Trojaner-Board - TrojanDropper:Win64/Tnega!MSR (Windows 10)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - TrojanDropper:Win64/Tnega!MSR (Windows 10) (https://www.trojaner-board.de/201202-trojandropper-win64-tnega-msr-windows-10-a.html)

TrojanDropper:Win64/Tnega!MSR (Windows 10)

Hallo,
es geht vermutlich um Schadsoftware.

Bei jedem Windows-Neustart bekomme ich von Windows-Sicherheit die Benachrichtigung, dass eine Bedrohung
(TrojanDropper:Win64/Tnega!MSR in C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe) blockiert wurde. Als Status steht jedesmal "Entfernt" dabei.

Ich bin dankbar für jede Hilfe!

Edit:
FRST.txt:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01

Ran by nils (administrator) on NILS-PC (18-02-2021 17:19:43)

Running from C:\Users\nils\Desktop\FRST

Loaded Profiles: nils

Platform: Windows 10 Pro Version 2004 19041.804 (X64) Language: Englisch (Großbritannien)

Default browser: Opera

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe <4>

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7269\Agent.exe

(Charles Milette) C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj\TranslucentTB\TranslucentTB.exe

(Chip Digital GmbH) [File not signed] C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.x64.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdLauncher.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe

(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>

(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\116.4.368\QtWebEngineProcess.exe <3>

(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe

(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>

(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe

(G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.) C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\hid.exe

(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe <2>

(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe

(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe

(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe

(Idera, Inc. -> Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe

(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe

(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe

(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe

(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe

(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe

(Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe

(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>

(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe

(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\logi_crashpad_handler.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe

(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe <2>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NvVirtualCamera\NVIDIA Virtual Camera.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe <2>

(Opera Software AS -> Opera Software) C:\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera.exe <20>

(Opera Software AS -> Opera Software) C:\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera_crashreporter.exe

(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.165.0.28\OverwolfHelper.exe

(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.165.0.28\OverwolfHelper64.exe

(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe <3>

(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe

(Overwolf Ltd -> Overwolf LTD) C:\Users\nils\AppData\Local\Overwolf\ProcessCache\0.165.0.28\cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj\curseforge.exe

(Python Software Foundation -> Python Software Foundation) C:\Program Files (x86)\GOG Galaxy\python\python.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Scarlet.Crush Productions) [File not signed] C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe

(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe

(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe <5>

(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>

(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
 

==================== Registry (Whitelisted) ===================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)

HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

HKLM-x32\...\Run: [Spectrum] => C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\HID.exe [1753104 2020-05-25] (G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.)

HKLM-x32\...\Run: [Inno3D] => C:\Program Files (x86)\INNO3D TuneIT\Inno3D.exe

HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62636856 2020-11-13] (Discord Inc. -> Discord Inc.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32898104 2021-02-16] (Epic Games Inc. -> Epic Games, Inc.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Chromium] => "c:\users\nils\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090464 2021-02-17] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [DiscordPTB] => C:\Users\nils\AppData\Local\DiscordPTB\app-0.0.55\DiscordPTB.exe

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GalaxyClient] => [X]

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14858824 2020-12-23] (GOG Sp. z o.o. -> GOG.com)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792272 2021-01-20] (Logitech Inc -> Logitech, Inc.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2021-01-24] (Overwolf Ltd -> Overwolf Ltd.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\RunOnce: [nils] => powershell -Win Hi -Command "$r = [Environment]::GetEnvironmentVariable('nils', 'User').split();$p=$r[0];$r[0]='';Start-Process $p -ArgumentList ($r -join ' ') -Win Hi" <==== ATTENTION

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Policies\Explorer: [NoWinKeys] 1

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {91727cc2-da62-11ea-bcee-0492265d3edd} - "F:\OnePlus_setup.exe" /s

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {d80afba4-6f01-11eb-bd49-0492265d3edd} - "E:\OnePlus_setup.exe" /s

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Environment: [nils] "powershell.exe"        -windowstyle hidden  -En "PAAjACAAaABnAGwAcABrAGUAdgB5AGkAaQAgACMAPgAkAHUAPQAkAGUAbgB2ADoAVQBzAGUAcgBOAGEAbQBlADsAZgBvAHIAIAAoACQAaQA9ADAAOwAkAGkAIAAtAGwAZQAgADEAMwAwADAAOwAkAG (the data entry has 1251 more characters). <==== ATTENTION

RegKey: [HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\nils] <==== ATTENTION

RegKey: [HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\nils1] <==== ATTENTION

HKLM\...\Windows x64\Print Processors\OKX055PP: C:\Windows\System32\spool\prtprocs\x64\OKX055PP.DLL [52224 2015-12-25] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)

HKLM\...\Print\Monitors\EPSON WF-3540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJHE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558080 2011-08-30] (SEIKO EPSON CORPORATION) [File not signed]

HKLM\...\Print\Monitors\Oki Language Monitor v2 x64: C:\WINDOWS\system32\OPPFLM64.DLL [24064 2011-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 

==================== Scheduled Tasks (Whitelisted) ============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {02FDCE56-8527-49E2-98BD-3770C480E46A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {10923ACD-A6F3-46C9-8B05-FA036D45F27C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {11A870C3-2CBD-47B1-8AC5-F468354C4D5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {14B7AE73-1437-44FC-B4CD-CB064266DC82} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

Task: {169A4A9F-5AB2-4859-BB79-105D4F7E0F5B} - System32\Tasks\TaskbarX NILS-PCnils => C:\Users\nils\AppData\Local\Temp\Rar$EXa15592.7440\TaskbarX.exe <==== ATTENTION

Task: {1BB8711B-BE48-42FB-9471-FCFD984EE7F6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {1CFF092D-CB8C-4697-A22E-C65E98842FAC} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002Core => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe

Task: {21AD196C-E033-4A17-8AB0-51729310AFC0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)

Task: {247335EE-A7B9-443A-B7C4-14AD5DACB27E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"

Task: {28EBA2B2-5857-4D18-B83C-B4BEFE4B6B64} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {32197A57-775D-4F2B-BADF-36EAF82B90C2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {334F71AD-EA0A-45C3-A6BF-D23B10278705} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log

Task: {389005A7-88A2-4A2D-9B0D-221BF3779434} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {49B6BC26-85D9-47CD-8037-109C0AE32EE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

Task: {64C72E17-56AC-4A10-8359-81CB62CBFA09} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)

Task: {66CB8C64-C47E-4DE8-BC72-AE4F1B10190B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)

Task: {6CC840F6-D3B1-4381-80D6-368E821AD608} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

Task: {708BEC20-0B26-4F36-9C8B-B3DDB92FF7D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

Task: {71112853-AD65-4846-8E55-E40FC38399A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Task: {7478992B-7BB6-4BF1-A873-5E111E4C328B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)

Task: {776DF5CB-61F3-413A-866C-67864EDC98A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

Task: {79FE0BF0-DF6B-4F3F-B627-2641C7B3C431} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {7AFBADC6-5A92-4AD1-B4C6-825820AA6735} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498512 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Task: {877AE2EB-BE60-4E41-AB1F-9565FBF74AC2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {947A71B9-8265-4202-B1DF-31851FE6ECD4} - System32\Tasks\Opera GX scheduled Autoupdate 1593451427 => C:\Users\nils\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-02-16] (Opera Software AS -> Opera Software)

Task: {96FD5F58-83E0-4F87-BE57-8C5B4AE1AC73} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Task: {9755D7FA-2C11-4258-B363-6A045E7D0494} - System32\Tasks\Opera scheduled Autoupdate 1555368081 => C:\Users\nils\AppData\Local\Programs\Opera\launcher.exe

Task: {9C946B4F-522A-4DC7-A9DD-DF2925C43312} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {A4035D2D-AABB-427C-B68E-FE5DE8C57307} - System32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe [8577776 2021-01-24] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {A448EED5-27DE-4BDF-837A-18BA2E930140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)

Task: {AF840AC3-BAA2-43A2-9FF4-E39C018BA346} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002UA => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe

Task: {BDDB2636-5C15-45B7-A849-41EBC891643A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)

Task: {C83D387D-761A-4D40-AA38-0274BB58034C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {C8CDC2F0-A1CE-45E8-A86F-A88504F2F2B8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe

Task: {C9F333EA-34B6-44BE-86AE-88A58D72697B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {CA280454-7A5D-4076-8599-A3A896B98721} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [784880 2019-09-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

Task: {CAE80F57-588C-4CA0-8489-93BE2E1DC0EE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Task: {CBFD160A-267A-4AC3-B7F9-BCE4026B204F} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3449150419-271838051-1508037707-1001 => C:\Users\nils\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

Task: {CC90B01F-54A3-4F48-9A32-4D63DFA4B7B8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)

Task: {D7486F2D-BB18-4E28-B718-83CF6A9FB91F} - System32\Tasks\{B557B444-21B0-41FD-B838-14D7E070A414} => "c:\windows\system32\launchwinapp.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=404

Task: {DD50F83C-FE08-4203-9695-5DB48F511782} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

Tcpip\Parameters: [DhcpNameServer] 192.168.178.100

Tcpip\..\Interfaces\{49065b68-8f61-403d-b9dc-f5281de063c8}: [DhcpNameServer] 192.168.178.100

Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [DhcpNameServer] 192.168.178.100

Tcpip\..\Interfaces\{84ffcfd2-bfa3-4511-899f-7ed5e75b8ecb}: [DhcpNameServer] 192.168.42.129
 

Edge: 

=======

Edge HomeButtonPage: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> hxxp://www.go-setting.com/

Edge Profile: C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-18]

Edge HomePage: Default -> hxxp://www.go-setting.com/

Edge Extension: (Search Manager) - C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-07-15]

Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]

Edge HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]

Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
 

FireFox:

========

FF DefaultProfile: ncucdlz8.default-1584820434065

FF ProfilePath: C:\Users\nils\AppData\Roaming\Mozilla\Firefox\Profiles\ncucdlz8.default-1584820434065 [2021-02-18]

FF HKLM\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found

FF HKLM-x32\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )

FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
 

Chrome: 

=======

CHR Profile: C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default [2021-02-18]

CHR Notifications: Default -> hxxps://de.softonic.com; hxxps://secrethitler.io; hxxps://vulkanvegas.com; hxxps://www.facebook.com; hxxps://www.royalpanda.com

CHR HomePage: Default -> hxxp://www.go-setting.com/

CHR StartupUrls: Default -> "hxxp://www.go-setting.com/"

CHR Extension: (Präsentationen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-16]

CHR Extension: (BetterTTV) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2020-12-23]

CHR Extension: (Docs) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-16]

CHR Extension: (Google Drive) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]

CHR Extension: (YouTube) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-16]

CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-31]

CHR Extension: (Watch2Gether) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2020-07-31]

CHR Extension: (Search Manager) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\codhflfnidhlkphogdmhfhjmkehlfjjk [2020-03-15]

CHR Extension: (Tabellen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-16]

CHR Extension: (Google Docs Offline) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]

CHR Extension: (Material Dark - MKBHD) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiplegjeipnjdpgkeccfccnahofbckad [2020-04-23]

CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]

CHR Extension: (Netflix Party is now Teleparty) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-10]

CHR Extension: (Global Twitch Emotes) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgniedifoejifjkndekolimjeclnokkb [2020-06-15]

CHR Extension: (Google Mail) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]

CHR Extension: (Chrome Media Router) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-15]

CHR HKLM\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]

CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]

CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]

CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]

CHR HKLM-x32\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]

CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
 

Opera: 

=======

OPR Profile: C:\Users\nils\AppData\Roaming\Opera Software\Opera Stable [2021-02-18]

OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

StartMenuInternet: (HKU\S-1-5-21-3449150419-271838051-1508037707-1002) Opera GXStable - "C:\Users\nils\AppData\Local\Programs\Opera GX\Launcher.exe"
 

Brave: 

=======

BRA Profile: C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-02-18]

BRA Extension: (Brave Tracking Protection Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-01-19]

BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-01-19]

BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-01-19]

BRA Extension: (Brave Ad Block Updater (DEU: EasyList Germany)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\jmomcjcilfpbaaklkifaijjcnancamde [2019-01-19]

BRA Extension: (PDF Viewer) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-01-19]

BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-01-19]
 

==================== Services (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe [419264 2019-01-11] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2019-01-19] (ASUSTeK Computer Inc. -> ) [File not signed]

R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe [1919280 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed]

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-19] (BattlEye Innovations e.K. -> )

S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-10-31] (BitRaider LLC -> BitRaider, LLC)

R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2018-10-25] (Chip Digital GmbH) [File not signed] <==== ATTENTION

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [605096 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)

R2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2017-08-12] (Scarlet.Crush Productions) [File not signed]

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-07-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)

S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)

S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2020-12-23] (GOG Sp. z o.o. -> GOG.com)

S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-12-08] (GOG Sp. z o.o. -> GOG.com)

S3 HnGSteamService; D:\Steam\steamapps\common\Heroes & Generals\hngservice.exe [788776 2021-02-17] (Reto-Moto ApS -> Reto-Moto ApS)

R2 NvBroadcast.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe [873272 2021-01-15] (NVIDIA Corporation -> NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)

R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)

S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)

S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1679240 2021-02-16] (Rockstar Games, Inc. -> Rockstar Games)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Uncheater\ucldr_battlegrounds_gl.exe [6979584 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6862584 2020-12-31] (PUBG CORPORATION -> PUBG Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 

===================== Drivers (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2019-01-19] (ASUSTeK Computer Inc. -> )

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-01-19] (ASUSTeK Computer Inc. -> )

R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [33504 2019-01-01] (ASUSTeK Computer Inc. -> )

S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2018-11-02] (BitRaider -> BitRaider)

S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60328 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-18] (CPUID S.A.R.L.U. -> CPUID)

R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )

R1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )

S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45168 2018-05-07] (Logitech Inc -> Logitech Inc.)

R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\73248\driver_cpu_temperature\logi_core_temp.sys [25448 2021-01-20] (Logitech Inc. -> Logitech)

R3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [44096 2021-01-20] (Logitech Inc -> Logitech)

R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2020-08-27] (Logitech Inc -> Logitech)

R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2020-08-27] (Logitech Inc -> Logitech)

R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2020-08-27] (Logitech Inc -> Logitech)

R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-08-12] (Bruce James -> Scarlet.Crush Productions)

R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)

S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)

R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)

R3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [49976 2020-09-08] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)

S3 xhunter1; C:\WINDOWS\xhunter1.sys [2732984 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

S3 ALSysIO; \??\C:\Users\nils\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One month (created) (Whitelisted) =========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2021-02-18 16:13 - 2021-02-18 16:14 - 000068315 _____ C:\Users\nils\Downloads\Addition.txt

2021-02-18 16:12 - 2021-02-18 16:14 - 000057813 _____ C:\Users\nils\Downloads\FRST.txt

2021-02-18 16:11 - 2021-02-18 17:19 - 000000000 ___DC C:\Users\nils\Desktop\FRST

2021-02-18 16:06 - 2021-02-18 17:20 - 000000000 ____D C:\FRST

2021-02-18 10:20 - 2021-02-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2021-02-17 16:43 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Mario

2021-02-17 16:42 - 2021-02-17 16:43 - 017165629 _____ C:\Users\nils\Desktop\New Super Mario Bros. (Europe) (En,Fr,De,Es,It).zip

2021-02-17 10:09 - 2021-02-16 12:58 - 000000883 ____C C:\Users\nils\Desktop\WiinUSoft.lnk

2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe

2021-02-16 15:20 - 2021-02-16 15:20 - 000001986 _____ C:\Users\nils\Desktop\pokemon_sonne_und_mond_kostenlos_downloaden.zip

2021-02-16 15:10 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Saves

2021-02-16 13:32 - 2021-02-16 13:32 - 000000000 ___DC C:\Users\nils\Documents\Server

2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config

2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories

2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories

2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft

2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\Program Files\WiinUSoft

2021-02-16 12:58 - 2017-08-12 17:47 - 000039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys

2021-02-15 20:02 - 2021-02-16 15:05 - 000000000 ___DC C:\Users\nils\Desktop\Pokemon

2021-02-15 20:01 - 2021-02-15 20:02 - 050974335 _____ C:\Users\nils\Downloads\Pokemon - Platin-Edition (Germany).zip

2021-02-15 14:22 - 2021-02-15 14:22 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01 (1).mp4

2021-02-15 14:20 - 2021-02-15 14:20 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01.mp4

2021-02-15 03:36 - 2021-02-15 03:36 - 000002429 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NiceHash Miner.lnk

2021-02-15 03:36 - 2021-02-15 03:36 - 000002421 ____C C:\Users\nils\Desktop\NiceHash Miner.lnk

2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys

2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

2021-02-14 04:12 - 2021-02-14 04:12 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

2021-02-13 01:39 - 2021-02-13 01:39 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt

2021-02-12 20:39 - 2021-02-12 20:39 - 000000000 ____D C:\Users\nils\.ngrok2

2021-02-12 20:36 - 2021-02-12 20:36 - 013819230 _____ C:\Users\nils\Downloads\ngrok-stable-windows-amd64.zip

2021-02-12 20:29 - 2021-02-12 20:32 - 000000051 ____C C:\Users\nils\Desktop\start.bat

2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2021-02-12 17:16 - 2021-02-12 17:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2021-02-12 17:16 - 2021-02-12 17:16 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

2021-02-12 17:16 - 2021-02-12 17:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

2021-02-10 15:40 - 2021-02-10 15:40 - 000052800 _____ C:\Users\nils\Downloads\9692940_2021_Nr.001_Kontoauszug_vom_29.01.2021_20210210034041.pdf

2021-02-01 18:41 - 2019-08-14 11:07 - 000000000 ____D C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6

2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ C:\Users\nils\AppData\Roaming\winscp.rnd

2021-02-01 18:39 - 2021-02-01 18:39 - 011155568 _____ (Martin Prikryl ) C:\Users\nils\Downloads\WinSCP-5.17.10-Setup.exe

2021-02-01 18:39 - 2021-02-01 18:39 - 000001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk

2021-02-01 18:39 - 2021-02-01 18:39 - 000000000 ____D C:\Program Files (x86)\WinSCP

2021-02-01 18:38 - 2021-02-01 18:39 - 292897167 _____ C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6.zip

2021-02-01 18:26 - 2021-02-01 18:26 - 005835761 _____ C:\Users\nils\Downloads\OptiFine_1.16.5_HD_U_G6.jar

2021-01-30 01:27 - 2021-02-18 17:06 - 000002170 ____C C:\Users\nils\Desktop\CurseForge.lnk

2021-01-30 01:27 - 2021-02-08 15:59 - 000000000 ____D C:\Program Files (x86)\Overwolf

2021-01-30 01:27 - 2021-01-30 01:27 - 000004382 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task

2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ____D C:\ProgramData\Overwolf

2021-01-30 01:26 - 2021-01-30 01:26 - 001386784 _____ (Overwolf Ltd.) C:\Users\nils\Downloads\CurseForge - LP-Installer.exe

2021-01-29 22:08 - 2021-01-29 22:08 - 000000000 ____D C:\Users\nils\AppData\Roaming\twitch-desktop-electron-platform

2021-01-27 21:38 - 2021-01-27 21:38 - 000002271 _____ C:\ProgramData\Desktop\NVIDIA Broadcast.lnk

2021-01-27 21:34 - 2021-01-27 21:35 - 245764976 _____ (NVIDIA Corporation) C:\Users\nils\Downloads\nvidia_broadcast_v1.1.0.20.exe

2021-01-27 17:30 - 2021-01-27 17:30 - 000055780 _____ C:\Users\nils\Downloads\9692940_2020_Nr.012_Kontoauszug_vom_31.12.2020_20210127053005.pdf

2021-01-27 17:30 - 2021-01-27 17:30 - 000041755 _____ C:\Users\nils\Downloads\9692940_2020_Mitteilung_vom_31.12.2020_20210127053013.pdf

2021-01-20 23:39 - 2021-01-20 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi

2021-01-20 23:39 - 2021-01-20 23:39 - 000000000 ____D C:\Program Files\LGHUB

2021-01-20 15:51 - 2021-01-20 15:51 - 004451384 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_render_apo.dll

2021-01-20 15:51 - 2021-01-20 15:51 - 002174656 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_capture_apo.dll

2021-01-19 17:44 - 2021-01-19 17:44 - 000048048 _____ C:\Users\nils\Downloads\4109392600_2020_Nr.003_Kontoauszug_vom_31.07.2020_20210119054406.pdf

2021-01-19 17:44 - 2021-01-19 17:44 - 000045641 _____ C:\Users\nils\Downloads\4109392600_2020_Mitteilung_vom_30.06.2020_20210119054421.pdf

2021-01-19 17:44 - 2021-01-19 17:44 - 000045639 _____ C:\Users\nils\Downloads\4109392600_2020_Mitteilung_vom_27.10.2020_20210119054429.pdf

2021-01-19 17:43 - 2021-01-19 17:43 - 000048092 _____ C:\Users\nils\Downloads\4109392600_2020_Nr.002_Kontoauszug_vom_30.06.2020_20210119054348.pdf

2021-01-19 17:43 - 2021-01-19 17:43 - 000047637 _____ C:\Users\nils\Downloads\4109392600_2020_Nr.001_Kontoauszug_vom_29.05.2020_20210119054333.pdf

2021-01-19 00:40 - 2021-02-18 17:12 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB

2021-01-19 00:40 - 2021-02-18 17:05 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB

2021-01-19 00:39 - 2021-01-19 00:40 - 000000000 ____D C:\ProgramData\LGHUB
 

==================== One month (modified) ==================
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2021-02-18 17:16 - 2019-11-01 23:12 - 000000000 ____D C:\Users\nils\AppData\Local\Battle.net

2021-02-18 17:09 - 2020-09-15 07:57 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2021-02-18 17:09 - 2020-09-15 00:13 - 000741490 _____ C:\WINDOWS\system32\perfh007.dat

2021-02-18 17:09 - 2020-09-15 00:13 - 000149740 _____ C:\WINDOWS\system32\perfc007.dat

2021-02-18 17:09 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF

2021-02-18 17:07 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA

2021-02-18 17:06 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf

2021-02-18 17:05 - 2020-09-15 07:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2021-02-18 17:05 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2021-02-18 17:05 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2021-02-18 17:05 - 2019-01-22 14:43 - 000000000 ____D C:\Intel

2021-02-18 17:05 - 2018-06-27 19:54 - 000000000 ____D C:\Program Files (x86)\Steam

2021-02-18 16:57 - 2020-12-02 02:05 - 000003124 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner

2021-02-18 16:46 - 2020-10-11 02:45 - 000000000 ___DC C:\Users\nils\Documents\Impulse

2021-02-18 15:55 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps

2021-02-18 15:49 - 2020-09-15 07:58 - 000004184 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1593451427

2021-02-18 15:49 - 2020-06-29 18:23 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk

2021-02-18 15:43 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord

2021-02-18 15:26 - 2020-12-28 16:14 - 000000000 ____D C:\Users\nils\AppData\Local\Deployment

2021-02-18 15:26 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages

2021-02-18 14:11 - 2020-09-15 07:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2021-02-18 12:33 - 2018-06-29 21:37 - 000000000 ____D C:\ProgramData\Riot Games

2021-02-18 10:20 - 2019-11-25 22:30 - 000000000 ____D C:\Program Files (x86)\Dropbox

2021-02-18 08:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2021-02-17 17:12 - 2019-10-12 17:22 - 000000000 ____D C:\Users\nils\AppData\Roaming\Twitch

2021-02-17 09:39 - 2019-11-01 23:12 - 000000000 ____D C:\Program Files (x86)\Battle.net

2021-02-16 13:09 - 2018-11-05 15:51 - 000000000 ___DC C:\Users\nils\AppData\Local\ElevatedDiagnostics

2021-02-16 12:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2021-02-16 12:45 - 2020-11-12 00:19 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner

2021-02-15 18:44 - 2018-12-16 00:08 - 000000000 ___DC C:\Users\nils\AppData\Roaming\obs-studio

2021-02-15 04:51 - 2020-09-15 00:33 - 000000000 ____D C:\Users\nils

2021-02-15 00:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps

2021-02-14 21:26 - 2019-06-21 23:19 - 000000000 ____D C:\Program Files\Microsoft Office

2021-02-13 01:39 - 2020-09-15 07:53 - 000636904 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2021-02-13 01:39 - 2020-09-15 07:52 - 000008192 ___SH C:\DumpStack.log.tmp

2021-02-13 01:39 - 2019-11-25 22:30 - 000001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job

2021-02-13 01:39 - 2019-11-25 22:30 - 000001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job

2021-02-13 01:38 - 2019-12-07 15:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System

2021-02-13 01:38 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing

2021-02-12 22:24 - 2020-07-15 11:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2021-02-12 20:58 - 2019-11-25 21:18 - 000000000 ____D C:\Users\nils\AppData\Roaming\.minecraft

2021-02-12 20:46 - 2019-11-25 21:18 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher

2021-02-12 17:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2021-02-12 17:11 - 2018-06-27 20:26 - 000000000 ____D C:\WINDOWS\system32\MRT

2021-02-12 17:10 - 2018-06-27 20:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2021-02-11 23:29 - 2018-06-27 19:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2021-02-11 20:51 - 2019-11-05 22:23 - 000000000 ____D C:\Program Files (x86)\Overwatch

2021-02-11 12:18 - 2020-09-15 07:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2021-02-11 12:18 - 2020-09-15 07:58 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2021-02-10 21:30 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin

2021-02-10 21:30 - 2019-02-18 21:21 - 000000000 ____D C:\ProgramData\Origin

2021-02-10 18:17 - 2018-07-29 22:29 - 000000000 ___DC C:\Users\nils\Documents\Soundaufnahmen

2021-02-09 21:11 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2021-02-08 15:28 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache

2021-02-05 20:58 - 2020-09-15 07:58 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

2021-02-05 20:58 - 2020-09-15 07:58 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

2021-02-05 13:43 - 2020-12-11 01:42 - 000001372 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk

2021-02-05 13:43 - 2020-12-11 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]

2021-02-01 01:22 - 2018-06-27 20:26 - 000000000 ___DC C:\Users\nils\AppData\Local\NVIDIA

2021-01-27 22:05 - 2019-01-11 23:11 - 000000000 ____D C:\Temp

2021-01-27 21:38 - 2020-12-01 13:33 - 000003662 _____ C:\WINDOWS\system32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-01-24 18:33 - 2020-08-25 22:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2021-01-24 05:14 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Roaming\Origin

2021-01-23 19:41 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin Games

2021-01-23 19:41 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Local\Origin

2021-01-22 11:16 - 2020-09-15 07:58 - 000004286 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA

2021-01-22 11:16 - 2020-09-15 07:58 - 000004054 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore

2021-01-22 10:45 - 2018-06-27 19:45 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2021-01-20 15:51 - 2020-03-30 22:10 - 000044096 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_audio_surround.sys
 

==================== Files in the root of some directories ========
 

2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe

2020-10-11 02:54 - 2020-10-11 03:01 - 003228672 _____ () C:\Users\nils\AppData\Roaming\ScriptHookV.dll

2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ () C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config

2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ () C:\Users\nils\AppData\Roaming\winscp.rnd

2020-10-21 00:43 - 2020-10-21 00:43 - 000002221 _____ () C:\Users\nils\AppData\Local\recently-used.xbel

2019-02-19 20:35 - 2020-12-24 19:44 - 000007607 _____ () C:\Users\nils\AppData\Local\Resmon.ResmonCfg
 

==================== SigCheck ============================
 

(There is no automatic fix for files that do not pass verification.)
 

==================== End of FRST.txt ========================

--- --- ---

:hallo:

Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.

Schritt 1
Führe Malwarebytes' AntiMalware (MBAM) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.

Schritt 2
Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.

Schritt 3

Starte FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort:

die Logdatei von MBAM
die Logdatei von AdwCleaner
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

Code:

Malwarebytes

www.malwarebytes.com
 

-Protokolldetails-

Scan-Datum: 19.02.21

Scan-Zeit: 11:33

Protokolldatei: da3aa7c8-729d-11eb-bb8a-0492265d3edd.json
 

-Softwaredaten-

Version: 4.3.0.98

Komponentenversion: 1.0.1173

Version des Aktualisierungspakets: 1.0.37293

Lizenz: Testversion
 

-Systemdaten-

Betriebssystem: Windows 10 (Build 19041.804)

CPU: x64

Dateisystem: NTFS

Benutzer: nils-pc\nils
 

-Scan-Übersicht-

Scan-Typ: Bedrohungs-Scan

Scan gestartet von: Manuell

Ergebnis: Abgeschlossen

Gescannte Objekte: 381596

Erkannte Bedrohungen: 39

In die Quarantäne verschobene Bedrohungen: 39

Abgelaufene Zeit: 3 Min., 18 Sek.
 

-Scan-Optionen-

Speicher: Aktiviert

Start: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Heuristik: Aktiviert

PUP: Erkennung

PUM: Erkennung
 

-Scan-Details-

Prozess: 0

(keine bösartigen Elemente erkannt)
 

Modul: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsschlüssel: 14

PUP.Optional.Segurazo, HKLM\SOFTWARE\SegOption, In Quarantäne, 13533, 757809, 1.0.37293, , ame, , , 

RiskWare.Script, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils, In Quarantäne, 8534, 901769, 1.0.37293, , ame, , , 

RiskWare.Script.MZreg, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils1, In Quarantäne, 16671, 884748, 1.0.37293, , ame, , , 

PUP.Optional.InstallCore, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\CSASTATS\ic, In Quarantäne, 112, 586068, 1.0.37293, , ame, , , 

PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , , 

PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , , 

PUP.Optional.Conduit, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, 1.0.37293, , ame, , , 

PUP.Optional.WinYahoo, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}, In Quarantäne, 2683, 254682, 1.0.37293, , ame, , , 

PUP.Optional.StartPage, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{510A6C65-1EB9-40FA-875E-0CE4E3F57394}, In Quarantäne, 571, 597952, 1.0.37293, , ame, , , 

PUP.Optional.ChipDe, HKLM\SYSTEM\SETUP\FIRSTBOOT\SERVICES\chip1click, In Quarantäne, 9554, 567244, 1.0.37293, , ame, , , 

PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, In Quarantäne, 9554, 463412, 1.0.37293, , ame, , , 

PUP.Optional.SearchManager.BITSRST, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , , 

PUP.Optional.SearchManager.BITSRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , , 

PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , , 
 

Registrierungswert: 9

RiskWare.Script.Powershell, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\ENVIRONMENT|NILS, In Quarantäne, 16611, 911451, 1.0.37293, , ame, , , 

RiskWare.Script, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils|653, In Quarantäne, 8534, 901769, 1.0.37293, , ame, , , 

RiskWare.Script.MZreg, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\nils1|0, In Quarantäne, 16671, 884748, 1.0.37293, , ame, , , 

PUP.Optional.Conduit, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, 139, 236865, 1.0.37293, , ame, , , 

PUP.Optional.Conduit, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, In Quarantäne, 139, 236865, 1.0.37293, , ame, , , 

PUP.Optional.WinYahoo, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, In Quarantäne, 2683, 254682, 1.0.37293, , ame, , , 

PUP.Optional.StartPage, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{510A6C65-1EB9-40FA-875E-0CE4E3F57394}|URL, In Quarantäne, 571, 597952, 1.0.37293, , ame, , , 

RiskWare.Script.Powershell, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|NILS, In Quarantäne, 16611, 903622, 1.0.37293, , ame, , , 

PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|codhflfnidhlkphogdmhfhjmkehlfjjk, In Quarantäne, 8885, 626728, , , , , , 
 

Registrierungsdaten: 1

PUP.Optional.StartPage, HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\MICROSOFTEDGE\MAIN|HOMEBUTTONPAGE, Ersetzt, 571, 597950, 1.0.37293, , ame, , , 
 

Daten-Stream: 0

(keine bösartigen Elemente erkannt)
 

Ordner: 2

PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CODHFLFNIDHLKPHOGDMHFHJMKEHLFJJK, In Quarantäne, 8885, 626728, 1.0.37293, , ame, , , 

PUP.Optional.StartPage, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 571, 597949, , , , , , 
 

Datei: 13

PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Ersetzt, 8885, 626728, , , , , CF2BBB8886C341C616494F11704EE666, 0EAFC4492C1F33FCFC6CB08D07E03C7199559B63F104375E9B9BA291C0969C9F

PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CODHFLFNIDHLKPHOGDMHFHJMKEHLFJJK\10.1.4.64_0\MANIFEST.JSON, In Quarantäne, 8885, 626728, 1.0.37293, , ame, , 9159BEE1FCF32F7BC161633901C06409, 284A594C16B09FFBA77044BAA826213DB846A1799B49B4E8AB06733F6A1D1340

PUP.Optional.SearchManager.BITSRST, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CODHFLFNIDHLKPHOGDMHFHJMKEHLFJJK\10.1.4.64_0\RESPONSECONFIG.JSON, In Quarantäne, 8885, 626727, 1.0.37293, , ame, , 7D0C421C97814F8B0936718C269BEC84, 1D6DDBE800526B1E1F7BA80F90764FF3301F4841C0110BB54FFCFFE5F86C90A9

PUP.Optional.ChipDe, C:\USERS\NILS\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{31AD8258-894C-48D5-8149-C47506092754}\CHIP INSTALLER.MSI, In Quarantäne, 9554, 594115, 1.0.37293, , ame, , 09592483D17F4F088723F4084EA94BD0, BC47ABA34B923C9C53F71928F1D57F6211D52EC020FA14DCC145B4919108F781

PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, In Quarantäne, 571, 597949, , , , , 9F89A009E185090FF7E5597E05272D49, 9683E0D381254E1F60C4AF7B797CC1C2DB97120A555DB451AE762D51F853A2EC

PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001986.log, In Quarantäne, 571, 597949, , , , , 16A3F408568F4452E53BB7F19A5555F7, 64CF5131A8C5BD0DC5904AD529A4BB4484718D8B0DF1F8382E7231B3E0A65D69

PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001988.ldb, In Quarantäne, 571, 597949, , , , , 328D6B785CFBC4BA8E507C234F0AC717, 76EE3E2099DCE8A99D0A0B4992CBDA37263538F2E4A5D97BF4C0958790BEAB91

PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, In Quarantäne, 571, 597949, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, In Quarantäne, 571, 597949, , , , , , 

PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, In Quarantäne, 571, 597949, , , , , 7CA7A528D292F87E65A794F0641796BC, 6140C3BCD3DD01444BEBBABAA65CEB5BD28F06E3676A96FC692AC5D93215C81E

PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, In Quarantäne, 571, 597949, , , , , 761AD0F243136D265B79FCF12FFE9FD7, C16CDFBFA07100AD19D70EDD6C00E94E40C36FE5B4AAAD5857916AE2D93FE0B3

PUP.Optional.StartPage, C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, In Quarantäne, 571, 597949, , , , , 63E9AD2EC3A9B1908E3A783725C3454A, 19424F6A1F5D0A835CBC9201CB4F863018FC89CB52086D1C0941BF8FBE5FF8C6

PUP.Optional.StartPage, C:\USERS\NILS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Ersetzt, 571, 597949, 1.0.37293, , ame, , D345B0E7DAFEAB3B9EC6ADA9C4A5124C, DEFE4D91779C197446259B5C943C49BE5965C74A82E35EDD8442862CF135139B
 

Physischer Sektor: 0

(keine bösartigen Elemente erkannt)
 

WMI: 0

(keine bösartigen Elemente erkannt)
 
 

(end)

Code:

# -------------------------------

# Malwarebytes AdwCleaner 8.1.0.0

# -------------------------------

# Build:    02-15-2021

# Database: 2021-01-11.1 (Local)

# Support:  https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Clean

# -------------------------------

# Start:    02-19-2021

# Duration: 00:00:01

# OS:       Windows 10 Pro

# Cleaned:  29

# Failed:   0
 
 

***** [ Services ] *****
 

No malicious services cleaned.
 

***** [ Folders ] *****
 

Deleted       C:\Program Files (x86)\Chromium

Deleted       C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare

Deleted       C:\Program Files (x86)\Digital Communications

Deleted       C:\Program Files (x86)\IObit\Advanced SystemCare

Deleted       C:\ProgramData\Application Data\Lavasoft\Web Companion

Deleted       C:\ProgramData\IObit\Advanced SystemCare

Deleted       C:\Users\nils\AppData\LocalLow\IObit\Advanced SystemCare

Deleted       C:\Users\nils\AppData\Local\DOWNLOADED INSTALLATIONS\{31AD8258-894C-48D5-8149-C47506092754}

Deleted       C:\Users\nils\AppData\Roaming\IObit\Advanced SystemCare

Deleted       C:\Users\nils\AppData\Roaming\Tencent
 

***** [ Files ] *****
 

Deleted       C:\END
 

***** [ DLL ] *****
 

No malicious DLLs cleaned.
 

***** [ WMI ] *****
 

No malicious WMI cleaned.
 

***** [ Shortcuts ] *****
 

No malicious shortcuts cleaned.
 

***** [ Tasks ] *****
 

No malicious tasks cleaned.
 

***** [ Registry ] *****
 

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

Deleted       HKCU\Software\Lavasoft\Web Companion

Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe

Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

Deleted       HKCU\Software\csastats

Deleted       HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe

Deleted       HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe

Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC

Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare

Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector

Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe

Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe

Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc
 

***** [ Chromium (and derivatives) ] *****
 

No malicious Chromium entries cleaned.
 

***** [ Chromium URLs ] *****
 

No malicious Chromium URLs cleaned.
 

***** [ Firefox (and derivatives) ] *****
 

No malicious Firefox entries cleaned.
 

***** [ Firefox URLs ] *****
 

No malicious Firefox URLs cleaned.
 

***** [ Hosts File Entries ] *****
 

No malicious hosts file entries cleaned.
 

***** [ Preinstalled Software ] *****
 

No Preinstalled Software cleaned.
 
 

*************************
 

[+] Delete Tracing Keys

[+] Reset Winsock
 

*************************
 

AdwCleaner[S00].txt - [4805 octets] - [19/02/2021 20:12:15]
 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01

Ran by nils (administrator) on NILS-PC (19-02-2021 20:36:34)

Running from C:\Users\nils\Desktop\FRST

Loaded Profiles: nils

Platform: Windows 10 Pro Version 2004 19041.804 (X64) Language: Englisch (Großbritannien)

Default browser: Opera

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe

(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe

(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Malwarebytes Inc -> Malwarebytes) C:\Users\nils\AppData\Local\Temp\scoped_dir12524_807180866\adwcleaner_8.1.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe <2>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
 

==================== Registry (Whitelisted) ===================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)

HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

HKLM-x32\...\Run: [Spectrum] => C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\HID.exe [1753104 2020-05-25] (G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.)

HKLM-x32\...\Run: [Inno3D] => C:\Program Files (x86)\INNO3D TuneIT\Inno3D.exe

HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62636856 2020-11-13] (Discord Inc. -> Discord Inc.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32898104 2021-02-16] (Epic Games Inc. -> Epic Games, Inc.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Chromium] => "c:\users\nils\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090464 2021-02-17] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [DiscordPTB] => C:\Users\nils\AppData\Local\DiscordPTB\app-0.0.55\DiscordPTB.exe

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GalaxyClient] => [X]

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2021-01-24] (Overwolf Ltd -> Overwolf Ltd.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [104586376 2021-02-18] (Logitech Inc -> Logitech, Inc.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Policies\Explorer: [NoWinKeys] 1

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {91727cc2-da62-11ea-bcee-0492265d3edd} - "F:\OnePlus_setup.exe" /s

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {d80afba4-6f01-11eb-bd49-0492265d3edd} - "E:\OnePlus_setup.exe" /s

HKLM\...\Windows x64\Print Processors\OKX055PP: C:\Windows\System32\spool\prtprocs\x64\OKX055PP.DLL [52224 2015-12-25] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)

HKLM\...\Print\Monitors\EPSON WF-3540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJHE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558080 2011-08-30] (SEIKO EPSON CORPORATION) [File not signed]

HKLM\...\Print\Monitors\Oki Language Monitor v2 x64: C:\WINDOWS\system32\OPPFLM64.DLL [24064 2011-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 

==================== Scheduled Tasks (Whitelisted) ============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {10923ACD-A6F3-46C9-8B05-FA036D45F27C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {14B7AE73-1437-44FC-B4CD-CB064266DC82} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

Task: {169A4A9F-5AB2-4859-BB79-105D4F7E0F5B} - System32\Tasks\TaskbarX NILS-PCnils => C:\Users\nils\AppData\Local\Temp\Rar$EXa15592.7440\TaskbarX.exe <==== ATTENTION

Task: {1BB8711B-BE48-42FB-9471-FCFD984EE7F6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {1CFF092D-CB8C-4697-A22E-C65E98842FAC} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002Core => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe

Task: {21AD196C-E033-4A17-8AB0-51729310AFC0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)

Task: {247335EE-A7B9-443A-B7C4-14AD5DACB27E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"

Task: {28EBA2B2-5857-4D18-B83C-B4BEFE4B6B64} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {32197A57-775D-4F2B-BADF-36EAF82B90C2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {334F71AD-EA0A-45C3-A6BF-D23B10278705} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log

Task: {389005A7-88A2-4A2D-9B0D-221BF3779434} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {49B6BC26-85D9-47CD-8037-109C0AE32EE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

Task: {64C72E17-56AC-4A10-8359-81CB62CBFA09} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)

Task: {66CB8C64-C47E-4DE8-BC72-AE4F1B10190B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)

Task: {6CC840F6-D3B1-4381-80D6-368E821AD608} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

Task: {708BEC20-0B26-4F36-9C8B-B3DDB92FF7D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

Task: {71112853-AD65-4846-8E55-E40FC38399A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Task: {7478992B-7BB6-4BF1-A873-5E111E4C328B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)

Task: {776DF5CB-61F3-413A-866C-67864EDC98A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

Task: {79FE0BF0-DF6B-4F3F-B627-2641C7B3C431} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {7AFBADC6-5A92-4AD1-B4C6-825820AA6735} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498512 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Task: {947A71B9-8265-4202-B1DF-31851FE6ECD4} - System32\Tasks\Opera GX scheduled Autoupdate 1593451427 => C:\Users\nils\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-02-16] (Opera Software AS -> Opera Software)

Task: {96FD5F58-83E0-4F87-BE57-8C5B4AE1AC73} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Task: {9755D7FA-2C11-4258-B363-6A045E7D0494} - System32\Tasks\Opera scheduled Autoupdate 1555368081 => C:\Users\nils\AppData\Local\Programs\Opera\launcher.exe

Task: {9C946B4F-522A-4DC7-A9DD-DF2925C43312} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {A4035D2D-AABB-427C-B68E-FE5DE8C57307} - System32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe [8577776 2021-01-24] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {A448EED5-27DE-4BDF-837A-18BA2E930140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)

Task: {AF840AC3-BAA2-43A2-9FF4-E39C018BA346} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002UA => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe

Task: {BDDB2636-5C15-45B7-A849-41EBC891643A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)

Task: {C83D387D-761A-4D40-AA38-0274BB58034C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {C8CDC2F0-A1CE-45E8-A86F-A88504F2F2B8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe

Task: {CAE80F57-588C-4CA0-8489-93BE2E1DC0EE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Task: {CBFD160A-267A-4AC3-B7F9-BCE4026B204F} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3449150419-271838051-1508037707-1001 => C:\Users\nils\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

Task: {CC90B01F-54A3-4F48-9A32-4D63DFA4B7B8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)

Task: {D7486F2D-BB18-4E28-B718-83CF6A9FB91F} - System32\Tasks\{B557B444-21B0-41FD-B838-14D7E070A414} => "c:\windows\system32\launchwinapp.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=404

Task: {DD50F83C-FE08-4203-9695-5DB48F511782} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Task: {EF3C45B8-B136-41AF-94FF-1A00C6FF1A2C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [784880 2019-09-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

Tcpip\Parameters: [DhcpNameServer] 192.168.178.100

Tcpip\..\Interfaces\{49065b68-8f61-403d-b9dc-f5281de063c8}: [DhcpNameServer] 192.168.178.100

Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [DhcpNameServer] 192.168.178.100

Tcpip\..\Interfaces\{84ffcfd2-bfa3-4511-899f-7ed5e75b8ecb}: [DhcpNameServer] 192.168.42.129
 

Edge: 

=======

Edge HomeButtonPage: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> hxxp://www.google.com

Edge Profile: C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-19]

Edge HomePage: Default -> hxxp://www.go-setting.com/

Edge Extension: (Search Manager) - C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-07-15]

Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]

Edge HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]

Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
 

FireFox:

========

FF DefaultProfile: ncucdlz8.default-1584820434065

FF ProfilePath: C:\Users\nils\AppData\Roaming\Mozilla\Firefox\Profiles\ncucdlz8.default-1584820434065 [2021-02-18]

FF HKLM\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found

FF HKLM-x32\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )

FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
 

Chrome: 

=======

CHR Profile: C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default [2021-02-18]

CHR Notifications: Default -> hxxps://de.softonic.com; hxxps://secrethitler.io; hxxps://vulkanvegas.com; hxxps://www.facebook.com; hxxps://www.royalpanda.com

CHR HomePage: Default -> hxxp://www.go-setting.com/

CHR StartupUrls: Default -> "hxxp://www.go-setting.com/"

CHR Extension: (Präsentationen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-16]

CHR Extension: (BetterTTV) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2020-12-23]

CHR Extension: (Docs) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-16]

CHR Extension: (Google Drive) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]

CHR Extension: (YouTube) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-16]

CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-31]

CHR Extension: (Watch2Gether) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2020-07-31]

CHR Extension: (Tabellen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-16]

CHR Extension: (Google Docs Offline) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]

CHR Extension: (Material Dark - MKBHD) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiplegjeipnjdpgkeccfccnahofbckad [2020-04-23]

CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]

CHR Extension: (Netflix Party is now Teleparty) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-10]

CHR Extension: (Global Twitch Emotes) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgniedifoejifjkndekolimjeclnokkb [2020-06-15]

CHR Extension: (Google Mail) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]

CHR Extension: (Chrome Media Router) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-15]

CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]

CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]

CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
 

Opera: 

=======

OPR Profile: C:\Users\nils\AppData\Roaming\Opera Software\Opera Stable [2021-02-18]

OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

StartMenuInternet: (HKU\S-1-5-21-3449150419-271838051-1508037707-1002) Opera GXStable - "C:\Users\nils\AppData\Local\Programs\Opera GX\Launcher.exe"
 

Brave: 

=======

BRA Profile: C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-02-18]

BRA Extension: (Brave Tracking Protection Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-01-19]

BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-01-19]

BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-01-19]

BRA Extension: (Brave Ad Block Updater (DEU: EasyList Germany)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\jmomcjcilfpbaaklkifaijjcnancamde [2019-01-19]

BRA Extension: (PDF Viewer) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-01-19]

BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-01-19]
 

==================== Services (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe [419264 2019-01-11] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2019-01-19] (ASUSTeK Computer Inc. -> ) [File not signed]

R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe [1919280 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed]

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-19] (BattlEye Innovations e.K. -> )

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

S2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [605096 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)

S2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2017-08-12] (Scarlet.Crush Productions) [File not signed]

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-07-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)

S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)

S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2020-12-23] (GOG Sp. z o.o. -> GOG.com)

S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-12-08] (GOG Sp. z o.o. -> GOG.com)

S3 HnGSteamService; D:\Steam\steamapps\common\Heroes & Generals\hngservice.exe [788776 2021-02-17] (Reto-Moto ApS -> Reto-Moto ApS)

R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10887816 2021-02-18] (Logitech Inc -> Logitech, Inc.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-19] (Malwarebytes Inc -> Malwarebytes)

R2 NvBroadcast.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe [873272 2021-01-15] (NVIDIA Corporation -> NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)

S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)

S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)

S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1679240 2021-02-16] (Rockstar Games, Inc. -> Rockstar Games)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Uncheater\ucldr_battlegrounds_gl.exe [6979584 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6862584 2020-12-31] (PUBG CORPORATION -> PUBG Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 

===================== Drivers (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2019-01-19] (ASUSTeK Computer Inc. -> )

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-01-19] (ASUSTeK Computer Inc. -> )

R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [33504 2019-01-01] (ASUSTeK Computer Inc. -> )

S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60328 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-19] (CPUID S.A.R.L.U. -> CPUID)

R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-19] (Malwarebytes Corporation -> Malwarebytes)

R1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )

S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45168 2018-05-07] (Logitech Inc -> Logitech Inc.)

R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\70065\driver_cpu_temperature\logi_core_temp.sys [25448 2021-02-18] (Logitech Inc. -> Logitech)

R3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [44088 2021-02-18] (Logitech Inc -> Logitech)

R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2020-08-27] (Logitech Inc -> Logitech)

R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2020-08-27] (Logitech Inc -> Logitech)

R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2020-08-27] (Logitech Inc -> Logitech)

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-19] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-19] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-19] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-19] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-19] (Malwarebytes Inc -> Malwarebytes)

S3 MpKsl5ab3965f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C797E52-FBBE-450D-A683-B0B9D01D8515}\MpKslDrv.sys [47344 2021-02-18] (Microsoft Windows -> Microsoft Corporation)

R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-08-12] (Bruce James -> Scarlet.Crush Productions)

R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)

S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)

R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)

S3 xhunter1; C:\WINDOWS\xhunter1.sys [2732984 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

S3 ALSysIO; \??\C:\Users\nils\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION

S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One month (created) (Whitelisted) =========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2021-02-19 20:33 - 2021-02-19 20:33 - 000004384 ____C C:\Users\nils\Desktop\AdwCleaner[C00].txt

2021-02-19 20:33 - 2021-02-19 20:33 - 000004384 ____C C:\Users\nils\Desktop\AdwCleaner[C00].txt

2021-02-19 20:14 - 2021-02-19 20:14 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IGDump

2021-02-19 20:14 - 2021-02-19 20:14 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IGDump

2021-02-19 20:11 - 2021-02-19 20:32 - 000000000 ____D C:\AdwCleaner

2021-02-19 20:09 - 2021-02-19 20:11 - 008463216 _____ (Malwarebytes) C:\Users\nils\Desktop\adwcleaner_8.1.exe

2021-02-19 20:09 - 2021-02-19 20:11 - 008463216 _____ (Malwarebytes) C:\Users\nils\Desktop\adwcleaner_8.1.exe

2021-02-19 20:08 - 2021-02-19 20:08 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2021-02-19 20:08 - 2021-02-19 20:08 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2021-02-19 20:08 - 2021-02-19 20:08 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2021-02-19 20:08 - 2021-02-19 20:08 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2021-02-19 11:39 - 2021-02-19 11:39 - 000009195 ____C C:\Users\nils\Desktop\MBAM.txt

2021-02-19 11:39 - 2021-02-19 11:39 - 000009195 ____C C:\Users\nils\Desktop\MBAM.txt

2021-02-19 11:32 - 2021-02-19 20:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2021-02-19 11:31 - 2021-02-19 11:32 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2021-02-19 11:31 - 2021-02-19 11:32 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2021-02-19 11:31 - 2021-02-19 11:32 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk

2021-02-19 11:31 - 2021-02-19 11:32 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk

2021-02-19 11:31 - 2021-02-19 11:31 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

2021-02-19 11:31 - 2021-02-19 11:31 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys

2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\Users\nils\AppData\Local\mbam

2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\Users\nils\AppData\Local\mbam

2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes

2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes

2021-02-19 11:30 - 2021-02-19 11:30 - 000000000 ____D C:\Program Files\Malwarebytes

2021-02-19 00:34 - 2021-02-19 11:43 - 103546880 _____ C:\WINDOWS\system32\config\SOFTWARE

2021-02-19 00:33 - 2021-02-19 00:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware

2021-02-18 23:10 - 2021-02-18 23:10 - 000398405 ____N C:\WINDOWS\Minidump\021821-6156-01.dmp

2021-02-18 23:06 - 2021-02-18 23:06 - 000425725 ____N C:\WINDOWS\Minidump\021821-6625-01.dmp

2021-02-18 23:00 - 2021-02-18 23:00 - 000002329 ____C C:\Users\js\Desktop\Microsoft Edge.lnk

2021-02-18 23:00 - 2021-02-18 23:00 - 000002329 ____C C:\Users\js\Desktop\Microsoft Edge.lnk

2021-02-18 23:00 - 2021-02-18 23:00 - 000002324 ____C C:\Users\js\Desktop\Google Chrome.lnk

2021-02-18 23:00 - 2021-02-18 23:00 - 000002324 ____C C:\Users\js\Desktop\Google Chrome.lnk

2021-02-18 23:00 - 2021-02-18 23:00 - 000000020 ___SH C:\Users\js\ntuser.ini

2021-02-18 23:00 - 2021-02-18 23:00 - 000000020 ___SH C:\Users\js\ntuser.ini

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ___RD C:\Users\js\3D Objects

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ___RD C:\Users\js\3D Objects

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Roaming\NVIDIA

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Roaming\NVIDIA

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\NVIDIA

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\NVIDIA

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\Google

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\Google

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\ansel

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\ansel

2021-02-18 22:59 - 2021-02-18 22:59 - 000354567 ____N C:\WINDOWS\Minidump\021821-5750-01.dmp

2021-02-18 22:55 - 2021-02-18 22:55 - 000402001 ____N C:\WINDOWS\Minidump\021821-6000-01.dmp

2021-02-18 22:50 - 2021-02-18 22:50 - 000496531 ____N C:\WINDOWS\Minidump\021821-6640-01.dmp

2021-02-18 22:46 - 2021-02-18 22:46 - 000461205 ____N C:\WINDOWS\Minidump\021821-6515-01.dmp

2021-02-18 22:41 - 2021-02-18 22:41 - 000460721 ____N C:\WINDOWS\Minidump\021821-7000-01.dmp

2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB

2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB

2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB

2021-02-18 21:01 - 2021-02-19 20:32 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB

2021-02-18 21:01 - 2021-02-18 21:01 - 004451384 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_render_apo.dll

2021-02-18 21:01 - 2021-02-18 21:01 - 002174656 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_capture_apo.dll

2021-02-18 21:01 - 2021-02-18 21:01 - 000000722 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk

2021-02-18 21:01 - 2021-02-18 21:01 - 000000722 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk

2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi

2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi

2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\Program Files\LGHUB

2021-02-18 21:00 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\LGHUB

2021-02-18 21:00 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\LGHUB

2021-02-18 20:59 - 2021-02-18 20:59 - 000000000 ____D C:\WINDOWS\LastGood.Tmp

2021-02-18 18:17 - 2021-02-18 18:17 - 000058855 _____ C:\Users\nils\Downloads\FRST (1).txt

2021-02-18 18:17 - 2021-02-18 18:17 - 000058855 _____ C:\Users\nils\Downloads\FRST (1).txt

2021-02-18 16:13 - 2021-02-18 16:14 - 000068315 _____ C:\Users\nils\Downloads\Addition.txt

2021-02-18 16:13 - 2021-02-18 16:14 - 000068315 _____ C:\Users\nils\Downloads\Addition.txt

2021-02-18 16:12 - 2021-02-18 16:14 - 000057813 _____ C:\Users\nils\Downloads\FRST.txt

2021-02-18 16:12 - 2021-02-18 16:14 - 000057813 _____ C:\Users\nils\Downloads\FRST.txt

2021-02-18 16:11 - 2021-02-19 20:36 - 000000000 ___DC C:\Users\nils\Desktop\FRST

2021-02-18 16:11 - 2021-02-19 20:36 - 000000000 ___DC C:\Users\nils\Desktop\FRST

2021-02-18 16:06 - 2021-02-19 20:36 - 000000000 ____D C:\FRST

2021-02-18 10:20 - 2021-02-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2021-02-18 10:20 - 2021-02-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2021-02-17 16:43 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Mario

2021-02-17 16:43 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Mario

2021-02-17 16:42 - 2021-02-17 16:43 - 017165629 _____ C:\Users\nils\Desktop\New Super Mario Bros. (Europe) (En,Fr,De,Es,It).zip

2021-02-17 16:42 - 2021-02-17 16:43 - 017165629 _____ C:\Users\nils\Desktop\New Super Mario Bros. (Europe) (En,Fr,De,Es,It).zip

2021-02-17 10:09 - 2021-02-16 12:58 - 000000883 ____C C:\Users\nils\Desktop\WiinUSoft.lnk

2021-02-17 10:09 - 2021-02-16 12:58 - 000000883 ____C C:\Users\nils\Desktop\WiinUSoft.lnk

2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe

2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe

2021-02-16 15:20 - 2021-02-16 15:20 - 000001986 _____ C:\Users\nils\Desktop\pokemon_sonne_und_mond_kostenlos_downloaden.zip

2021-02-16 15:20 - 2021-02-16 15:20 - 000001986 _____ C:\Users\nils\Desktop\pokemon_sonne_und_mond_kostenlos_downloaden.zip

2021-02-16 15:10 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Saves

2021-02-16 15:10 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Saves

2021-02-16 13:32 - 2021-02-16 13:32 - 000000000 ___DC C:\Users\nils\Documents\Server

2021-02-16 13:32 - 2021-02-16 13:32 - 000000000 ___DC C:\Users\nils\Documents\Server

2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config

2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config

2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories

2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories

2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories

2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft

2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft

2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\Program Files\WiinUSoft

2021-02-16 12:58 - 2017-08-12 17:47 - 000039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys

2021-02-15 20:02 - 2021-02-16 15:05 - 000000000 ___DC C:\Users\nils\Desktop\Pokemon

2021-02-15 20:02 - 2021-02-16 15:05 - 000000000 ___DC C:\Users\nils\Desktop\Pokemon

2021-02-15 20:01 - 2021-02-15 20:02 - 050974335 _____ C:\Users\nils\Downloads\Pokemon - Platin-Edition (Germany).zip

2021-02-15 20:01 - 2021-02-15 20:02 - 050974335 _____ C:\Users\nils\Downloads\Pokemon - Platin-Edition (Germany).zip

2021-02-15 14:22 - 2021-02-15 14:22 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01 (1).mp4

2021-02-15 14:22 - 2021-02-15 14:22 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01 (1).mp4

2021-02-15 14:20 - 2021-02-15 14:20 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01.mp4

2021-02-15 14:20 - 2021-02-15 14:20 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01.mp4

2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys

2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

2021-02-14 04:12 - 2021-02-14 04:12 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

2021-02-13 01:39 - 2021-02-13 01:39 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt

2021-02-12 20:39 - 2021-02-12 20:39 - 000000000 ____D C:\Users\nils\.ngrok2

2021-02-12 20:39 - 2021-02-12 20:39 - 000000000 ____D C:\Users\nils\.ngrok2

2021-02-12 20:36 - 2021-02-12 20:36 - 013819230 _____ C:\Users\nils\Downloads\ngrok-stable-windows-amd64.zip

2021-02-12 20:36 - 2021-02-12 20:36 - 013819230 _____ C:\Users\nils\Downloads\ngrok-stable-windows-amd64.zip

2021-02-12 20:29 - 2021-02-12 20:32 - 000000051 ____C C:\Users\nils\Desktop\start.bat

2021-02-12 20:29 - 2021-02-12 20:32 - 000000051 ____C C:\Users\nils\Desktop\start.bat

2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2021-02-12 17:16 - 2021-02-12 17:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2021-02-12 17:16 - 2021-02-12 17:16 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

2021-02-12 17:16 - 2021-02-12 17:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

2021-02-10 15:40 - 2021-02-10 15:40 - 000052800 _____ C:\Users\nils\Downloads\9692940_2021_Nr.001_Kontoauszug_vom_29.01.2021_20210210034041.pdf

2021-02-10 15:40 - 2021-02-10 15:40 - 000052800 _____ C:\Users\nils\Downloads\9692940_2021_Nr.001_Kontoauszug_vom_29.01.2021_20210210034041.pdf

2021-02-01 18:41 - 2019-08-14 11:07 - 000000000 ____D C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6

2021-02-01 18:41 - 2019-08-14 11:07 - 000000000 ____D C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6

2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ C:\Users\nils\AppData\Roaming\winscp.rnd

2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ C:\Users\nils\AppData\Roaming\winscp.rnd

2021-02-01 18:39 - 2021-02-01 18:39 - 011155568 _____ (Martin Prikryl ) C:\Users\nils\Downloads\WinSCP-5.17.10-Setup.exe

2021-02-01 18:39 - 2021-02-01 18:39 - 011155568 _____ (Martin Prikryl ) C:\Users\nils\Downloads\WinSCP-5.17.10-Setup.exe

2021-02-01 18:39 - 2021-02-01 18:39 - 000001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk

2021-02-01 18:39 - 2021-02-01 18:39 - 000001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk

2021-02-01 18:39 - 2021-02-01 18:39 - 000000000 ____D C:\Program Files (x86)\WinSCP

2021-02-01 18:38 - 2021-02-01 18:39 - 292897167 _____ C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6.zip

2021-02-01 18:38 - 2021-02-01 18:39 - 292897167 _____ C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6.zip

2021-02-01 18:26 - 2021-02-01 18:26 - 005835761 _____ C:\Users\nils\Downloads\OptiFine_1.16.5_HD_U_G6.jar

2021-02-01 18:26 - 2021-02-01 18:26 - 005835761 _____ C:\Users\nils\Downloads\OptiFine_1.16.5_HD_U_G6.jar

2021-01-30 01:27 - 2021-02-19 20:08 - 000002170 ____C C:\Users\nils\Desktop\CurseForge.lnk

2021-01-30 01:27 - 2021-02-19 20:08 - 000002170 ____C C:\Users\nils\Desktop\CurseForge.lnk

2021-01-30 01:27 - 2021-02-08 15:59 - 000000000 ____D C:\Program Files (x86)\Overwolf

2021-01-30 01:27 - 2021-01-30 01:27 - 000004382 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task

2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ____D C:\ProgramData\Overwolf

2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ____D C:\ProgramData\Overwolf

2021-01-30 01:26 - 2021-01-30 01:26 - 001386784 _____ (Overwolf Ltd.) C:\Users\nils\Downloads\CurseForge - LP-Installer.exe

2021-01-30 01:26 - 2021-01-30 01:26 - 001386784 _____ (Overwolf Ltd.) C:\Users\nils\Downloads\CurseForge - LP-Installer.exe

2021-01-29 22:08 - 2021-01-29 22:08 - 000000000 ____D C:\Users\nils\AppData\Roaming\twitch-desktop-electron-platform

2021-01-29 22:08 - 2021-01-29 22:08 - 000000000 ____D C:\Users\nils\AppData\Roaming\twitch-desktop-electron-platform

2021-01-27 21:38 - 2021-01-27 21:38 - 000002271 _____ C:\ProgramData\Desktop\NVIDIA Broadcast.lnk

2021-01-27 21:38 - 2021-01-27 21:38 - 000002271 _____ C:\ProgramData\Desktop\NVIDIA Broadcast.lnk

2021-01-27 21:34 - 2021-01-27 21:35 - 245764976 _____ (NVIDIA Corporation) C:\Users\nils\Downloads\nvidia_broadcast_v1.1.0.20.exe

2021-01-27 21:34 - 2021-01-27 21:35 - 245764976 _____ (NVIDIA Corporation) C:\Users\nils\Downloads\nvidia_broadcast_v1.1.0.20.exe

2021-01-27 17:30 - 2021-01-27 17:30 - 000055780 _____ C:\Users\nils\Downloads\9692940_2020_Nr.012_Kontoauszug_vom_31.12.2020_20210127053005.pdf

2021-01-27 17:30 - 2021-01-27 17:30 - 000055780 _____ C:\Users\nils\Downloads\9692940_2020_Nr.012_Kontoauszug_vom_31.12.2020_20210127053005.pdf

2021-01-27 17:30 - 2021-01-27 17:30 - 000041755 _____ C:\Users\nils\Downloads\9692940_2020_Mitteilung_vom_31.12.2020_20210127053013.pdf

2021-01-27 17:30 - 2021-01-27 17:30 - 000041755 _____ C:\Users\nils\Downloads\9692940_2020_Mitteilung_vom_31.12.2020_20210127053013.pdf
 

==================== One month (modified) ==================
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2021-02-19 20:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2021-02-19 20:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\Program Files (x86)\IObit

2021-02-19 20:32 - 2018-07-28 12:38 - 000000000 ___DC C:\Users\nils\AppData\Local\Downloaded Installations

2021-02-19 20:32 - 2018-07-28 12:38 - 000000000 ___DC C:\Users\nils\AppData\Local\Downloaded Installations

2021-02-19 20:32 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA

2021-02-19 20:32 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA

2021-02-19 20:12 - 2020-09-15 07:57 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2021-02-19 20:12 - 2020-09-15 00:13 - 000741490 _____ C:\WINDOWS\system32\perfh007.dat

2021-02-19 20:12 - 2020-09-15 00:13 - 000149740 _____ C:\WINDOWS\system32\perfc007.dat

2021-02-19 20:12 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF

2021-02-19 20:09 - 2018-06-27 19:54 - 000000000 ____D C:\Program Files (x86)\Steam

2021-02-19 20:08 - 2020-09-15 07:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2021-02-19 20:08 - 2019-11-01 23:12 - 000000000 ____D C:\Users\nils\AppData\Local\Battle.net

2021-02-19 20:08 - 2019-11-01 23:12 - 000000000 ____D C:\Users\nils\AppData\Local\Battle.net

2021-02-19 20:08 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf

2021-02-19 20:08 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf

2021-02-19 20:08 - 2019-01-22 14:43 - 000000000 ____D C:\Intel

2021-02-19 11:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps

2021-02-19 11:43 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2021-02-19 11:43 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2021-02-19 11:42 - 2020-12-02 02:05 - 000003124 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner

2021-02-19 11:39 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps

2021-02-19 11:39 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps

2021-02-19 11:38 - 2020-09-15 07:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2021-02-19 11:32 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2021-02-18 23:46 - 2020-10-11 02:45 - 000000000 ___DC C:\Users\nils\Documents\Impulse

2021-02-18 23:46 - 2020-10-11 02:45 - 000000000 ___DC C:\Users\nils\Documents\Impulse

2021-02-18 23:36 - 2019-11-25 22:30 - 000000000 ____D C:\Users\nils\AppData\Local\Dropbox

2021-02-18 23:36 - 2019-11-25 22:30 - 000000000 ____D C:\Users\nils\AppData\Local\Dropbox

2021-02-18 23:33 - 2020-09-15 00:33 - 000000000 ____D C:\Users\nils

2021-02-18 23:23 - 2019-11-02 17:50 - 000000000 ____D C:\WINDOWS\ShellNew

2021-02-18 23:21 - 2017-11-02 01:39 - 000000000 ____D C:\ProgramData\Package Cache

2021-02-18 23:21 - 2017-11-02 01:39 - 000000000 ____D C:\ProgramData\Package Cache

2021-02-18 23:10 - 2020-12-03 09:29 - 000000000 ____D C:\WINDOWS\Minidump

2021-02-18 23:00 - 2020-09-15 00:33 - 000000000 ____D C:\Users\js

2021-02-18 23:00 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2021-02-18 23:00 - 2017-11-02 01:43 - 000000000 ___DC C:\Users\js\AppData\Local\NVIDIA Corporation

2021-02-18 23:00 - 2017-11-02 01:43 - 000000000 ___DC C:\Users\js\AppData\Local\NVIDIA Corporation

2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\Packages

2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\Packages

2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\ConnectedDevicesPlatform

2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\ConnectedDevicesPlatform

2021-02-18 22:40 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord

2021-02-18 22:40 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord

2021-02-18 21:56 - 2018-06-29 21:37 - 000000000 ____D C:\ProgramData\Riot Games

2021-02-18 21:56 - 2018-06-29 21:37 - 000000000 ____D C:\ProgramData\Riot Games

2021-02-18 21:01 - 2020-03-30 22:10 - 000044088 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_audio_surround.sys

2021-02-18 20:06 - 2019-11-05 22:23 - 000000000 ____D C:\Program Files (x86)\Overwatch

2021-02-18 15:49 - 2020-09-15 07:58 - 000004184 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1593451427

2021-02-18 15:49 - 2020-06-29 18:23 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk

2021-02-18 15:49 - 2020-06-29 18:23 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk

2021-02-18 15:26 - 2020-12-28 16:14 - 000000000 ____D C:\Users\nils\AppData\Local\Deployment

2021-02-18 15:26 - 2020-12-28 16:14 - 000000000 ____D C:\Users\nils\AppData\Local\Deployment

2021-02-18 15:26 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages

2021-02-18 15:26 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages

2021-02-18 10:20 - 2019-11-25 22:30 - 000000000 ____D C:\Program Files (x86)\Dropbox

2021-02-17 17:12 - 2019-10-12 17:22 - 000000000 ____D C:\Users\nils\AppData\Roaming\Twitch

2021-02-17 17:12 - 2019-10-12 17:22 - 000000000 ____D C:\Users\nils\AppData\Roaming\Twitch

2021-02-17 09:39 - 2019-11-01 23:12 - 000000000 ____D C:\Program Files (x86)\Battle.net

2021-02-16 13:09 - 2018-11-05 15:51 - 000000000 ___DC C:\Users\nils\AppData\Local\ElevatedDiagnostics

2021-02-16 13:09 - 2018-11-05 15:51 - 000000000 ___DC C:\Users\nils\AppData\Local\ElevatedDiagnostics

2021-02-16 12:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2021-02-16 12:45 - 2020-11-12 00:19 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner

2021-02-15 18:44 - 2018-12-16 00:08 - 000000000 ___DC C:\Users\nils\AppData\Roaming\obs-studio

2021-02-15 18:44 - 2018-12-16 00:08 - 000000000 ___DC C:\Users\nils\AppData\Roaming\obs-studio

2021-02-14 21:26 - 2019-06-21 23:19 - 000000000 ____D C:\Program Files\Microsoft Office

2021-02-13 01:39 - 2020-09-15 07:53 - 000636904 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2021-02-13 01:39 - 2020-09-15 07:52 - 000008192 ___SH C:\DumpStack.log.tmp

2021-02-13 01:39 - 2019-11-25 22:30 - 000001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job

2021-02-13 01:39 - 2019-11-25 22:30 - 000001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job

2021-02-13 01:38 - 2019-12-07 15:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System

2021-02-13 01:38 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing

2021-02-12 22:24 - 2020-07-15 11:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2021-02-12 22:24 - 2020-07-15 11:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2021-02-12 20:58 - 2019-11-25 21:18 - 000000000 ____D C:\Users\nils\AppData\Roaming\.minecraft

2021-02-12 20:58 - 2019-11-25 21:18 - 000000000 ____D C:\Users\nils\AppData\Roaming\.minecraft

2021-02-12 20:46 - 2019-11-25 21:18 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher

2021-02-12 17:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2021-02-12 17:11 - 2018-06-27 20:26 - 000000000 ____D C:\WINDOWS\system32\MRT

2021-02-12 17:10 - 2018-06-27 20:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2021-02-11 23:29 - 2018-06-27 19:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2021-02-11 12:18 - 2020-09-15 07:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2021-02-11 12:18 - 2020-09-15 07:58 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2021-02-10 21:30 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin

2021-02-10 21:30 - 2019-02-18 21:21 - 000000000 ____D C:\ProgramData\Origin

2021-02-10 21:30 - 2019-02-18 21:21 - 000000000 ____D C:\ProgramData\Origin

2021-02-10 18:17 - 2018-07-29 22:29 - 000000000 ___DC C:\Users\nils\Documents\Soundaufnahmen

2021-02-10 18:17 - 2018-07-29 22:29 - 000000000 ___DC C:\Users\nils\Documents\Soundaufnahmen

2021-02-09 21:11 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2021-02-09 21:11 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2021-02-08 15:28 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache

2021-02-08 15:28 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache

2021-02-05 20:58 - 2020-09-15 07:58 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

2021-02-05 20:58 - 2020-09-15 07:58 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

2021-02-05 13:43 - 2020-12-11 01:42 - 000001372 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk

2021-02-05 13:43 - 2020-12-11 01:42 - 000001372 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk

2021-02-05 13:43 - 2020-12-11 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]

2021-02-05 13:43 - 2020-12-11 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]

2021-02-01 01:22 - 2018-06-27 20:26 - 000000000 ___DC C:\Users\nils\AppData\Local\NVIDIA

2021-02-01 01:22 - 2018-06-27 20:26 - 000000000 ___DC C:\Users\nils\AppData\Local\NVIDIA

2021-01-27 22:05 - 2019-01-11 23:11 - 000000000 ____D C:\Temp

2021-01-27 21:38 - 2020-12-01 13:33 - 000003662 _____ C:\WINDOWS\system32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-01-24 18:33 - 2020-08-25 22:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2021-01-24 05:14 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Roaming\Origin

2021-01-24 05:14 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Roaming\Origin

2021-01-23 19:41 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin Games

2021-01-23 19:41 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Local\Origin

2021-01-23 19:41 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Local\Origin

2021-01-22 11:16 - 2020-09-15 07:58 - 000004286 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA

2021-01-22 11:16 - 2020-09-15 07:58 - 000004054 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore

2021-01-22 10:45 - 2018-06-27 19:45 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 

==================== Files in the root of some directories ========
 

2021-02-16 15:23 - 2021-02-16 15:23 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\nils\AppData\Roaming\nils.exe

2020-10-11 02:54 - 2020-10-11 03:01 - 003228672 _____ () C:\Users\nils\AppData\Roaming\ScriptHookV.dll

2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ () C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config

2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ () C:\Users\nils\AppData\Roaming\winscp.rnd

2020-10-21 00:43 - 2020-10-21 00:43 - 000002221 _____ () C:\Users\nils\AppData\Local\recently-used.xbel

2019-02-19 20:35 - 2020-12-24 19:44 - 000007607 _____ () C:\Users\nils\AppData\Local\Resmon.ResmonCfg
 

==================== SigCheck ============================
 

(There is no automatic fix for files that do not pass verification.)
 

==================== End of FRST.txt ========================

--- --- ---

Addition folgt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-02-2021 01

Ran by nils (19-02-2021 20:37:22)

Running from C:\Users\nils\Desktop\FRST

Windows 10 Pro Version 2004 19041.804 (X64) (2020-09-15 06:58:06)

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-3449150419-271838051-1508037707-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3449150419-271838051-1508037707-503 - Limited - Disabled)

defaultuser0 (S-1-5-21-3449150419-271838051-1508037707-1000 - Limited - Disabled) => C:\Users\defaultuser0

Guest (S-1-5-21-3449150419-271838051-1508037707-501 - Limited - Disabled)

js (S-1-5-21-3449150419-271838051-1508037707-1001 - Administrator - Enabled) => C:\Users\js

nils (S-1-5-21-3449150419-271838051-1508037707-1002 - Administrator - Enabled) => C:\Users\nils

WDAGUtilityAccount (S-1-5-21-3449150419-271838051-1508037707-504 - Limited - Disabled)
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)

ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.2.12.0 - ASUSTek COMPUTER INC.) Hidden

ASUS Aac_NBDT HAL (HKLM-x32\...\{71667bbb-81ab-429c-aeb4-e43c31e8fe14}) (Version: 2.2.12.0 - ASUSTek COMPUTER INC.) Hidden

ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden

ASUS AURA Display Component (HKLM-x32\...\{36aa03d4-9606-4f04-bf3e-a70ebe6650f3}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden

ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.9 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA Extension Card HAL (HKLM-x32\...\{2d85b111-aee4-468b-874b-a9272712f69b}) (Version: 1.0.9 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden

ASUS AURA Headset Component (HKLM-x32\...\{ac3dc320-7e5e-4f22-9572-4c2119fcdf85}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden

ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.31 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA Motherboard HAL (HKLM-x32\...\{b31aaf98-0562-411d-a962-0c3d16a3527a}) (Version: 1.0.31 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA Odd Component (HKLM-x32\...\{a29279dc-f417-4442-8225-4db77f7d35b5}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.1.7 - ASUSTek COMPUTER INC. ) Hidden

ASUS AURA VGA Component (HKLM-x32\...\{4f18ae01-4390-4b41-be3a-54ef4eacdd91}) (Version: 0.0.1.7 - ASUSTek COMPUTER INC. ) Hidden

ASUS GLCKIO2 Driver (HKLM-x32\...\{548dd834-70c5-4426-8065-fbeabdd2bb5d}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden

ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden

ASUS GPU TweakII (HKLM-x32\...\{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.0.3.1 - ASUSTek COMPUTER INC.) Hidden

ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.0.3.1 - ASUSTek COMPUTER INC.)

ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden

ASUS Keyboard HAL (HKLM-x32\...\{210cdd08-c947-43a2-9378-bc288f651e41}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden

ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden

ASUS MB Peripheral Products (HKLM-x32\...\{3e9b91eb-5bb0-4272-8670-f88d353eb68b}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden

ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden

ASUS Mouse HAL (HKLM-x32\...\{add3bacc-578f-4bf9-97e3-a0f0c3ae3323}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden

ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden

ASUS MousePad HAL (HKLM-x32\...\{cc37f609-4db9-4ce3-9e37-9cb1b432452e}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden

AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.26 - ASUS) Hidden

AURA DRAM Component (HKLM-x32\...\{dded177f-c7b2-4212-9c64-74884f3fd53b}) (Version: 1.0.26 - ASUS) Hidden

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.64.43202 - Electronic Arts)

Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version:  - Blizzard Entertainment)

Camera (NVIDIA Broadcast) (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvVirtualCamera) (Version: 1.1.0.20 - NVIDIA Corporation) Hidden

Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)

Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden

Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden

CORSAIR iCUE Software (HKLM-x32\...\{229E0F5D-0FE7-4468-B856-DDF1B089345F}) (Version: 3.33.246 - Corsair)

CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)

CPUID HWMonitor 1.42 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.42 - CPUID, Inc.)

CurseForge (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.167.2.7 - Overwolf app)

Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: Build_3276551Change_4218285 - GOG.com)

Discord (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)

Dropbox (HKLM-x32\...\Dropbox) (Version: 116.4.368 - Dropbox, Inc.)

Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden

ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.3.0 - ENE TECHNOLOGY INC.) Hidden

ENE RGB HAL (HKLM\...\{8DA1B230-D82E-4A24-9237-363E2E1E2695}) (Version: 1.0.21.0 - Ene Tech.) Hidden

ENE RGB HAL (HKLM-x32\...\{bb670f8d-3d66-4f36-8e60-02b71bb0a4e9}) (Version: 1.0.21.0 - Ene Tech.) Hidden

Epic Games Launcher (HKLM-x32\...\{42ECB1DB-6B44-4AEC-B112-98ECFF460EF6}) (Version: 1.1.167.0 - Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

FileZilla Client 3.39.0 (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\FileZilla Client) (Version: 3.39.0 - Tim Kosse)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Geeks3D FurMark 1.20.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)

GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)

GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden

Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2215.0 - Rockstar Games)

INNO3D TuneIT version 3.02 (HKLM-x32\...\INNO3D TuneIT_is1) (Version: 3.02 - )

inst (HKLM-x32\...\{F818E3E8-4C16-4D3B-894B-D8805F56D7DB}) (Version: 1.0.0.0 - Creative Software Solutions GmbH)

Intel(R) Computing Improvement Program (HKLM\...\{44C40B2E-7285-4A9F-A9BC-DF433772AAEE}) (Version: 2.4.05929 - Intel Corporation)

Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)

Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden

Kingston AURA DRAM Component (HKLM-x32\...\{d6cac989-7570-43fd-b147-e31d6280a3a6}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden

Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)

Legends of Runeterra (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Riot Game bacon.live) (Version:  - Riot Games, Inc)

LibreOffice 6.3.2.2 (HKLM\...\{6110D2CC-70B4-415E-AF5A-7BB496AB264B}) (Version: 6.3.2.2 - The Document Foundation)

Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:  - Logitech)

Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)

Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13628.20380 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.68 - Microsoft Corporation)

Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 88.0.705.74 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)

Mozilla Firefox 81.0.1 (x64 de) (HKLM\...\Mozilla Firefox 81.0.1 (x64 de)) (Version: 81.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)

MSI Afterburner 4.6.2 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.2 Beta 3 - MSI Co., LTD)

NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden

NVIDIA Broadcast (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIABroadcast) (Version: 1.1.0.20 - NVIDIA Corporation)

NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)

NVIDIA Grafiktreiber 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)

NVIDIA USBC Driver 1.45.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.45.831.832 - NVIDIA Corporation)

NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden

OBS Studio (HKLM-x32\...\OBS Studio) (Version: 22.0.2 - OBS Project)

OCCT 4.5.1 (HKLM-x32\...\OCCT) (Version: 4.5.1 - Ocbase.com)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20380 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden

OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)

Opera GX Stable 73.0.3856.400 (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Opera GX 73.0.3856.400) (Version: 73.0.3856.400 - Opera Software)

Origin (HKLM-x32\...\Origin) (Version: 10.5.92.46430 - Electronic Arts, Inc.)

Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)

Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)

Overwolf (HKLM-x32\...\Overwolf) (Version: 0.165.0.28 - Overwolf Ltd.)

Patriot Viper RGB (HKLM\...\{E42E13B0-071E-49C1-B1CC-58198E82F302}) (Version: 1.00.05 - Patriot Memory) Hidden

PBE (HKLM-x32\...\PBE 1.0) (Version: 1.0 - Riot Games, Inc)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)

Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.34.337 - Rockstar Games)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)

Sparialo (HKLM-x32\...\{3D581B7A-5251-4E7E-B381-ED890B068F04}) (Version: 1.0.0.0 - Sparialo)

Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

SSDlife Free (HKLM-x32\...\{18302BF2-AA3C-46E3-B039-996FD0DB5639}) (Version: 2.5.82 - BinarySense Inc.)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.10 - TeamSpeak Systems GmbH)

Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)

TreeSize Free V4.4.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.1 - JAM Software)

Trident Z Lighting Control (HKLM-x32\...\{97CD7AFC-0ED3-41B8-9CCD-22717E8631D0}_is1) (Version: 1.00.18 - ENG)

Twitch (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)

Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)

UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden

VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)

WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version:  - Ubisoft)

WiinUSoft version 3.4 (HKLM\...\{1BFC4F9F-BB85-4CE3-AC22-0CBFF78D5EE4}_is1) (Version: 3.4 - Justin Keys)

Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)

Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

Windows-Treiberpaket - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)

WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl)
 

Packages:

=========

Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)

Epson Print and Scan -> C:\Program Files\WindowsApps\SEIKOEPSONCORPORATION.EpsonPrintandScan_1.1.0.0_x64__ezaqdwkaef94e [2019-07-23] (SEIKO EPSON CORPORATION)

Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-24] (Microsoft Corporation)

Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2020-12-31] (INTEL CORP) [Startup Task]

Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-18] (INTEL CORP)

Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-23] (Microsoft Corporation)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]

Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10111.5575.0_x64__8wekyb3d8bbwe [2021-02-15] (Microsoft Corporation)

Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21059.0_x64__8wekyb3d8bbwe [2021-02-15] (Microsoft Studios)

Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-01-22] (Netflix, Inc.)

NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-22] (NVIDIA Corp.)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0 [2021-02-09] (Spotify AB) [Startup Task]

TranslucentTB -> C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj [2020-11-27] (Charles Milette) [Startup Task]

VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2020-05-08] (VideoLAN)

Xbox Insider Hub -> C:\Program Files\WindowsApps\Microsoft.FlightDashboard_476.2101.8001.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Corporation)
 

==================== Custom CLSID (Whitelisted): ==============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\nils\Documents\Dropbox [2019-11-25 22:31]

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-19] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-19] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
 

==================== Codecs (Whitelisted) ====================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
 

==================== Shortcuts & WMI ========================
 

==================== Loaded Modules (Whitelisted) =============
 

2019-01-19 00:31 - 2019-01-19 00:30 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\libprotobufd.dll

2019-01-19 00:31 - 2019-01-19 00:30 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.31\ASACPI.DLL

2017-11-02 00:46 - 2011-08-30 13:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

2017-11-02 00:46 - 2011-08-01 18:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll

2020-07-29 10:46 - 2020-07-29 10:46 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
 

==================== Alternate Data Streams (Whitelisted) ========
 

(If an entry is included in the fixlist, only the ADS will be removed.)
 

AlternateDataStreams: C:\Users\nils:Heroes & Generals [38]

AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]

AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16]

AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]

AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16]
 

==================== Safe Mode (Whitelisted) ==================
 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 

==================== Association (Whitelisted) =================
 

==================== Internet Explorer (Whitelisted) ==========
 

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> DefaultScope {510A6C65-1EB9-40FA-875E-0CE4E3F57394} URL = 

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
 

(If an entry is included in the fixlist, it will be removed from the registry.)
 

IE trusted site: HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\localhost -> localhost
 

==================== Hosts content: =========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2016-07-16 12:47 - 2021-02-18 17:03 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost
 

==================== Other Areas ===========================
 

(Currently there is no automatic fix for this section.)
 

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Android;C:\Windows\System32;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR

HKU\S-1-5-21-3449150419-271838051-1508037707-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg

HKU\S-1-5-21-3449150419-271838051-1508037707-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\nils\Pictures\Hintergründe\Texture_Multicolor_526935_2560x1440.jpg

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)

Windows Firewall is enabled.
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

==================== FirewallRules (Whitelisted) ================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

FirewallRules: [{D10E5BF0-3FC3-415E-8EDF-292C4EAC8DC7}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)

FirewallRules: [{66F5097C-3590-48EA-B02C-0E4C18CE2AC4}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)

FirewallRules: [{F517EA94-2023-4D32-8524-08315AB1385E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{4C8A7E44-3ED5-4DFB-88AB-9AF7BB704C79}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [TCP Query User{DE9FF1E0-97D0-4768-ABEF-C06F372ED0D6}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{5D6BCAE2-30E8-401E-97A8-1E81370F85D6}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [TCP Query User{8204281B-BC5C-46A9-8AE6-572B21924ABA}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [UDP Query User{5F5DE5A5-AFA9-40B7-A04A-ADB3DD6493FE}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [TCP Query User{6F070B32-AABF-4919-95CC-CEC3AB299526}C:\users\nils\appdata\local\programs\opera gx\73.0.3856.400\opera.exe] => (Allow) C:\users\nils\appdata\local\programs\opera gx\73.0.3856.400\opera.exe (Opera Software AS -> Opera Software)

FirewallRules: [UDP Query User{C88C55D4-119B-4F2A-985D-BE44538F6290}C:\users\nils\appdata\local\programs\opera gx\73.0.3856.400\opera.exe] => (Allow) C:\users\nils\appdata\local\programs\opera gx\73.0.3856.400\opera.exe (Opera Software AS -> Opera Software)

FirewallRules: [TCP Query User{6D2C1D95-EC37-4439-92DF-413E190E3AF1}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{C2BEE2F4-A7C3-4C1E-8EAF-90B260BDFF48}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [TCP Query User{DBCB13EE-084C-4D99-9DCF-EE9EA30ABDDA}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [UDP Query User{04ADB42F-4FE8-4808-83AA-7F477CEC9113}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
 

==================== Restore Points =========================
 

16-02-2021 12:59:17 DirectX wurde installiert

18-02-2021 20:59:53 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127

18-02-2021 21:00:00 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127
 

==================== Faulty Device Manager Devices ============
 
 

==================== Event log errors: ========================
 

Application errors:

==================

Error: (02/19/2021 08:25:50 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)

Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
 

Error: (02/19/2021 08:22:28 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: NILS-PC)

Description: microsoft.windows.cortana_cw5n1h2txyewy-2147024893
 

Error: (02/19/2021 08:13:45 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)

Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
 

Error: (02/19/2021 08:12:21 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)

Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
 

Error: (02/19/2021 08:09:09 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: NILS-PC)

Description: microsoft.windows.cortana_cw5n1h2txyewy-2147024893
 

Error: (02/19/2021 08:09:02 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: NILS-PC)

Description: microsoft.windows.cortana_cw5n1h2txyewy-2147024893
 

Error: (02/19/2021 08:08:48 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)

Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
 

Error: (02/19/2021 08:08:38 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Users\nils\AppData\Local\chromium\Application\chrome.exe".

Die abhängige Assemblierung "63.0.3235.0,language="&#x2a;",type="win32",version="63.0.3235.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
 

System errors:

=============

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "LGHUB Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.
 

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Corsair Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Restart the service.
 

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Intel(R) Graphics Command Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Restart the service.
 

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Restart the service.
 

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "DbxSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.
 

Error: (02/19/2021 08:32:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
 

Windows Defender:

===============

Date: 2021-02-19 11:26:01

Description: 

Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.

Weitere Informationen:

https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0

Name: TrojanDropper:Win64/Tnega!MSR

ID: 2147771646

Schweregrad: Severe

Kategorie: Trojan Dropper

Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe

Erkennungsursprung: Local machine

Erkennungstype: FastPath

Erkennungsquelle: Real-Time Protection

Benutzer: NILS-PC\nils

Prozessname: C:\Users\nils\AppData\Roaming\nils.exe

Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0

Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
 

Date: 2021-02-19 10:29:08

Description: 

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Pictures zu ändern.

Erkennungszeit: 2021-02-19T09:29:08.655Z

Benutzer: NILS-PC\nils

Pfad: %userprofile%\Pictures

Prozessname: C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

Sicherheitsversion: 1.331.1308.0

Modulversion: 1.1.17800.5

Produktversion: 4.18.2101.9
 

Date: 2021-02-19 10:25:21

Description: 

Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.

Weitere Informationen:

https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0

Name: TrojanDropper:Win64/Tnega!MSR

ID: 2147771646

Schweregrad: Severe

Kategorie: Trojan Dropper

Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe

Erkennungsursprung: Local machine

Erkennungstype: FastPath

Erkennungsquelle: Real-Time Protection

Benutzer: NILS-PC\nils

Prozessname: C:\Users\nils\AppData\Roaming\nils.exe

Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0

Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
 

Date: 2021-02-19 10:23:23

Description: 

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Pictures zu ändern.

Erkennungszeit: 2021-02-19T09:23:23.325Z

Benutzer: NILS-PC\nils

Pfad: %userprofile%\Pictures

Prozessname: C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

Sicherheitsversion: 1.331.1308.0

Modulversion: 1.1.17800.5

Produktversion: 4.18.2101.9
 

Date: 2021-02-19 10:12:13

Description: 

Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.

Weitere Informationen:

https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0

Name: TrojanDropper:Win64/Tnega!MSR

ID: 2147771646

Schweregrad: Severe

Kategorie: Trojan Dropper

Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe

Erkennungsursprung: Local machine

Erkennungstype: FastPath

Erkennungsquelle: Real-Time Protection

Benutzer: NILS-PC\nils

Prozessname: C:\Users\nils\AppData\Roaming\nils.exe

Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0

Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5

Event[0]:
 

Date: 2021-02-18 22:51:33

Description: 

Fehler von Microsoft Defender Antivirus beim Herunterladen und Konfigurieren von Microsoft Defender Offline.

Fehlercode: 0x8000000a

Fehlerbeschreibung: The data necessary to complete this operation is not yet available. 
 

Date: 2021-02-18 22:51:06

Description: 

Fehler von Microsoft Defender Antivirus beim Herunterladen und Konfigurieren von Microsoft Defender Offline.

Fehlercode: 0x8000000a

Fehlerbeschreibung: The data necessary to complete this operation is not yet available. 
 

CodeIntegrity:

===============

Date: 2021-02-19 20:08:48

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.165.0.28\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 

Date: 2021-02-19 11:32:37

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 

Date: 2021-02-19 10:19:45

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.165.0.28\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
 

==================== Memory info =========================== 
 

BIOS: American Megatrends Inc. 0411 09/21/2018

Motherboard: ASUSTeK COMPUTER INC. PRIME Z370-P II

Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz

Percentage of memory in use: 29%

Total physical RAM: 16313.35 MB

Available physical RAM: 11419.71 MB

Total Virtual: 38841.35 MB

Available Virtual: 32302.63 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:464.44 GB) (Free:57.33 GB) NTFS

Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:176.29 GB) NTFS

Drive e: () (Removable) (Total:57.75 GB) (Free:57.74 GB) exFAT
 

\\?\Volume{52079eb2-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.47 GB) (Free:0.43 GB) NTFS

\\?\Volume{52079eb2-0000-0000-0000-101e00000000}\ (Volume) (Fixed) (Total:0.02 GB) (Free:0.01 GB) NTFS

\\?\Volume{52079eb2-0000-0000-0060-603b74000000}\ () (Fixed) (Total:0.83 GB) (Free:0.4 GB) NTFS
 

==================== MBR & Partition Table ====================
 

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 52079EB2)

Partition 1: (Active) - (Size=479 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=21 MB) - (Type=05)

Partition 3: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=852 MB) - (Type=27)
 

==========================================================

Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2FE87EA9)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==========================================================

Disk: 2 (Size: 57.8 GB) (Disk ID: 0F13A0A0)

Partition 1: (Not Active) - (Size=57.7 GB) - (Type=07 NTFS)
 

==================== End of Addition.txt =======================

Gut gemacht! :)

Schritt 1
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!

Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

Start:: CloseProcesses: HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GalaxyClient] => [X] HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Policies\Explorer: [NoWinKeys] 1 GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION CMD: reg query "HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions" /S CMD: reg query "HKLM\SOFTWARE\Microsoft\Edge\Extensions" /S CMD: reg query "HKLM\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions"" /S CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox" /S CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox" /S Edge HomePage: Default -> hxxp://www.go-setting.com/ C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh] Edge HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh] Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh] FF HKLM\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found FF HKLM-x32\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found CHR Notifications: Default -> hxxps://de.softonic.com; hxxps://secrethitler.io; hxxps://vulkanvegas.com; hxxps://www.facebook.com; hxxps://www.royalpanda.com CHR HomePage: Default -> hxxp://www.go-setting.com/ CHR StartupUrls: Default -> "hxxp://www.go-setting.com/" 2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit 2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit 2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit 2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit 2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit 2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit 2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\Program Files (x86)\IObit C:\Users\nils\AppData\Roaming\nils.exe CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File AlternateDataStreams: C:\Users\nils:Heroes & Generals [38] AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16] AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16] HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> DefaultScope {510A6C65-1EB9-40FA-875E-0CE4E3F57394} URL = CMD: ipconfig /flushdns CMD: netsh winsock reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: Bitsadmin /Reset /Allusers powershell: Set-MpPreference -PUAProtection Enabled powershell: Set-MpPreference -DisableScanningNetworkFiles 0 Hosts: RemoveProxy: SystemRestore: On EmptyTemp: End::
Starte nun FRST und klicke direkt den Reparieren Button.
Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2

Starte FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort:

die Logdatei des FRST-Fix (fixlog.txt)
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

Code:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-02-2021 01

Ran by nils (20-02-2021 11:10:21) Run:3

Running from C:\Users\nils\Desktop\FRST

Loaded Profiles: defaultuser0 & js & nils

Boot Mode: Normal

==============================================
 

fixlist content:

*****************

CloseProcesses:

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [GalaxyClient] => [X]

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Policies\Explorer: [NoWinKeys] 1

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

CMD: reg query "HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions" /S

CMD: reg query "HKLM\SOFTWARE\Microsoft\Edge\Extensions" /S

CMD: reg query "HKLM\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions"" /S

CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox" /S

CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox" /S

Edge HomePage: Default -> hxxp://www.go-setting.com/

C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh

Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]

Edge HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]

Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]

FF HKLM\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found

FF HKLM-x32\...\Firefox\Extensions: [{a06de0b3-b00f-472c-a34e-3a74b64d1747}] - C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi => not found

CHR Notifications: Default -> hxxps://de.softonic.com; hxxps://secrethitler.io; hxxps://vulkanvegas.com; hxxps://www.facebook.com; hxxps://www.royalpanda.com

CHR HomePage: Default -> hxxp://www.go-setting.com/

CHR StartupUrls: Default -> "hxxp://www.go-setting.com/"

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\Roaming\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ___DC C:\Users\nils\AppData\LocalLow\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\ProgramData\IObit

2021-02-19 20:32 - 2019-01-11 00:01 - 000000000 ____D C:\Program Files (x86)\IObit

C:\Users\nils\AppData\Roaming\nils.exe

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\nils\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

AlternateDataStreams: C:\Users\nils:Heroes & Generals [38]

AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]

AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16]

AlternateDataStreams: C:\Users\nils\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]

AlternateDataStreams: C:\Users\nils\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

AlternateDataStreams: C:\Users\nils\AppData\Local\Temp:$DATA [16]

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> DefaultScope {510A6C65-1EB9-40FA-875E-0CE4E3F57394} URL = 

CMD: ipconfig /flushdns

CMD: netsh winsock reset

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: Bitsadmin /Reset /Allusers

powershell: Set-MpPreference -PUAProtection Enabled

powershell: Set-MpPreference -DisableScanningNetworkFiles 0

Hosts:

RemoveProxy:

SystemRestore: On 

EmptyTemp:
 

*****************
 

Processes closed successfully.

"HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => removed successfully

"HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWinKeys" => removed successfully

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

C:\ProgramData\NTUSER.pol => moved successfully

"C:\ProgramData\NTUSER.pol" => not found
 

========= reg query "HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions" /S =========
 
 

HKEY_USERS\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh

    update_url    REG_SZ    https://extensionwebstorebase.edgesv.net/v1/crx
 
 

========= End of CMD: =========
 
 

========= reg query "HKLM\SOFTWARE\Microsoft\Edge\Extensions" /S =========
 
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh

    update_url    REG_SZ    https://extensionwebstorebase.edgesv.net/v1/crx
 
 

========= End of CMD: =========
 
 

========= reg query "HKLM\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions"" /S =========
 
 

========= End of CMD: =========
 
 

========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox" /S =========
 
 

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions

    {a06de0b3-b00f-472c-a34e-3a74b64d1747}    REG_SZ    C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi
 

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs

    C:\Program Files\Mozilla Firefox    REG_SZ    308046B0AF4A39CB
 
 

========= End of CMD: =========
 
 

========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox" /S =========
 
 

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox\Extensions

    {a06de0b3-b00f-472c-a34e-3a74b64d1747}    REG_SZ    C:\Program Files (x86)\vondos\schnelledeals\schnelledeals-1.0.0-fx.xpi
 

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Firefox\TaskBarIDs

    C:\Program Files\Mozilla Firefox    REG_SZ    308046B0AF4A39CB
 
 

========= End of CMD: =========
 

"Edge HomePage" => removed successfully

C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh => moved successfully

HKLM\SOFTWARE\Microsoft\Edge\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh => removed successfully

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Edge\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh => removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh => removed successfully

"HKLM\Software\Mozilla\Firefox\Extensions\\{a06de0b3-b00f-472c-a34e-3a74b64d1747}" => removed successfully

"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{a06de0b3-b00f-472c-a34e-3a74b64d1747}" => removed successfully

"Chrome Notifications" => removed successfully

"Chrome HomePage" => removed successfully

"Chrome StartupUrls" => removed successfully

C:\Users\nils\AppData\Roaming\IObit => moved successfully

"C:\Users\nils\AppData\Roaming\IObit" => not found

C:\Users\nils\AppData\LocalLow\IObit => moved successfully

"C:\Users\nils\AppData\LocalLow\IObit" => not found

C:\ProgramData\IObit => moved successfully

"C:\ProgramData\IObit" => not found

C:\Program Files (x86)\IObit => moved successfully

C:\Users\nils\AppData\Roaming\nils.exe => moved successfully

HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully

HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145} => removed successfully

HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully

HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully

C:\Users\nils => ":Heroes & Generals" ADS removed successfully

C:\Users\nils\Anwendungsdaten => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully

"C:\Users\nils\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.

C:\Users\nils\AppData\Local\Temp => ":$DATA" ADS removed successfully

"C:\Users\nils\Anwendungsdaten" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.

"C:\Users\nils\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.

"C:\Users\nils\AppData\Local\Temp" => ":$DATA" ADS not found.

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Microsoft\Internet Explorer\Main\\"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully

"HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
 

========= ipconfig /flushdns =========
 
 

Windows-IP-Konfiguration
 

Der DNS-Aufl”sungscache wurde geleert.
 

========= End of CMD: =========
 
 

========= netsh winsock reset =========
 
 

Der Winsock-Katalog wurde zurckgesetzt.

Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
 
 

========= End of CMD: =========
 
 

========= netsh advfirewall reset =========
 

OK.
 
 

========= End of CMD: =========
 
 

========= netsh advfirewall set allprofiles state ON =========
 

OK.
 
 

========= End of CMD: =========
 
 

========= Bitsadmin /Reset /Allusers =========
 
 

BITSADMIN version 3.0

BITS administration utility.

(C) Copyright Microsoft Corp.
 

0 out of 0 jobs canceled.
 

========= End of CMD: =========
 
 

========= Set-MpPreference -PUAProtection Enabled =========
 

Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.

In C:\FRST\tmp.ps1:1 Zeichen:1

+ Set-MpPreference -PUAProtection Enabled

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  

   CimException

    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference

 
 

========= End of Powershell: =========
 
 

========= Set-MpPreference -DisableScanningNetworkFiles 0 =========
 

Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.

In C:\FRST\tmp.ps1:1 Zeichen:1

+ Set-MpPreference -DisableScanningNetworkFiles 0

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  

   CimException

    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference

 
 

========= End of Powershell: =========
 

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.
 

========= RemoveProxy: =========
 

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully

"HKU\S-1-5-21-3449150419-271838051-1508037707-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully

"HKU\S-1-5-21-3449150419-271838051-1508037707-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

"HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully

"HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 

========= End of RemoveProxy: =========
 

SystemRestore: On => completed
 

=========== EmptyTemp: ==========
 

BITS transfer queue => 12083200 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 61646431 B

Java, Flash, Steam htmlcache => 14118442 B

Windows/system/drivers => 227934944 B

Edge => 0 B

Chrome => 0 B

Brave => 0 B

Firefox => 0 B

Opera => 0 B
 

Temp, IE cache, history, cookies, recent:

Default => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 32134 B

NetworkService => 41678 B

defaultuser0 => 41678 B

js => 3243242 B

nils => 4595571 B
 

RecycleBin => 93925814 B

EmptyTemp: => 398.3 MB temporary data Removed.
 

================================
 
 

The system needed a reboot.
 

==== End of Fixlog 11:10:32 ====

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01

Ran by nils (administrator) on NILS-PC (20-02-2021 11:12:57)

Running from C:\Users\nils\Desktop\FRST

Loaded Profiles: nils

Platform: Windows 10 Pro Version 2004 19041.804 (X64) Language: Englisch (Großbritannien)

Default browser: Opera

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe

(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe <4>

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7269\Agent.exe

(Charles Milette) C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj\TranslucentTB\TranslucentTB.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.x64.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdLauncher.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe

(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe

(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>

(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe

(G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.) C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\hid.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe

(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe

(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe

(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe

(Logitech Inc -> ) C:\Program Files\LGHUB\logi_analytics_client.exe

(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>

(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe

(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe <2>

(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\upfc.exe

(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe <2>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NvVirtualCamera\NVIDIA Virtual Camera.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Users\nils\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe <2>

(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.165.0.28\OverwolfHelper.exe

(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.165.0.28\OverwolfHelper64.exe

(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe <3>

(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Scarlet.Crush Productions) [File not signed] C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe

(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe

(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe <5>

(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <4>

(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
 

==================== Registry (Whitelisted) ===================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)

HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

HKLM-x32\...\Run: [Spectrum] => C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\HID.exe [1753104 2020-05-25] (G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.)

HKLM-x32\...\Run: [Inno3D] => C:\Program Files (x86)\INNO3D TuneIT\Inno3D.exe

HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62636856 2020-11-13] (Discord Inc. -> Discord Inc.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32898104 2021-02-16] (Epic Games Inc. -> Epic Games, Inc.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Chromium] => "c:\users\nils\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090464 2021-02-17] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [DiscordPTB] => C:\Users\nils\AppData\Local\DiscordPTB\app-0.0.55\DiscordPTB.exe

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2021-01-24] (Overwolf Ltd -> Overwolf Ltd.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [104586376 2021-02-18] (Logitech Inc -> Logitech, Inc.)

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {91727cc2-da62-11ea-bcee-0492265d3edd} - "F:\OnePlus_setup.exe" /s

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {d80afba4-6f01-11eb-bd49-0492265d3edd} - "E:\OnePlus_setup.exe" /s

HKLM\...\Windows x64\Print Processors\OKX055PP: C:\Windows\System32\spool\prtprocs\x64\OKX055PP.DLL [52224 2015-12-25] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)

HKLM\...\Print\Monitors\EPSON WF-3540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJHE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558080 2011-08-30] (SEIKO EPSON CORPORATION) [File not signed]

HKLM\...\Print\Monitors\Oki Language Monitor v2 x64: C:\WINDOWS\system32\OPPFLM64.DLL [24064 2011-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 

==================== Scheduled Tasks (Whitelisted) ============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {10923ACD-A6F3-46C9-8B05-FA036D45F27C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {14B7AE73-1437-44FC-B4CD-CB064266DC82} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

Task: {1555F223-102C-4FD6-B6AA-3FF7ED98058A} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [784880 2019-09-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

Task: {169A4A9F-5AB2-4859-BB79-105D4F7E0F5B} - System32\Tasks\TaskbarX NILS-PCnils => C:\Users\nils\AppData\Local\Temp\Rar$EXa15592.7440\TaskbarX.exe <==== ATTENTION

Task: {1BB8711B-BE48-42FB-9471-FCFD984EE7F6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {1CFF092D-CB8C-4697-A22E-C65E98842FAC} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002Core => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe

Task: {21AD196C-E033-4A17-8AB0-51729310AFC0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)

Task: {247335EE-A7B9-443A-B7C4-14AD5DACB27E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"

Task: {28EBA2B2-5857-4D18-B83C-B4BEFE4B6B64} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {32197A57-775D-4F2B-BADF-36EAF82B90C2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {334F71AD-EA0A-45C3-A6BF-D23B10278705} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log

Task: {389005A7-88A2-4A2D-9B0D-221BF3779434} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {49B6BC26-85D9-47CD-8037-109C0AE32EE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

Task: {64C72E17-56AC-4A10-8359-81CB62CBFA09} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)

Task: {66CB8C64-C47E-4DE8-BC72-AE4F1B10190B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)

Task: {6CC840F6-D3B1-4381-80D6-368E821AD608} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

Task: {708BEC20-0B26-4F36-9C8B-B3DDB92FF7D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

Task: {71112853-AD65-4846-8E55-E40FC38399A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Task: {7478992B-7BB6-4BF1-A873-5E111E4C328B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)

Task: {776DF5CB-61F3-413A-866C-67864EDC98A7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

Task: {79FE0BF0-DF6B-4F3F-B627-2641C7B3C431} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {7AFBADC6-5A92-4AD1-B4C6-825820AA6735} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498512 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Task: {947A71B9-8265-4202-B1DF-31851FE6ECD4} - System32\Tasks\Opera GX scheduled Autoupdate 1593451427 => C:\Users\nils\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-02-16] (Opera Software AS -> Opera Software)

Task: {96FD5F58-83E0-4F87-BE57-8C5B4AE1AC73} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Task: {9755D7FA-2C11-4258-B363-6A045E7D0494} - System32\Tasks\Opera scheduled Autoupdate 1555368081 => C:\Users\nils\AppData\Local\Programs\Opera\launcher.exe

Task: {9C946B4F-522A-4DC7-A9DD-DF2925C43312} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {A4035D2D-AABB-427C-B68E-FE5DE8C57307} - System32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast.exe [8577776 2021-01-24] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {A448EED5-27DE-4BDF-837A-18BA2E930140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)

Task: {AF840AC3-BAA2-43A2-9FF4-E39C018BA346} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002UA => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe

Task: {BDDB2636-5C15-45B7-A849-41EBC891643A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)

Task: {C83D387D-761A-4D40-AA38-0274BB58034C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {C8CDC2F0-A1CE-45E8-A86F-A88504F2F2B8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe

Task: {CAE80F57-588C-4CA0-8489-93BE2E1DC0EE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)

Task: {CBFD160A-267A-4AC3-B7F9-BCE4026B204F} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3449150419-271838051-1508037707-1001 => C:\Users\nils\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

Task: {CC90B01F-54A3-4F48-9A32-4D63DFA4B7B8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)

Task: {D7486F2D-BB18-4E28-B718-83CF6A9FB91F} - System32\Tasks\{B557B444-21B0-41FD-B838-14D7E070A414} => "c:\windows\system32\launchwinapp.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=404

Task: {DD50F83C-FE08-4203-9695-5DB48F511782} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-14] (Microsoft Corporation -> Microsoft Corporation)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

Tcpip\Parameters: [DhcpNameServer] 192.168.178.100

Tcpip\..\Interfaces\{49065b68-8f61-403d-b9dc-f5281de063c8}: [DhcpNameServer] 192.168.178.100

Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [DhcpNameServer] 192.168.178.100

Tcpip\..\Interfaces\{84ffcfd2-bfa3-4511-899f-7ed5e75b8ecb}: [DhcpNameServer] 192.168.42.129
 

Edge: 

=======

Edge HomeButtonPage: HKU\S-1-5-21-3449150419-271838051-1508037707-1002 -> hxxp://www.google.com

Edge Profile: C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-20]
 

FireFox:

========

FF DefaultProfile: ncucdlz8.default-1584820434065

FF ProfilePath: C:\Users\nils\AppData\Roaming\Mozilla\Firefox\Profiles\ncucdlz8.default-1584820434065 [2021-02-20]

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] (Adobe Systems Incorporated -> )

FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
 

Chrome: 

=======

CHR Profile: C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default [2021-02-20]

CHR Extension: (Präsentationen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-16]

CHR Extension: (BetterTTV) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2020-12-23]

CHR Extension: (Docs) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-16]

CHR Extension: (Google Drive) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]

CHR Extension: (YouTube) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-16]

CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-31]

CHR Extension: (Watch2Gether) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2020-07-31]

CHR Extension: (Tabellen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-16]

CHR Extension: (Google Docs Offline) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]

CHR Extension: (Material Dark - MKBHD) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiplegjeipnjdpgkeccfccnahofbckad [2020-04-23]

CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]

CHR Extension: (Netflix Party is now Teleparty) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-10]

CHR Extension: (Global Twitch Emotes) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgniedifoejifjkndekolimjeclnokkb [2020-06-15]

CHR Extension: (Google Mail) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]

CHR Extension: (Chrome Media Router) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-15]

CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]

CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]

CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
 

Opera: 

=======

OPR Profile: C:\Users\nils\AppData\Roaming\Opera Software\Opera Stable [2021-02-18]

OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

StartMenuInternet: (HKU\S-1-5-21-3449150419-271838051-1508037707-1002) Opera GXStable - "C:\Users\nils\AppData\Local\Programs\Opera GX\Launcher.exe"
 

Brave: 

=======

BRA Profile: C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-02-18]

BRA Extension: (Brave Tracking Protection Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-01-19]

BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-01-19]

BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-01-19]

BRA Extension: (Brave Ad Block Updater (DEU: EasyList Germany)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\jmomcjcilfpbaaklkifaijjcnancamde [2019-01-19]

BRA Extension: (PDF Viewer) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-01-19]

BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-01-19]
 

==================== Services (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe [419264 2019-01-11] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2019-01-19] (ASUSTeK Computer Inc. -> ) [File not signed]

R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe [1919280 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [File not signed]

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-19] (BattlEye Innovations e.K. -> )

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [605096 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-08-31] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-11-25] (Dropbox, Inc -> Dropbox, Inc.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-02-14] (Dropbox, Inc -> Dropbox, Inc.)

R2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2017-08-12] (Scarlet.Crush Productions) [File not signed]

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-07-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)

S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)

S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2020-12-23] (GOG Sp. z o.o. -> GOG.com)

S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-12-08] (GOG Sp. z o.o. -> GOG.com)

S3 HnGSteamService; D:\Steam\steamapps\common\Heroes & Generals\hngservice.exe [788776 2021-02-17] (Reto-Moto ApS -> Reto-Moto ApS)

R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10887816 2021-02-18] (Logitech Inc -> Logitech, Inc.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-19] (Malwarebytes Inc -> Malwarebytes)

R2 NvBroadcast.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe [873272 2021-01-15] (NVIDIA Corporation -> NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)

R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)

S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)

S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1679240 2021-02-16] (Rockstar Games, Inc. -> Rockstar Games)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Uncheater\ucldr_battlegrounds_gl.exe [6979584 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6862584 2020-12-31] (PUBG CORPORATION -> PUBG Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 

===================== Drivers (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2019-01-19] (ASUSTeK Computer Inc. -> )

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-01-19] (ASUSTeK Computer Inc. -> )

R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [33504 2019-01-01] (ASUSTeK Computer Inc. -> )

S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60328 2020-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-20] (CPUID S.A.R.L.U. -> CPUID)

R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-19] (Malwarebytes Corporation -> Malwarebytes)

R1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )

S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45168 2018-05-07] (Logitech Inc -> Logitech Inc.)

R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\70065\driver_cpu_temperature\logi_core_temp.sys [25448 2021-02-18] (Logitech Inc. -> Logitech)

R3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [44088 2021-02-18] (Logitech Inc -> Logitech)

R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2020-08-27] (Logitech Inc -> Logitech)

R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2020-08-27] (Logitech Inc -> Logitech)

R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2020-08-27] (Logitech Inc -> Logitech)

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-20] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-20] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-20] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-19] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-20] (Malwarebytes Inc -> Malwarebytes)

S3 MpKsl5ab3965f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C797E52-FBBE-450D-A683-B0B9D01D8515}\MpKslDrv.sys [47344 2021-02-18] (Microsoft Windows -> Microsoft Corporation)

R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-08-12] (Bruce James -> Scarlet.Crush Productions)

R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)

S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)

R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)

S3 xhunter1; C:\WINDOWS\xhunter1.sys [2732984 2020-12-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

S3 ALSysIO; \??\C:\Users\nils\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION

S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One month (created) (Whitelisted) =========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2021-02-20 11:11 - 2021-02-20 11:11 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2021-02-20 11:11 - 2021-02-20 11:11 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2021-02-20 11:11 - 2021-02-20 11:11 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2021-02-20 11:11 - 2021-02-20 11:11 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2021-02-20 11:11 - 2021-02-20 11:11 - 000000008 __RSH C:\ProgramData\ntuser.pol

2021-02-20 11:09 - 2021-02-20 11:08 - 000006284 ____C C:\Users\nils\Desktop\Repair.txt

2021-02-19 20:11 - 2021-02-19 20:32 - 000000000 ____D C:\AdwCleaner

2021-02-19 20:09 - 2021-02-19 20:11 - 008463216 _____ (Malwarebytes) C:\Users\nils\Desktop\adwcleaner_8.1.exe

2021-02-19 11:32 - 2021-02-19 20:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2021-02-19 11:31 - 2021-02-19 11:32 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2021-02-19 11:31 - 2021-02-19 11:32 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk

2021-02-19 11:31 - 2021-02-19 11:31 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

2021-02-19 11:31 - 2021-02-19 11:31 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys

2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\Users\nils\AppData\Local\mbam

2021-02-19 11:31 - 2021-02-19 11:31 - 000000000 ____D C:\ProgramData\Malwarebytes

2021-02-19 11:30 - 2021-02-19 11:30 - 000000000 ____D C:\Program Files\Malwarebytes

2021-02-19 00:34 - 2021-02-20 11:11 - 104071168 _____ C:\WINDOWS\system32\config\SOFTWARE

2021-02-19 00:33 - 2021-02-19 00:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware

2021-02-18 23:10 - 2021-02-18 23:10 - 000398405 ____N C:\WINDOWS\Minidump\021821-6156-01.dmp

2021-02-18 23:06 - 2021-02-18 23:06 - 000425725 ____N C:\WINDOWS\Minidump\021821-6625-01.dmp

2021-02-18 23:00 - 2021-02-18 23:00 - 000002329 ____C C:\Users\js\Desktop\Microsoft Edge.lnk

2021-02-18 23:00 - 2021-02-18 23:00 - 000002324 ____C C:\Users\js\Desktop\Google Chrome.lnk

2021-02-18 23:00 - 2021-02-18 23:00 - 000000020 ___SH C:\Users\js\ntuser.ini

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ___RD C:\Users\js\3D Objects

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Roaming\NVIDIA

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\NVIDIA

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\AppData\Local\Google

2021-02-18 23:00 - 2021-02-18 23:00 - 000000000 ____D C:\Users\js\ansel

2021-02-18 22:59 - 2021-02-18 22:59 - 000354567 ____N C:\WINDOWS\Minidump\021821-5750-01.dmp

2021-02-18 22:55 - 2021-02-18 22:55 - 000402001 ____N C:\WINDOWS\Minidump\021821-6000-01.dmp

2021-02-18 22:50 - 2021-02-18 22:50 - 000496531 ____N C:\WINDOWS\Minidump\021821-6640-01.dmp

2021-02-18 22:46 - 2021-02-18 22:46 - 000461205 ____N C:\WINDOWS\Minidump\021821-6515-01.dmp

2021-02-18 22:41 - 2021-02-18 22:41 - 000460721 ____N C:\WINDOWS\Minidump\021821-7000-01.dmp

2021-02-18 21:01 - 2021-02-20 11:11 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB

2021-02-18 21:01 - 2021-02-20 11:11 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB

2021-02-18 21:01 - 2021-02-18 21:01 - 004451384 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_render_apo.dll

2021-02-18 21:01 - 2021-02-18 21:01 - 002174656 _____ (Logitech) C:\WINDOWS\system32\logi_audio_headset_capture_apo.dll

2021-02-18 21:01 - 2021-02-18 21:01 - 000000722 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk

2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi

2021-02-18 21:01 - 2021-02-18 21:01 - 000000000 ____D C:\Program Files\LGHUB

2021-02-18 21:00 - 2021-02-18 21:01 - 000000000 ____D C:\ProgramData\LGHUB

2021-02-18 20:59 - 2021-02-18 20:59 - 000000000 ____D C:\WINDOWS\LastGood.Tmp

2021-02-18 18:17 - 2021-02-18 18:17 - 000058855 _____ C:\Users\nils\Downloads\FRST (1).txt

2021-02-18 16:13 - 2021-02-18 16:14 - 000068315 _____ C:\Users\nils\Downloads\Addition.txt

2021-02-18 16:12 - 2021-02-18 16:14 - 000057813 _____ C:\Users\nils\Downloads\FRST.txt

2021-02-18 16:11 - 2021-02-20 11:12 - 000000000 ___DC C:\Users\nils\Desktop\FRST

2021-02-18 16:06 - 2021-02-20 11:13 - 000000000 ____D C:\FRST

2021-02-18 10:20 - 2021-02-18 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2021-02-17 16:43 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Mario

2021-02-17 16:42 - 2021-02-17 16:43 - 017165629 _____ C:\Users\nils\Desktop\New Super Mario Bros. (Europe) (En,Fr,De,Es,It).zip

2021-02-17 10:09 - 2021-02-16 12:58 - 000000883 ____C C:\Users\nils\Desktop\WiinUSoft.lnk

2021-02-16 15:20 - 2021-02-16 15:20 - 000001986 _____ C:\Users\nils\Desktop\pokemon_sonne_und_mond_kostenlos_downloaden.zip

2021-02-16 15:10 - 2021-02-17 16:57 - 000000000 ___DC C:\Users\nils\Desktop\Saves

2021-02-16 13:32 - 2021-02-16 13:32 - 000000000 ___DC C:\Users\nils\Documents\Server

2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config

2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories

2021-02-16 12:59 - 2021-02-16 12:59 - 000000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories

2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft

2021-02-16 12:58 - 2021-02-16 12:58 - 000000000 ____D C:\Program Files\WiinUSoft

2021-02-16 12:58 - 2017-08-12 17:47 - 000039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys

2021-02-15 20:02 - 2021-02-16 15:05 - 000000000 ___DC C:\Users\nils\Desktop\Pokemon

2021-02-15 20:01 - 2021-02-15 20:02 - 050974335 _____ C:\Users\nils\Downloads\Pokemon - Platin-Edition (Germany).zip

2021-02-15 14:22 - 2021-02-15 14:22 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01 (1).mp4

2021-02-15 14:20 - 2021-02-15 14:20 - 020517773 _____ C:\Users\nils\Downloads\11-3_EUW1-5097054699_01.mp4

2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys

2021-02-14 04:12 - 2021-02-14 04:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

2021-02-14 04:12 - 2021-02-14 04:12 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

2021-02-13 01:39 - 2021-02-13 01:39 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt

2021-02-12 20:39 - 2021-02-12 20:39 - 000000000 ____D C:\Users\nils\.ngrok2

2021-02-12 20:36 - 2021-02-12 20:36 - 013819230 _____ C:\Users\nils\Downloads\ngrok-stable-windows-amd64.zip

2021-02-12 20:29 - 2021-02-12 20:32 - 000000051 ____C C:\Users\nils\Desktop\start.bat

2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2021-02-12 17:16 - 2021-02-12 17:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2021-02-12 17:16 - 2021-02-12 17:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2021-02-12 17:16 - 2021-02-12 17:16 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

2021-02-12 17:16 - 2021-02-12 17:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

2021-02-10 15:40 - 2021-02-10 15:40 - 000052800 _____ C:\Users\nils\Downloads\9692940_2021_Nr.001_Kontoauszug_vom_29.01.2021_20210210034041.pdf

2021-02-01 18:41 - 2019-08-14 11:07 - 000000000 ____D C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6

2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ C:\Users\nils\AppData\Roaming\winscp.rnd

2021-02-01 18:39 - 2021-02-01 18:39 - 011155568 _____ (Martin Prikryl ) C:\Users\nils\Downloads\WinSCP-5.17.10-Setup.exe

2021-02-01 18:39 - 2021-02-01 18:39 - 000001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk

2021-02-01 18:39 - 2021-02-01 18:39 - 000000000 ____D C:\Program Files (x86)\WinSCP

2021-02-01 18:38 - 2021-02-01 18:39 - 292897167 _____ C:\Users\nils\Downloads\Valhelsia_SERVER-3.1.6.zip

2021-02-01 18:26 - 2021-02-01 18:26 - 005835761 _____ C:\Users\nils\Downloads\OptiFine_1.16.5_HD_U_G6.jar

2021-01-30 01:27 - 2021-02-20 11:11 - 000002170 ____C C:\Users\nils\Desktop\CurseForge.lnk

2021-01-30 01:27 - 2021-02-08 15:59 - 000000000 ____D C:\Program Files (x86)\Overwolf

2021-01-30 01:27 - 2021-01-30 01:27 - 000004382 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task

2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2021-01-30 01:27 - 2021-01-30 01:27 - 000000000 ____D C:\ProgramData\Overwolf

2021-01-30 01:26 - 2021-01-30 01:26 - 001386784 _____ (Overwolf Ltd.) C:\Users\nils\Downloads\CurseForge - LP-Installer.exe

2021-01-29 22:08 - 2021-01-29 22:08 - 000000000 ____D C:\Users\nils\AppData\Roaming\twitch-desktop-electron-platform

2021-01-27 21:38 - 2021-01-27 21:38 - 000002271 _____ C:\ProgramData\Desktop\NVIDIA Broadcast.lnk

2021-01-27 21:34 - 2021-01-27 21:35 - 245764976 _____ (NVIDIA Corporation) C:\Users\nils\Downloads\nvidia_broadcast_v1.1.0.20.exe

2021-01-27 17:30 - 2021-01-27 17:30 - 000055780 _____ C:\Users\nils\Downloads\9692940_2020_Nr.012_Kontoauszug_vom_31.12.2020_20210127053005.pdf

2021-01-27 17:30 - 2021-01-27 17:30 - 000041755 _____ C:\Users\nils\Downloads\9692940_2020_Mitteilung_vom_31.12.2020_20210127053013.pdf
 

==================== One month (modified) ==================
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2021-02-20 11:13 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA

2021-02-20 11:11 - 2020-09-15 07:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2021-02-20 11:11 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2021-02-20 11:11 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf

2021-02-20 11:11 - 2019-01-22 14:43 - 000000000 ____D C:\Intel

2021-02-20 11:11 - 2018-06-27 19:54 - 000000000 ____D C:\Program Files (x86)\Steam

2021-02-20 11:10 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2021-02-20 11:10 - 2016-07-16 12:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy

2021-02-20 10:52 - 2020-12-02 02:05 - 000003124 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner

2021-02-20 00:22 - 2020-09-15 07:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2021-02-19 20:32 - 2018-07-28 12:38 - 000000000 ___DC C:\Users\nils\AppData\Local\Downloaded Installations

2021-02-19 20:12 - 2020-09-15 07:57 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2021-02-19 20:12 - 2020-09-15 00:13 - 000741490 _____ C:\WINDOWS\system32\perfh007.dat

2021-02-19 20:12 - 2020-09-15 00:13 - 000149740 _____ C:\WINDOWS\system32\perfc007.dat

2021-02-19 20:12 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF

2021-02-19 20:08 - 2019-11-01 23:12 - 000000000 ____D C:\Users\nils\AppData\Local\Battle.net

2021-02-19 11:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps

2021-02-19 11:43 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2021-02-19 11:39 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps

2021-02-19 11:32 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2021-02-18 23:46 - 2020-10-11 02:45 - 000000000 ___DC C:\Users\nils\Documents\Impulse

2021-02-18 23:36 - 2019-11-25 22:30 - 000000000 ____D C:\Users\nils\AppData\Local\Dropbox

2021-02-18 23:33 - 2020-09-15 00:33 - 000000000 ____D C:\Users\nils

2021-02-18 23:23 - 2019-11-02 17:50 - 000000000 ____D C:\WINDOWS\ShellNew

2021-02-18 23:21 - 2017-11-02 01:39 - 000000000 ____D C:\ProgramData\Package Cache

2021-02-18 23:10 - 2020-12-03 09:29 - 000000000 ____D C:\WINDOWS\Minidump

2021-02-18 23:00 - 2020-09-15 00:33 - 000000000 ____D C:\Users\js

2021-02-18 23:00 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2021-02-18 23:00 - 2017-11-02 01:43 - 000000000 ___DC C:\Users\js\AppData\Local\NVIDIA Corporation

2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\Packages

2021-02-18 23:00 - 2017-11-02 00:21 - 000000000 ___DC C:\Users\js\AppData\Local\ConnectedDevicesPlatform

2021-02-18 22:40 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord

2021-02-18 21:56 - 2018-06-29 21:37 - 000000000 ____D C:\ProgramData\Riot Games

2021-02-18 21:01 - 2020-03-30 22:10 - 000044088 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_audio_surround.sys

2021-02-18 20:06 - 2019-11-05 22:23 - 000000000 ____D C:\Program Files (x86)\Overwatch

2021-02-18 15:49 - 2020-09-15 07:58 - 000004184 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1593451427

2021-02-18 15:49 - 2020-06-29 18:23 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk

2021-02-18 15:26 - 2020-12-28 16:14 - 000000000 ____D C:\Users\nils\AppData\Local\Deployment

2021-02-18 15:26 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages

2021-02-18 10:20 - 2019-11-25 22:30 - 000000000 ____D C:\Program Files (x86)\Dropbox

2021-02-17 17:12 - 2019-10-12 17:22 - 000000000 ____D C:\Users\nils\AppData\Roaming\Twitch

2021-02-17 09:39 - 2019-11-01 23:12 - 000000000 ____D C:\Program Files (x86)\Battle.net

2021-02-16 13:09 - 2018-11-05 15:51 - 000000000 ___DC C:\Users\nils\AppData\Local\ElevatedDiagnostics

2021-02-16 12:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2021-02-16 12:45 - 2020-11-12 00:19 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner

2021-02-15 18:44 - 2018-12-16 00:08 - 000000000 ___DC C:\Users\nils\AppData\Roaming\obs-studio

2021-02-14 21:26 - 2019-06-21 23:19 - 000000000 ____D C:\Program Files\Microsoft Office

2021-02-13 01:39 - 2020-09-15 07:53 - 000636904 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2021-02-13 01:39 - 2020-09-15 07:52 - 000008192 ___SH C:\DumpStack.log.tmp

2021-02-13 01:39 - 2019-11-25 22:30 - 000001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job

2021-02-13 01:39 - 2019-11-25 22:30 - 000001222 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job

2021-02-13 01:38 - 2019-12-07 15:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2021-02-13 01:38 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System

2021-02-13 01:38 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing

2021-02-12 22:24 - 2020-07-15 11:46 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2021-02-12 20:58 - 2019-11-25 21:18 - 000000000 ____D C:\Users\nils\AppData\Roaming\.minecraft

2021-02-12 20:46 - 2019-11-25 21:18 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher

2021-02-12 17:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2021-02-12 17:11 - 2018-06-27 20:26 - 000000000 ____D C:\WINDOWS\system32\MRT

2021-02-12 17:10 - 2018-06-27 20:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2021-02-11 23:29 - 2018-06-27 19:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2021-02-11 12:18 - 2020-09-15 07:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2021-02-11 12:18 - 2020-09-15 07:58 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2021-02-10 21:30 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin

2021-02-10 21:30 - 2019-02-18 21:21 - 000000000 ____D C:\ProgramData\Origin

2021-02-10 18:17 - 2018-07-29 22:29 - 000000000 ___DC C:\Users\nils\Documents\Soundaufnahmen

2021-02-09 21:11 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2021-02-08 15:28 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache

2021-02-05 20:58 - 2020-09-15 07:58 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

2021-02-05 20:58 - 2020-09-15 07:58 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

2021-02-05 13:43 - 2020-12-11 01:42 - 000001372 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk

2021-02-05 13:43 - 2020-12-11 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]

2021-02-01 01:22 - 2018-06-27 20:26 - 000000000 ___DC C:\Users\nils\AppData\Local\NVIDIA

2021-01-27 22:05 - 2019-01-11 23:11 - 000000000 ____D C:\Temp

2021-01-27 21:38 - 2020-12-01 13:33 - 000003662 _____ C:\WINDOWS\system32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2021-01-24 18:33 - 2020-08-25 22:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2021-01-24 05:14 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Roaming\Origin

2021-01-23 19:41 - 2020-11-19 01:51 - 000000000 ____D C:\Program Files (x86)\Origin Games

2021-01-23 19:41 - 2020-11-19 01:50 - 000000000 ____D C:\Users\nils\AppData\Local\Origin

2021-01-22 11:16 - 2020-09-15 07:58 - 000004286 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA

2021-01-22 11:16 - 2020-09-15 07:58 - 000004054 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore

2021-01-22 10:45 - 2018-06-27 19:45 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 

==================== Files in the root of some directories ========
 

2020-10-11 02:54 - 2020-10-11 03:01 - 003228672 _____ () C:\Users\nils\AppData\Roaming\ScriptHookV.dll

2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ () C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config

2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ () C:\Users\nils\AppData\Roaming\winscp.rnd

2020-10-21 00:43 - 2020-10-21 00:43 - 000002221 _____ () C:\Users\nils\AppData\Local\recently-used.xbel

2019-02-19 20:35 - 2020-12-24 19:44 - 000007607 _____ () C:\Users\nils\AppData\Local\Resmon.ResmonCfg
 

==================== SigCheck ============================
 

(There is no automatic fix for files that do not pass verification.)
 

==================== End of FRST.txt ========================

--- --- ---

Addition folgt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-02-2021 01

Ran by nils (20-02-2021 11:14:04)

Running from C:\Users\nils\Desktop\FRST

Windows 10 Pro Version 2004 19041.804 (X64) (2020-09-15 06:58:06)

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-3449150419-271838051-1508037707-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3449150419-271838051-1508037707-503 - Limited - Disabled)

defaultuser0 (S-1-5-21-3449150419-271838051-1508037707-1000 - Limited - Disabled) => C:\Users\defaultuser0

Guest (S-1-5-21-3449150419-271838051-1508037707-501 - Limited - Disabled)

js (S-1-5-21-3449150419-271838051-1508037707-1001 - Administrator - Enabled) => C:\Users\js

nils (S-1-5-21-3449150419-271838051-1508037707-1002 - Administrator - Enabled) => C:\Users\nils

WDAGUtilityAccount (S-1-5-21-3449150419-271838051-1508037707-504 - Limited - Disabled)
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)

ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.2.12.0 - ASUSTek COMPUTER INC.) Hidden

ASUS Aac_NBDT HAL (HKLM-x32\...\{71667bbb-81ab-429c-aeb4-e43c31e8fe14}) (Version: 2.2.12.0 - ASUSTek COMPUTER INC.) Hidden

ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden

ASUS AURA Display Component (HKLM-x32\...\{36aa03d4-9606-4f04-bf3e-a70ebe6650f3}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden

ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.9 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA Extension Card HAL (HKLM-x32\...\{2d85b111-aee4-468b-874b-a9272712f69b}) (Version: 1.0.9 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden

ASUS AURA Headset Component (HKLM-x32\...\{ac3dc320-7e5e-4f22-9572-4c2119fcdf85}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden

ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.31 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA Motherboard HAL (HKLM-x32\...\{b31aaf98-0562-411d-a962-0c3d16a3527a}) (Version: 1.0.31 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA Odd Component (HKLM-x32\...\{a29279dc-f417-4442-8225-4db77f7d35b5}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden

ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.1.7 - ASUSTek COMPUTER INC. ) Hidden

ASUS AURA VGA Component (HKLM-x32\...\{4f18ae01-4390-4b41-be3a-54ef4eacdd91}) (Version: 0.0.1.7 - ASUSTek COMPUTER INC. ) Hidden

ASUS GLCKIO2 Driver (HKLM-x32\...\{548dd834-70c5-4426-8065-fbeabdd2bb5d}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden

ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden

ASUS GPU TweakII (HKLM-x32\...\{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.0.3.1 - ASUSTek COMPUTER INC.) Hidden

ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.0.3.1 - ASUSTek COMPUTER INC.)

ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden

ASUS Keyboard HAL (HKLM-x32\...\{210cdd08-c947-43a2-9378-bc288f651e41}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden

ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden

ASUS MB Peripheral Products (HKLM-x32\...\{3e9b91eb-5bb0-4272-8670-f88d353eb68b}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden

ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden

ASUS Mouse HAL (HKLM-x32\...\{add3bacc-578f-4bf9-97e3-a0f0c3ae3323}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden

ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden

ASUS MousePad HAL (HKLM-x32\...\{cc37f609-4db9-4ce3-9e37-9cb1b432452e}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden

AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.26 - ASUS) Hidden

AURA DRAM Component (HKLM-x32\...\{dded177f-c7b2-4212-9c64-74884f3fd53b}) (Version: 1.0.26 - ASUS) Hidden

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.64.43202 - Electronic Arts)

Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version:  - Blizzard Entertainment)

Camera (NVIDIA Broadcast) (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvVirtualCamera) (Version: 1.1.0.20 - NVIDIA Corporation) Hidden

Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)

Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden

Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden

CORSAIR iCUE Software (HKLM-x32\...\{229E0F5D-0FE7-4468-B856-DDF1B089345F}) (Version: 3.33.246 - Corsair)

CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)

CPUID HWMonitor 1.42 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.42 - CPUID, Inc.)

CurseForge (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.167.2.7 - Overwolf app)

Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: Build_3276551Change_4218285 - GOG.com)

Discord (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)

Dropbox (HKLM-x32\...\Dropbox) (Version: 116.4.368 - Dropbox, Inc.)

Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden

ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.3.0 - ENE TECHNOLOGY INC.) Hidden

ENE RGB HAL (HKLM\...\{8DA1B230-D82E-4A24-9237-363E2E1E2695}) (Version: 1.0.21.0 - Ene Tech.) Hidden

ENE RGB HAL (HKLM-x32\...\{bb670f8d-3d66-4f36-8e60-02b71bb0a4e9}) (Version: 1.0.21.0 - Ene Tech.) Hidden

Epic Games Launcher (HKLM-x32\...\{42ECB1DB-6B44-4AEC-B112-98ECFF460EF6}) (Version: 1.1.167.0 - Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

FileZilla Client 3.39.0 (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\FileZilla Client) (Version: 3.39.0 - Tim Kosse)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Geeks3D FurMark 1.20.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)

GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)

GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden

Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2215.0 - Rockstar Games)

INNO3D TuneIT version 3.02 (HKLM-x32\...\INNO3D TuneIT_is1) (Version: 3.02 - )

inst (HKLM-x32\...\{F818E3E8-4C16-4D3B-894B-D8805F56D7DB}) (Version: 1.0.0.0 - Creative Software Solutions GmbH)

Intel(R) Computing Improvement Program (HKLM\...\{44C40B2E-7285-4A9F-A9BC-DF433772AAEE}) (Version: 2.4.05929 - Intel Corporation)

Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)

Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden

Kingston AURA DRAM Component (HKLM-x32\...\{d6cac989-7570-43fd-b147-e31d6280a3a6}) (Version: 1.0.9 - KINGSTON COMPONENTS INC.) Hidden

Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)

Legends of Runeterra (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Riot Game bacon.live) (Version:  - Riot Games, Inc)

LibreOffice 6.3.2.2 (HKLM\...\{6110D2CC-70B4-415E-AF5A-7BB496AB264B}) (Version: 6.3.2.2 - The Document Foundation)

Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:  - Logitech)

Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)

Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13628.20380 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.68 - Microsoft Corporation)

Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 88.0.705.74 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)

Mozilla Firefox 81.0.1 (x64 de) (HKLM\...\Mozilla Firefox 81.0.1 (x64 de)) (Version: 81.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)

MSI Afterburner 4.6.2 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.2 Beta 3 - MSI Co., LTD)

NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden

NVIDIA Broadcast (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIABroadcast) (Version: 1.1.0.20 - NVIDIA Corporation)

NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)

NVIDIA Grafiktreiber 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)

NVIDIA USBC Driver 1.45.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.45.831.832 - NVIDIA Corporation)

NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden

OBS Studio (HKLM-x32\...\OBS Studio) (Version: 22.0.2 - OBS Project)

OCCT 4.5.1 (HKLM-x32\...\OCCT) (Version: 4.5.1 - Ocbase.com)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20380 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden

OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)

Opera GX Stable 73.0.3856.400 (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Opera GX 73.0.3856.400) (Version: 73.0.3856.400 - Opera Software)

Origin (HKLM-x32\...\Origin) (Version: 10.5.92.46430 - Electronic Arts, Inc.)

Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)

Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)

Overwolf (HKLM-x32\...\Overwolf) (Version: 0.165.0.28 - Overwolf Ltd.)

Patriot Viper RGB (HKLM\...\{E42E13B0-071E-49C1-B1CC-58198E82F302}) (Version: 1.00.05 - Patriot Memory) Hidden

PBE (HKLM-x32\...\PBE 1.0) (Version: 1.0 - Riot Games, Inc)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)

Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.34.337 - Rockstar Games)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)

Sparialo (HKLM-x32\...\{3D581B7A-5251-4E7E-B381-ED890B068F04}) (Version: 1.0.0.0 - Sparialo)

Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

SSDlife Free (HKLM-x32\...\{18302BF2-AA3C-46E3-B039-996FD0DB5639}) (Version: 2.5.82 - BinarySense Inc.)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.10 - TeamSpeak Systems GmbH)

Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)

TreeSize Free V4.4.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.1 - JAM Software)

Trident Z Lighting Control (HKLM-x32\...\{97CD7AFC-0ED3-41B8-9CCD-22717E8631D0}_is1) (Version: 1.00.18 - ENG)

Twitch (HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)

Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)

UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden

VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)

WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version:  - Ubisoft)

WiinUSoft version 3.4 (HKLM\...\{1BFC4F9F-BB85-4CE3-AC22-0CBFF78D5EE4}_is1) (Version: 3.4 - Justin Keys)

Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)

Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

Windows-Treiberpaket - Corsair Components, Inc. (SIUSBXP) USB  (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)

WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl)
 

Packages:

=========

Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)

Epson Print and Scan -> C:\Program Files\WindowsApps\SEIKOEPSONCORPORATION.EpsonPrintandScan_1.1.0.0_x64__ezaqdwkaef94e [2019-07-23] (SEIKO EPSON CORPORATION)

Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-24] (Microsoft Corporation)

Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2020-12-31] (INTEL CORP) [Startup Task]

Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-18] (INTEL CORP)

Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-23] (Microsoft Corporation)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]

Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10111.5575.0_x64__8wekyb3d8bbwe [2021-02-15] (Microsoft Corporation)

Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21059.0_x64__8wekyb3d8bbwe [2021-02-15] (Microsoft Studios)

Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-01-22] (Netflix, Inc.)

NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-22] (NVIDIA Corp.)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0 [2021-02-09] (Spotify AB) [Startup Task]

TranslucentTB -> C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj [2020-11-27] (Charles Milette) [Startup Task]

VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2020-05-08] (VideoLAN)

Xbox Insider Hub -> C:\Program Files\WindowsApps\Microsoft.FlightDashboard_476.2101.8001.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Corporation)
 

==================== Custom CLSID (Whitelisted): ==============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

CustomCLSID: HKU\S-1-5-21-3449150419-271838051-1508037707-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\nils\Documents\Dropbox [2019-11-25 22:31]

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-19] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3621da861144492b\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-19] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
 

==================== Codecs (Whitelisted) ====================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
 

==================== Shortcuts & WMI ========================
 

==================== Loaded Modules (Whitelisted) =============
 

2019-01-19 00:31 - 2019-01-19 00:30 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\libprotobufd.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 104873984 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\libcef.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000112128 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\libEGL.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 006227456 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\libGLESv2.dll

2020-08-31 19:30 - 2020-08-31 19:30 - 000351744 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll

2020-08-31 18:56 - 2020-08-31 18:56 - 000759296 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll

2020-08-31 18:57 - 2020-08-31 18:57 - 000743424 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll

2020-08-31 18:55 - 2020-08-31 18:55 - 000530944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll

2020-08-31 18:56 - 2020-08-31 18:56 - 000200704 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll

2020-08-31 18:55 - 2020-08-31 18:55 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll

2020-08-31 18:55 - 2020-08-31 18:55 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll

2019-09-29 18:18 - 2019-09-29 18:18 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll

2019-09-29 18:18 - 2019-09-29 18:18 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll

2019-09-29 18:18 - 2019-09-29 18:18 - 000650240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll

2019-09-29 18:18 - 2019-09-29 18:18 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll

2019-09-29 18:18 - 2019-09-29 18:18 - 000369664 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll

2019-01-19 00:31 - 2019-01-19 00:30 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.31\ASACPI.DLL

2020-11-27 00:47 - 2020-11-27 00:47 - 000059392 _____ (by nICO (chick80@libero.it) - 2004. Modified by TranslucentTB devs) [File not signed] C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj\TranslucentTB\CPicker.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000095744 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000212992 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000438272 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL

2017-11-02 00:46 - 2013-12-24 01:00 - 000385024 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000536576 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000274432 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000327680 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000253952 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll

2017-11-02 00:46 - 2013-12-23 17:00 - 000081920 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll

2017-11-02 00:46 - 2013-12-23 17:00 - 000090112 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll

2017-11-02 00:46 - 2013-12-23 17:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll

2017-11-02 00:46 - 2013-12-23 17:00 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll

2017-11-02 00:46 - 2013-12-23 17:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll

2017-11-02 00:46 - 2013-12-23 17:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll

2017-11-02 00:46 - 2011-08-30 13:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

2017-11-02 00:46 - 2011-08-01 18:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll

2017-11-02 00:46 - 2013-12-24 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll

2020-07-29 10:46 - 2020-07-29 10:46 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll

2020-06-16 16:28 - 2020-06-16 16:28 - 001918464 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000810496 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\chrome_elf.dll

2020-11-19 01:51 - 2020-11-19 01:50 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll

2020-11-19 01:51 - 2020-11-19 01:50 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll

2020-07-29 22:51 - 2020-07-29 22:51 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll

2020-07-29 22:51 - 2020-07-29 22:51 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll

2020-11-19 01:51 - 2020-11-19 01:50 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll

2021-02-10 21:30 - 2020-11-19 01:50 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll

2021-02-10 21:30 - 2020-11-19 01:50 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll

2021-02-10 21:30 - 2020-11-19 01:50 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll

2021-02-10 21:30 - 2020-11-19 01:50 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll

2021-02-10 21:30 - 2020-11-19 01:50 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll

2021-02-10 21:30 - 2020-11-19 01:50 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qgif.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qico.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qjpeg.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000223744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qmng.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qsvg.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\imageformats\qtiff.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 001140224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\platforms\qwindows.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000041984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtGraphicalEffects\qtgraphicaleffectsplugin.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQml\Models.2\modelsplugin.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick.2\qtquick2plugin.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000084480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick\Controls.2\qtquickcontrols2plugin.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick\Controls\qtquickcontrolsplugin.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000071680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick\Layouts\qquicklayoutsplugin.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000211456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick\Templates.2\qtquicktemplates2plugin.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\qml\QtQuick\Window.2\windowplugin.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 004943360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Core.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 005022208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Gui.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000626176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Multimedia.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000877056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Network.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 002908672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Qml.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 003078656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Quick.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000096256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5QuickControls2.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000681472 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5QuickTemplates2.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000259072 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Svg.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 004718080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Widgets.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000439296 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5WinExtras.dll

2021-02-17 00:29 - 2021-02-17 00:29 - 000159232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.12685\Qt5Xml.dll
 

==================== Alternate Data Streams (Whitelisted) ========
 

==================== Safe Mode (Whitelisted) ==================
 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 

==================== Association (Whitelisted) =================
 

==================== Internet Explorer (Whitelisted) ==========
 

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-25] (Oracle America, Inc. -> Oracle Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
 

(If an entry is included in the fixlist, it will be removed from the registry.)
 

IE trusted site: HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\localhost -> localhost
 

==================== Hosts content: =========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2016-07-16 12:47 - 2021-02-20 11:10 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost
 

==================== Other Areas ===========================
 

(Currently there is no automatic fix for this section.)
 

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Android;C:\Windows\System32;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR

HKU\S-1-5-21-3449150419-271838051-1508037707-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg

HKU\S-1-5-21-3449150419-271838051-1508037707-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg

HKU\S-1-5-21-3449150419-271838051-1508037707-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\nils\Pictures\Hintergründe\Texture_Multicolor_526935_2560x1440.jpg

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)

Windows Firewall is enabled.
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

==================== FirewallRules (Whitelisted) ================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

FirewallRules: [TCP Query User{EC468066-6BDB-4FCF-AF52-EA95A7571FD5}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [UDP Query User{0B3E8262-EE89-49CB-8A64-25FCBBE49790}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [TCP Query User{82BB0DDE-66E1-4A65-91D4-2177D6945DDC}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{FAFD95A1-BC3E-4A8E-82F6-22D1B0D7A038}C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.152.687.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
 

==================== Restore Points =========================
 

16-02-2021 12:59:17 DirectX wurde installiert

18-02-2021 20:59:53 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127

18-02-2021 21:00:00 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127
 

==================== Faulty Device Manager Devices ============
 
 

==================== Event log errors: ========================
 

Application errors:

==================

Error: (02/20/2021 11:13:56 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)

Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
 

Error: (02/20/2021 11:11:55 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)

Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
 

Error: (02/20/2021 11:11:50 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Users\nils\AppData\Local\chromium\Application\chrome.exe".

Die abhängige Assemblierung "63.0.3235.0,language="&#x2a;",type="win32",version="63.0.3235.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (02/20/2021 11:07:48 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: NILS-PC)

Description: microsoft.windows.cortana_cw5n1h2txyewy-2147024893
 

Error: (02/20/2021 10:58:40 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)

Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
 

Error: (02/20/2021 10:55:38 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)

Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
 

Error: (02/20/2021 10:53:37 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NILS-PC)

Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
 

Error: (02/20/2021 10:53:29 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Users\nils\AppData\Local\chromium\Application\chrome.exe".

Die abhängige Assemblierung "63.0.3235.0,language="&#x2a;",type="win32",version="63.0.3235.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
 

System errors:

=============

Error: (02/20/2021 11:11:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "cplspcon" wurde mit folgendem Fehler beendet: 

Unbekannter Fehler
 

Error: (02/20/2021 11:10:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 

Das Medium ist schreibgeschützt.
 

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Corsair Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Restart the service.
 

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Corsair LLA Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Restart the service.
 

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "NVIDIA Broadcast LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Restart the service.
 

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "DbxSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.
 

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Restart the service.
 

Error: (02/20/2021 11:10:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "LGHUB Updater Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.
 
 

Windows Defender:

===============

Date: 2021-02-19 11:26:01

Description: 

Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.

Weitere Informationen:

https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0

Name: TrojanDropper:Win64/Tnega!MSR

ID: 2147771646

Schweregrad: Severe

Kategorie: Trojan Dropper

Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe

Erkennungsursprung: Local machine

Erkennungstype: FastPath

Erkennungsquelle: Real-Time Protection

Benutzer: NILS-PC\nils

Prozessname: C:\Users\nils\AppData\Roaming\nils.exe

Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0

Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
 

Date: 2021-02-19 10:29:08

Description: 

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Pictures zu ändern.

Erkennungszeit: 2021-02-19T09:29:08.655Z

Benutzer: NILS-PC\nils

Pfad: %userprofile%\Pictures

Prozessname: C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

Sicherheitsversion: 1.331.1308.0

Modulversion: 1.1.17800.5

Produktversion: 4.18.2101.9
 

Date: 2021-02-19 10:25:21

Description: 

Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.

Weitere Informationen:

https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0

Name: TrojanDropper:Win64/Tnega!MSR

ID: 2147771646

Schweregrad: Severe

Kategorie: Trojan Dropper

Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe

Erkennungsursprung: Local machine

Erkennungstype: FastPath

Erkennungsquelle: Real-Time Protection

Benutzer: NILS-PC\nils

Prozessname: C:\Users\nils\AppData\Roaming\nils.exe

Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0

Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
 

Date: 2021-02-19 10:23:23

Description: 

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe wurde durch den überwachten Ordnerzugriff daran gehindert, %userprofile%\Pictures zu ändern.

Erkennungszeit: 2021-02-19T09:23:23.325Z

Benutzer: NILS-PC\nils

Pfad: %userprofile%\Pictures

Prozessname: C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

Sicherheitsversion: 1.331.1308.0

Modulversion: 1.1.17800.5

Produktversion: 4.18.2101.9
 

Date: 2021-02-19 10:12:13

Description: 

Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.

Weitere Informationen:

https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0

Name: TrojanDropper:Win64/Tnega!MSR

ID: 2147771646

Schweregrad: Severe

Kategorie: Trojan Dropper

Pfad: file:_C:\Users\nils\AppData\Local\Temp\GetX64BTIT.exe

Erkennungsursprung: Local machine

Erkennungstype: FastPath

Erkennungsquelle: Real-Time Protection

Benutzer: NILS-PC\nils

Prozessname: C:\Users\nils\AppData\Roaming\nils.exe

Sicherheitsversion: AV: 1.331.1308.0, AS: 1.331.1308.0, NIS: 1.331.1308.0

Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5

Event[0]:
 

Date: 2021-02-18 22:51:33

Description: 

Fehler von Microsoft Defender Antivirus beim Herunterladen und Konfigurieren von Microsoft Defender Offline.

Fehlercode: 0x8000000a

Fehlerbeschreibung: The data necessary to complete this operation is not yet available. 
 

Date: 2021-02-18 22:51:06

Description: 

Fehler von Microsoft Defender Antivirus beim Herunterladen und Konfigurieren von Microsoft Defender Offline.

Fehlercode: 0x8000000a

Fehlerbeschreibung: The data necessary to complete this operation is not yet available. 
 

CodeIntegrity:

===============

Date: 2021-02-19 20:08:48

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.165.0.28\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 

Date: 2021-02-19 11:32:37

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Users\nils\AppData\Local\Programs\Opera GX\73.0.3856.400\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 

Date: 2021-02-19 10:19:45

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.165.0.28\OWExplorer.dll that did not meet the Microsoft signing level requirements.
 
 

==================== Memory info =========================== 
 

BIOS: American Megatrends Inc. 0411 09/21/2018

Motherboard: ASUSTeK COMPUTER INC. PRIME Z370-P II

Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz

Percentage of memory in use: 36%

Total physical RAM: 16313.35 MB

Available physical RAM: 10381.97 MB

Total Virtual: 38841.35 MB

Available Virtual: 28946.8 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:464.44 GB) (Free:56.45 GB) NTFS

Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:176.29 GB) NTFS

Drive e: () (Removable) (Total:57.75 GB) (Free:57.73 GB) exFAT
 

\\?\Volume{52079eb2-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.47 GB) (Free:0.43 GB) NTFS

\\?\Volume{52079eb2-0000-0000-0000-101e00000000}\ (Volume) (Fixed) (Total:0.02 GB) (Free:0.01 GB) NTFS

\\?\Volume{52079eb2-0000-0000-0060-603b74000000}\ () (Fixed) (Total:0.83 GB) (Free:0.4 GB) NTFS
 

==================== MBR & Partition Table ====================
 

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 52079EB2)

Partition 1: (Active) - (Size=479 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=21 MB) - (Type=05)

Partition 3: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=852 MB) - (Type=27)
 

==========================================================

Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2FE87EA9)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==========================================================

Disk: 2 (Size: 57.8 GB) (Disk ID: 0F13A0A0)

Partition 1: (Not Active) - (Size=57.7 GB) - (Type=07 NTFS)
 

==================== End of Addition.txt =======================

Gut gemacht! :abklatsch:
Wir haben es bald geschafft. :)

Schritt 1
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!

Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

Start:: Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION cmd: dir /a c:\users Unlock: C:\FRST\Quarantine\C\Users\nils Zip: C:\FRST\Quarantine\C\Users\nils\AppData Reboot: End::
Starte nun FRST und klicke direkt den Reparieren Button.
Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Mit Schritt 1 wurde ein .zip Archiv mit dem Schema < Datum_Uhrzeit.zip > (z. B. 20.02.2021_11.33.52.zip) auf deinem Desktop bzw. dem Ordner, in dem sich FRST befindet, erstellt.

Besuche die Seite Submit a Malware Sample auf BleepingComputer.
Klicke auf Durchsuchen.
Wähle das erstellte .zip Archiv aus und klicke auf Öffnen.
Schreibe in das untere, leere Textfeld für M-K-D-B hinein und klicke auf den darunter liegenden Button Daten absenden.
Vielen Dank für deine Mitarbeit. Die hochgeladenen Dateien dienen zur Verbesserung der verwendeten Programme.

Schritt 3
Führe RogueKiller Anti-Malware gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.

Bitte poste mit deiner nächsten Antwort:

die Logdatei des FRST-Fix (fixlog.txt)
eine Rückmeldung bezüglich des Hochladens des .zip Archivs
die Logdatei von RogueKiller

Code:

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-02-2021

Ran by nils (20-02-2021 11:51:04) Run:4

Running from C:\Users\nils\Desktop\FRST

Loaded Profiles: nils

Boot Mode: Normal

==============================================
 

fixlist content:

*****************

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

cmd: dir /a c:\users

Unlock: C:\FRST\Quarantine\C\Users\nils

Zip: C:\FRST\Quarantine\C\Users\nils\AppData

Reboot:
 

*****************
 

C:\ProgramData\NTUSER.pol => moved successfully
 

========= dir /a c:\users =========
 

  V o l u m e   i n   L a u f w e r k   C :   h a t   k e i n e   B e z e i c h n u n g . 

 

   V o l u m e s e r i e n n u m m e r :   6 0 3 3 - 2 7 1 C 

 

 

 

   V e r z e i c h n i s   v o n   c : \ u s e r s 

 

 

 

 1 5 . 0 9 . 2 0 2 0     0 0 : 3 3         < D I R >                     . 

 

 1 5 . 0 9 . 2 0 2 0     0 0 : 3 3         < D I R >                     . . 

 

 0 7 . 1 2 . 2 0 1 9     1 0 : 3 0         < S Y M L I N K D >           A l l   U s e r s   [ C : \ P r o g r a m D a t a ] 

 

 1 5 . 0 9 . 2 0 2 0     0 7 : 5 8         < D I R >                     D e f a u l t 

 

 0 7 . 1 2 . 2 0 1 9     1 0 : 3 0         < J U N C T I O N >           D e f a u l t   U s e r   [ C : \ U s e r s \ D e f a u l t ] 

 

 1 5 . 0 9 . 2 0 2 0     0 7 : 5 5         < D I R >                     d e f a u l t u s e r 0 

 

 0 7 . 1 2 . 2 0 1 9     1 0 : 1 2                               1 7 4   d e s k t o p . i n i 

 

 1 8 . 0 2 . 2 0 2 1     2 3 : 0 0         < D I R >                     j s 

 

 1 8 . 0 2 . 2 0 2 1     2 3 : 3 3         < D I R >                     n i l s 

 

 1 5 . 0 9 . 2 0 2 0     0 7 : 5 2         < D I R >                     P u b l i c 

 

                               1   D a t e i ( e n ) ,                         1 7 4   B y t e s 

 

                               9   V e r z e i c h n i s ( s e ) ,   6 0 . 4 9 7 . 0 3 9 . 3 6 0   B y t e s   f r e i 

 

 

========= End of CMD: =========
 

"C:\FRST\Quarantine\C\Users\nils" => was unlocked

================== Zip: ===================

C:\FRST\Quarantine\C\Users\nils\AppData -> copied successfully to C:\Users\nils\Desktop\20.02.2021_11.51.04.zip

=========== Zip: End ===========
 
 

The system needed a reboot.
 

==== End of Fixlog 11:51:06 ====

Das .zip Archiv habe ich nach Anleitung hochgeladen, hat einwandfrei funktioniert.

Code:

RogueKiller Anti-Malware V14.8.5.0 (x64) [Feb 12 2021] (Free) von Adlice Software

Mail : https://adlice.com/contact/

Website : https://adlice.com/download/roguekiller/

Betriebssystem : Windows 10 (10.0.19041) 64 bits

Gestartet in : Normaler Modus

Benutzer : nils [Administrator]

Gestartet von : C:\Users\nils\Desktop\RogueKiller_portable64.exe

Signaturen : 20210219_090434, Treiber : Geladen

Modus : Standard-Scan, Löschen -- Datum : 2021/02/20 12:03:12 (Dauer : 00:04:49)
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Löschen ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[Suspicious.Path (Potenziell bösartig)] \TaskbarX NILS-PCnils -- C:\Users\nils\AppData\Local\Temp\Rar$EXa15592.7440\TaskbarX.exe (-tbs=0 -color=0;0;0;50 -as=cubiceaseinout -obas=cubiceaseinout -asp=300 -ptbo=0 -stbo=0 -lr=400 -oblr=400 -sr=0 -cpo=1 -ftotc=1) -> Gelöscht

[PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\.DEFAULT\Software\OCS --  -> Gelöscht

[PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-21-3449150419-271838051-1508037707-1002\Software\OCS --  -> Gelöscht

[PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-21-3449150419-271838051-1508037707-1002\Software\Tencent --  -> Gelöscht

[PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-18\Software\OCS --  -> Gelöscht

[PUP.Gen1 (Potenziell bösartig)] HKEY_LOCAL_MACHINE\Software\AppDataLow\Tencent --  -> Gelöscht

[PUP.Gen1 (Potenziell bösartig)] HKEY_LOCAL_MACHINE\Software\AppDataLow\Tencent --  -> Gelöscht

[PUM.Policies (Potenziell bösartig)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin --  -> Ersetzt (2)

Eine Frage habe ich:
RogueKiller hat TaskbarX als potenziell bösartig identifiziert und gelöscht. Kann ich mir das Programm wieder herunterladen oder sollte ich davon lieber die Finger lassen?

Zitat:

Zitat von NTorak (Beitrag 1749376)

RogueKiller hat TaskbarX als potenziell bösartig identifiziert und gelöscht. Kann ich mir das Programm wieder herunterladen oder sollte ich davon lieber die Finger lassen?

Das scheint ein Fehlalarm gewesen zu sein, das kannst du wieder verwenden.
Ich werde das an den Entwickler weiterleiten, damit er das beheben kann.

Danke für den Upload!

Schritt 1

Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

Start:: DeleteQuarantine: Unlock: C:\FRST Reboot: End::
Starte nun FRST und klicke direkt den Reparieren Button.
Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Auf deinem Computer fehlt das aktuelle Funktionsupdate Version 20H2.

Zitat:

Platform: Windows 10 Pro Version 2004

Folge dem Pfad Start > Einstellungen > Update und Sicherheit > Windows Update und klicke auf Nach Updates suchen.
Wähle das Funktionsupdates aus, downloade und installiere es.
Alternativ kannst du auch mit dem Update Assistenten deine Windows-Version auf den neuesten Stand bringen.
Klicke dazu auf Jetzt aktualisieren, lade dir den Update-Assistenten herunter und führe ihn aus.

Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc

Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:

Lesestoff:
Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners

Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:
Vielleicht möchtest du das Forum mit einer kleinen Spende https://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Der letzte Log:

Code:

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-02-2021 01

Ran by nils (20-02-2021 15:58:02) Run:5

Running from C:\Users\nils\Desktop\FRST

Loaded Profiles: nils

Boot Mode: Normal

==============================================
 

fixlist content:

*****************

DeleteQuarantine:

Unlock: C:\FRST

Reboot:
 

*****************
 

"C:\FRST\Quarantine" => removed successfully

"C:\FRST" => was unlocked
 
 

The system needed a reboot.
 

==== End of Fixlog 15:58:02 ====

Windows ist jetzt aktualisiert. Lesestoff habe ich jetzt auch durch.

Ich danke vielmals für die Hilfe!
Kompetente Hilfe zu bekommen ist immer schön. Das Forum schaue ich mir jetzt auch noch ein wenig an, gibt ja schließlich als Nutzer vieles was man noch positiv veränden kann.
Ich werde auf euer Forum verweisen, falls Bekannte von mir mal ähnliche Probleme haben sollten.

PS:Eine kleine Spende gibts von mir auch noch.

Vielen Dank für die Spende. Sie dient zur Erhaltung des Forums. :)

Wir sind froh, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.