Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win10 zeigt Fund an, aber keine Details (https://www.trojaner-board.de/202169-win10-zeigt-fund-keine-details.html)

e4ch 11.07.2021 15:54
Win10 zeigt Fund an, aber keine Details
 
Dies ist der Notebook meines Sohnes (D***). Es ist kein 3rd party AV installiert, nur Defender. Defender hat ihm einmal pro Tag "1 Fund" angezeigt, aber nirgends waren irgendwelche Details ersichtlich, also auch keine Angaben zum Fund selbst. Ich habe dann auch mal selbst geschaut, aber weder in der Quarantäne noch im Eventviewer noch sonstwo habe ich irgendwelche Infoss zu dem angezeigten Fund gefunden. Entweder bin ich zu blöd die Logs zu finden oder das ist etwas das das unterdrückt oder löscht.
Ich habe ihm gesagt, dass wenn Defender etwas findet, dann ist das grundsätzlich mal unter Kontrolle und wenn Defender nichts findet heisst das aber nicht, dass alles ok ist. Jetzt ist 1-2 Monate vergangen und er braucht den Notebook für die Schule gerade nicht dringend und daher wollten wir mal näher schauen. Er sagt aber die Meldung mit "1 Fund" käme seit etwa 4 Tagen nicht mehr. Trotzdem wäre ich froh wir könnten mal einen Grundcheck machen.
Als erstes habe ich mal Windows aktualisiert (war aktuell) und die NVidia Treiber aktualisiert und dann ein FRST Scan gemacht, aber für mich sieht alles normal aus. Defender Scan habe ich auch laufen lassen, aber ohne Funde.
Hinweis zu den Benutzerkonten:
Sein Konto ist das D*** Konto und für Installationen verwendet er das Konto VirusInstall (absichtlich ein solcher Name, damit man zweimal überlegen muss, ob man da etwas machen will). Mein Konto mit dem ich die Scans laufen gelassen habe sind E*** (admin).
In unserem Netzwerk ist DNS nach aussen gesperrt und der lokale DNS Server ist der 172.* den man auch in den Logs sieht. Dieser Notebook ist aber eigenständig (nicht in der Domäne) und Windows Home installiert.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-07-2021
Ran by E*** (administrator) on D***-RAZER (Razer Blade Stealth 13 (Early 2020) - RZ09-0310) (11-07-2021 16:09:40)
Running from C:\Users\E***\Desktop
Loaded Profiles: E***
Platform: Windows 10 Home Version 21H1 19043.1083 (X64) Language: German (Germany) -> English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_3bd4cd1d0a01f3b6\igfxCUIServiceN.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_3bd4cd1d0a01f3b6\igfxEMN.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_08f11cc9a4c9585a\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\IntelCpHDCPSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\E***\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1082144 2020-04-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1668000 2021-06-09] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [97229056 2020-04-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288672 2021-05-21] (IDSA Production signing key 2021 -> Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Run: [Discord] => C:\Users\D***\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Run: [DeepL] => C:\Users\D***\AppData\Local\DeepL\app-2.2.0\DeepL.exe [199680 2021-03-21] (DeepL GmbH) [File not signed]
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-06-12] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\D***\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\D***\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\RunOnce: [Uninstall 21.109.0530.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\D***\AppData\Local\Microsoft\OneDrive\21.109.0530.0001"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3416352 2020-10-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-06-12] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Uninstall 20.114.0607.0002\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\amd64"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Uninstall 20.114.0607.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\20.114.0607.0002"
HKU\S-1-5-21-828868634-1776342754-2024844012-1004\...\Run: [com.squirrel.Teams.Teams] => C:\Users\E***\AppData\Local\Microsoft\Teams\Update.exe [2347880 2021-07-11] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-10] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {016EDF16-67CE-4D94-ACDF-2D07C81E8B32} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {01FB1424-D7C2-4688-AE3E-99833DA77D66} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {0D88FAB6-D36F-4F98-B433-DAEE27006796} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-30] (Google LLC -> Google LLC)
Task: {1850C163-2036-4F31-853D-56FABBC0C966} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {24FE5BD7-6DEB-4109-99C1-C957A9C876D4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {3E209F7D-DE6F-42C7-A7CD-0FF6A5AB7B58} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {43AEE51C-AB34-4F59-A090-4683811365E5} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {442D66FB-7146-4832-8394-D8ACF2FBD02B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {60AEC516-1C94-4445-BDE4-27039DD518EF} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4082288 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {64A77EA3-74E4-4C81-8653-113A92B97644} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {679B81F1-2336-4073-8061-0D730E8454B0} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {693B4466-FAE5-4E44-8CAA-7DF05A425C54} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {773E7CC1-C264-44B0-A9D3-08675BE9CABC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1537424 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {78A5D23D-83D9-4003-8205-196242FB26C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5311432 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A656790-1E0B-4D06-945E-EB43A7319403} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5311432 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D055061-61A3-4A53-AC30-3D0EB994BF87} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {91C1174B-AC8E-4F15-A9B5-90E70E25EBB0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9CD30F05-CA82-4E7E-AD0C-4ED35BC5F02A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A9204EFD-6E8B-4FDD-AAC6-9B2C09559E70} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9E20C9E-3F76-44AE-9403-0965DFC29EAF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C7BAC20C-737F-4F5A-8989-053A857888C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CA1E9AFB-D50E-47F1-BA9B-58459CD30D0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF3B8DB0-E6BB-437A-9FB3-64484109E30C} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {D163A3AA-BFE5-4A93-9216-3A0571C818E8} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {E01599FA-998A-478B-AB7E-B78456D1CFCA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EC22025A-83DB-48D6-9ABC-A186647331F3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F228AA35-E555-4139-BB3D-04009486A252} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6EAA0FD-2869-4AEA-A221-B2DBD5B8F66E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {F9F92B18-8390-4CFF-B5B4-5FC158BC9185} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-30] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.1.32
Tcpip\..\Interfaces\{8ae694bc-6dd5-45f0-8343-148a4c77ea79}: [DhcpNameServer] 172.20.1.32

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\E***\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-11]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default [2020-09-06]
CHR Extension: (Präsentationen) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-30]
CHR Extension: (Docs) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-30]
CHR Extension: (Google Drive) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-07-30]
CHR Extension: (YouTube) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-30]
CHR Extension: (Tabellen) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-30]
CHR Extension: (Google Mail) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-07-30]
CHR Extension: (Chrome Media Router) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AALSvc; C:\AlphaAntiLeak\AAL\bin\server\AALSvc.exe [11482488 2020-08-15] (Constantin Schreiber -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056656 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10723232 2021-06-12] (Logitech Inc -> Logitech, Inc.)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AALProtect; C:\AlphaAntiLeak\AAL\bin\server\AALProtect.sys [35984 2020-08-15] (OOO AMEKS -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R2 LGHUBTemperatureService; C:\Program Files\LGHUB\logi_core_temp.sys [22864 2021-06-12] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200 2021-03-18] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928 2021-03-18] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896 2021-03-18] (Logitech Inc -> Logitech)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [51992 2020-03-19] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0252; C:\Windows\System32\drivers\RzDev_0252.sys [51992 2020-03-19] (Razer USA Ltd. -> Razer Inc)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [425192 2021-07-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-11 16:59 - 2021-07-11 16:59 - 094896128 _____ C:\Windows\system32\config\SOFTWARE
2021-07-11 16:56 - 2021-07-11 16:59 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-07-11 16:09 - 2021-07-11 16:10 - 000023604 _____ C:\Users\E***\Desktop\FRST.txt
2021-07-11 16:09 - 2021-07-11 16:09 - 000000000 ____D C:\FRST
2021-07-11 16:06 - 2021-07-11 16:07 - 002301440 _____ (Farbar) C:\Users\E***\Desktop\FRST64.exe
2021-07-11 13:40 - 2021-07-11 13:40 - 000000000 ____D C:\Windows\system32\lxss
2021-07-11 13:35 - 2021-07-11 13:35 - 000000000 ____D C:\Users\E***\AppData\Local\Deployment
2021-07-11 13:35 - 2021-07-11 13:35 - 000000000 ____D C:\Users\E***\AppData\Local\Apps\2.0
2021-07-11 13:35 - 2021-07-11 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-07-11 13:35 - 2021-06-22 03:25 - 001858680 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001858680 _____ C:\Windows\system32\vulkaninfo.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001474336 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001212192 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 001097832 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 001097832 _____ C:\Windows\system32\vulkan-1.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 000951912 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 000951912 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 001519384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 001170224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000715568 _____ C:\Windows\system32\nvofapi64.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000675088 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000641328 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000575792 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000563992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 002111264 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 001594656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 000917280 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 000748832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 000704792 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-07-11 13:35 - 2021-06-22 03:19 - 008852760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 007918872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 004986648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 002924304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 000446744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-07-11 13:35 - 2021-06-22 03:18 - 000848672 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-07-11 13:35 - 2021-06-22 03:17 - 006215312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-07-11 13:35 - 2021-06-21 10:43 - 000082968 _____ C:\Windows\system32\nvinfo.pb
2021-07-11 13:34 - 2021-07-11 13:34 - 000000000 ____D C:\Program Files\Logitech
2021-07-11 13:24 - 2021-06-21 10:43 - 000078192 _____ C:\Windows\system32\FvSDK_x64.dll
2021-07-11 13:24 - 2021-06-21 10:43 - 000067952 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2021-07-11 13:24 - 2021-06-03 15:56 - 000043408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2021-07-11 13:22 - 2021-07-11 13:22 - 000002359 _____ C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-07-11 13:22 - 2021-07-11 13:22 - 000002351 _____ C:\Users\E***\Desktop\Microsoft Teams.lnk
2021-07-11 13:22 - 2021-07-11 13:22 - 000002348 _____ C:\Users\E***\Desktop\Microsoft Edge.lnk
2021-07-11 13:22 - 2021-07-11 13:22 - 000000000 ____D C:\Users\E***\AppData\Roaming\Microsoft Teams
2021-07-11 13:22 - 2021-07-11 13:22 - 000000000 ____D C:\Users\E***\AppData\Roaming\Logishrd
2021-07-11 13:22 - 2021-07-11 13:22 - 000000000 ____D C:\Users\E***\AppData\Local\SquirrelTemp
2021-07-10 16:09 - 2020-03-19 03:34 - 000051992 _____ (Razer Inc) C:\Windows\system32\Drivers\RzCommon.sys
2021-07-10 16:08 - 2021-07-11 13:40 - 000000000 ____D C:\Windows\LastGood.Tmp
2021-07-10 15:25 - 2021-07-10 15:25 - 000001426 _____ C:\Windows\system32\default_error_stack-000003-000000.txt
2021-07-10 15:12 - 2021-07-10 15:12 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-07-10 15:12 - 2021-07-10 15:12 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-07-10 15:12 - 2021-07-10 15:12 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-10 15:12 - 2021-07-10 15:12 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-07-10 15:12 - 2021-07-10 15:12 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-07-10 15:12 - 2021-07-10 15:12 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-07-10 15:12 - 2021-07-10 15:12 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-07-10 15:12 - 2021-07-10 15:12 - 000011351 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-06-30 22:56 - 2021-06-30 22:56 - 000000000 ____D C:\Users\D***\AppData\Roaming\com.moonsworth.client.javafx.MicrosoftAuthApp
2021-06-28 21:30 - 2021-06-28 21:30 - 000000000 ____D C:\Users\D***\AppData\Local\paint.net
2021-06-28 21:29 - 2021-06-28 21:29 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2021-06-28 21:29 - 2021-06-28 21:29 - 000001052 _____ C:\Users\Public\Desktop\paint.net.lnk
2021-06-28 21:29 - 2021-06-28 21:29 - 000001052 _____ C:\ProgramData\Desktop\paint.net.lnk
2021-06-28 21:29 - 2021-06-28 21:29 - 000000000 ____D C:\Users\VirusInstall\AppData\Local\paint.net
2021-06-28 21:29 - 2021-06-28 21:29 - 000000000 ____D C:\Program Files\paint.net
2021-06-20 16:34 - 2021-06-20 16:34 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2021-06-20 16:34 - 2021-06-20 16:34 - 000000650 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2021-06-20 16:34 - 2021-06-20 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-06-20 16:34 - 2021-06-20 16:34 - 000000000 ____D C:\Program Files\LGHUB
2021-06-12 16:14 - 2021-06-12 16:14 - 000000000 ____D C:\Users\D***\Documents\Benutzerdefinierte Office-Vorlagen
2021-06-12 13:09 - 2021-06-12 13:09 - 000001426 _____ C:\Windows\system32\default_error_stack-000002-000000.txt
2021-06-11 09:35 - 2021-06-11 09:35 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-06-11 09:35 - 2021-06-11 09:35 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-11 16:04 - 2020-07-29 13:36 - 001632084 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-11 16:04 - 2019-12-07 16:50 - 000706432 _____ C:\Windows\system32\perfh007.dat
2021-07-11 16:04 - 2019-12-07 16:50 - 000142502 _____ C:\Windows\system32\perfc007.dat
2021-07-11 16:04 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-07-11 16:02 - 2020-07-29 23:54 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-11 16:01 - 2020-07-30 10:56 - 000000000 ____D C:\Users\E***\AppData\Local\NVIDIA
2021-07-11 16:01 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-11 16:00 - 2020-07-30 01:03 - 000000000 __SHD C:\Users\E***\IntelGraphicsProfiles
2021-07-11 16:00 - 2020-07-29 23:24 - 000000000 ____D C:\Intel
2021-07-11 16:00 - 2020-07-29 13:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-11 16:00 - 2020-07-29 13:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-11 16:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-07-11 16:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2021-07-11 15:56 - 2019-12-07 11:03 - 001572864 _____ C:\Windows\system32\config\BBI
2021-07-11 15:55 - 2020-12-13 13:16 - 000000000 ____D C:\Users\D***\AppData\Roaming\LGHUB
2021-07-11 15:55 - 2020-07-29 13:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-11 14:13 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-11 14:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-11 13:43 - 2020-07-30 10:56 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000001403 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2021-07-11 13:43 - 2020-07-30 10:56 - 000001403 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2021-07-11 13:43 - 2020-07-30 10:54 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-07-11 13:43 - 2020-07-30 03:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-07-11 13:43 - 2020-07-29 23:22 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-07-11 13:40 - 2020-07-30 03:40 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2021-07-11 13:23 - 2020-07-30 10:56 - 000000000 ____D C:\Users\E***\AppData\Local\NVIDIA Corporation
2021-07-11 13:23 - 2020-07-30 01:10 - 000003368 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-828868634-1776342754-2024844012-1004
2021-07-11 13:23 - 2020-07-30 01:10 - 000000000 ___RD C:\Users\E***\OneDrive
2021-07-11 13:23 - 2020-07-30 01:03 - 000002360 _____ C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-11 13:23 - 2020-07-30 01:03 - 000000000 ____D C:\Users\E***\AppData\Local\Packages
2021-07-11 13:22 - 2020-11-22 00:32 - 000000000 ____D C:\Program Files (x86)\Razer
2021-07-11 13:22 - 2020-07-29 23:59 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-11 13:22 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-11 13:17 - 2020-07-30 23:23 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-828868634-1776342754-2024844012-1002
2021-07-11 13:17 - 2020-07-30 23:23 - 000000000 ___RD C:\Users\D***\OneDrive
2021-07-11 13:17 - 2020-07-30 23:21 - 000002395 _____ C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-11 13:14 - 2020-12-13 13:16 - 000000000 ____D C:\Users\D***\AppData\Local\LGHUB
2021-07-10 16:41 - 2020-07-30 23:21 - 000000000 __SHD C:\Users\D***\IntelGraphicsProfiles
2021-07-10 16:27 - 2020-08-29 13:58 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-10 16:20 - 2020-08-02 16:32 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-10 16:11 - 2020-08-29 13:58 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-10 16:11 - 2020-08-29 13:58 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-10 16:11 - 2020-07-30 09:39 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-10 16:11 - 2020-07-30 09:39 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-10 16:11 - 2020-07-30 09:39 - 000002252 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-07-10 16:06 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-10 15:26 - 2020-07-29 13:30 - 000439216 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-07-10 14:32 - 2020-07-29 13:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-10 14:30 - 2020-07-30 23:21 - 000000000 ____D C:\Users\D***\AppData\Local\Packages
2021-07-10 14:30 - 2020-07-30 23:21 - 000000000 ____D C:\Users\D***
2021-07-01 15:06 - 2020-08-15 00:14 - 000000000 ____D C:\Users\D***\AppData\Roaming\lunarclient
2021-07-01 15:06 - 2020-08-14 23:42 - 000000000 ____D C:\Users\D***\AppData\Roaming\.minecraft
2021-06-30 22:55 - 2020-08-14 23:15 - 000002227 _____ C:\Users\D***\Desktop\Discord.lnk
2021-06-30 22:55 - 2020-08-14 23:15 - 000000000 ____D C:\Users\D***\AppData\Roaming\discord
2021-06-30 22:55 - 2020-08-14 23:15 - 000000000 ____D C:\Users\D***\AppData\Local\Discord
2021-06-28 22:53 - 2021-02-13 23:36 - 000000000 ____D C:\Users\D***\Desktop\Sonstiges
2021-06-24 13:30 - 2021-01-24 19:14 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-22 03:17 - 2020-07-30 03:56 - 007279232 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 002838384 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 002186608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 001293680 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 000168304 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 000144240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2021-06-20 16:34 - 2020-12-13 12:38 - 000000000 ____D C:\ProgramData\LGHUB
2021-06-17 08:24 - 2021-02-18 20:17 - 000000000 ____D C:\Users\D***\.lunarclient
2021-06-14 20:31 - 2020-07-29 23:24 - 000000000 ____D C:\Windows\system32\MRT
2021-06-14 20:16 - 2020-07-29 23:24 - 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-06-12 15:11 - 2021-02-25 16:10 - 000000000 ____D C:\Users\D***\Documents\Betrieblich
2021-06-12 13:09 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 07-07-2021
Ran by E*** (11-07-2021 16:10:56)
Running from C:\Users\E***\Desktop
Windows 10 Home Version 21H1 19043.1083 (X64) (2020-07-29 11:31:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-828868634-1776342754-2024844012-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-828868634-1776342754-2024844012-503 - Limited - Disabled)
D*** (S-1-5-21-828868634-1776342754-2024844012-1002 - Limited - Enabled) => C:\Users\D***
E*** (S-1-5-21-828868634-1776342754-2024844012-1004 - Administrator - Enabled) => C:\Users\E***
Gast (S-1-5-21-828868634-1776342754-2024844012-501 - Limited - Disabled)
LocalAdmin (S-1-5-21-828868634-1776342754-2024844012-1001 - Administrator - Enabled) => C:\Users\LocalAdmin
VirusInstall (S-1-5-21-828868634-1776342754-2024844012-1003 - Administrator - Enabled) => C:\Users\VirusInstall
WDAGUtilityAccount (S-1-5-21-828868634-1776342754-2024844012-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
DeepL (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\DeepL) (Version: 2.2.0 - DeepL GmbH)
Discord (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Documentation Manager (HKLM\...\{D3342FE3-FE64-42C6-81A6-4F5F9BCFC4A9}) (Version: 22.50.1.1 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{C38DE4F8-DF58-4B5D-9D4C-1F68773A2AE2}) (Version: 21.3.21.5 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{50883721-017E-40C5-9B65-F11F20DE8B45}) (Version: 2.4.07630 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{8a13c1a0-15ca-4939-92ea-9a745169ba28}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000050-0220-1031-84C8-B8D95FA3C8C3}) (Version: 22.50.0.4 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{9360c8cc-b617-469a-bb35-829c13e21d97}) (Version: 21.3.21.5 - Intel)
Intel® Software Installer (HKLM-x32\...\{374c80b9-aad6-42d0-82d7-21cd45f9b5eb}) (Version: 22.50.1.1 - Intel Corporation) Hidden
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.6.4851 - Logitech)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.54.161 - Logitech)
Lunar Client (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.7.3 - Moonsworth, LLC)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.14131.20278 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1004\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Teams) (Version: 1.4.00.11161 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-828868634-1776342754-2024844012-1004\...\Teams) (Version: 1.3.00.9267 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.34 - Razer Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.9267 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Zoom (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\ZoomUMX) (Version: 5.6.0 (589) - Zoom Video Communications, Inc.)

Packages:
=========
Dolby Atmos -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmos_3.20500.501.0_x64__rz1tebttyb220 [2020-07-29] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-07-11] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-11] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-11] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2021-07-10] (Realtek Semiconductor Corp)
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.32.0_x64__8j3eq9eme6ctt [2021-07-11] (INTEL CORP)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-828868634-1776342754-2024844012-1004_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\E***\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-828868634-1776342754-2024844012-1004_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel)
CustomCLSID: HKU\S-1-5-21-828868634-1776342754-2024844012-1004_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\E***\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\nvshext.dll [2021-06-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-04-22 08:31 - 2021-04-22 08:31 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2020-08-15 13:24 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-05-21 08:12 - 2021-05-21 08:12 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2021-05-12 20:07 - 2021-05-12 20:07 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\sharepoint.com -> hxxps://myhkv-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2020-07-30 03:49 - 2020-07-30 03:49 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-828868634-1776342754-2024844012-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\Control Panel\Desktop\\Wallpaper -> c:\users\d***\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\firewatch-wallpaper.jpg
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-828868634-1776342754-2024844012-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 172.20.1.32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\StartupApproved\Run: => "DeepL"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8E4E2D96-A855-49F9-83C2-F1A3DE51130A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5814F66D-3969-4412-9E86-439D5DF4FA1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E3A187FC-2D67-4503-8FCD-082C57D206FE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A813BA9-B521-4251-A1D8-46A470D2F409}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D7FA1A9A-1BC2-4647-9193-612BD497DE69}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{30D80AF9-8421-4D47-A088-EDF378A467E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F0BF0DBD-AD2D-4F2C-9C4B-22E4FF73498F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C677F8F2-EA8D-44E1-A00B-138F605C8708}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{3D17EBF2-2D98-48BC-B2C2-C4C62EE4B038}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{86C93087-3BB2-4216-85E0-842AC36775B9}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{4EB87002-E4CD-4E3C-8972-7704950C1DF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{23836547-7271-4981-A728-140874C0C5D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{213C89E2-82FF-4079-9C66-3032FAFD386E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{CF80599D-E386-4CF0-96ED-8F45CAFC5450}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{60AFEA01-D10F-4588-9E1D-B6BE9172F4C6}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [UDP Query User{9F6BD8C0-C48D-44AD-BB3B-79FE7F3A9290}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{70D82D9D-A6D8-428E-A526-1BD5179349A2}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [UDP Query User{1EAF0CB2-DB50-4014-930B-98D8B8806E09}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{9862C70B-540D-43AA-81D8-62774BE5CA86}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{A2786F77-6FA4-4F14-AD84-376651D8881C}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{88F5C30C-F02F-4732-8FC8-AE09B30EDA4E}C:\users\d***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\d***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0A931F5A-3F7B-4879-B9B4-6A509F189825}C:\users\d***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\d***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5A4B1036-85D4-4699-ACC5-85A888E26280}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{737D835F-AB54-473C-ACE5-29C5DCF82FD5}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{ACA27F62-5767-48DA-9C36-EB3984FBEB7D}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{5F752835-088E-496D-A40B-A298E9057EE4}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{781ABF08-D1E5-4317-9F81-860BB5C53593}C:\users\d***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\d***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{E9E9D2E8-67DB-4806-AD61-9DACC2021FE8}C:\users\d***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\d***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1452F8D5-2080-41F5-A77B-CDD6C4C7A486}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [UDP Query User{50500A31-8942-4D0B-BAB0-21600ACEF320}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [TCP Query User{14B04D8E-ED0B-4D7A-A4F9-C72AAB18B2AC}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [UDP Query User{C80D7BCC-66BA-4C9D-AAA7-713D5DA13F97}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [TCP Query User{55EE8B5B-D5A0-4A94-B1DF-876FF3CBD5B9}C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{44ED84B4-6BD6-4B73-86F3-6B673CA41B7D}C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{4A590B38-2B73-48D0-AA07-6EB3C477F5A5}C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{855AB99D-9D9E-4BB4-A719-D3803AFD2DD1}C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3864D3E0-BED2-4111-A6F0-FFF26068852E}C:\users\d***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\d***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{B2FF2E92-E118-4399-BFB3-A16C58E97E56}C:\users\d***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\d***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{C724C445-55D5-42F8-8AA6-309D19BE3766}C:\users\d***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\d***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{2DF05E1A-059D-4347-9003-251F476E739C}C:\users\d***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\d***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{EBF0B6BA-73C8-4405-B843-2CB2C9CCBDDF}C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{E7D2035B-C81C-4809-8EF3-4D8CFFFDBC60}C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{64955EA6-731C-49A3-A62E-3C8A0C250692}C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{43158A28-70E7-4379-AE01-CD46B64C387E}C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8B32511D-0A43-421D-AE0B-B9900C07C559}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{38E103D4-77FB-4393-9053-AEA10CB7C82C}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{918DCD2E-F421-4F36-87BA-E310F178D5C5}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{E39FA778-3CD6-4E59-80DD-208F93530CD5}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{1140F1B5-1879-48A7-8A26-8811957D84F4}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{8F47BDDB-6D39-4D10-A6EA-35857E36736A}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{4612F0AB-0209-425F-844C-0088CFC96893}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FCAE3591-3C21-47E4-B404-CD61BF699A14}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0D704179-B0B0-40C3-AF47-9B836B7C0410}C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [UDP Query User{C375A748-7C4B-49E8-A793-FBB78841C52D}C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [{5F1E5E54-21C7-432E-9E75-5DF79CEF638D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{028A9E51-0D30-471C-8278-304954653FF2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0695B791-8B8E-45F3-87C6-B1971583CB18}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{30A4EBF2-3E92-46B0-B115-1C38F851573F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{0C554EE4-D611-48FF-8A93-A0BCD33C1A90}C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [UDP Query User{0CA1D261-3E7E-4573-929D-8CF695813CF0}C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [{FD644D95-3533-4DE0-9ACF-86D7FB748019}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{03F83D05-F8B9-4156-8C15-83E8F8176F64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{821F97F5-3BC0-424B-9F4E-347A3192FEF4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8D349F9E-8E3C-4552-842C-0DCF11B5953D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B55F8EFC-6E4F-4AB0-A097-9C21694D6A0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ECF86167-06BF-41ED-B9C1-BCBF1DA725C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BE0EB3B6-9A4C-4A89-BC5D-1BB9607D8107}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{72E2CFB1-AF30-4102-A532-E5476CFABA6E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{256ADF7A-0C51-4D52-BFF3-E898803ED197}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{21D3797F-68DF-43B7-A5E4-46C6C1BA7E0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C7EE6D75-B253-477F-8491-893FA435BF15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0C67AA18-4A72-4E25-87DD-3F0438C137A9}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{9F30DA7B-1E2A-4D5E-B1CB-31239FE64F1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D3711EF4-58CA-4FD3-B883-44D2D4FCD9B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EFFA571A-2A1C-4107-AA92-D1A51C4634FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9BF7E437-E3A8-4C58-8601-F7E37BCBCD2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

==================== Restore Points =========================

11-07-2021 14:33:51 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/11/2021 04:04:28 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: D***-RAZER)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/11/2021 03:55:11 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (07/11/2021 02:33:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MsQuic.

System Error:
Das Ressourcenladeprogramm konnte die MUI-Datei nicht finden.
.

Error: (07/11/2021 01:35:08 PM) (Source: VSTO 4.0) (EventID: 4096) (User: )
Description: Customization URI: file:///C:/ProgramData/Logishrd/LogiOptions/Plugins/ca7c0911-fbf7-4e87-9c23-25987358303b/Content/publish/LogiOptionsWordAddin.vsto
Exception: Attempting to uninstall a customization that has not been installed on this computer or has already been uninstalled from this computer. Please correct the parameter values and try again.


************** Exception Text **************
Microsoft.VisualStudio.Tools.Office.Runtime.SolutionInstallerException: Attempting to uninstall a customization that has not been installed on this computer or has already been uninstalled from this computer. Please correct the parameter values and try again.
  at Microsoft.VisualStudio.Tools.Office.Runtime.SolutionInstaller.ProcessInstallerOperation(ClickOnceAddInDeploymentManager clickOnceAddInDeploymentManager, OfficeAddInDeploymentManager officeAddInDeploymentManager, AddInInformation& info)
  at Microsoft.VisualStudio.Tools.Office.Runtime.SolutionInstaller.ProcessInstallerOperation(Boolean uninstall, Boolean silent, Uri manifest, Int32& errorCode, String& errorMessage)


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Office.Runtime
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Office.Runtime/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Office.Runtime.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4360.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Hosting
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Hosting/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Hosting.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.ServerDocument
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.ServerDocument/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Deployment
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4270.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Deployment/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Deployment.dll
----------------------------------------
System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Runtime
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Runtime/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Runtime.dll
----------------------------------------

Error: (07/11/2021 01:35:06 PM) (Source: VSTO 4.0) (EventID: 4096) (User: )
Description: Customization URI: file:///C:/ProgramData/Logishrd/LogiOptions/Plugins/abc9594a-1092-4a3a-8a1d-d05e602a10b8/Content/publish/LogiOptionsPowerPointAddin.vsto
Exception: Attempting to uninstall a customization that has not been installed on this computer or has already been uninstalled from this computer. Please correct the parameter values and try again.


************** Exception Text **************
Microsoft.VisualStudio.Tools.Office.Runtime.SolutionInstallerException: Attempting to uninstall a customization that has not been installed on this computer or has already been uninstalled from this computer. Please correct the parameter values and try again.
  at Microsoft.VisualStudio.Tools.Office.Runtime.SolutionInstaller.ProcessInstallerOperation(ClickOnceAddInDeploymentManager clickOnceAddInDeploymentManager, OfficeAddInDeploymentManager officeAddInDeploymentManager, AddInInformation& info)
  at Microsoft.VisualStudio.Tools.Office.Runtime.SolutionInstaller.ProcessInstallerOperation(Boolean uninstall, Boolean silent, Uri manifest, Int32& errorCode, String& errorMessage)


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Office.Runtime
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Office.Runtime/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Office.Runtime.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4360.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Hosting
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Hosting/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Hosting.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.ServerDocument
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.ServerDocument/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Deployment
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4270.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Deployment/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Deployment.dll
----------------------------------------
System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Runtime
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Runtime/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Runtime.dll
----------------------------------------

Error: (07/11/2021 01:35:04 PM) (Source: VSTO 4.0) (EventID: 4096) (User: )
Description: Customization URI: file:///C:/ProgramData/Logishrd/LogiOptions/Plugins/4caa44eb-cdf0-4ecd-b823-38b28187e59a/Content/publish/LogiOptionsExcelAddin.vsto
Exception: Attempting to uninstall a customization that has not been installed on this computer or has already been uninstalled from this computer. Please correct the parameter values and try again.


************** Exception Text **************
Microsoft.VisualStudio.Tools.Office.Runtime.SolutionInstallerException: Attempting to uninstall a customization that has not been installed on this computer or has already been uninstalled from this computer. Please correct the parameter values and try again.
  at Microsoft.VisualStudio.Tools.Office.Runtime.SolutionInstaller.ProcessInstallerOperation(ClickOnceAddInDeploymentManager clickOnceAddInDeploymentManager, OfficeAddInDeploymentManager officeAddInDeploymentManager, AddInInformation& info)
  at Microsoft.VisualStudio.Tools.Office.Runtime.SolutionInstaller.ProcessInstallerOperation(Boolean uninstall, Boolean silent, Uri manifest, Int32& errorCode, String& errorMessage)


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Office.Runtime
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Office.Runtime/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Office.Runtime.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4360.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Hosting
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Hosting/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Hosting.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.ServerDocument
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.ServerDocument/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Deployment
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4270.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Deployment/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Deployment.dll
----------------------------------------
System.Core
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.4390.0 built by: NET48REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Runtime
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.60828.0
    CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Runtime/v4.0_10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Runtime.dll
----------------------------------------

Error: (07/10/2021 08:53:43 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (07/10/2021 08:53:05 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17


System errors:
=============
Error: (07/11/2021 03:55:51 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

Error: (07/11/2021 02:18:43 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/11/2021 01:40:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/11/2021 01:40:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error:
A generic command executable returned a result that indicates failure.

Error: (07/10/2021 04:41:08 PM) (Source: DCOM) (EventID: 10010) (User: D***-RAZER)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

Error: (07/10/2021 03:25:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Energy Server Service queencreek service terminated with the following error:
Driver %2 returned invalid ID for a child device (%3).

Error: (07/10/2021 03:25:23 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Nicht verfügbar" in order to run the server:
{9C695035-48D2-4229-8B73-4C70E756E519}

Error: (07/10/2021 03:25:23 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Nicht verfügbar" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Windows Defender:
================
Date: 2021-07-10 16:39:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-27 15:56:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-24 13:57:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-10 18:10:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-10 08:17:48
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-10 14:32:24
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.343.745.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18300.4
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-06-30 22:48:53
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1630.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2021-06-30 22:48:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.128.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-30 22:48:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.128.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-30 22:48:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: Razer 1.01 03/20/2020
Motherboard: Razer LY325
Processor: Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz
Percentage of memory in use: 31%
Total physical RAM: 16122.35 MB
Available physical RAM: 11041.24 MB
Total Virtual: 20730.35 MB
Available Virtual: 14404.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.32 GB) (Free:274.37 GB) NTFS

\\?\Volume{ffb887a0-41e1-4378-985d-24e587c32e89}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{3334390f-d991-4a4b-b0a2-102b0d25ba51}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================
--- --- ---

e4ch 11.07.2021 15:55
Code:
Users shortcut scan result (x64) Version: 07-07-2021
Ran by E*** (11-07-2021 16:11:35)
Running from C:\Users\E***\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher\Minecraft Launcher.lnk -> C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Aufzeichnungs-Manager von Skype for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetriedashboard für Office.lnk -> C:\Program Files\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetrieprotokoll für Office.lnk -> C:\Program Files\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Options.lnk -> C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (Logitech, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi\Logitech G HUB.lnk -> C:\Program Files\LGHUB\lghub.exe (Logitech, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_291\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\E***\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\Links\Desktop.lnk -> C:\Users\D***\Desktop ()
Shortcut: C:\Users\D***\Links\Downloads.lnk -> C:\Users\D***\Downloads ()
Shortcut: C:\Users\D***\Desktop\Lunar Client.lnk -> C:\Users\D***\AppData\Local\Programs\lunarclient\Lunar Client.exe (Moonsworth, LLC)
Shortcut: C:\Users\D***\Desktop\Spotify.lnk -> Tile and icon assets
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lunar Client.lnk -> C:\Users\D***\AppData\Local\Programs\lunarclient\Lunar Client.exe (Moonsworth, LLC)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\D***\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\D***\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeepL GmbH\DeepL.lnk -> C:\Users\D***\AppData\Local\DeepL\DeepL.exe (DeepL GmbH)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lunar Client.lnk -> C:\Users\D***\AppData\Local\Programs\lunarclient\Lunar Client.exe (Moonsworth, LLC)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\Links\Desktop.lnk -> C:\Users\E***\Desktop ()
Shortcut: C:\Users\E***\Links\Downloads.lnk -> C:\Users\E***\Downloads ()
Shortcut: C:\Users\E***\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\E***\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\Links\Desktop.lnk -> C:\Users\LocalAdmin\Desktop ()
Shortcut: C:\Users\LocalAdmin\Links\Downloads.lnk -> C:\Users\LocalAdmin\Downloads ()
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\LocalAdmin\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Public\Desktop\Logitech G HUB.lnk -> C:\Program Files\LGHUB\lghub.exe (Logitech, Inc.)
Shortcut: C:\Users\Public\Desktop\Minecraft Launcher.lnk -> C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang)
Shortcut: C:\Users\Public\Desktop\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\VirusInstall\Links\Desktop.lnk -> C:\Users\VirusInstall\Desktop ()
Shortcut: C:\Users\VirusInstall\Links\Downloads.lnk -> C:\Users\VirusInstall\Downloads ()
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAServiceHelper.exe (Intel) -> installstartup
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Synapse\Razer Synapse.lnk -> C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.) -> -launch
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk -> C:\Program Files\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk -> C:\Program Files\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_291\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_291\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\D***\Desktop\Discord.lnk -> C:\Users\D***\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\D***\Desktop\Microsoft Teams.lnk -> C:\Users\D***\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\D***\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\D***\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall
ShortcutWithArgument: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk -> C:\Users\D***\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\D***\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Discord.lnk -> C:\Users\D***\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\D***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Teams.lnk -> C:\Users\D***\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\D***\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\E***\Desktop\Microsoft Teams.lnk -> C:\Users\E***\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\E***\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\E***\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\E***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\E***\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\LocalAdmin\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\VirusInstall\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxps://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxps://java.com/
InternetURL: C:\Users\D***\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\D***\Desktop\Grand Theft Auto V.url -> URL: steam://rungameid/271590
InternetURL: C:\Users\D***\Desktop\Watch_Dogs 2.url -> URL: steam://rungameid/447040
InternetURL: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Grand Theft Auto V.url -> URL: steam://rungameid/271590
InternetURL: C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Watch_Dogs 2.url -> URL: steam://rungameid/447040
InternetURL: C:\Users\E***\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\LocalAdmin\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\VirusInstall\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

==================== End of Shortcut.txt =============================

M-K-D-B 14.07.2021 10:48
:hallo:



Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.



Dein Thema wurde wohl übersehen, weil du selbst auf dein Thema geantwortet hast.

Benötigst du noch Hilfe?

e4ch 14.07.2021 11:59
Hi, ja klar. Es hat ja geheissen man solle keine Attachments machen und stattdessen weitere Posts mit inline-Logs machen und drei Tage warten mit reklamieren wenn keine Antwort kommt. Das wäre jetzt.

Was ich zusätzlich inzwischen noch gemacht habe: Mit msconfig ein clean boot und dort dann noch ein Scan mit MBAM gemacht. War sauber. Ist inzwischen wieder deinstalliert.

Siehst du in den Logs oben etwas? Sonst noch etwas das ich checken könnte? Und zum Hauptthema, wenn Defender anzeigt "1 Fund", wo müsste ich das Log dazu finden, bzw. was genau gefunden wurde?

M-K-D-B 14.07.2021 14:13
Zwei Kontrollen und nochmal FRST bitte, brauche aktuelle Logdateien. :)




Schritt 1
Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Schritt 2
Führe RogueKiller Anti-Malware gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Schritt 3
  • Starte FRST erneut und klicke auf Untersuchen.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort:
  • die Logdatei von AdwCleaner
  • die Logdatei von RogueKiller
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

e4ch 14.07.2021 16:05
Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-06-29.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-14-2021
# Duration: 00:00:00
# OS:      Windows 10 Home
# Cleaned:  3
# Failed:  0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted      HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted      HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com

***** [ Chromium (and derivatives) ] *****

Deleted      Touch VPN – Kostenloses VPN und kostenloser Proxy - bihmplhobchoageeokmgbdihknkjbknd

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1899 octets] - [14/07/2021 16:32:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Code:
RogueKiller Anti-Malware V15.0.8.0 (x64) [Jul 13 2021] (Free) von Adlice Software
Mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Betriebssystem : Windows 10 (10.0.19043) 64-bit
Gestartet in : Normaler Modus
Benutzer : E*** [Administrator]
Gestartet von : C:\Users\E***\Desktop\RogueKiller_portable64.exe
Signaturen : 20210713_121625, Treiber : Geladen
Modus : Standard-Scan, Löschen -- Datum : 2021/07/14 16:47:08 (Dauer : 00:03:30)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Löschen ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.WinZipDiskTools (Potenziell bösartig)] HKEY_USERS\.DEFAULT\Software\Nico Mak Computing --  -> Gelöscht
[PUP.WinZipDiskTools (Potenziell bösartig)] HKEY_USERS\S-1-5-18\Software\Nico Mak Computing --  -> Gelöscht

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2021
Ran by E*** (administrator) on D***-RAZER (Razer Blade Stealth 13 (Early 2020) - RZ09-0310) (14-07-2021 16:51:08)
Running from C:\Users\E***\Desktop
Loaded Profiles: E***
Platform: Windows 10 Home Version 21H1 19043.1083 (X64) Language: German (Germany) -> English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1082144 2020-04-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1668000 2021-06-09] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [97229056 2020-04-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288672 2021-05-21] (IDSA Production signing key 2021 -> Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Run: [Discord] => C:\Users\D***\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Run: [DeepL] => C:\Users\D***\AppData\Local\DeepL\app-2.2.0\DeepL.exe [199680 2021-03-21] (DeepL GmbH) [File not signed]
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-06-12] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\D***\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\D***\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\RunOnce: [Uninstall 21.109.0530.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\D***\AppData\Local\Microsoft\OneDrive\21.109.0530.0001"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3416352 2020-10-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-06-12] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Uninstall 20.114.0607.0002\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\amd64"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Uninstall 20.114.0607.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\20.114.0607.0002"
HKU\S-1-5-21-828868634-1776342754-2024844012-1004\...\Run: [com.squirrel.Teams.Teams] => C:\Users\E***\AppData\Local\Microsoft\Teams\Update.exe [2347880 2021-07-11] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-10] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {016EDF16-67CE-4D94-ACDF-2D07C81E8B32} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {01FB1424-D7C2-4688-AE3E-99833DA77D66} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {0D88FAB6-D36F-4F98-B433-DAEE27006796} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-30] (Google LLC -> Google LLC)
Task: {1850C163-2036-4F31-853D-56FABBC0C966} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {1FAA7787-591C-4CCD-839E-77F5B7E0E36B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {24FE5BD7-6DEB-4109-99C1-C957A9C876D4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {3E209F7D-DE6F-42C7-A7CD-0FF6A5AB7B58} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {43AEE51C-AB34-4F59-A090-4683811365E5} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {442D66FB-7146-4832-8394-D8ACF2FBD02B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {60AEC516-1C94-4445-BDE4-27039DD518EF} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4082288 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {64A77EA3-74E4-4C81-8653-113A92B97644} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {679B81F1-2336-4073-8061-0D730E8454B0} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {693B4466-FAE5-4E44-8CAA-7DF05A425C54} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {773E7CC1-C264-44B0-A9D3-08675BE9CABC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1537424 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {78A5D23D-83D9-4003-8205-196242FB26C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5311432 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {7DB462F2-88C4-48E5-AE86-EE3BD2C9EA69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {8A656790-1E0B-4D06-945E-EB43A7319403} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5311432 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D055061-61A3-4A53-AC30-3D0EB994BF87} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {9CD30F05-CA82-4E7E-AD0C-4ED35BC5F02A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A9204EFD-6E8B-4FDD-AAC6-9B2C09559E70} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9E20C9E-3F76-44AE-9403-0965DFC29EAF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BBA73790-734E-4977-B833-72266E10CAF8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF3B8DB0-E6BB-437A-9FB3-64484109E30C} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {D163A3AA-BFE5-4A93-9216-3A0571C818E8} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {D2D588F7-C02A-4DB9-96B8-DD3255B7906E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E01599FA-998A-478B-AB7E-B78456D1CFCA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EC22025A-83DB-48D6-9ABC-A186647331F3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F9F92B18-8390-4CFF-B5B4-5FC158BC9185} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-30] (Google LLC -> Google LLC)
Task: {FBCF36ED-E755-4BBA-994C-0AE23C9F4E49} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.1.32
Tcpip\..\Interfaces\{8ae694bc-6dd5-45f0-8343-148a4c77ea79}: [DhcpNameServer] 172.20.1.32

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\E***\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-14]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-06-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default [2021-07-11]
CHR Extension: (Präsentationen) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-30]
CHR Extension: (Docs) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-30]
CHR Extension: (Google Drive) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-11]
CHR Extension: (YouTube) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-30]
CHR Extension: (Adobe Acrobat) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-07-11]
CHR Extension: (Tabellen) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-11]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-11]
CHR Extension: (Google Mail) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AALSvc; C:\AlphaAntiLeak\AAL\bin\server\AALSvc.exe [11482488 2020-08-15] (Constantin Schreiber -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056656 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
S2 DolbyDAXAPI; C:\Windows\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10723232 2021-06-12] (Logitech Inc -> Logitech, Inc.)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AALProtect; C:\AlphaAntiLeak\AAL\bin\server\AALProtect.sys [35984 2020-08-15] (OOO AMEKS -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R2 LGHUBTemperatureService; C:\Program Files\LGHUB\logi_core_temp.sys [22864 2021-06-12] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200 2021-03-18] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928 2021-03-18] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896 2021-03-18] (Logitech Inc -> Logitech)
R3 MpKsl90e538aa; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B4FE313-2D6F-4476-9227-4DB2F6905219}\MpKslDrv.sys [107752 2021-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [51992 2020-03-19] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0252; C:\Windows\System32\drivers\RzDev_0252.sys [51992 2020-03-19] (Razer USA Ltd. -> Razer Inc)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [425192 2021-07-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-14 16:50 - 2021-07-14 16:50 - 000000000 ____D C:\Users\E***\Desktop\FRST-OlderVersion
2021-07-14 16:48 - 2021-07-14 16:48 - 000001522 _____ C:\Users\E***\Desktop\as_63E2.tmp.txt
2021-07-14 16:41 - 2021-07-14 16:45 - 000000000 ____D C:\ProgramData\RogueKiller
2021-07-14 16:40 - 2021-07-14 16:40 - 033517904 _____ C:\Users\E***\Desktop\RogueKiller_portable64.exe
2021-07-14 16:34 - 2021-07-14 16:34 - 000002031 _____ C:\Users\E***\Desktop\AdwCleaner[C00].txt
2021-07-14 16:30 - 2021-07-14 16:34 - 000000000 ____D C:\AdwCleaner
2021-07-14 16:29 - 2021-07-14 16:29 - 008553680 _____ (Malwarebytes) C:\Users\E***\Desktop\adwcleaner_8.3.0.exe
2021-07-11 21:16 - 2021-07-11 21:16 - 000001227 _____ C:\Users\E***\Desktop\mbamlog.txt
2021-07-11 21:12 - 2021-07-11 21:12 - 000000000 ____D C:\Users\E***\AppData\Local\mbam
2021-07-11 16:59 - 2021-07-11 21:19 - 095944704 _____ C:\Windows\system32\config\SOFTWARE
2021-07-11 16:56 - 2021-07-11 16:59 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-07-11 16:11 - 2021-07-11 16:22 - 000055332 _____ C:\Users\E***\Desktop\Shortcut.txt
2021-07-11 16:10 - 2021-07-11 16:25 - 000051588 _____ C:\Users\E***\Desktop\Addition.txt
2021-07-11 16:09 - 2021-07-14 16:51 - 000021369 _____ C:\Users\E***\Desktop\FRST.txt
2021-07-11 16:09 - 2021-07-14 16:51 - 000000000 ____D C:\FRST
2021-07-11 16:06 - 2021-07-14 16:50 - 002301440 _____ (Farbar) C:\Users\E***\Desktop\FRST64.exe
2021-07-11 13:40 - 2021-07-11 13:40 - 000000000 ____D C:\Windows\system32\lxss
2021-07-11 13:35 - 2021-07-11 13:35 - 000000000 ____D C:\Users\E***\AppData\Local\Deployment
2021-07-11 13:35 - 2021-07-11 13:35 - 000000000 ____D C:\Users\E***\AppData\Local\Apps\2.0
2021-07-11 13:35 - 2021-07-11 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-07-11 13:35 - 2021-06-22 03:25 - 001858680 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001858680 _____ C:\Windows\system32\vulkaninfo.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001474336 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001212192 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 001097832 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 001097832 _____ C:\Windows\system32\vulkan-1.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 000951912 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 000951912 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 001519384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 001170224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000715568 _____ C:\Windows\system32\nvofapi64.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000675088 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000641328 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000575792 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000563992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 002111264 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 001594656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 000917280 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 000748832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 000704792 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-07-11 13:35 - 2021-06-22 03:19 - 008852760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 007918872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 004986648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 002924304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 000446744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-07-11 13:35 - 2021-06-22 03:18 - 000848672 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-07-11 13:35 - 2021-06-22 03:17 - 006215312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-07-11 13:35 - 2021-06-21 10:43 - 000082968 _____ C:\Windows\system32\nvinfo.pb
2021-07-11 13:34 - 2021-07-11 13:34 - 000000000 ____D C:\Program Files\Logitech
2021-07-11 13:24 - 2021-06-21 10:43 - 000078192 _____ C:\Windows\system32\FvSDK_x64.dll
2021-07-11 13:24 - 2021-06-21 10:43 - 000067952 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2021-07-11 13:24 - 2021-06-03 15:56 - 000043408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2021-07-11 13:22 - 2021-07-11 13:22 - 000002359 _____ C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-07-11 13:22 - 2021-07-11 13:22 - 000002351 _____ C:\Users\E***\Desktop\Microsoft Teams.lnk
2021-07-11 13:22 - 2021-07-11 13:22 - 000002348 _____ C:\Users\E***\Desktop\Microsoft Edge.lnk
2021-07-11 13:22 - 2021-07-11 13:22 - 000000000 ____D C:\Users\E***\AppData\Roaming\Microsoft Teams
2021-07-11 13:22 - 2021-07-11 13:22 - 000000000 ____D C:\Users\E***\AppData\Roaming\Logishrd
2021-07-11 13:22 - 2021-07-11 13:22 - 000000000 ____D C:\Users\E***\AppData\Local\SquirrelTemp
2021-07-10 16:09 - 2020-03-19 03:34 - 000051992 _____ (Razer Inc) C:\Windows\system32\Drivers\RzCommon.sys
2021-07-10 15:25 - 2021-07-10 15:25 - 000001426 _____ C:\Windows\system32\default_error_stack-000003-000000.txt
2021-07-10 15:12 - 2021-07-10 15:12 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-07-10 15:12 - 2021-07-10 15:12 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-07-10 15:12 - 2021-07-10 15:12 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-10 15:12 - 2021-07-10 15:12 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-07-10 15:12 - 2021-07-10 15:12 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-07-10 15:12 - 2021-07-10 15:12 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-07-10 15:12 - 2021-07-10 15:12 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-07-10 15:12 - 2021-07-10 15:12 - 000011351 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-06-30 22:56 - 2021-06-30 22:56 - 000000000 ____D C:\Users\D***\AppData\Roaming\com.moonsworth.client.javafx.MicrosoftAuthApp
2021-06-28 21:30 - 2021-06-28 21:30 - 000000000 ____D C:\Users\D***\AppData\Local\paint.net
2021-06-28 21:29 - 2021-06-28 21:29 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2021-06-28 21:29 - 2021-06-28 21:29 - 000001052 _____ C:\Users\Public\Desktop\paint.net.lnk
2021-06-28 21:29 - 2021-06-28 21:29 - 000000000 ____D C:\Users\VirusInstall\AppData\Local\paint.net
2021-06-28 21:29 - 2021-06-28 21:29 - 000000000 ____D C:\Program Files\paint.net
2021-06-20 16:34 - 2021-06-20 16:34 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2021-06-20 16:34 - 2021-06-20 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-06-20 16:34 - 2021-06-20 16:34 - 000000000 ____D C:\Program Files\LGHUB

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-14 16:44 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-14 16:40 - 2020-07-30 09:48 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-07-14 16:38 - 2020-07-30 01:11 - 000000000 ____D C:\Users\E***\AppData\Local\PlaceholderTileLogoFolder
2021-07-14 16:38 - 2020-07-30 01:03 - 000000000 ____D C:\Users\E***\AppData\Local\Packages
2021-07-14 16:38 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-14 16:34 - 2020-07-29 23:54 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-14 16:31 - 2020-07-30 09:48 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-14 16:28 - 2020-07-30 01:03 - 000000000 __SHD C:\Users\E***\IntelGraphicsProfiles
2021-07-14 16:27 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-07-12 23:17 - 2020-07-29 13:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-12 23:08 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-12 23:08 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-07-11 21:23 - 2020-07-29 13:36 - 001632084 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-11 21:23 - 2019-12-07 16:50 - 000706432 _____ C:\Windows\system32\perfh007.dat
2021-07-11 21:23 - 2019-12-07 16:50 - 000142502 _____ C:\Windows\system32\perfc007.dat
2021-07-11 21:19 - 2020-07-29 23:24 - 000000000 ____D C:\Intel
2021-07-11 21:19 - 2020-07-29 13:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-11 21:19 - 2020-07-29 13:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-11 21:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2021-07-11 21:19 - 2019-12-07 11:03 - 001572864 _____ C:\Windows\system32\config\BBI
2021-07-11 21:17 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-07-11 21:12 - 2020-07-30 10:56 - 000000000 ____D C:\Users\E***\AppData\Local\NVIDIA Corporation
2021-07-11 16:01 - 2020-07-30 10:56 - 000000000 ____D C:\Users\E***\AppData\Local\NVIDIA
2021-07-11 15:55 - 2020-12-13 13:16 - 000000000 ____D C:\Users\D***\AppData\Roaming\LGHUB
2021-07-11 13:43 - 2020-07-30 10:56 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000001403 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2021-07-11 13:43 - 2020-07-30 10:54 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-07-11 13:43 - 2020-07-30 03:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-07-11 13:43 - 2020-07-29 23:22 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-07-11 13:40 - 2020-07-30 03:40 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2021-07-11 13:23 - 2020-07-30 01:10 - 000003368 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-828868634-1776342754-2024844012-1004
2021-07-11 13:23 - 2020-07-30 01:10 - 000000000 ___RD C:\Users\E***\OneDrive
2021-07-11 13:23 - 2020-07-30 01:03 - 000002360 _____ C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-11 13:22 - 2020-11-22 00:32 - 000000000 ____D C:\Program Files (x86)\Razer
2021-07-11 13:22 - 2020-07-29 23:59 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-11 13:22 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-11 13:17 - 2020-07-30 23:23 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-828868634-1776342754-2024844012-1002
2021-07-11 13:17 - 2020-07-30 23:23 - 000000000 ___RD C:\Users\D***\OneDrive
2021-07-11 13:17 - 2020-07-30 23:21 - 000002395 _____ C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-11 13:14 - 2020-12-13 13:16 - 000000000 ____D C:\Users\D***\AppData\Local\LGHUB
2021-07-10 16:41 - 2020-07-30 23:21 - 000000000 __SHD C:\Users\D***\IntelGraphicsProfiles
2021-07-10 16:27 - 2020-08-29 13:58 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-10 16:20 - 2020-08-02 16:32 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-10 16:11 - 2020-08-29 13:58 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-10 16:11 - 2020-08-29 13:58 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-10 16:11 - 2020-07-30 09:39 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-10 16:11 - 2020-07-30 09:39 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-10 16:06 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-10 15:26 - 2020-07-29 13:30 - 000439216 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-07-10 14:32 - 2020-07-29 13:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-10 14:30 - 2020-07-30 23:21 - 000000000 ____D C:\Users\D***\AppData\Local\Packages
2021-07-10 14:30 - 2020-07-30 23:21 - 000000000 ____D C:\Users\D***
2021-07-01 15:06 - 2020-08-15 00:14 - 000000000 ____D C:\Users\D***\AppData\Roaming\lunarclient
2021-07-01 15:06 - 2020-08-14 23:42 - 000000000 ____D C:\Users\D***\AppData\Roaming\.minecraft
2021-06-30 22:55 - 2020-08-14 23:15 - 000002227 _____ C:\Users\D***\Desktop\Discord.lnk
2021-06-30 22:55 - 2020-08-14 23:15 - 000000000 ____D C:\Users\D***\AppData\Roaming\discord
2021-06-30 22:55 - 2020-08-14 23:15 - 000000000 ____D C:\Users\D***\AppData\Local\Discord
2021-06-28 22:53 - 2021-02-13 23:36 - 000000000 ____D C:\Users\D***\Desktop\Sonstiges
2021-06-24 13:30 - 2021-01-24 19:14 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-22 03:17 - 2020-07-30 03:56 - 007279232 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 002838384 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 002186608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 001293680 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 000168304 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 000144240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2021-06-20 16:34 - 2020-12-13 12:38 - 000000000 ____D C:\ProgramData\LGHUB
2021-06-17 08:24 - 2021-02-18 20:17 - 000000000 ____D C:\Users\D***\.lunarclient
2021-06-14 20:31 - 2020-07-29 23:24 - 000000000 ____D C:\Windows\system32\MRT
2021-06-14 20:16 - 2020-07-29 23:24 - 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2021
Ran by E*** (14-07-2021 16:51:48)
Running from C:\Users\E***\Desktop
Windows 10 Home Version 21H1 19043.1083 (X64) (2020-07-29 11:31:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-828868634-1776342754-2024844012-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-828868634-1776342754-2024844012-503 - Limited - Disabled)
D*** (S-1-5-21-828868634-1776342754-2024844012-1002 - Limited - Enabled) => C:\Users\D***
E*** (S-1-5-21-828868634-1776342754-2024844012-1004 - Administrator - Enabled) => C:\Users\E***
Gast (S-1-5-21-828868634-1776342754-2024844012-501 - Limited - Disabled)
LocalAdmin (S-1-5-21-828868634-1776342754-2024844012-1001 - Administrator - Enabled) => C:\Users\LocalAdmin
VirusInstall (S-1-5-21-828868634-1776342754-2024844012-1003 - Administrator - Enabled) => C:\Users\VirusInstall
WDAGUtilityAccount (S-1-5-21-828868634-1776342754-2024844012-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.005.20058 - Adobe Systems Incorporated)
DeepL (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\DeepL) (Version: 2.2.0 - DeepL GmbH)
Discord (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Documentation Manager (HKLM\...\{D3342FE3-FE64-42C6-81A6-4F5F9BCFC4A9}) (Version: 22.50.1.1 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{C38DE4F8-DF58-4B5D-9D4C-1F68773A2AE2}) (Version: 21.3.21.5 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{50883721-017E-40C5-9B65-F11F20DE8B45}) (Version: 2.4.07630 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{8a13c1a0-15ca-4939-92ea-9a745169ba28}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000050-0220-1031-84C8-B8D95FA3C8C3}) (Version: 22.50.0.4 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{9360c8cc-b617-469a-bb35-829c13e21d97}) (Version: 21.3.21.5 - Intel)
Intel® Software Installer (HKLM-x32\...\{374c80b9-aad6-42d0-82d7-21cd45f9b5eb}) (Version: 22.50.1.1 - Intel Corporation) Hidden
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.6.4851 - Logitech)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.54.161 - Logitech)
Lunar Client (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.7.3 - Moonsworth, LLC)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.14131.20278 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1004\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Teams) (Version: 1.4.00.11161 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-828868634-1776342754-2024844012-1004\...\Teams) (Version: 1.3.00.9267 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.34 - Razer Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.9267 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Zoom (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\ZoomUMX) (Version: 5.6.0 (589) - Zoom Video Communications, Inc.)

Packages:
=========
Dolby Atmos -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmos_3.20500.501.0_x64__rz1tebttyb220 [2020-07-29] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-07-11] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-11] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-11] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2021-07-12] (Realtek Semiconductor Corp)
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.32.0_x64__8j3eq9eme6ctt [2021-07-11] (INTEL CORP)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-828868634-1776342754-2024844012-1004_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\E***\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-828868634-1776342754-2024844012-1004_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel)
CustomCLSID: HKU\S-1-5-21-828868634-1776342754-2024844012-1004_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\E***\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\nvshext.dll [2021-06-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\sharepoint.com -> hxxps://myhkv-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2020-07-30 03:49 - 2020-07-30 03:49 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-828868634-1776342754-2024844012-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\Control Panel\Desktop\\Wallpaper -> c:\users\d***\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\firewatch-wallpaper.jpg
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-828868634-1776342754-2024844012-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 172.20.1.32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\StartupApproved\Run: => "DeepL"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8E4E2D96-A855-49F9-83C2-F1A3DE51130A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5814F66D-3969-4412-9E86-439D5DF4FA1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E3A187FC-2D67-4503-8FCD-082C57D206FE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A813BA9-B521-4251-A1D8-46A470D2F409}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D7FA1A9A-1BC2-4647-9193-612BD497DE69}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{30D80AF9-8421-4D47-A088-EDF378A467E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F0BF0DBD-AD2D-4F2C-9C4B-22E4FF73498F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C677F8F2-EA8D-44E1-A00B-138F605C8708}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{3D17EBF2-2D98-48BC-B2C2-C4C62EE4B038}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{86C93087-3BB2-4216-85E0-842AC36775B9}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{4EB87002-E4CD-4E3C-8972-7704950C1DF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{23836547-7271-4981-A728-140874C0C5D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{213C89E2-82FF-4079-9C66-3032FAFD386E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{CF80599D-E386-4CF0-96ED-8F45CAFC5450}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{60AFEA01-D10F-4588-9E1D-B6BE9172F4C6}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [UDP Query User{9F6BD8C0-C48D-44AD-BB3B-79FE7F3A9290}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{70D82D9D-A6D8-428E-A526-1BD5179349A2}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [UDP Query User{1EAF0CB2-DB50-4014-930B-98D8B8806E09}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{9862C70B-540D-43AA-81D8-62774BE5CA86}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{A2786F77-6FA4-4F14-AD84-376651D8881C}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{88F5C30C-F02F-4732-8FC8-AE09B30EDA4E}C:\users\d***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\d***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0A931F5A-3F7B-4879-B9B4-6A509F189825}C:\users\d***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\d***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5A4B1036-85D4-4699-ACC5-85A888E26280}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{737D835F-AB54-473C-ACE5-29C5DCF82FD5}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{ACA27F62-5767-48DA-9C36-EB3984FBEB7D}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{5F752835-088E-496D-A40B-A298E9057EE4}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{781ABF08-D1E5-4317-9F81-860BB5C53593}C:\users\d***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\d***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{E9E9D2E8-67DB-4806-AD61-9DACC2021FE8}C:\users\d***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\d***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1452F8D5-2080-41F5-A77B-CDD6C4C7A486}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [UDP Query User{50500A31-8942-4D0B-BAB0-21600ACEF320}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [TCP Query User{14B04D8E-ED0B-4D7A-A4F9-C72AAB18B2AC}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [UDP Query User{C80D7BCC-66BA-4C9D-AAA7-713D5DA13F97}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [TCP Query User{55EE8B5B-D5A0-4A94-B1DF-876FF3CBD5B9}C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{44ED84B4-6BD6-4B73-86F3-6B673CA41B7D}C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{4A590B38-2B73-48D0-AA07-6EB3C477F5A5}C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{855AB99D-9D9E-4BB4-A719-D3803AFD2DD1}C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3864D3E0-BED2-4111-A6F0-FFF26068852E}C:\users\d***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\d***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{B2FF2E92-E118-4399-BFB3-A16C58E97E56}C:\users\d***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\d***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{C724C445-55D5-42F8-8AA6-309D19BE3766}C:\users\d***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\d***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{2DF05E1A-059D-4347-9003-251F476E739C}C:\users\d***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\d***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{EBF0B6BA-73C8-4405-B843-2CB2C9CCBDDF}C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{E7D2035B-C81C-4809-8EF3-4D8CFFFDBC60}C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{64955EA6-731C-49A3-A62E-3C8A0C250692}C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{43158A28-70E7-4379-AE01-CD46B64C387E}C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu8.52.0.23-ca-fx-jre8.0.282-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8B32511D-0A43-421D-AE0B-B9900C07C559}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{38E103D4-77FB-4393-9053-AEA10CB7C82C}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{918DCD2E-F421-4F36-87BA-E310F178D5C5}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{E39FA778-3CD6-4E59-80DD-208F93530CD5}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{1140F1B5-1879-48A7-8A26-8811957D84F4}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{8F47BDDB-6D39-4D10-A6EA-35857E36736A}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{4612F0AB-0209-425F-844C-0088CFC96893}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FCAE3591-3C21-47E4-B404-CD61BF699A14}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0D704179-B0B0-40C3-AF47-9B836B7C0410}C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [UDP Query User{C375A748-7C4B-49E8-A793-FBB78841C52D}C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [{5F1E5E54-21C7-432E-9E75-5DF79CEF638D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{028A9E51-0D30-471C-8278-304954653FF2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0695B791-8B8E-45F3-87C6-B1971583CB18}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{30A4EBF2-3E92-46B0-B115-1C38F851573F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{0C554EE4-D611-48FF-8A93-A0BCD33C1A90}C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [UDP Query User{0CA1D261-3E7E-4573-929D-8CF695813CF0}C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\d***\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [{FD644D95-3533-4DE0-9ACF-86D7FB748019}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{03F83D05-F8B9-4156-8C15-83E8F8176F64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{821F97F5-3BC0-424B-9F4E-347A3192FEF4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8D349F9E-8E3C-4552-842C-0DCF11B5953D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B55F8EFC-6E4F-4AB0-A097-9C21694D6A0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ECF86167-06BF-41ED-B9C1-BCBF1DA725C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BE0EB3B6-9A4C-4A89-BC5D-1BB9607D8107}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{72E2CFB1-AF30-4102-A532-E5476CFABA6E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{256ADF7A-0C51-4D52-BFF3-E898803ED197}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{21D3797F-68DF-43B7-A5E4-46C6C1BA7E0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C7EE6D75-B253-477F-8491-893FA435BF15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0C67AA18-4A72-4E25-87DD-3F0438C137A9}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{9F30DA7B-1E2A-4D5E-B1CB-31239FE64F1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D3711EF4-58CA-4FD3-B883-44D2D4FCD9B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EFFA571A-2A1C-4107-AA92-D1A51C4634FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9BF7E437-E3A8-4C58-8601-F7E37BCBCD2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{739DF225-304F-441D-86A1-2C416D53EB91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.163.568.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{36390834-B55C-422E-9DD0-0BEE2E85A9FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.163.568.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9522EB2E-8ED7-42CB-A806-10060F77DAAD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.163.568.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1F51F524-2B53-4470-A89B-C09C7D9B2CEA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.163.568.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BC12031E-DDDD-449C-BFE4-93824952CD7F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.163.568.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CC914E15-8845-4ECF-AF19-411A77CEDB3E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.163.568.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4BF8F90D-1E56-4B9C-BD89-07CE21FC55E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.163.568.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{92B7818A-172F-478A-842C-5E7297B4358D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.163.568.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

11-07-2021 14:33:51 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/14/2021 04:26:44 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (07/12/2021 11:36:51 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: D***-RAZER)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/12/2021 10:50:26 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (07/11/2021 09:23:48 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: D***-RAZER)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/11/2021 09:17:26 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (07/11/2021 09:14:46 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: D***-RAZER)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/11/2021 08:58:49 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (07/11/2021 06:48:44 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17


System errors:
=============
Error: (07/14/2021 04:34:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/14/2021 04:34:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/14/2021 04:34:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Driver & Support Assistant service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/14/2021 04:34:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/14/2021 04:34:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/14/2021 04:34:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Thunderbolt(TM) Application Launcher service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/14/2021 04:34:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/14/2021 04:34:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
================
Date: 2021-07-11 16:33:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-10 16:39:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-27 15:56:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-24 13:57:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-10 18:10:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-10 14:32:24
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.343.745.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18300.4
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-06-30 22:48:53
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1630.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2021-06-30 22:48:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.128.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-30 22:48:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.128.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-30 22:48:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: Razer 1.01 03/20/2020
Motherboard: Razer LY325
Processor: Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz
Percentage of memory in use: 25%
Total physical RAM: 16122.35 MB
Available physical RAM: 12014.15 MB
Total Virtual: 20730.35 MB
Available Virtual: 15621.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.32 GB) (Free:282.6 GB) NTFS

\\?\Volume{ffb887a0-41e1-4378-985d-24e587c32e89}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{3334390f-d991-4a4b-b0a2-102b0d25ba51}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: C4437CC6)

Partition: GPT.

==================== End of Addition.txt =======================
--- --- ---


Sieht mir nicht so schlimm aus. Das Chrome Plugin waren vermutlich Reste einer versuchten VPN Installation. Dotomi kenne ich nicht, aber sind vermutlich nur inaktive Registry-Einträge. Und Niko Mak ist doch nichts böses, oder?

Was meinst du dazu?

M-K-D-B 14.07.2021 20:26
Das sind in der Tat nur unbedeutende Reste bzw. Funde. Nicht wirklich schädlich.

Ich sehe jetzt keine aktive Malware in den Logdateien.

Ich würde mit FRST verweiste Einträge entfernen und die Systemdateien auf Konsistenz überprüfen (Schritt 1). Sollten dabei beschädigte Dateien gefunden werden, können diese automatisch repariert werden.




Schritt 1
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    SystemRestore: On
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: Bitsadmin /Reset /Allusers
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD: sfc /scannow
    CMD: dism /online /cleanup-image /restorehealth
    CMD: sfc /scannow
    Hosts:
    RemoveProxy:
    EmptyTemp:
    End::
  • Starte nun FRST und klicke direkt den Reparieren Button.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
  • Starte FRST erneut und klicke auf Untersuchen.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort:
  • die Logdatei des FRST-Fix (fixlog.txt)
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

e4ch 14.07.2021 23:39
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by E*** (14-07-2021 23:49:06) Run:1
Running from C:\Users\E***\Desktop
Loaded Profiles: LocalAdmin & D*** & VirusInstall & E***
Boot Mode: Normal
==============================================

fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: sfc /scannow
CMD: dism /online /cleanup-image /restorehealth
CMD: sfc /scannow
Hosts:
RemoveProxy:
EmptyTemp:

*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{B282C56F-F2A1-420C-98DB-86561F934BA7} canceled.
{874BF6DB-A683-4C63-91FC-09EAD476A582} canceled.
{69CB0A6B-DC1D-4AE6-8C5D-4A9F3A75DBCE} canceled.
{FC7C745D-CD0E-4988-805B-209686DEE838} canceled.
{D79FEBCD-CAD4-4083-8B4C-938117D8EB85} canceled.
{FC2B65B3-67AE-42A8-83D6-5E4A8AE6AA52} canceled.
{7BB8AE31-55DD-430A-BE03-0FDB2A68D210} canceled.
{79784D8D-2858-4E46-86B8-CEC54CDCD222} canceled.
8 out of 8 jobs canceled.

========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= sfc /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.


========= End of CMD: =========


========= dism /online /cleanup-image /restorehealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19043.1110


[==                        3.8%                          ]

[==                        4.8%                          ]

[===                        5.7%                          ]

[===                        6.7%                          ]

[====                      7.7%                          ]

[=====                      8.7%                          ]

[=====                      9.7%                          ]

[======                    10.6%                          ]

[======                    11.6%                          ]

[=======                    12.6%                          ]

[=======                    13.6%                          ]

[========                  14.6%                          ]

[=========                  15.5%                          ]

[=========                  16.5%                          ]

[==========                17.5%                          ]

[==========                18.5%                          ]

[===========                19.5%                          ]

[===========                20.5%                          ]

[============              21.4%                          ]

[=============              22.4%                          ]

[=============              23.4%                          ]

[==============            24.2%                          ]

[==============            25.1%                          ]

[==============            25.3%                          ]

[==============            25.4%                          ]

[===============            26.4%                          ]

[===============            27.4%                          ]

[================          28.4%                          ]

[=================          29.4%                          ]

[=================          30.3%                          ]

[==================        31.3%                          ]

[==================        32.3%                          ]

[===================        33.3%                          ]

[===================        34.3%                          ]

[====================      35.2%                          ]

[=====================      36.2%                          ]

[=====================      36.5%                          ]

[=====================      37.1%                          ]

[=====================      37.8%                          ]

[======================    38.7%                          ]

[======================    38.9%                          ]

[=======================    39.9%                          ]

[=======================    40.9%                          ]

[========================  41.9%                          ]

[========================  42.6%                          ]

[=========================  43.5%                          ]

[=========================  44.5%                          ]

[========================== 45.5%                          ]

[========================== 46.5%                          ]

[===========================47.5%                          ]

[===========================48.5%                          ]

[===========================49.4%                          ]

[===========================50.4%                          ]

[===========================51.4%                          ]

[===========================52.4%                          ]

[===========================53.1%                          ]

[===========================53.3%                          ]

[===========================53.4%                          ]

[===========================53.5%                          ]

[===========================53.6%                          ]

[===========================53.7%                          ]

[===========================53.9%                          ]

[===========================54.0%                          ]

[===========================54.4%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.8%                          ]

[===========================54.9%                          ]

[===========================55.0%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.3%                          ]

[===========================55.5%                          ]

[===========================55.7%                          ]

[===========================56.0%                          ]

[===========================56.2%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.8%                          ]

[===========================57.8%=                        ]

[===========================58.8%==                        ]

[===========================59.8%==                        ]

[===========================62.3%====                      ]

[===========================84.9%=================        ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========


========= sfc /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-828868634-1776342754-2024844012-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-828868634-1776342754-2024844012-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-828868634-1776342754-2024844012-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-828868634-1776342754-2024844012-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-828868634-1776342754-2024844012-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-828868634-1776342754-2024844012-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-828868634-1776342754-2024844012-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-828868634-1776342754-2024844012-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43136659 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 582209525 B
Edge => 3391689 B
Chrome => 13591520 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 10734 B
NetworkService => 51177772 B
LocalAdmin => 101040533 B
D*** => 1512599016 B
VirusInstall => 1936024569 B
E*** => 2273041520 B

RecycleBin => 592910433 B
EmptyTemp: => 6.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:53:56 ====

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2021
Ran by E*** (administrator) on D***-RAZER (Razer Blade Stealth 13 (Early 2020) - RZ09-0310) (15-07-2021 00:12:52)
Running from C:\Users\E***\Desktop
Loaded Profiles: E***
Platform: Windows 10 Home Version 21H1 19043.1110 (X64) Language: German (Germany) -> English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_3bd4cd1d0a01f3b6\igfxCUIServiceN.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_3bd4cd1d0a01f3b6\igfxEMN.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_08f11cc9a4c9585a\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87079a2c2326a956\IntelCpHDCPSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\E***\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1082144 2020-04-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1668000 2021-06-09] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [97229056 2020-04-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288672 2021-05-21] (IDSA Production signing key 2021 -> Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Run: [Discord] => C:\Users\D***\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Run: [DeepL] => C:\Users\D***\AppData\Local\DeepL\app-2.2.0\DeepL.exe [199680 2021-03-21] (DeepL GmbH) [File not signed]
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-06-12] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\D***\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\D***\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\RunOnce: [Uninstall 21.109.0530.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\D***\AppData\Local\Microsoft\OneDrive\21.109.0530.0001"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3416352 2020-10-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-06-12] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Uninstall 20.114.0607.0002\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\amd64"
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\RunOnce: [Uninstall 20.114.0607.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VirusInstall\AppData\Local\Microsoft\OneDrive\20.114.0607.0002"
HKU\S-1-5-21-828868634-1776342754-2024844012-1004\...\Run: [com.squirrel.Teams.Teams] => C:\Users\E***\AppData\Local\Microsoft\Teams\Update.exe [2347880 2021-07-11] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-10] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {016EDF16-67CE-4D94-ACDF-2D07C81E8B32} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {01FB1424-D7C2-4688-AE3E-99833DA77D66} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {0D88FAB6-D36F-4F98-B433-DAEE27006796} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-30] (Google LLC -> Google LLC)
Task: {1850C163-2036-4F31-853D-56FABBC0C966} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {1FAA7787-591C-4CCD-839E-77F5B7E0E36B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {24FE5BD7-6DEB-4109-99C1-C957A9C876D4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {3E209F7D-DE6F-42C7-A7CD-0FF6A5AB7B58} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {43AEE51C-AB34-4F59-A090-4683811365E5} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {442D66FB-7146-4832-8394-D8ACF2FBD02B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {60AEC516-1C94-4445-BDE4-27039DD518EF} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4082288 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {64A77EA3-74E4-4C81-8653-113A92B97644} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {679B81F1-2336-4073-8061-0D730E8454B0} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {693B4466-FAE5-4E44-8CAA-7DF05A425C54} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {773E7CC1-C264-44B0-A9D3-08675BE9CABC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1537424 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {78A5D23D-83D9-4003-8205-196242FB26C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5311432 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {7DB462F2-88C4-48E5-AE86-EE3BD2C9EA69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {8A656790-1E0B-4D06-945E-EB43A7319403} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5311432 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D055061-61A3-4A53-AC30-3D0EB994BF87} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {9CD30F05-CA82-4E7E-AD0C-4ED35BC5F02A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A9204EFD-6E8B-4FDD-AAC6-9B2C09559E70} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9E20C9E-3F76-44AE-9403-0965DFC29EAF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BBA73790-734E-4977-B833-72266E10CAF8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF3B8DB0-E6BB-437A-9FB3-64484109E30C} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {D163A3AA-BFE5-4A93-9216-3A0571C818E8} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {D2D588F7-C02A-4DB9-96B8-DD3255B7906E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E01599FA-998A-478B-AB7E-B78456D1CFCA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EC22025A-83DB-48D6-9ABC-A186647331F3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F9F92B18-8390-4CFF-B5B4-5FC158BC9185} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-30] (Google LLC -> Google LLC)
Task: {FBCF36ED-E755-4BBA-994C-0AE23C9F4E49} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.1.32
Tcpip\..\Interfaces\{8ae694bc-6dd5-45f0-8343-148a4c77ea79}: [DhcpNameServer] 172.20.1.32

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\E***\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-14]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-06-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default [2021-07-14]
CHR Extension: (Präsentationen) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-30]
CHR Extension: (Docs) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-30]
CHR Extension: (Google Drive) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-11]
CHR Extension: (YouTube) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-30]
CHR Extension: (Adobe Acrobat) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-07-11]
CHR Extension: (Tabellen) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-11]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-11]
CHR Extension: (Google Mail) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\E***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AALSvc; C:\AlphaAntiLeak\AAL\bin\server\AALSvc.exe [11482488 2020-08-15] (Constantin Schreiber -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056656 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10723232 2021-06-12] (Logitech Inc -> Logitech, Inc.)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AALProtect; C:\AlphaAntiLeak\AAL\bin\server\AALProtect.sys [35984 2020-08-15] (OOO AMEKS -> )
R2 LGHUBTemperatureService; C:\Program Files\LGHUB\logi_core_temp.sys [22864 2021-06-12] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200 2021-03-18] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928 2021-03-18] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896 2021-03-18] (Logitech Inc -> Logitech)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [51992 2020-03-19] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0252; C:\Windows\System32\drivers\RzDev_0252.sys [51992 2020-03-19] (Razer USA Ltd. -> Razer Inc)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [425192 2021-07-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-14 23:49 - 2021-07-15 00:01 - 000023174 _____ C:\Users\E***\Desktop\Fixlog.txt
2021-07-14 22:09 - 2021-07-14 22:09 - 001328376 _____ C:\Windows\system32\FaceTrackerInternal.dll
2021-07-14 22:09 - 2021-07-14 22:09 - 001324032 _____ C:\Windows\system32\FaceProcessor.dll
2021-07-14 22:09 - 2021-07-14 22:09 - 000512864 _____ C:\Windows\system32\FaceProcessorCore.dll
2021-07-14 22:09 - 2021-07-14 22:09 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-14 22:09 - 2021-07-14 22:09 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-14 22:09 - 2021-07-14 22:09 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-14 22:09 - 2021-07-14 22:09 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-14 22:08 - 2021-07-14 22:08 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-14 22:08 - 2021-07-14 22:08 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-14 16:50 - 2021-07-14 23:48 - 000000000 ____D C:\Users\E***\Desktop\FRST-OlderVersion
2021-07-14 16:48 - 2021-07-14 17:00 - 000001522 _____ C:\Users\E***\Desktop\as_63E2.tmp.txt
2021-07-14 16:41 - 2021-07-14 16:45 - 000000000 ____D C:\ProgramData\RogueKiller
2021-07-14 16:40 - 2021-07-14 16:40 - 033517904 _____ C:\Users\E***\Desktop\RogueKiller_portable64.exe
2021-07-14 16:34 - 2021-07-14 16:34 - 000002031 _____ C:\Users\E***\Desktop\AdwCleaner[C00].txt
2021-07-14 16:30 - 2021-07-14 16:34 - 000000000 ____D C:\AdwCleaner
2021-07-14 16:29 - 2021-07-14 16:29 - 008553680 _____ (Malwarebytes) C:\Users\E***\Desktop\adwcleaner_8.3.0.exe
2021-07-11 21:16 - 2021-07-11 21:16 - 000001227 _____ C:\Users\E***\Desktop\mbamlog.txt
2021-07-11 21:12 - 2021-07-11 21:12 - 000000000 ____D C:\Users\E***\AppData\Local\mbam
2021-07-11 16:59 - 2021-07-14 23:54 - 098566144 _____ C:\Windows\system32\config\SOFTWARE
2021-07-11 16:56 - 2021-07-11 16:59 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-07-11 16:11 - 2021-07-11 16:22 - 000055332 _____ C:\Users\E***\Desktop\Shortcut.txt
2021-07-11 16:10 - 2021-07-14 16:57 - 000040177 _____ C:\Users\E***\Desktop\Addition.txt
2021-07-11 16:09 - 2021-07-15 00:13 - 000022745 _____ C:\Users\E***\Desktop\FRST.txt
2021-07-11 16:09 - 2021-07-15 00:13 - 000000000 ____D C:\FRST
2021-07-11 16:06 - 2021-07-14 23:48 - 002300416 _____ (Farbar) C:\Users\E***\Desktop\FRST64.exe
2021-07-11 13:40 - 2021-07-11 13:40 - 000000000 ____D C:\Windows\system32\lxss
2021-07-11 13:35 - 2021-07-11 13:35 - 000000000 ____D C:\Users\E***\AppData\Local\Deployment
2021-07-11 13:35 - 2021-07-11 13:35 - 000000000 ____D C:\Users\E***\AppData\Local\Apps\2.0
2021-07-11 13:35 - 2021-07-11 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2021-07-11 13:35 - 2021-06-22 03:25 - 001858680 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001858680 _____ C:\Windows\system32\vulkaninfo.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001474336 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-07-11 13:35 - 2021-06-22 03:25 - 001212192 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 001097832 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 001097832 _____ C:\Windows\system32\vulkan-1.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 000951912 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-07-11 13:35 - 2021-06-22 03:25 - 000951912 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 001519384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 001170224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000715568 _____ C:\Windows\system32\nvofapi64.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000675088 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000641328 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000575792 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-07-11 13:35 - 2021-06-22 03:21 - 000563992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 002111264 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 001594656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 000917280 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 000748832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-07-11 13:35 - 2021-06-22 03:20 - 000704792 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-07-11 13:35 - 2021-06-22 03:19 - 008852760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 007918872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 004986648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 002924304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-07-11 13:35 - 2021-06-22 03:19 - 000446744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-07-11 13:35 - 2021-06-22 03:18 - 000848672 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-07-11 13:35 - 2021-06-22 03:17 - 006215312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-07-11 13:35 - 2021-06-21 10:43 - 000082968 _____ C:\Windows\system32\nvinfo.pb
2021-07-11 13:34 - 2021-07-11 13:34 - 000000000 ____D C:\Program Files\Logitech
2021-07-11 13:24 - 2021-06-21 10:43 - 000078192 _____ C:\Windows\system32\FvSDK_x64.dll
2021-07-11 13:24 - 2021-06-21 10:43 - 000067952 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2021-07-11 13:24 - 2021-06-03 15:56 - 000043408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2021-07-11 13:22 - 2021-07-11 13:22 - 000002359 _____ C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-07-11 13:22 - 2021-07-11 13:22 - 000002351 _____ C:\Users\E***\Desktop\Microsoft Teams.lnk
2021-07-11 13:22 - 2021-07-11 13:22 - 000002348 _____ C:\Users\E***\Desktop\Microsoft Edge.lnk
2021-07-11 13:22 - 2021-07-11 13:22 - 000000000 ____D C:\Users\E***\AppData\Roaming\Microsoft Teams
2021-07-11 13:22 - 2021-07-11 13:22 - 000000000 ____D C:\Users\E***\AppData\Roaming\Logishrd
2021-07-11 13:22 - 2021-07-11 13:22 - 000000000 ____D C:\Users\E***\AppData\Local\SquirrelTemp
2021-07-10 16:09 - 2020-03-19 03:34 - 000051992 _____ (Razer Inc) C:\Windows\system32\Drivers\RzCommon.sys
2021-07-10 15:25 - 2021-07-10 15:25 - 000001426 _____ C:\Windows\system32\default_error_stack-000003-000000.txt
2021-07-10 15:12 - 2021-07-10 15:12 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-07-10 15:12 - 2021-07-10 15:12 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-07-10 15:12 - 2021-07-10 15:12 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-07-10 15:12 - 2021-07-10 15:12 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-07-10 15:12 - 2021-07-10 15:12 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-07-10 15:12 - 2021-07-10 15:12 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-07-10 15:12 - 2021-07-10 15:12 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-06-30 22:56 - 2021-06-30 22:56 - 000000000 ____D C:\Users\D***\AppData\Roaming\com.moonsworth.client.javafx.MicrosoftAuthApp
2021-06-28 21:30 - 2021-06-28 21:30 - 000000000 ____D C:\Users\D***\AppData\Local\paint.net
2021-06-28 21:29 - 2021-06-28 21:29 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2021-06-28 21:29 - 2021-06-28 21:29 - 000001052 _____ C:\Users\Public\Desktop\paint.net.lnk
2021-06-28 21:29 - 2021-06-28 21:29 - 000000000 ____D C:\Users\VirusInstall\AppData\Local\paint.net
2021-06-28 21:29 - 2021-06-28 21:29 - 000000000 ____D C:\Program Files\paint.net
2021-06-20 16:34 - 2021-06-20 16:34 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2021-06-20 16:34 - 2021-06-20 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-06-20 16:34 - 2021-06-20 16:34 - 000000000 ____D C:\Program Files\LGHUB

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-15 00:11 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-14 23:58 - 2020-07-29 13:36 - 001632196 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-14 23:58 - 2019-12-07 16:50 - 000706524 _____ C:\Windows\system32\perfh007.dat
2021-07-14 23:58 - 2019-12-07 16:50 - 000142542 _____ C:\Windows\system32\perfc007.dat
2021-07-14 23:58 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-07-14 23:57 - 2020-07-29 23:54 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-14 23:55 - 2020-07-30 01:03 - 000000000 __SHD C:\Users\E***\IntelGraphicsProfiles
2021-07-14 23:54 - 2020-07-29 23:24 - 000000000 ____D C:\Intel
2021-07-14 23:54 - 2020-07-29 13:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-14 23:54 - 2020-07-29 13:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-14 23:54 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-14 23:54 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-07-14 23:54 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2021-07-14 23:54 - 2019-12-07 11:03 - 001572864 _____ C:\Windows\system32\config\BBI
2021-07-14 23:53 - 2020-08-28 11:42 - 000000000 ____D C:\Users\D***\AppData\LocalLow\Temp
2021-07-14 23:52 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-14 23:44 - 2020-07-29 13:30 - 000439216 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-14 23:43 - 2020-07-29 13:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-14 23:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-07-14 23:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-07-14 23:43 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-14 22:14 - 2020-07-30 02:49 - 000000000 ____D C:\Users\E***\AppData\Local\ElevatedDiagnostics
2021-07-14 22:09 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-14 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-14 22:06 - 2020-07-29 23:24 - 000000000 ____D C:\Windows\system32\MRT
2021-07-14 22:04 - 2020-07-30 01:11 - 000000000 ____D C:\Users\E***\AppData\Local\PlaceholderTileLogoFolder
2021-07-14 22:04 - 2020-07-29 23:24 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-14 16:40 - 2020-07-30 09:48 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-07-14 16:38 - 2020-07-30 01:03 - 000000000 ____D C:\Users\E***\AppData\Local\Packages
2021-07-14 16:31 - 2020-07-30 09:48 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-11 21:17 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-07-11 21:12 - 2020-07-30 10:56 - 000000000 ____D C:\Users\E***\AppData\Local\NVIDIA Corporation
2021-07-11 16:01 - 2020-07-30 10:56 - 000000000 ____D C:\Users\E***\AppData\Local\NVIDIA
2021-07-11 15:55 - 2020-12-13 13:16 - 000000000 ____D C:\Users\D***\AppData\Roaming\LGHUB
2021-07-11 13:43 - 2020-07-30 10:56 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-11 13:43 - 2020-07-30 10:56 - 000001403 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2021-07-11 13:43 - 2020-07-30 10:54 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-07-11 13:43 - 2020-07-30 03:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-07-11 13:43 - 2020-07-29 23:22 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-07-11 13:40 - 2020-07-30 03:40 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2021-07-11 13:23 - 2020-07-30 01:10 - 000003368 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-828868634-1776342754-2024844012-1004
2021-07-11 13:23 - 2020-07-30 01:10 - 000000000 ___RD C:\Users\E***\OneDrive
2021-07-11 13:23 - 2020-07-30 01:03 - 000002360 _____ C:\Users\E***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-11 13:22 - 2020-11-22 00:32 - 000000000 ____D C:\Program Files (x86)\Razer
2021-07-11 13:22 - 2020-07-29 23:59 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-11 13:22 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-11 13:17 - 2020-07-30 23:23 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-828868634-1776342754-2024844012-1002
2021-07-11 13:17 - 2020-07-30 23:23 - 000000000 ___RD C:\Users\D***\OneDrive
2021-07-11 13:17 - 2020-07-30 23:21 - 000002395 _____ C:\Users\D***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-11 13:14 - 2020-12-13 13:16 - 000000000 ____D C:\Users\D***\AppData\Local\LGHUB
2021-07-10 16:41 - 2020-07-30 23:21 - 000000000 __SHD C:\Users\D***\IntelGraphicsProfiles
2021-07-10 16:27 - 2020-08-29 13:58 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-10 16:20 - 2020-08-02 16:32 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-10 16:11 - 2020-08-29 13:58 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-10 16:11 - 2020-08-29 13:58 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-10 16:11 - 2020-07-30 09:39 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-10 16:11 - 2020-07-30 09:39 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-07-10 15:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-07-10 14:32 - 2020-07-29 13:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-10 14:30 - 2020-07-30 23:21 - 000000000 ____D C:\Users\D***\AppData\Local\Packages
2021-07-10 14:30 - 2020-07-30 23:21 - 000000000 ____D C:\Users\D***
2021-07-01 15:06 - 2020-08-15 00:14 - 000000000 ____D C:\Users\D***\AppData\Roaming\lunarclient
2021-07-01 15:06 - 2020-08-14 23:42 - 000000000 ____D C:\Users\D***\AppData\Roaming\.minecraft
2021-06-30 22:55 - 2020-08-14 23:15 - 000002227 _____ C:\Users\D***\Desktop\Discord.lnk
2021-06-30 22:55 - 2020-08-14 23:15 - 000000000 ____D C:\Users\D***\AppData\Roaming\discord
2021-06-30 22:55 - 2020-08-14 23:15 - 000000000 ____D C:\Users\D***\AppData\Local\Discord
2021-06-28 22:53 - 2021-02-13 23:36 - 000000000 ____D C:\Users\D***\Desktop\Sonstiges
2021-06-24 13:30 - 2021-01-24 19:14 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-22 03:17 - 2020-07-30 03:56 - 007279232 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 002838384 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 002186608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 001293680 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 000168304 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 000144240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2021-06-21 10:43 - 2020-07-30 10:56 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2021-06-20 16:34 - 2020-12-13 12:38 - 000000000 ____D C:\ProgramData\LGHUB
2021-06-17 08:24 - 2021-02-18 20:17 - 000000000 ____D C:\Users\D***\.lunarclient

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---



[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by E*** (15-07-2021 00:14:58)
Running from C:\Users\E***\Desktop
Windows 10 Home Version 21H1 19043.1110 (X64) (2020-07-29 11:31:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-828868634-1776342754-2024844012-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-828868634-1776342754-2024844012-503 - Limited - Disabled)
D*** (S-1-5-21-828868634-1776342754-2024844012-1002 - Limited - Enabled) => C:\Users\D***
E*** (S-1-5-21-828868634-1776342754-2024844012-1004 - Administrator - Enabled) => C:\Users\E***
Gast (S-1-5-21-828868634-1776342754-2024844012-501 - Limited - Disabled)
LocalAdmin (S-1-5-21-828868634-1776342754-2024844012-1001 - Administrator - Enabled) => C:\Users\LocalAdmin
VirusInstall (S-1-5-21-828868634-1776342754-2024844012-1003 - Administrator - Enabled) => C:\Users\VirusInstall
WDAGUtilityAccount (S-1-5-21-828868634-1776342754-2024844012-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.005.20058 - Adobe Systems Incorporated)
DeepL (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\DeepL) (Version: 2.2.0 - DeepL GmbH)
Discord (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Documentation Manager (HKLM\...\{D3342FE3-FE64-42C6-81A6-4F5F9BCFC4A9}) (Version: 22.50.1.1 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{C38DE4F8-DF58-4B5D-9D4C-1F68773A2AE2}) (Version: 21.3.21.5 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{50883721-017E-40C5-9B65-F11F20DE8B45}) (Version: 2.4.07630 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{8a13c1a0-15ca-4939-92ea-9a745169ba28}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000050-0220-1031-84C8-B8D95FA3C8C3}) (Version: 22.50.0.4 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{9360c8cc-b617-469a-bb35-829c13e21d97}) (Version: 21.3.21.5 - Intel)
Intel® Software Installer (HKLM-x32\...\{374c80b9-aad6-42d0-82d7-21cd45f9b5eb}) (Version: 22.50.1.1 - Intel Corporation) Hidden
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.6.4851 - Logitech)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.54.161 - Logitech)
Lunar Client (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.7.3 - Moonsworth, LLC)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.14131.20278 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1003\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-828868634-1776342754-2024844012-1004\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\Teams) (Version: 1.4.00.11161 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-828868634-1776342754-2024844012-1004\...\Teams) (Version: 1.3.00.9267 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.34 - Razer Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.9267 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Zoom (HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\ZoomUMX) (Version: 5.6.0 (589) - Zoom Video Communications, Inc.)

Packages:
=========
Dolby Atmos -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmos_3.20500.501.0_x64__rz1tebttyb220 [2020-07-29] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-07-11] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-11] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-11] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2021-07-14] (Realtek Semiconductor Corp)
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.32.0_x64__8j3eq9eme6ctt [2021-07-11] (INTEL CORP)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-828868634-1776342754-2024844012-1004_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\E***\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-828868634-1776342754-2024844012-1004_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel)
CustomCLSID: HKU\S-1-5-21-828868634-1776342754-2024844012-1004_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\E***\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvrzi.inf_amd64_a61ecbb7f12b90fe\nvshext.dll [2021-06-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-04-22 08:31 - 2021-04-22 08:31 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2020-08-15 13:24 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-05-21 08:12 - 2021-05-21 08:12 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2021-05-12 20:07 - 2021-05-12 20:07 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\sharepoint.com -> hxxps://myhkv-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2021-07-14 23:53 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1      localhost

2020-07-30 03:49 - 2020-07-30 03:49 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-828868634-1776342754-2024844012-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\Control Panel\Desktop\\Wallpaper -> c:\users\d***\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\firewatch-wallpaper.jpg
HKU\S-1-5-21-828868634-1776342754-2024844012-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-828868634-1776342754-2024844012-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 172.20.1.32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\StartupApproved\Run: => "DeepL"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-828868634-1776342754-2024844012-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{26EE5E1A-BC6B-40C3-8CED-49058A73B6B5}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{69C410F5-932E-4F14-BD16-89CFC4794371}C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe] => (Block) C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe (Logitech Inc -> Logitech, Inc.)

==================== Restore Points =========================

11-07-2021 14:33:51 Scheduled Checkpoint
14-07-2021 22:06:06 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/14/2021 11:59:36 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: D***-RAZER)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/14/2021 11:49:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
  Executing Asynchronous Operation

Context:
  Current State: DoSnapshotSet

Error: (07/14/2021 11:49:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MsQuic.

System Error:
Das Ressourcenladeprogramm konnte die MUI-Datei nicht finden.
.

Error: (07/14/2021 11:49:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Zugriff verweigert
.
This is often caused by incorrect security settings in either the writer or requestor process.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {2fc4ac84-849d-42a1-a90d-c77a87ad04ad}

Error: (07/14/2021 11:48:31 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: D***-RAZER)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/14/2021 11:43:04 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (07/14/2021 10:08:02 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: D***-RAZER)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/14/2021 10:06:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MsQuic.

System Error:
Das Ressourcenladeprogramm konnte die MUI-Datei nicht finden.
.


System errors:
=============
Error: (07/14/2021 11:54:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (07/14/2021 11:54:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (07/14/2021 11:54:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (07/14/2021 11:49:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/14/2021 11:49:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/14/2021 11:49:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Driver & Support Assistant Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/14/2021 11:49:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/14/2021 11:49:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Thunderbolt(TM) Application Launcher service terminated unexpectedly.  It has done this 1 time(s).


Windows Defender:
================
Date: 2021-07-14 22:14:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-11 16:33:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-10 16:39:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-27 15:56:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-06-24 13:57:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-10 14:32:24
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.343.745.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18300.4
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-06-30 22:48:53
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1630.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2021-06-30 22:48:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.128.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-30 22:48:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.128.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-06-30 22:48:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: Razer 1.01 03/20/2020
Motherboard: Razer LY325
Processor: Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz
Percentage of memory in use: 26%
Total physical RAM: 16122.35 MB
Available physical RAM: 11929.38 MB
Total Virtual: 20474.35 MB
Available Virtual: 14950.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.32 GB) (Free:282.14 GB) NTFS

\\?\Volume{ffb887a0-41e1-4378-985d-24e587c32e89}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{3334390f-d991-4a4b-b0a2-102b0d25ba51}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================
--- --- ---


Vor dem Fixen ist noch Windows Update durchgelaufen und hat das grosse Paket KB5004237 installiert (plus Kleinkram).
Nach dem Reboot nach dem Fixen ist noch eine Firewall-Warnung gekommen:
https://i.ibb.co/1bW2C1n/fw-alert.png
(falls der Image-Link nicht mehr funktioniert: C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe möchte eine Verbindung)
Ich habs mal nicht erlaubt, obwohl das wohl eine legitime Software von Logitech ist, vermutlich ein Maustreiber für die RGB-Steuerung der Gaming-Maus oder sowas. Aber in ProgramData??? Kann man ja immer noch erlauben, falls nötig.

Ich nehme an, das CBS.log brauchst du nicht. Steht eh nichts wichtiges drin ausser ein paar doppelten Berechtigungen die korrigiert wurden.

Aber nochmal zurück zur Eingangs-Frage: Wo sehe ich die Defender-Logs? Insbesondere wenn das mit dem "1 Fund" nach dem Scannen wieder auftreten sollte, wo müsste ich dann sehen was es war?

M-K-D-B 15.07.2021 11:21
Beschädigte Dateien wurden repariert:
Windows Resource Protection found corrupt files and successfully repaired them.


Zitat:
Ich nehme an, das CBS.log brauchst du nicht. Steht eh nichts wichtiges drin ausser ein paar doppelten Berechtigungen die korrigiert wurden.
Richtig, brauche ich nicht. ;)





Zitat:
(falls der Image-Link nicht mehr funktioniert: C:\programdata\logishrd\logioptions\software\current\logioptionsmgr.exe möchte eine Verbindung)
Ich habs mal nicht erlaubt, obwohl das wohl eine legitime Software von Logitech ist, vermutlich ein Maustreiber für die RGB-Steuerung der Gaming-Maus oder sowas. Aber in ProgramData??? Kann man ja immer noch erlauben, falls nötig.
Die Windows-Firewall wurde zurückgesetzt, daher die Meldung.
Sie ist legitim und kann zugelassen werden. :)





Zitat:
Aber nochmal zurück zur Eingangs-Frage: Wo sehe ich die Defender-Logs? Insbesondere wenn das mit dem "1 Fund" nach dem Scannen wieder auftreten sollte, wo müsste ich dann sehen was es war?
Ereignisanzeige
oder
Start > Einstellungen > Update und Sicherheit > Windows-Sicherheit
oder
Powershell-befehl: Get-MpThreat
oder
Addition.txt von FRST, aber da steht nichts drinnen. :D






Schritt 1
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    DeleteQuarantine:
    Unlock: C:\FRST
    Reboot:
    End::
  • Starte nun FRST und klicke direkt den Reparieren Button.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.








Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc


Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:

Lesestoff:
Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners




Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:
Vielleicht möchtest du das Forum mit einer kleinen Spende https://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:


Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

e4ch 16.07.2021 00:27
Zitat:
Zitat von M-K-D-B (Beitrag 1755126)
Die Windows-Firewall wurde zurückgesetzt, daher die Meldung.
Sie ist legitim und kann zugelassen werden. :)
Ah, das hatte ich irgendwie verpasst.
Code:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
War wohl das hier. Ich habe das nochmal ausgeführt (einfach im Cmd, rebooted und dann die Firewall-Frage mit Ja beantwortet. Nicht dass dann seine Maus nicht funktioniert oder sowas.)

Dies wäre noch die Fixlog Datei:
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by E*** (16-07-2021 01:04:40) Run:2
Running from C:\Users\E***\Desktop
Loaded Profiles: E***
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteQuarantine:
Unlock: C:\FRST
Reboot:

*****************

"C:\FRST\Quarantine" => removed successfully
"C:\FRST" => was unlocked


The system needed a reboot.

==== End of Fixlog 01:04:40 ====

Zitat:
Zitat von M-K-D-B (Beitrag 1755126)
Ereignisanzeige
oder
Start > Einstellungen > Update und Sicherheit > Windows-Sicherheit
oder
Powershell-befehl: Get-MpThreat
oder
Addition.txt von FRST, aber da steht nichts drinnen. :D
Ja, dies hat mich eben auch verunsichert. Wie kann es anzeigen, dass es einen Fund gab, aber dann nichts im Log ist?

Zitat:
Zitat von M-K-D-B (Beitrag 1755126)
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
Also im Moment scheint zumindest alles ok zu sein. Wie soll ich vorgehen, wenn plötzlich wieder Funde angezeigt werden, aber nichts im Log ist? Neues Thema erstellen oder hier wieder antworten und dich anpingen?

M-K-D-B 16.07.2021 10:53
Zitat:
Zitat von e4ch (Beitrag 1755152)
Wie kann es anzeigen, dass es einen Fund gab, aber dann nichts im Log ist?
Das ist auch etwas, das ich nicht verstehe.
Theoretisch wäre es noch möglich, dass man als Benutzer diese Logs löscht/leert, aber das ist hier ja wohl nicht der Fall.



Zitat:
Zitat von e4ch (Beitrag 1755152)
Also im Moment scheint zumindest alles ok zu sein. Wie soll ich vorgehen, wenn plötzlich wieder Funde angezeigt werden, aber nichts im Log ist? Neues Thema erstellen oder hier wieder antworten und dich anpingen?
Bitte ein neues Thema eröffnen, dieses Thema hier wird geschlossen. :)





Wir sind froh, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131