Inc. -> McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc. -> McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc. -> McAfee, Inc.)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-04] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-04] (Acer Incorporated -> Acer Incorporated)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [13032232 2025-02-18] (Avast Software s.r.o. -> Gen Digital Inc.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (Acer Incorporated -> acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 DCIService; C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [85776 2025-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Avast Software)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [800672 2025-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc. -> McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2025-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc. -> McAfee, Inc.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-02-18] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [202856 2025-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [80448 2025-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2025-02-18] (Malwarebytes Inc. -> Malwarebytes)
R2 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc. -> McAfee, Inc.)
R2 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc. -> McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc. -> McAfee, Inc.)
R2 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc. -> McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [492000 2015-05-26] (McAfee, Inc. -> McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109480 2015-05-26] (McAfee, Inc. -> McAfee, Inc.)
R2 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc. -> McAfee, Inc.)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [19616 2015-07-06] (Nvidia Corporation -> Windows (R) Win 7 DDK provider)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [76832 2022-09-30] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-18 09:48 - 2025-02-18 09:52 - 000036502 _____ C:\Users\Emilie\Downloads\Addition.txt
2025-02-18 09:39 - 2025-02-18 09:56 - 000037459 _____ C:\Users\Emilie\Downloads\FRST.txt
2025-02-18 09:38 - 2025-02-18 09:55 - 000000000 ____D C:\FRST
2025-02-18 09:33 - 2025-02-18 09:38 - 002403840 _____ (Farbar) C:\Users\Emilie\Downloads\FRSTEnglish.exe
2025-02-18 09:30 - 2025-02-18 09:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2025-02-18 09:26 - 2025-02-18 09:26 - 000000000 ____D C:\Users\Emilie\AppData\Local\CEF
2025-02-18 09:24 - 2025-02-18 09:24 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2025-02-18 09:24 - 2025-02-18 09:24 - 000000000 ____D C:\Users\Emilie\AppData\LocalLow\IGDump
2025-02-18 09:23 - 2025-02-18 09:23 - 000002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SecureLine VPN.lnk
2025-02-18 09:23 - 2025-02-18 09:23 - 000002141 _____ C:\Users\Public\Desktop\Avast SecureLine VPN.lnk
2025-02-18 09:23 - 2025-02-18 09:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2025-02-18 09:18 - 2025-02-18 09:18 - 000064789 _____ C:\Users\Emilie\Desktop\Malwarebytes Scan-Bericht 2025-02-18 090107.txt
2025-02-18 09:14 - 2025-02-18 09:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2025-02-18 09:00 - 2025-02-18 09:56 - 000000000 ____D C:\Users\Emilie\AppData\Local\Malwarebytes
2025-02-18 09:00 - 2025-02-18 09:00 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-02-18 09:00 - 2025-02-18 09:00 - 000002085 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-02-18 08:58 - 2025-02-18 08:58 - 002832624 _____ (Malwarebytes) C:\Users\Emilie\Downloads\MBSetup.exe
2025-02-18 08:58 - 2025-02-18 08:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-02-18 08:58 - 2025-02-18 08:58 - 000000000 ____D C:\Program Files\Malwarebytes
2025-02-18 08:57 - 2025-02-18 08:57 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2025-02-18 08:57 - 2025-01-30 09:28 - 000050976 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2025-02-18 08:55 - 2025-02-18 08:55 - 008790880 _____ (Malwarebytes) C:\Users\Emilie\Downloads\adwcleaner.exe
2025-02-18 08:53 - 2025-02-18 08:53 - 000000000 ____D C:\Users\Emilie\AppData\Roaming\AVAST Software
2025-02-18 08:24 - 2025-02-18 08:24 - 000000000 ____D C:\Users\Emilie\AppData\Roaming\Microsoft\Spelling
2025-02-18 08:20 - 2025-02-18 08:20 - 000000000 ____D C:\Users\Emilie\AppData\Local\CareCenter
2025-02-18 08:17 - 2025-02-18 08:17 - 000000000 ____D C:\Users\Emilie\AppData\Local\Comms
2025-02-18 08:11 - 2025-02-18 08:11 - 000000000 ____D C:\WINDOWS\oem
2025-02-18 08:04 - 2025-02-18 08:04 - 000000000 ____D C:\Users\Emilie\AppData\Local\NVIDIA
2025-02-18 08:03 - 2025-02-18 08:04 - 000000000 ____D C:\Users\Emilie\AppData\Local\Lavasoft
2025-02-18 08:02 - 2025-02-18 08:04 - 000000000 ____D C:\Users\Emilie\AppData\Roaming\Lavasoft
2025-02-18 08:02 - 2025-02-18 08:04 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2025-02-18 08:01 - 2025-02-18 08:04 - 000000000 ____D C:\ProgramData\Lavasoft
2025-02-18 08:00 - 2025-02-18 08:00 - 000000000 ____D C:\Program Files\Common Files\AV
2025-02-18 07:55 - 2025-02-18 07:55 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2862171838-2850908273-2982186409-1001
2025-02-18 07:54 - 2025-02-18 08:02 - 000000000 ____D C:\Users\Emilie\AppData\Local\Mozilla
2025-02-18 07:54 - 2025-02-18 07:55 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2862171838-2850908273-2982186409-1001
2025-02-18 07:54 - 2025-02-18 07:54 - 000000000 ____D C:\Users\Emilie\AppData\Roaming\Mozilla
2025-02-18 07:53 - 2025-02-18 07:53 - 000000000 ____D C:\Users\Emilie\AppData\Local\clear.fi
2025-02-18 07:51 - 2025-02-18 07:51 - 000000000 ____D C:\Users\Emilie\AppData\Local\Publishers
2025-02-18 07:50 - 2025-02-18 08:35 - 000000000 ____D C:\ProgramData\Packages
2025-02-18 07:50 - 2025-02-18 08:11 - 000000000 ____D C:\Users\Emilie\AppData\Local\AOP SDK
2025-02-18 07:47 - 2025-02-18 09:33 - 000000000 ____D C:\Users\Emilie\AppData\Local\Packages
2025-02-18 07:47 - 2025-02-18 07:47 - 000000000 ____D C:\Users\Emilie\AppData\Roaming\Microsoft\Network
2025-02-18 07:47 - 2025-02-18 07:47 - 000000000 ____D C:\Users\Emilie\AppData\Roaming\Adobe
2025-02-18 07:47 - 2025-02-18 07:47 - 000000000 ____D C:\Users\Emilie\AppData\Local\VirtualStore
2025-02-18 07:46 - 2025-02-18 08:08 - 000000000 ____D C:\Users\Emilie\AppData\Local\ConnectedDevicesPlatform
2025-02-18 07:46 - 2025-02-18 07:46 - 000000020 ___SH C:\Users\Emilie\ntuser.ini
2025-02-18 02:31 - 2025-02-18 02:31 - 000000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2025-02-18 02:31 - 2025-02-18 02:31 - 000000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2025-02-18 02:31 - 2025-02-18 02:31 - 000000000 _SHDL C:\ProgramData\Vorlagen
2025-02-18 02:31 - 2025-02-18 02:31 - 000000000 _SHDL C:\ProgramData\Startmenü
2025-02-18 02:31 - 2025-02-18 02:31 - 000000000 _SHDL C:\ProgramData\Dokumente
2025-02-18 02:31 - 2025-02-18 02:31 - 000000000 _SHDL C:\ProgramData\Anwendungsdaten
2025-02-18 02:31 - 2025-02-18 02:31 - 000000000 _SHDL C:\Program Files\Gemeinsame Dateien
2025-02-18 02:27 - 2025-02-18 02:27 - 000009518 _____ C:\Users\Emilie\Desktop\Entfernte Apps.html
2025-02-18 02:24 - 2025-02-18 02:24 - 000000000 ____D C:\Users\Emilie\AppData\Roaming\Microsoft\SystemCertificates
2025-02-18 02:24 - 2025-02-18 02:24 - 000000000 ____D C:\Users\Emilie\AppData\Roaming\Microsoft\Crypto
2025-02-18 02:19 - 2025-02-18 02:19 - 000022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2025-02-18 01:37 - 2025-02-18 07:55 - 000002390 _____ C:\Users\Emilie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-02-18 01:37 - 2025-02-18 07:47 - 000000000 ____D C:\Users\Emilie\AppData\Roaming\Microsoft\Windows
2025-02-18 01:37 - 2025-02-18 07:47 - 000000000 ____D C:\Users\Emilie
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\Vorlagen
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\Startmenü
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\Netzwerkumgebung
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\Lokale Einstellungen
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\Eigene Dateien
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\Druckumgebung
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\Documents\Eigene Videos
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\Documents\Eigene Musik
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\Documents\Eigene Bilder
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\AppData\Local\Verlauf
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\AppData\Local\Anwendungsdaten
2025-02-18 01:37 - 2025-02-18 01:37 - 000000000 _SHDL C:\Users\Emilie\Anwendungsdaten
2025-02-18 01:21 - 2025-02-18 01:21 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2025-02-18 01:03 - 2025-02-18 09:22 - 000000000 ____D C:\ProgramData\NVIDIA
2025-02-18 01:03 - 2025-02-18 01:28 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2025-02-18 01:03 - 2017-05-01 21:52 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2025-02-18 01:03 - 2017-05-01 21:51 - 006437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2025-02-18 01:03 - 2017-05-01 21:51 - 002479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2025-02-18 01:03 - 2017-05-01 21:51 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2025-02-18 01:03 - 2017-05-01 21:51 - 000548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2025-02-18 01:03 - 2017-05-01 21:51 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2025-02-18 01:03 - 2017-05-01 21:51 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2025-02-18 01:03 - 2017-05-01 21:51 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2025-02-18 01:03 - 2017-04-25 22:11 - 007944687 _____ C:\WINDOWS\system32\nvcoproc.bin
2025-02-18 01:02 - 2025-02-18 01:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2025-02-18 01:02 - 2025-02-18 01:26 - 000000000 ____D C:\Program Files (x86)\Intel
2025-02-18 01:02 - 2025-02-18 01:23 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2025-02-18 01:02 - 2025-02-18 01:22 - 000000000 ____D C:\Program Files\Intel
2025-02-18 01:02 - 2025-02-18 01:02 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2025-02-18 01:01 - 2025-02-18 01:28 - 000000000 ____D C:\Program Files (x86)\Realtek
2025-02-18 01:01 - 2025-02-18 01:01 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-02-18 01:01 - 2025-02-18 01:01 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-02-18 01:01 - 2025-02-18 01:01 - 000000102 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2025-02-18 01:01 - 2025-02-18 01:01 - 000000000 ____D C:\WINDOWS\system32\IntelSSTAPO
2025-02-18 01:01 - 2025-02-18 01:01 - 000000000 ____D C:\ProgramData\rtkSSTSetting
2025-02-18 01:01 - 2025-02-18 01:01 - 000000000 ____D C:\ProgramData\Dolby
2025-02-18 01:01 - 2025-02-18 01:01 - 000000000 ____D C:\Program Files\Dolby
2025-02-18 01:00 - 2025-02-18 01:34 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2025-02-18 01:00 - 2025-02-18 01:01 - 000000000 ____D C:\WINDOWS\system32\DAX2
2025-02-18 01:00 - 2025-02-18 01:00 - 002173918 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2025-02-18 01:00 - 2025-02-18 01:00 - 000000000 ____D C:\WINDOWS\system32\DAX3
2025-02-18 01:00 - 2025-02-18 01:00 - 000000000 ____D C:\Program Files\Realtek
2025-02-18 01:00 - 2025-02-18 01:00 - 000000000 ____D C:\Program Files\Common Files\Atheros
2025-02-18 00:58 - 2025-02-18 07:57 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-02-18 00:58 - 2025-02-18 07:57 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-02-18 00:57 - 2025-02-18 00:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-02-18 00:56 - 2025-02-18 09:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-02-18 00:27 - 2025-02-18 07:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-02-18 00:27 - 2025-02-18 00:27 - 000268240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-02-18 00:21 - 2025-02-18 03:00 - 000000000 ____D C:\WINDOWS\Panther
2025-02-17 23:43 - 2025-02-18 03:00 - 000000000 ____D C:\Windows.old
2025-02-17 23:41 - 2025-02-17 23:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2025-02-17 23:29 - 2025-02-18 08:01 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-02-17 23:29 - 2025-02-17 23:30 - 000000000 ____D C:\WINDOWS\system32\compatrel
2025-02-17 23:29 - 2025-02-17 23:29 - 000000000 ____D C:\WINDOWS\InboxApps
2025-02-17 23:29 - 2025-02-17 23:29 - 000000000 ____D C:\ProgramData\ssh
2025-02-17 23:11 - 2025-02-17 23:11 - 000022205 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-02-17 23:06 - 2025-02-17 23:06 - 000022205 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-02-17 22:37 - 2025-02-17 22:37 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2025-02-17 22:37 - 2025-02-17 22:37 - 000000000 ____D C:\Program Files\Reference Assemblies
2025-02-17 22:37 - 2025-02-17 22:37 - 000000000 ____D C:\Program Files\MSBuild
2025-02-17 22:37 - 2025-02-17 22:37 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2025-02-17 22:37 - 2025-02-17 22:37 - 000000000 ____D C:\Program Files (x86)\MSBuild
2025-02-17 22:34 - 2025-02-17 22:34 - 000000000 ____D C:\WINDOWS\system32\Intel
2025-02-17 22:34 - 2025-02-17 22:34 - 000000000 ____D C:\WINDOWS\system32\cAVS
2025-02-17 22:33 - 2025-02-17 22:33 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2025-02-17 22:32 - 2025-02-17 22:32 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2025-02-17 21:28 - 2025-02-18 02:27 - 000000000 ___HD C:\$SysReset
2025-02-17 13:27 - 2025-02-18 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2025-02-17 13:23 - 2025-02-17 13:35 - 000000000 ____D C:\AdwCleaner
2025-02-14 12:10 - 2025-02-14 12:10 - 002371552 _____ C:\Users\Emilie\Downloads\screencapture-kbbjobs-softgarden-io-job-52655704-Volontar-in-Publikationspraktiken-Schwerpunkt-Redaktion-w-m-d-2025-02-14-12_09_51.pdf
2025-02-12 16:04 - 2025-02-12 16:04 - 000000000 ___HD C:\$WinREAgent
2025-02-12 12:21 - 2025-02-12 12:21 - 004420943 _____ C:\Users\Emilie\Downloads\screencapture-goodjobs-eu-jobs-junior-crm-managerin-momox-se-2025-02-12-12_21_30.pdf
2025-02-10 14:40 - 2025-02-10 14:40 - 002234243 _____ C:\Users\Emilie\Downloads\screencapture-flotte-lotte-berlin-de-jobs-2025-02-10-14_40_06.pdf
2025-02-06 16:05 - 2025-02-06 16:06 - 000000000 ____D C:\Users\Emilie\Documents\ADAC_Auslandskrankenversicherung
2025-02-06 12:26 - 2025-02-06 12:26 - 000100384 _____ C:\Users\Emilie\Downloads\20250113_225512_SCHREIBEN.pdf
2025-02-06 12:26 - 2025-02-06 12:26 - 000079950 _____ C:\Users\Emilie\Downloads\20241212_150914_SCHREIBEN.pdf
2025-02-06 11:29 - 2025-02-06 11:29 - 000000832 _____ C:\Users\Emilie\Downloads\ical.ics
2025-02-05 20:33 - 2025-02-18 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2025-02-05 11:47 - 2025-02-05 11:47 - 000190374 _____ C:\Users\Emilie\Downloads\Lebenslauf_*****, Emilie_2025.pdf
2025-02-05 11:44 - 2025-02-05 11:44 - 000185126 _____ C:\Users\Emilie\Downloads\Lebenslauf_*****,Emilie (1).pdf
2025-02-03 18:13 - 2025-02-03 18:13 - 002520612 _____ C:\Users\Emilie\Downloads\screencapture-join-companies-quintusstudios-13441555-junior-acquisitions-manager-m-f-d-2025-02-03-18_13_20.pdf
2025-02-03 18:02 - 2025-02-03 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2025-02-03 12:02 - 2025-02-03 12:02 - 001841686 _____ C:\Users\Emilie\Downloads\screencapture-duh-jobs-de-jobs-53047959-Trainee-w-m-d-im-Team-Presse-und-Kommunikation-2025-02-03-12_02_28.pdf
2025-02-01 10:34 - 2025-02-01 10:34 - 005049282 _____ C:\Users\Emilie\Downloads\screencapture-sonypicturesjobs-job-berlin-digital-marketing-manager-m-w-d-22978-76059651296-2025-02-01-10_34_12.pdf
2025-01-30 11:07 - 2025-01-30 11:07 - 004430477 _____ C:\Users\Emilie\Downloads\screencapture-sonypicturesjobs-job-berlin-booker-sales-analyst-im-bereich-film-disposition-m-w-d-22978-73662561280-2025-01-30-11_06_49.pdf
2025-01-26 12:08 - 2025-01-26 12:08 - 004486333 _____ C:\Users\Emilie\Downloads\screencapture-goodjobs-eu-jobs-mitarbeiterin-im-bereich-sexuelle-bildung-better-birth-control-ev-2025-01-26-12_07_47.pdf
2025-01-24 12:55 - 2025-01-24 12:55 - 000207360 _____ C:\Users\Emilie\Downloads\Anschreiben_***** Emilie.pdf
2025-01-24 12:54 - 2025-01-24 12:54 - 000188848 _____ C:\Users\Emilie\Downloads\Lebenslauf_***** Emilie_2025.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-18 09:58 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-02-18 09:30 - 2019-12-07 15:50 - 000744902 _____ C:\WINDOWS\system32\perfh007.dat
2025-02-18 09:30 - 2019-12-07 15:50 - 000150288 _____ C:\WINDOWS\system32\perfc007.dat
2025-02-18 09:30 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-02-18 09:30 - 2015-08-31 12:01 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-02-18 09:29 - 2015-08-31 11:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-02-18 09:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-02-18 09:24 - 2016-09-03 18:26 - 000000000 __SHD C:\Users\Emilie\IntelGraphicsProfiles
2025-02-18 09:23 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-02-18 09:23 - 2015-08-31 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2025-02-18 09:23 - 2015-08-31 11:50 - 000000000 ____D C:\ProgramData\AVAST Software
2025-02-18 09:22 - 2020-08-13 00:29 - 000008192 ___SH C:\DumpStack.log.tmp
2025-02-18 09:22 - 2015-08-31 11:50 - 000000000 ____D C:\Program Files\AVAST Software
2025-02-18 09:21 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-02-18 09:12 - 2016-02-26 04:13 - 000000000 ____D C:\Program Files (x86)\Amazon
2025-02-18 09:00 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-02-18 08:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2025-02-18 08:20 - 2015-08-31 11:50 - 000000000 ____D C:\ProgramData\OEM
2025-02-18 08:13 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2025-02-18 08:12 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-02-18 08:10 - 2015-08-31 11:52 - 000000000 ____D C:\Program Files (x86)\McAfee
2025-02-18 08:00 - 2015-08-31 11:52 - 000000000 ____D C:\ProgramData\McAfee
2025-02-18 07:54 - 2016-09-03 18:29 - 000000000 ___RD C:\Users\Emilie\OneDrive
2025-02-18 07:49 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-18 07:47 - 2017-11-24 10:10 - 000000000 ___RD C:\Users\Emilie\3D Objects
2025-02-18 07:47 - 2015-08-31 11:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2025-02-18 03:01 - 2019-12-07 15:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2025-02-18 03:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-18 02:31 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows NT
2025-02-18 02:28 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2025-02-18 02:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2025-02-18 02:26 - 2019-07-25 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2025-02-18 02:24 - 2019-12-07 10:14 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2025-02-18 02:18 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2025-02-18 02:18 - 2015-07-10 12:04 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2025-02-18 01:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-02-18 01:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2025-02-18 01:34 - 2016-02-26 03:47 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2025-02-18 01:34 - 2015-07-10 12:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2025-02-18 01:34 - 2015-07-10 12:04 - 000000000 ____D C:\WINDOWS\system32\Macromed
2025-02-18 01:33 - 2019-12-07 15:52 - 000000000 ____D C:\WINDOWS\OCR
2025-02-18 01:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Resources
2025-02-18 01:33 - 2016-02-26 11:59 - 000000000 ____D C:\WINDOWS\NAPP_Dism_Log
2025-02-18 01:33 - 2015-07-10 12:04 - 000000000 ___RD C:\WINDOWS\PurchaseDialog
2025-02-18 01:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Help
2025-02-18 01:32 - 2015-07-10 12:04 - 000000000 ___RD C:\WINDOWS\DesktopTileResources
2025-02-18 01:30 - 2016-02-26 04:15 - 000000000 ____D C:\Users\Public\Foxit Software
2025-02-18 01:30 - 2016-02-26 04:15 - 000000000 ____D C:\Users\Public\CyberLink
2025-02-18 01:30 - 2015-08-31 11:50 - 000000000 ____D C:\ProgramData\WildTangent
2025-02-18 01:29 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2025-02-18 01:29 - 2016-02-26 04:15 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2025-02-18 01:29 - 2016-02-26 04:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2025-02-18 01:29 - 2016-02-26 04:14 - 000000000 ____D C:\ProgramData\Temp
2025-02-18 01:29 - 2016-02-26 04:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2025-02-18 01:29 - 2016-02-26 03:44 - 000000000 ____D C:\ProgramData\Package Cache
2025-02-18 01:29 - 2015-08-31 11:51 - 000000000 ____D C:\ProgramData\Mozilla
2025-02-18 01:29 - 2015-08-31 11:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2025-02-18 01:29 - 2015-08-31 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2025-02-18 01:29 - 2015-08-31 11:49 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2025-02-18 01:28 - 2016-02-26 04:15 - 000000000 ____D C:\ProgramData\CyberLink
2025-02-18 01:28 - 2016-02-26 04:15 - 000000000 ____D C:\ProgramData\CLSK
2025-02-18 01:28 - 2016-02-26 04:14 - 000000000 ____D C:\ProgramData\install_clap
2025-02-18 01:28 - 2016-02-26 03:47 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2025-02-18 01:28 - 2016-02-26 03:45 - 000000000 ____D C:\ProgramData\Intel
2025-02-18 01:28 - 2016-02-26 03:44 - 000000000 ____D C:\ProgramData\DriverSetupUtility
2025-02-18 01:28 - 2015-08-31 11:50 - 000000000 ____D C:\ProgramData\Acer
2025-02-18 01:28 - 2015-08-31 11:50 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2025-02-18 01:28 - 2015-08-31 11:50 - 000000000 ____D C:\Program Files (x86)\WildGames
2025-02-18 01:26 - 2016-02-26 04:15 - 000000000 ____D C:\Program Files (x86)\Foxit PhantomPDF
2025-02-18 01:26 - 2016-02-26 03:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2025-02-18 01:26 - 2016-02-26 03:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-02-18 01:26 - 2015-08-31 11:52 - 000000000 ____D C:\Program Files (x86)\mcafee.com
2025-02-18 01:25 - 2016-02-26 04:15 - 000000000 ____D C:\Program Files (x86)\CyberLink
2025-02-18 01:24 - 2015-08-31 11:50 - 000000000 ____D C:\Program Files (x86)\Acer
2025-02-18 01:23 - 2015-08-31 11:52 - 000000000 ____D C:\Program Files\mcafee.com
2025-02-18 01:23 - 2015-08-31 11:52 - 000000000 ____D C:\Program Files\mcafee
2025-02-18 01:23 - 2015-07-10 14:14 - 000000000 ____D C:\Program Files\Windows Journal
2025-02-18 01:22 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-02-18 01:22 - 2016-02-26 03:48 - 000000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2025-02-18 01:22 - 2016-02-26 03:44 - 000000000 ____D C:\Program Files\DriverSetupUtility
2025-02-18 01:22 - 2015-08-31 11:52 - 000000000 ____D C:\Program Files\Common Files\McAfee
2025-02-18 01:22 - 2015-08-31 11:52 - 000000000 ____D C:\Program Files\Acer
2025-02-18 01:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2025-02-18 00:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-02-18 00:19 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2025-02-18 00:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2025-02-18 00:19 - 2018-01-24 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2025-02-17 23:42 - 2021-12-06 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2025-02-17 23:42 - 2020-03-24 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2020
2025-02-17 23:30 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-02-17 23:30 - 2019-12-07 15:50 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2025-02-17 23:30 - 2019-12-07 15:50 - 000000000 ____D C:\WINDOWS\system32\de
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemApps
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-02-17 23:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2025-02-17 23:29 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Portable Devices
2025-02-17 23:29 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-02-17 23:29 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2025-02-17 23:29 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2025-02-17 23:29 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-02-17 23:29 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\schemas
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2025-02-17 23:29 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2025-02-17 23:29 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2025-02-17 23:27 - 2019-12-07 15:54 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2025-02-17 23:27 - 2019-12-07 15:54 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2025-02-17 23:27 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2025-02-17 23:27 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2025-02-17 22:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2025-02-17 22:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2025-02-04 19:18 - 2015-08-31 11:51 - 000001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-01-21 18:36 - 2019-12-20 19:02 - 000000000 ____D C:\Users\Emilie\Documents\Tickets
2025-01-19 16:17 - 2024-12-06 17:03 - 000000000 ____D C:\Users\Emilie\Documents\Kleinanzeigen und Vinted
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition.txt
Code:
Alles auswählen Aufklappen ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-02-2025
Ran by Emilie (18-02-2025 10:02:45)
Running from C:\Users\Emilie\Downloads
Microsoft Windows 10 Home Version 22H2 19045.5487 (X64) (2025-02-18 02:00:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2862171838-2850908273-2982186409-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2862171838-2850908273-2982186409-503 - Limited - Disabled)
Emilie (S-1-5-21-2862171838-2850908273-2982186409-1001 - Administrator - Enabled) => C:\Users\Emilie
Gast (S-1-5-21-2862171838-2850908273-2982186409-501 - Limited - Disabled)
SophosSAULAPTOP-9aaa (S-1-5-21-2862171838-2850908273-2982186409-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2862171838-2850908273-2982186409-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-8d9b4f73-bb47-4fea-917d-c50dd2ffed5c) (Version: 3.0.2.118 - WildTangent) Hidden
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3005 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3008 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 25.1.11083.14496 - Avast Software)
CyberLink PowerDVD 12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5427.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5427.02 - CyberLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Home Makeover (HKLM-x32\...\WTA-ff512562-ab4b-4aae-9e8c-1d09bd47ac58) (Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Chipset Device Software (HKLM\...\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}) (Version: 10.1.1.9 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{5BD7E621-9791-4D9F-A620-1BA51153B749}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{A53B7EAB-86BD-4F16-8C44-011B1376326A}) (Version: 11.0.0.1162 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{555B1C57-E71B-4775-BC1D-627EEF693F0D}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{30E935B2-0DAC-455E-AC76-3C8504DC3D18}) (Version: 30.100.1519.07 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
Jewel Match 3 (HKLM-x32\...\WTA-679326c7-f13f-4d56-ae2e-6a7fee2304c7) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-ad853ef4-00ea-4eae-8b6e-18dee9cd5722) (Version: 3.0.2.118 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-4c57b906-a5ca-4c03-9798-68e13f3261f1) (Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes version 5.2.6.163 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.6.163 - Malwarebytes)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1122 - McAfee, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 133.0.3065.69 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2862171838-2850908273-2982186409-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-d421feba-0407-4288-b40c-de6252d31e83) (Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.0099 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8083 - Realtek Semiconductor Corp.)
Rory's Restaurant (HKLM-x32\...\WTA-6e35cc10-c9f5-48e9-baf9-e03aec7ff14d) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-4527bc60-c537-4ef8-8c87-cc9539bb1241) (Version: 3.0.2.126 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden
Packages:
=========
Acer Explorer -> C:\Program Files\WindowsApps\acerincorporated.acerexplorer_2.0.3007.0_x86__48frkmn4z8aw4 [2025-02-18] (Acer Incorporated)
Kindle -> C:\Program Files\WindowsApps\amznmobilellc.kindleforwindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2025-02-18] (AMZN Mobile LLC)
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2025-02-18] (MAGIX)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated -> Acer Incorporated)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-01-27] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2015-07-16] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-18] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxDTCM.dll [2016-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-18] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2015-07-16] (McAfee, Inc. -> McAfee, Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2015-05-06 18:06 - 2015-05-06 18:06 - 000086016 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Acer\AOP Framework\Interop.WUApiLib.2.0.dll
2016-02-26 04:05 - 2015-07-14 05:06 - 001942360 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Emilie\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Pictures:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Desktop\.dbxignore:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Desktop\Die ästhetische Psychologie Hugo Münsterbergs.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Desktop\Elements 10B8 - Verknüpfung.lnk:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Desktop\Masterarbeit_Final_Mutti.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Desktop\Office Home and Student 2016:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Desktop\Spotify.lnk:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\.dbxignore:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\0307190535.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\14_082_13727_Uebertragungsprotokoll_ESt_unbeschraenkt__ESt_1_A__2020 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\14_082_13727_Uebertragungsprotokoll_ESt_unbeschraenkt__ESt_1_A__2020.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\14_082_13727_Uebertragungsprotokoll_ESt_unbeschraenkt__ESt_1_A__2021.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Emilie\Downloads\2021-10141374.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\2022-12197991.pdf:com.dropbox.attrs [13]
AlternateDataStreams: C:\Users\Emilie\Downloads\2307191224.pdf:com.dropbox.attrs [13]
AlternateDataStreams: C:\Users\Emilie\Downloads\3E1D7D1F1242A569B31895DA3C0013B93465FE17(1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\3E1D7D1F1242A569B31895DA3C0013B93465FE17.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\4661823_t201402060_mit_Zusatzinfos.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\5072581_Wertermittlungsliste.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\9MYHZ8.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\Angebot-7099991-41393-00_2020-05-01_13-55.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\Anleitung_WISOSB20.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\ARC6903138750(1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\ARC6903138750.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Downloads\FRSTEnglish.exe:MBAM.Zone.Identifier [225]
AlternateDataStreams: C:\Users\Emilie\Documents\.dbxignore:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\AirDroid:com.dropbox.attrs [13]
AlternateDataStreams: C:\Users\Emilie\Documents\amazon_bestellung_glühbirne_a.PNG:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\ausschreibung_projektbearbeiter_in_zip_2022_0.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Barmer_Unterlagen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Benutzerdefinierte Office-Vorlagen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Bewerbungen_Alt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Bürgeramt:com.dropbox.attrs [13]
AlternateDataStreams: C:\Users\Emilie\Documents\CyberLink:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Deutsche Bank:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\DKB:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Eigene Bilder:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Erasmus+2018:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Favorites:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Fax:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\FitX-2020-04-06_Kuendigung.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Flamenco:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\HandyHüllle_Bestellung.PNG:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Emilie\Documents\Hörbücher und Comedy:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Immatrikulationsbescheinigungen_BA:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Indien-Unterlagen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Jobs2022.PNG:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\JobsNGO_Savethechildren.PNG:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Kottbusser Damm 8:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Kreuzworträtsel_Geburtstag_Kerstin.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Kurzarbeit_Vereinbarung_Emilie*****.jpg:�3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams: C:\Users\Emilie\Documents\Kurzarbeit_Vereinbarung_Emilie*****.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Kurzarbeit_Vereinbarung_Emilie*****.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Emilie\Documents\Kurzarbeit_Vereinbarung_Emilie*****.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\*****, Emilie - Einkommensteuer 2019.steuer2019:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Lebenslauf_Emilie*****_Therapie.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\MADRID_2017_2018:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Master_Imma_Exma:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\NIE:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Outlook-Dateien:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Podcast.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Rückenkurs:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Sanitas:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Scanned Documents:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Smartmobil:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Steuer:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Synchronbuchautorin Kurs.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Tickets:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\Emilie\Documents\VID_20210121_191050.mp4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Wirbelsäulengymnastik:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\WS2016_2017 Masterarbeit:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Emilie\Documents\Übergabeprotokoll_Feuerbachstraße.pdf:com.dropbox.attrs [54]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
HKU\S-1-5-21-2862171838-2850908273-2982186409-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-2862171838-2850908273-2982186409-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-07-16] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-07-16] (McAfee, Inc. -> McAfee, Inc.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2862171838-2850908273-2982186409-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 12:04 - 2025-02-18 08:57 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2862171838-2850908273-2982186409-1001\Control Panel\Desktop\\Wallpaper -> c:\users\emilie\pictures\bilder\2019\img_20190531_123605.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys
Bluetooth-Netzwerkverbindung: Bluetooth Device (Personal Area Network) -> bthpan.sys
WLAN: Qualcomm Atheros QCA61x4A Wireless Network Adapter -> Qcamain10x64.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B72C14F9-5EBE-4CD4-B3FA-B14ACA07AAE7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F088D4B7-C4A1-4331-B8EC-B50800F00F46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2288632D-FF55-46FD-8F44-3DBB2F04F5E9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ECDC2DA5-4098-47C8-A2EA-62D812819CC6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.136.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2319136-30A8-41F3-8DE0-AAD1AB97DA1F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{8FAA3C7C-DE8C-4120-AC01-423E055ABA2F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{5F105548-94E8-4F32-9052-3694D8BBA11C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [{781DDE61-C9B9-4AA0-8467-5502CB428725}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe => No File
FirewallRules: [{BC00D19D-DCA3-4A98-8F4B-ECD74B3798B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{2D7EAABE-B4FC-46D1-866E-4F8D0D60829F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F79E32A1-C16E-4EC6-8E01-236B0BFE321A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{59B4438B-830C-4BED-A154-F63CC7EB45B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{86279AAC-4579-4651-B213-E30CD5425C5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{79231BD8-E4E4-4FC7-A65D-656F40D3856B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{21786C41-20CF-4E44-90CF-777CF758C0B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{694D477D-DCED-460C-A481-F6A3BBD22AC4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{80825BCB-9BFE-4129-AD90-9424883C4DC9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BA76611A-53EA-4E98-9240-01D77C34D7E0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{9374E55F-F31F-454E-8D92-4D68414A5ACB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{05EBF720-9C08-4032-9F83-DDB35AB3D67E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{D1449E72-5288-4FF3-88B1-34F6AC527BFF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{153D9351-68F9-4CE6-AE66-5419EB374260}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{227DE642-B4A4-40DB-B65D-741AF59B20FE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{E0BBD98A-E2CA-44F7-97E6-4DC6B859B476}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{DA225F5C-C571-418A-9132-30223D45C585}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{91692DC0-BF42-45CE-82A5-6E667F038C2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BD119173-2DBD-4D41-97F8-C693A535793E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8AF13718-4B22-4CC1-A04A-A845CB1C8574}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{7FB7A19C-3970-4B6E-A9C9-B555DC4BC07E}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> Gen Digital Inc.)
==================== Restore Points =========================
18-02-2025 08:20:22 Windows Modules Installer
18-02-2025 08:36:35 18.02.2024
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/18/2025 09:51:57 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Das Sicherheitscenter konnte den Aufrufer nicht überprüfen. Der Fehler %1 ist aufgetreten.
Error: (02/18/2025 09:29:29 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Das Sicherheitscenter konnte den Aufrufer nicht überprüfen. Der Fehler %1 ist aufgetreten.
Error: (02/18/2025 09:23:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.17.13.5362, Zeitstempel: 0x55b03dc7
Name des fehlerhaften Moduls: NVCPL.DLL_unloaded, Version: 8.17.13.8205, Zeitstempel: 0x59079649
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000141f
ID des fehlerhaften Prozesses: 0x98c
Startzeit der fehlerhaften Anwendung: 0x01db81de416cc07f
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\nvvsvc.exe
Pfad des fehlerhaften Moduls: NVCPL.DLL
Berichtskennung: 85611c6c-cb0d-49d9-b499-e45aa34d28c9
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/18/2025 09:21:21 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]
Error: (02/18/2025 09:18:40 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Das Sicherheitscenter konnte den Aufrufer nicht überprüfen. Der Fehler %1 ist aufgetreten.
Error: (02/18/2025 08:55:48 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Das Sicherheitscenter konnte den Aufrufer nicht überprüfen. Der Fehler %1 ist aufgetreten.
Error: (02/18/2025 08:53:25 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Das Sicherheitscenter konnte den Aufrufer nicht überprüfen. Der Fehler %1 ist aufgetreten.
Error: (02/18/2025 08:50:27 AM) (Source: Service1) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.IO.IOException: Der Prozess kann nicht auf die Datei "C:\OEM\AcerLogs\Services.log" zugreifen, da sie von einem anderen Prozess verwendet wird.
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
bei System.IO.StreamWriter.CreateFile(String path, Boolean append, Boolean checkHost)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize, Boolean checkHost)
bei System.IO.StreamWriter..ctor(String path, Boolean append)
bei WindowsService1.Se...
System errors:
=============
Error: (02/18/2025 09:28:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Broker für Laufzeitüberwachung der Systemüberwachung" wurde mit folgendem Fehler beendet:
%%3489660935
Error: (02/18/2025 09:28:06 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{209500FC-6B45-4693-8871-6296C4843751}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/18/2025 09:27:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.
Error: (02/18/2025 09:24:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (02/18/2025 09:24:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error: (02/18/2025 09:23:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (02/18/2025 09:23:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error: (02/18/2025 09:22:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DCIService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
CodeIntegrity:
===============
Date: 2025-02-18 09:51:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2025-02-18 09:30:31
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Insyde Corp. V1.09 05/17/2016
Motherboard: Acer Aspire VN7-792G
Processor: Intel(R) Core(TM) i5-6300HQ CPU @ 2.30GHz
Percentage of memory in use: 56%
Total physical RAM: 8056.16 MB
Available physical RAM: 3496.43 MB
Total Virtual: 9976.16 MB
Available Virtual: 5236.28 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:930.86 GB) (Free:762.1 GB) (Model: TOSHIBA MQ02ABD100H) NTFS
\\?\Volume{53aeb305-538e-4a4b-b132-682275219f17}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS
\\?\Volume{0a15119a-b7be-4531-a347-543a13aea1d2}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 969F2557)
Partition: GPT.
==================== End of Addition.txt =======================
Baum-Darstellung