Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR Bagle zip erkannt aber kann nicht entfernt werden (https://www.trojaner-board.de/202634-tr-bagle-zip-erkannt-entfernt.html)

Caddy010 22.09.2021 15:15
Hier die neue FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2021
Ran by sarah (administrator) on DESKTOP-GFVHT56 (Megaport 47-164630) (22-09-2021 16:12:08)
Running from C:\Users\sarah\Downloads
Loaded Profiles: sarah
Platform: Windows 10 Home Version 20H2 19042.1237 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\sarah\Downloads\adwcleaner_8.3.0.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353408 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-07-01] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33336800 2021-09-16] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Discord] => C:\Users\sarah\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Substance Launcher] => C:\Program Files\Allegorithmic\Substance Launcher\Substance Launcher.exe [93987576 2021-06-23] (Allegorithmic, SAS -> Allegorithmic an Adobe Company)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [GogGalaxy] => D:\Programms\GOG Galaxy\GalaxyClient.exe [13728096 2021-08-19] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [TabletDriver] => D:\Huion Tablet\x64\TabletDriverCore.exe [334568 2020-12-16] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Battle.net] => D:\Programms\Games\Battle.net\Battle.net.exe [1079184 2021-09-09] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Run: [Steam] => D:\Programms\Games\steam\steam.exe [4282600 2021-09-17] (Valve -> Valve Corporation)
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\MountPoints2: {b5fb518b-caab-11eb-9793-18c04daad6b9} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\MountPoints2: {b6c40de3-ba4b-11eb-978e-18c04daad6b9} - "E:\HiSuiteDownLoader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Huion Tablet.lnk [2021-05-04]
ShortcutTarget: Huion Tablet.lnk -> D:\Huion Tablet\Huion Tablet.exe (Shenzhen Huion Animation Technology Co.,LTD -> )
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EEEC142-4626-4568-958C-2CFAF147F40D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {29C72D8D-61B3-43CF-AB25-36DB159018EF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {341B91ED-C627-4A6C-B36A-1C124A0E6ADE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {566AD36F-A6A3-45FE-AF08-76765C3E66FA} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {5FF2588F-1A6B-43E9-B8EB-DE8B30E9D80D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {624C1D9A-554E-4E7D-A71D-7232CEA10AC2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139096 2021-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FBB1B56-1B01-4B58-B17C-B3E74CEB9D08} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7094EAA4-0DFB-4320-82DB-511F5623B775} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139096 2021-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {850202D7-C3EB-47C6-8A65-5415CE5B5819} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D43F512-873D-4B60-890E-D3D7DACE041C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EE7DC68-31AB-4D4B-A4D6-24797B22794C} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8FDEE456-E745-4BD7-B6C8-8AD826DE3D1E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D9D96BC-329A-4BF9-B24B-8605733ABD73} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A2724F55-D9FE-4150-B332-92A7F67C6CAC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AA8E0250-CD29-4B58-86A8-43E0C6EACAE2} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EA6A7D2F-62FA-4414-B5EB-FF626D3A281A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F02B39E4-0482-4FB4-8230-C3B8D231D6A1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {FBB00AF4-5599-469C-9862-382369B8F4E2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FDAC7C92-64EB-4BA1-8E21-35E1216B3042} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {FF6F22BD-2BCD-400F-893A-F768B1BFDF44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{946c339f-f40f-4ade-9ea6-c3c0a3209da2}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a1264e5e-f4a3-4903-a297-d320d1050b28}: [DhcpNameServer] 192.168.120.250
Tcpip\..\Interfaces\{d1256d2c-c313-4b1f-9a9c-a0b46ef245b7}: [DhcpNameServer] 192.168.120.250
Tcpip\..\Interfaces\{fc0f2e7e-eb78-46d6-ac89-363fbb9f20b0}: [DhcpNameServer] 192.168.120.250

Edge:
=======
Edge Profile: C:\Users\sarah\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-22]

FireFox:
========
FF DefaultProfile: zeomf0jg.default
FF ProfilePath: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\zeomf0jg.default [2021-09-22]
FF ProfilePath: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\amz58sr2.default-release [2021-09-22]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-07-01] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-07-01] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default [2021-09-22]
CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.lieferando.de; hxxps://www.pinterest.de
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Präsentationen) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-30]
CHR Extension: (Docs) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-30]
CHR Extension: (Google Drive) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-30]
CHR Extension: (YouTube) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-30]
CHR Extension: (Cookie Watch) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmogeohlpljgihhbafbnincahfmafbfn [2021-05-16]
CHR Extension: (Tabellen) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-30]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-09-21]
CHR Extension: (Total Adblock - Ad Blocker) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekdekpbfehejjiecgonmgmepbdnaggp [2021-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-29]
CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-09-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-30]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-09-19]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2021-06-24]
CHR Extension: (Google Mail) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-30]
CHR Extension: (Avast AntiTrack Premium) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdidpcihajhihmghhhkfnpklgdehold [2021-09-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-07-01] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
S2 CoreScanner; C:\Program Files\Zebra Technologies\Barcode Scanners\Common\CoreScanner.exe [690688 2019-09-19] (Zebra Technologies) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2021-05-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [595944 2021-08-14] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 GalaxyClientService; D:\Programms\GOG Galaxy\GalaxyClientService.exe [1955680 2021-08-19] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-18] (GOG Sp. z o.o. -> GOG.com)
S2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2020-12-05] (Huawei Technologies Co., Ltd. -> )
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-09-22] (McAfee, LLC -> McAfee, LLC)
S2 rsmdriverproviderservice; C:\Program Files\Zebra Technologies\Barcode Scanners\Common\RSMDriverProviderService.exe [136192 2019-09-23] (Zebra Technologies) [File not signed]
S2 ScnSrvc; C:\Program Files\Zebra Technologies\Barcode Scanners\Common\ScannerService.exe [288256 2019-09-19] (Zebra Technologies) [File not signed]
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10301672 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18944 2020-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2021-04-21] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2020-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 MpKsl817c6131; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAB2AEBA-D53B-4564-809D-2A7D548D2088}\MpKslDrv.sys [130296 2021-09-22] (Microsoft Windows -> Microsoft Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6438816 2021-04-27] (Riot Games, Inc. -> Riot Games, Inc.)
R3 vmulti; C:\Windows\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2021-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [433384 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-22 13:55 - 2021-09-22 13:58 - 000000000 ____D C:\AdwCleaner
2021-09-22 13:55 - 2021-09-22 13:55 - 008553680 _____ (Malwarebytes) C:\Users\sarah\Downloads\adwcleaner_8.3.0.exe
2021-09-22 13:55 - 2021-09-22 13:55 - 008553680 _____ (Malwarebytes) C:\Users\sarah\Downloads\adwcleaner_8.3.0(1).exe
2021-09-22 10:36 - 2021-09-22 14:44 - 000000000 ____D C:\Users\sarah\AppData\LocalLow\Mozilla
2021-09-22 10:36 - 2021-09-22 10:36 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-22 10:36 - 2021-09-22 10:36 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-09-22 10:36 - 2021-09-22 10:36 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-09-22 10:36 - 2021-09-22 10:36 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Mozilla
2021-09-22 10:36 - 2021-09-22 10:36 - 000000000 ____D C:\Users\sarah\AppData\Local\Mozilla
2021-09-22 10:36 - 2021-09-22 10:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-22 10:35 - 2021-09-22 14:45 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-22 10:35 - 2021-09-22 10:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-22 10:35 - 2021-09-22 10:35 - 000333064 _____ (Mozilla) C:\Users\sarah\Downloads\Firefox Installer.exe
2021-09-22 01:29 - 2021-09-22 01:29 - 000018837 _____ C:\Users\sarah\Downloads\Shortcut.txt
2021-09-22 01:27 - 2021-09-22 01:29 - 000062336 _____ C:\Users\sarah\Downloads\Addition.txt
2021-09-22 01:25 - 2021-09-22 16:12 - 000021471 _____ C:\Users\sarah\Downloads\FRST.txt
2021-09-22 01:24 - 2021-09-22 16:12 - 000000000 ____D C:\FRST
2021-09-22 01:23 - 2021-09-22 01:23 - 002304512 _____ (Farbar) C:\Users\sarah\Downloads\FRST64.exe
2021-09-21 22:06 - 2021-09-21 22:06 - 000000000 ____D C:\Users\sarah\OneDrive\Documents\TotalAV
2021-09-21 22:03 - 2021-09-21 22:03 - 000000000 ____D C:\Users\sarah\AppData\Local\GUI
2021-09-21 21:35 - 2021-09-22 10:41 - 000000000 ____D C:\Program Files\McAfee
2021-09-21 21:28 - 2021-09-22 10:42 - 000000000 ____D C:\ProgramData\McAfee
2021-09-21 21:28 - 2021-09-21 21:28 - 000000000 _____ C:\Users\sarah\AppData\Roaming\MCVi2UserDetail.ini
2021-09-20 14:53 - 2021-09-20 14:56 - 000000000 ___HD C:\adobeTemp
2021-09-19 16:03 - 2021-09-19 16:03 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-09-19 16:03 - 2021-09-19 16:03 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-09-19 16:03 - 2021-09-19 16:03 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-09-19 16:03 - 2021-09-19 16:03 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-19 16:03 - 2021-09-19 16:03 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-19 16:03 - 2021-09-19 16:03 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-09-19 16:03 - 2021-09-19 16:03 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-09-19 16:03 - 2021-09-19 16:03 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-09-19 16:03 - 2021-09-19 16:03 - 000426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-09-19 16:03 - 2021-09-19 16:03 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-09-19 16:03 - 2021-09-19 16:03 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-09-19 16:03 - 2021-09-19 16:03 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-19 16:03 - 2021-09-19 16:03 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2021-09-19 16:03 - 2021-09-19 16:03 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2021-09-19 16:03 - 2021-09-19 16:03 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-09-19 16:03 - 2021-09-19 16:03 - 000011355 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-09-19 15:56 - 2021-09-19 15:56 - 000000000 ___HD C:\$WinREAgent
2021-08-28 15:09 - 2021-08-28 15:09 - 000000266 _____ C:\Windows\system32\SettingsFile.xml

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-22 16:00 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-22 14:44 - 2021-04-30 17:32 - 000000000 ____D C:\ProgramData\NVIDIA
2021-09-22 13:58 - 2021-05-03 13:12 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Substance Launcher
2021-09-22 13:58 - 2021-04-30 22:29 - 000000000 ____D C:\Users\sarah\AppData\Roaming\discord
2021-09-22 13:54 - 2021-05-07 21:07 - 000000000 ____D C:\Users\sarah\AppData\Local\Battle.net
2021-09-22 13:45 - 2021-04-30 22:29 - 000000000 ____D C:\Users\sarah\AppData\Local\Discord
2021-09-22 13:30 - 2021-04-30 17:21 - 000000000 ____D C:\Users\sarah\AppData\Local\D3DSCache
2021-09-22 13:26 - 2020-11-19 09:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-22 10:52 - 2021-07-21 18:10 - 000741554 _____ C:\Windows\system32\perfh007.dat
2021-09-22 10:52 - 2021-07-21 18:10 - 000149804 _____ C:\Windows\system32\perfc007.dat
2021-09-22 10:52 - 2021-01-19 09:23 - 001722792 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-22 10:52 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-09-22 10:47 - 2021-05-03 15:31 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2021-09-22 10:45 - 2021-07-01 15:41 - 000000000 ___RD C:\Users\sarah\Creative Cloud Files
2021-09-22 10:45 - 2021-05-03 13:12 - 000000000 ____D C:\Users\sarah\AppData\Roaming\substancelinkopentcp
2021-09-22 10:45 - 2021-01-19 09:18 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-22 10:45 - 2020-11-19 09:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-22 10:44 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-09-22 10:44 - 2019-12-07 11:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-09-22 10:41 - 2021-01-19 09:25 - 000000185 _____ C:\Windows\system32\symbscnr.log.bak
2021-09-22 10:41 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-09-22 10:35 - 2021-04-30 17:26 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-21 23:33 - 2021-01-19 09:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-09-21 22:14 - 2021-06-03 11:15 - 000000000 ____D C:\Users\sarah\AppData\Local\CrashDumps
2021-09-21 21:38 - 2019-12-07 11:14 - 000000124 _____ C:\Windows\win.ini
2021-09-21 21:24 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-21 21:24 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-20 14:52 - 2021-04-30 17:22 - 000000000 ___RD C:\Users\sarah\OneDrive
2021-09-19 17:56 - 2020-11-19 09:30 - 000446160 _____ C:\Windows\system32\FNTCACHE.DAT
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2021-09-19 17:56 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-09-19 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-09-19 17:55 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2021-09-19 16:25 - 2021-06-01 11:51 - 000002371 _____ C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-09-19 16:05 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-09-19 16:02 - 2021-01-19 10:12 - 000000000 ____D C:\Program Files\Microsoft Office
2021-09-19 15:56 - 2021-01-19 09:22 - 000000000 ____D C:\Windows\system32\MRT
2021-09-19 15:54 - 2021-01-19 09:22 - 135637312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-18 11:36 - 2020-11-19 09:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-18 11:36 - 2020-11-19 09:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-16 16:35 - 2021-05-04 22:08 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-09-10 16:06 - 2021-04-30 17:22 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1447197201-901239501-998365885-1001
2021-09-10 16:06 - 2021-04-30 17:22 - 000002386 _____ C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-08 19:12 - 2020-11-19 09:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-09-08 13:33 - 2021-05-04 22:07 - 000000000 ____D C:\Program Files\Adobe
2021-08-31 12:30 - 2021-01-19 09:23 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-08-29 14:13 - 2021-05-02 23:45 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2021-09-21 21:28 - 2021-09-21 21:28 - 000000000 _____ () C:\Users\sarah\AppData\Roaming\MCVi2UserDetail.ini
2021-07-05 16:23 - 2021-07-05 16:38 - 000001456 _____ () C:\Users\sarah\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-07-03 18:57 - 2021-07-03 18:57 - 000000000 _____ () C:\Users\sarah\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---


und neue Addition:

[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2021
Ran by sarah (22-09-2021 16:13:20)
Running from C:\Users\sarah\Downloads
Windows 10 Home Version 20H2 19042.1237 (X64) (2021-04-27 17:14:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1447197201-901239501-998365885-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1447197201-901239501-998365885-503 - Limited - Disabled)
Guest (S-1-5-21-1447197201-901239501-998365885-501 - Limited - Disabled)
sarah (S-1-5-21-1447197201-901239501-998365885-1001 - Administrator - Enabled) => C:\Users\sarah
WDAGUtilityAccount (S-1-5-21-1447197201-901239501-998365885-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: BullGuard Antivirus (Disabled - Out of date) {0C5A09FB-657F-B94D-DF1B-BB843C6EE0E4}
FW: BullGuard Firewall (Enabled) {346188DE-2F10-B815-F444-12B1C2BDA79F}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.5.0.617 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Adobe Substance 3D Painter 7.2.0 (HKLM\...\{2a8bbb68-725b-477c-9194-60efc5ece348}_is1) (Version: 7.2.0 - Adobe)
Allegorithmic Substance Painter 7.1.0 (HKLM\...\{33C3E9E2-0675-4196-9019-28AB9C5E9BB0}_is1) (Version: 7.1.0 - Allegorithmic)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blender (HKLM\...\{D6E38255-FB12-4724-A6FF-075B43272C66}) (Version: 2.92.0 - Blender Foundation)
Discord (HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.500 - Huawei Technologies Co., Ltd.)
Huion Tablet v14.8.173.1510 (HKLM\...\{62047893-F186-48B8-83A5-1C74D8666D19}_is1) (Version: v14.8.173.1510 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\OneDriveSetup.exe) (Version: 21.160.0808.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Teams) (Version: 1.4.00.22976 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 92.0 (x64 de)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 92.0 - Mozilla)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0410-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0413-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Substance Launcher 1.7.0-beta.546 (HKLM\...\{8b9320fe-2b31-562a-9f54-9956b024276d}) (Version: 1.7.0-beta.546 - Allegorithmic an Adobe Company)
T16 Wired Gaming Mouse (HKLM-x32\...\{444BE55C-4B14-4DB8-9922-6846C1437677}_is1) (Version: 1.0.3 - )
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
VALORANT (HKU\S-1-5-21-1447197201-901239501-998365885-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.627 - McAfee, LLC)
Windows Driver Package - Zebra Technologies Inc. (WinUSB) WinUSB devices  (03/31/2018 1.0.0.6) (HKLM\...\45BED3BBD4732BEB270707C3769191B9C55708E6) (Version: 03/31/2018 1.0.0.6 - Zebra Technologies Inc.)
WinRAR 6.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
Zebra CoreScanner Driver (64bit) (HKLM\...\{7D4D3B5A-E53F-4B75-84BF-1977077AEA3D}) (Version: 3.04.0011 - Zebra Technologies) Hidden
Zebra CoreScanner Driver (64bit) (HKLM-x32\...\InstallShield_{7D4D3B5A-E53F-4B75-84BF-1977077AEA3D}) (Version: 3.04.0011 - Zebra Technologies)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-07-01] (Adobe Systems Incorporated)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne [2021-06-30] (File-New-Project) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10913.5785.0_x64__8wekyb3d8bbwe [2021-09-21] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-03] (NVIDIA Corp.)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.16.0_x64__8wekyb3d8bbwe [2021-06-30] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1447197201-901239501-998365885-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-62EEA2FEC753} -> [Creative Cloud Files] => C:\Users\sarah\Creative Cloud Files [2021-07-01 15:41]
CustomCLSID: HKU\S-1-5-21-1447197201-901239501-998365885-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\sarah\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21161.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1447197201-901239501-998365885-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1447197201-901239501-998365885-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [  AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programms\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programms\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\nvshext.dll [2021-07-13] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-08-26] (Adobe Inc. -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programms\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programms\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1447197201-901239501-998365885-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1447197201-901239501-998365885-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=NMTE
SearchScopes: HKLM -> DefaultScope {097C1C62-B6C5-4298-8AD7-15708B4D01E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
SearchScopes: HKLM -> {097C1C62-B6C5-4298-8AD7-15708B4D01E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
SearchScopes: HKLM-x32 -> DefaultScope {097C1C62-B6C5-4298-8AD7-15708B4D01E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
SearchScopes: HKLM-x32 -> {097C1C62-B6C5-4298-8AD7-15708B4D01E0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-09-22] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-09-22] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2021-09-22 10:44 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1447197201-901239501-998365885-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sarah\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Caddy2.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A9C71BA0-4605-4815-80F8-428FDB36D4F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2DFCD093-7C88-4AA9-9A6C-7FB24DBCC5AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{47A99C55-A590-4571-B476-217DA7AFA220}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{B23A7968-0A31-406E-8235-B46E9567CF52}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B615C8AE-33B1-4E80-95FD-C24103703EE8}C:\program files (x86)\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7D350F66-BDED-4284-A3B4-A950C8A23CB2}C:\program files (x86)\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files (x86)\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{2E827B5C-27AA-43CA-98DB-7F06789943B6}D:\programms\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\programms\ue_4.26\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [UDP Query User{9DBD7CFB-EEB3-4DE2-A205-84AFFEFC82E4}D:\programms\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\programms\ue_4.26\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [TCP Query User{CA7181C3-6FB0-4C8F-AE95-A36518A1EEB9}C:\program files\allegorithmic\substance painter\substance painter.exe] => (Allow) C:\program files\allegorithmic\substance painter\substance painter.exe (Allegorithmic, SAS -> Allegorithmic)
FirewallRules: [UDP Query User{CD21F23C-7D27-418D-BC4A-64D8A5F1C524}C:\program files\allegorithmic\substance painter\substance painter.exe] => (Allow) C:\program files\allegorithmic\substance painter\substance painter.exe (Allegorithmic, SAS -> Allegorithmic)
FirewallRules: [TCP Query User{0B6F4EAD-F7AA-476C-8130-B9FE924A7BF0}D:\programms\games\overwatch\_retail_\overwatch.exe] => (Block) D:\programms\games\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{E73905D1-A6C4-4342-BF75-E41EB3C643AD}D:\programms\games\overwatch\_retail_\overwatch.exe] => (Block) D:\programms\games\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{B198C2CA-354F-4BBB-A48A-0C7FF10A3D06}] => (Allow) D:\Programms\Games\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FD587E2F-472A-4EA6-860E-24BB753B8A2E}] => (Allow) D:\Programms\Games\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BDB9F46C-8621-4D9C-BAAA-9606014EB3F3}] => (Allow) D:\Programms\Games\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1030F194-695E-402D-9015-D0A8568727BD}] => (Allow) D:\Programms\Games\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{01BADA1E-AC1C-4F58-97A5-7CBBF6A68FF2}] => (Allow) D:\Programms\Games\steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{5B322A16-C384-47D5-B157-1FBF82C43056}] => (Allow) D:\Programms\Games\steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{E557D592-9ECF-438C-9866-85E5A298F486}] => (Allow) D:\Programms\Games\steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{B309D7C4-61E9-4447-9CD8-8B4BE9CEBF94}] => (Allow) D:\Programms\Games\steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{A8D29A2F-82B2-46B3-871C-05FF41C704AC}] => (Allow) D:\Programms\Games\steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{42075232-D103-467E-99D6-8AF34A97F948}] => (Allow) D:\Programms\Games\steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{44019CE0-8B9F-4652-BC89-ABB5EDAAB387}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{FC350A31-E9E2-4D50-A9E7-A457795C4524}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{512F1C2C-5B01-4737-8A2C-374AF6D8DF5C}D:\uni\2021\haw\game project\cooptest3\windowsnoeditor\projectdesert\binaries\win64\projectdesert.exe] => (Allow) D:\uni\2021\haw\game project\cooptest3\windowsnoeditor\projectdesert\binaries\win64\projectdesert.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{DFCDFC29-0333-42C6-961B-EA0F2D09AB7B}D:\uni\2021\haw\game project\cooptest3\windowsnoeditor\projectdesert\binaries\win64\projectdesert.exe] => (Allow) D:\uni\2021\haw\game project\cooptest3\windowsnoeditor\projectdesert\binaries\win64\projectdesert.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{5B6D43EA-C5D9-4E93-95C2-92CDB4A2E91C}] => (Allow) D:\Programms\Games\steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [{E5AD957E-EA2E-4D5E-A9C1-39DCD98073EB}] => (Allow) D:\Programms\Games\steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [{DC786520-8D90-425F-B707-0DF0BBE93E23}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{73CEC35F-B4E7-4C5A-ABF5-97CA7693DCE0}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{17A386E8-2F49-4659-8284-BB43CF2B8050}C:\users\sarah\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\sarah\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{E2032ADD-FC7D-496E-97A1-93EDD984E5A3}C:\users\sarah\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\sarah\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2695B30F-B8C6-4856-A7B6-274453060858}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C74B179D-474A-4C7B-8D70-90BCC8DAF547}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0632C357-C15E-470E-ABB8-426EE4F9EB4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{120A3F5E-3FF6-4D1D-8076-6D3F0CE5CFE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E4B43E5A-E6D5-48C4-8A83-7B22CE96C6D4}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{B1BDEE15-19A9-48AA-A61F-8A22E81C66AF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{7E4B0073-9A51-46EA-A169-B743949938E5}] => (Allow) D:\Programms\Games\steam\steamapps\common\Back4BloodBeta\Gobi\Binaries\Win64\Back4Blood.exe => No File
FirewallRules: [{3E9438B5-9841-43E4-B8E6-42E8A09FB6CC}] => (Allow) D:\Programms\Games\steam\steamapps\common\Back4BloodBeta\Gobi\Binaries\Win64\Back4Blood.exe => No File
FirewallRules: [{84680941-99FE-4A8F-98FB-03A20C8D0753}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CF472C9B-CE85-4BDF-9270-EA43145D169F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63707763-14DC-4B87-BCA7-498A42EDD47F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2660F595-99A7-43EC-B443-32B2FB6D0C5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{AB70655E-0F5D-495A-81E4-933072B1A59C}D:\programms\games\overwatch\_retail_\overwatch.exe] => (Allow) D:\programms\games\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{79C6C6A1-87E1-432A-8A18-8EE8ADBC0641}D:\programms\games\overwatch\_retail_\overwatch.exe] => (Allow) D:\programms\games\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{7F6A504E-16FA-43BB-A21A-EA185EB1F145}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F61F124F-E093-47EC-A4E9-ECE5EF7151F5}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{A2E411EE-F624-4BDA-AE10-5C4856C233A3}] => (Allow) D:\Programms\Games\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{4A9A1D60-3967-47C2-AA7C-3CA4EA56E4BE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{68D97838-7494-4FAA-9C0F-D0F18920F3CF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

19-09-2021 15:56:15 Windows Modules Installer
21-09-2021 23:32:52 Removed Samsung_MonSetup

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/22/2021 10:44:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: amsprotectedservice.exe, version: 15.0.1910.1603, time stamp: 0x5d9c5f72
Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0xef8beaeb
Exception code: 0xc0000005
Fault offset: 0x00044073
Faulting process id: 0x1174
Faulting application start time: 0x01d7af8dab1b882f
Faulting application path: C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 61d4a305-8b2c-4905-ab3c-389747db97fe
Faulting package full name:
Faulting package-relative application ID:

Error: (09/22/2021 06:36:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: amsprotectedservice.exe, version: 15.0.1910.1603, time stamp: 0x5d9c5f72
Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0xef8beaeb
Exception code: 0xc0000005
Fault offset: 0x00044073
Faulting process id: 0x6468
Faulting application start time: 0x01d7af2ff33e3293
Faulting application path: C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 83d8329d-15b6-4b9d-84e3-9c16fe1928b2
Faulting package full name:
Faulting package-relative application ID:

Error: (09/21/2021 11:30:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: amsprotectedservice.exe, version: 15.0.1910.1603, time stamp: 0x5d9c5f72
Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0xef8beaeb
Exception code: 0xc0000005
Fault offset: 0x00044073
Faulting process id: 0x117c
Faulting application start time: 0x01d7af25374f6aa3
Faulting application path: C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: d5469faf-c464-4f68-91da-675b036b6431
Faulting package full name:
Faulting package-relative application ID:

Error: (09/21/2021 09:44:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.14326.20388, time stamp: 0x613af544
Faulting module name: hxcomm.dll, version: 16.0.14326.20388, time stamp: 0x613af479
Exception code: 0x2329e89c
Fault offset: 0x00000000001e7b2c
Faulting process id: 0x1988
Faulting application start time: 0x01d7aee40ba5a710
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxTsr.exe
Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\hxcomm.dll
Report Id: 1483e737-d82a-4bfd-9d43-c53b6aa905b0
Faulting package full name: microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/19/2021 04:07:30 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on HDD (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/12/2021 05:01:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on HDD (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/05/2021 02:10:34 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on HDD (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/04/2021 10:00:44 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on HDD (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (09/22/2021 02:44:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (09/22/2021 02:44:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office-Klick-und-Los-Dienst service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/22/2021 02:44:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (09/22/2021 02:44:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee WebAdvisor service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (09/22/2021 01:58:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (09/22/2021 01:58:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/22/2021 01:58:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office-Klick-und-Los-Dienst service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/22/2021 01:58:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee WebAdvisor service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1 milliseconds: Restart the service.


Windows Defender:
================
Date: 2021-09-22 10:55:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-20 20:50:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-19 16:06:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-17 21:56:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-17 21:52:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-09-22 10:44:09
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-09-22 10:41:45
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSAgent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-09-22 10:29:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSAgent.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\MfeAV\AMSIExt_x86.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F52 12/09/2020
Motherboard: Gigabyte Technology Co., Ltd. B450 GAMING X
Processor: AMD Ryzen 7 2700 Eight-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 16330.86 MB
Available physical RAM: 11353.38 MB
Total Virtual: 33738.86 MB
Available Virtual: 25903.32 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.14 GB) (Free:304.38 GB) NTFS
Drive d: (HDD) (Fixed) (Total:931.5 GB) (Free:665.94 GB) NTFS

\\?\Volume{7d434eaf-5836-4230-a1f0-55d3899f9e01}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.32 GB) NTFS
\\?\Volume{278a5f48-c34d-4485-9abd-556f5e4223ac}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 447.1 GB) (Disk ID: 5485529C)

Partition: GPT.

==================== End of Addition.txt =======================
--- --- ---

cosinus 22.09.2021 15:17
Zitat:
WebAdvisor by McAfee
Den bitte deinstallieren und Bescheid geben.

Caddy010 22.09.2021 15:23
Entschuldige bitte diesen Beitrag, der davor wurde mir beim Auffrischen der Seite nicht mehr angezeigt und ich wollte sicher gehen.

WebAdvisor von McAfee ist deinstalliert.

cosinus 22.09.2021 15:29
Scripting/Repair mit FRST64

WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    CloseProcesses:
    AV: BullGuard Antivirus (Disabled - Out of date) {0C5A09FB-657F-B94D-DF1B-BB843C6EE0E4}
    FW: BullGuard Firewall (Enabled) {346188DE-2F10-B815-F444-12B1C2BDA79F}
    GroupPolicy: Restriction ? <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    CHR HomePage: Default -> http://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
    CHR StartupUrls: Default -> "http://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4"
    C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
    C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdidpcihajhihmghhhkfnpklgdehold
    C:\Users\sarah\OneDrive\Documents\TotalAV
    C:\Program Files\McAfee
    C:\ProgramData\McAfee
    emptytemp:
    End::
  • Starte nun FRST und klicke direkt den Reparieren Button.Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Caddy010 22.09.2021 15:39
Hier der Fixlog

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2021
Ran by sarah (22-09-2021 16:34:24) Run:1
Running from C:\Users\sarah\Downloads
Loaded Profiles: sarah
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
AV: BullGuard Antivirus (Disabled - Out of date) {0C5A09FB-657F-B94D-DF1B-BB843C6EE0E4}
FW: BullGuard Firewall (Enabled) {346188DE-2F10-B815-F444-12B1C2BDA79F}
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1415708374&from=ild&uid=WDCXWD10JPVX-22JC3T0_WD-WXS1EC3YLXM4YLXM4"
C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdidpcihajhihmghhhkfnpklgdehold
C:\Users\sarah\OneDrive\Documents\TotalAV
C:\Program Files\McAfee
C:\ProgramData\McAfee
emptytemp:

*****************

Processes closed successfully.
"AV: BullGuard Antivirus (Disabled - Out of date) {0C5A09FB-657F-B94D-DF1B-BB843C6EE0E4}" => removed successfully
"FW: BullGuard Firewall (Enabled) {346188DE-2F10-B815-F444-12B1C2BDA79F}" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho => moved successfully
C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdidpcihajhihmghhhkfnpklgdehold => moved successfully
C:\Users\sarah\OneDrive\Documents\TotalAV => moved successfully
C:\Program Files\McAfee => moved successfully
C:\ProgramData\McAfee => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 224495383 B
Java, Flash, Steam htmlcache => 253527814 B
Windows/system/drivers => 11189967 B
Edge => 0 B
Chrome => 956307940 B
Firefox => 676218660 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 144656 B
systemprofile32 => 144656 B
LocalService => 204578 B
NetworkService => 494168 B
sarah => 105648015 B

RecycleBin => 0 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:36:54 ====

cosinus 22.09.2021 15:46
Kontrollscans mit MBAM und RK

Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit
Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.

Caddy010 22.09.2021 16:06
Bericht MBAM:

Code:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/22/21
Scan Time: 4:54 PM
Log File: fe12b030-1bb4-11ec-b9bc-18c04daad6b9.json

-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.45224
License: Trial

-System Information-
OS: Windows 10 (Build 19042.1237)
CPU: x64
File System: NTFS
User: DESKTOP-GFVHT56\sarah

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 313233
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
Bericht RogueKiller:

Code:
Program            : RogueKiller Anti-Malware
Version            : 15.1.0.0
x64                : Yes
Program Date      : Sep  2 2021
Location          : C:\Users\sarah\OneDrive\Desktop\RogueKiller_portable64.exe
Premium            : No
Company            : Adlice Software
Website            : https://www.adlice.com/
Contact            : https://adlice.com/contact/
Website            : https://adlice.com/download/roguekiller/
Operating System  : Windows 10 (10.0.19042) 64-bit
64-bit OS          : Yes
Startup            : 0
WindowsPE          : No
User              : sarah
User is Admin      : Yes
Date              : 2021/09/22 15:05:02
Type              : Removal
Aborted            : No
Scan Mode          : Standard
Duration          : 207
Found items        : 1
Total scanned      : 64124
Signatures Version : 20210917_090901
Truesight Driver  : Yes

************************* Warnings *************************

************************* Removal *************************
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-1447197201-901239501-998365885-1001\Software\OCS --  -> Deleted
  [+] scan_what      : 2
  [+] vendors        : PUP.Gen1
  [+] Name            : HKEY_USERS\S-1-5-21-1447197201-901239501-998365885-1001\Software\OCS
  [+] Type            : Registry
  [+] file_vtscore    : -1
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 3
  [+] id              : 0
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed        : Yes
  [+] status_choice  : 2
  [+] malpe_score    : -1

cosinus 22.09.2021 16:11
Dann wären wir durch! :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Abschließend bitte noch einen Cleanup mit unserem TB-Cleanup-Script durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:

Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners

Caddy010 22.09.2021 16:15
Ganz ganz lieben Dank fuer deine Arbeit und deine Geduld! Spende ist auf dem Weg! Dankeschoen!!!

M-K-D-B 22.09.2021 19:29
Wir sind froh, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:00 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19