|
Kein Ton durch Virus Hallo Trojaner-Board! Da meine Kaspersky Lizenz abgelaufen war, war der Schutz deaktiviert. Ich habe das Programm deinstalliert und Avira Security installiert. Es war 1 Tag kein Antivirus-Programm installiert und ich habe mir durch eine Pornoseite oder sowas ähnliches einen Virus eingefangen. Es funktioniert kein Ton und die Schrift in PDF-Dokumenten wird leicht anders. Ich hoffe ihr könnt mir helfen! Phillip Vielen Dank für die Hilfsbereitschaft! Was ich noch vergessen hatte, zu erwähnen. Code: sfc /scannowIch war mir nicht sicher ob FRST.txt und Additions.txt hier oder bei "Log-Analyse und Auswertung" posten soll, also habe kopiere ich den Text in beide Sub-Foren. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021 Ran by Phillip (administrator) on DESKTOP-E3LPO85 (LENOVO 80SG) (06-04-2021 16:40:37) Running from C:\Users\Phillip\Desktop Loaded Profiles: Phillip Platform: Windows 10 Pro Version 20H2 19042.906 (X64) Language: German (Germany) -> English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe (IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Driver Booster\8.3.0\DriverBooster.exe (IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2009.30067.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe\Time.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [AusweisApp2] => C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe [2405504 2020-11-30] (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23927096 2021-03-24] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [BitTorrent] => C:\Users\Phillip\AppData\Roaming\BitTorrent\BitTorrent.exe [2135080 2021-03-24] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [Opera Browser Assistant] => C:\Users\Phillip\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3900056 2021-03-23] (Opera Software AS -> Opera Software) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [] => [X] HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\MountPoints2: {0bbd7085-7842-11eb-a07d-918a616b63b7} - "D:\autorun.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-03] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.22.71\Installer\chrmstp.exe [2021-04-01] (Brave Software, Inc. -> Brave Software, Inc.) IFEO\FoxitReaderUpdateService.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe IFEO\FoxitUpdater.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe IFEO\maintenanceservice.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe IFEO\SendCrashReport.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe IFEO\ServiceMiniNotice.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe IFEO\TrackReview.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe Startup: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2021-04-06] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-02-13] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0AEBE8EF-4B94-4561-8332-538661ACEA32} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080824 2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Task: {17578569-94A6-420E-9F32-D22B4EB6C36C} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {1BFB017E-8A90-4FE1-9474-E3CE946080A2} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-04-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {1DDEC5B1-C3AE-44AE-99C4-C7B5C8981A08} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080824 2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Task: {254C7783-ACBC-43D4-AEF7-973945C37238} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114024 2021-03-24] (Microsoft Corporation -> Microsoft Corporation) Task: {2BC518DE-A155-404D-AF66-64C89E7FE410} - System32\Tasks\Opera scheduled Autoupdate 1615734086 => C:\Users\Phillip\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-03-23] (Opera Software AS -> Opera Software) Task: {37D59D82-6612-43EF-9403-13445AC47DD4} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\8.3.0\AutoUpdate.exe [2268432 2020-12-23] (IObit Information Technology -> IObit) Task: {39D7E8BC-14DE-4634-845F-33CB40492A5A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform) Task: {414A76FC-619F-4527-BF81-C1CB726333D2} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {496637FA-D488-46E6-BF5F-36DC172EE9A3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114024 2021-03-24] (Microsoft Corporation -> Microsoft Corporation) Task: {509F75B2-301F-450D-8BE9-EFF3A754DE9B} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\8.3.0\Scheduler.exe [152848 2020-12-23] (IObit Information Technology -> IObit) Task: {51F15BF9-B85C-42E5-A150-F3C9528AD04C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-12] (Google LLC -> Google LLC) Task: {67177BCC-906F-4AA7-981C-88EC90870321} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [234200 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {72A22043-F166-4B72-838D-3A245030132F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-12] (Google LLC -> Google LLC) Task: {76633BC2-1C40-417A-A386-239151D4B11C} - System32\Tasks\Driver Booster SkipUAC (Phillip) => C:\Program Files (x86)\IObit\Driver Booster\8.3.0\DriverBooster.exe [8152016 2021-02-01] (IObit Information Technology -> IObit) Task: {77174391-3024-4F89-BA06-C9775F647EDB} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {800726F7-A3B7-4E08-A88D-020C4FD0DB03} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [642544 2021-03-27] (Mozilla Corporation -> Mozilla Foundation) Task: {A32D4BB0-0578-4210-85B9-37FC89CFD05C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {B618B26C-F35C-4ECA-BAD4-2480438206EF} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {DB824803-62B4-4EA6-BCCA-3680C78356F7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Task: {DDAB4885-1EE2-4ACE-836B-7A19A0D0AA44} - System32\Tasks\Opera scheduled assistant Autoupdate 1615734101 => C:\Users\Phillip\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-03-23] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Phillip\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {DE87C263-38FA-4712-8628-650725C71390} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd) Task: {E0FA14AA-B11A-4CCD-A020-7DE75791C2C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Task: {E1D15529-FBB7-4654-BE41-4E740BF78203} - System32\Tasks\Uninstaller_SkipUac_Phillip => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [6701784 2021-03-18] (IObit Information Technology -> IObit) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{dc8435fd-0db0-4c70-8eb9-1e02e3130ac5}: [DhcpNameServer] 172.20.10.1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: ======= DownloadDir: C:\Users\Phillip\Downloads Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-06] Edge DownloadDir: C:\Users\Phillip\Desktop Edge Notifications: Default -> hxxps://mail.google.com; hxxps://www.tvspielfilm.de; hxxps://www.youtube.com Edge HomePage: Default -> hxxps://www.bing.com/?cc=de Edge DefaultSearchURL: Default -> hxxps://www.youporn.com/bundles/youpornwebfront/images/manifest-icons/android-icon-36x36.png Edge Extension: (YouPorn) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aldhaifpedancjeeimgomgjakoglmbjl [2021-03-24] Edge Extension: (AdGuard AdBlocker) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2021-04-02] Edge Extension: (Google Maps) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mnhkaebcjjhencmpkapnbdaogjamfbcj [2021-04-05] Edge Extension: (I don't care about cookies) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oholpbloipjbbhlhohaebmieiiieioal [2021-03-14] Edge Extension: (AdBlocker Ultimate) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pciakllldcajllepkbbihkmfkikheffb [2021-03-14] Edge HKU\S-1-5-21-1307152980-782841198-2650162068-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: 9wxop1so.default FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\9wxop1so.default [2021-02-07] FF user.js: detected! => C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\9wxop1so.default\user.js [2021-03-30] FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\9wxop1so.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2020-07-28] FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552 [2021-04-04] FF user.js: detected! => C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552\user.js [2021-03-30] FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2020-07-28] FF Extension: (Video DownloadHelper) - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-03-25] FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default [2021-04-05] CHR HomePage: Default -> hxxp://www.google.de/ CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.de/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8","hxxps://www.google.com/" CHR Session Restore: Default -> is enabled. CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-10] CHR Extension: (Chrome Media Router) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-10] CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR Profile: C:\Users\Phillip\AppData\Roaming\Opera Software\Opera Stable [2021-04-05] OPR Notifications: Opera Stable -> hxxps://www.accuweather.com OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\Phillip\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-03-14] Brave: ======= BRA Profile: C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-04-04] BRA Extension: (Kaspersky Protection) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-04-03] BRA Extension: (Avira Password Manager) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-04-01] BRA Extension: (Avira Safe Shopping) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-03-31] BRA Extension: (Avira Browser Safety) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-03-31] BRA Extension: (Malwarebytes Browser Guard) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-04] BRA Extension: (Brave Local Data Files Updater) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-03-31] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-04-04] BRA Extension: (Brave NTP sponsored images) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-03-31] BRA Extension: (Brave SpeedReader Updater) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-03-31] BRA Extension: (Brave NTP sponsored images) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2021-04-04] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-03-31] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [385568 2021-03-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [247232 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8990072 2021-03-11] (Microsoft Corporation -> Microsoft Corporation) S3 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\ElevationService.exe [913408 2020-07-31] () [File not signed] S4 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [158992 2020-10-19] (IObit Information Technology -> IObit) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-04] (Microsoft Windows Publisher -> Microsoft Corporation) S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) S4 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-22] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-22] (Microsoft Windows Publisher -> Microsoft Corporation) S3 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262312 2021-01-27] (Wondershare Technology Co.,Ltd -> Wondershare) S3 kpm_launch_service; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40496 2020-06-03] (IObit Information Technology -> IObit) S3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [46008 2020-07-21] (IObit Information Technology -> IObit) S3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46008 2020-06-03] (IObit Information Technology -> IObit) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [209744 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [942576 2020-03-26] (Intel(R) Intel_ICG -> Intel(R) Corporation) S3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2021-04-03] (CPUID -> CPUID) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [161288 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd) R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2016-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Mobile Communications) R3 GoodixTouchDriver; C:\WINDOWS\System32\drivers\GoodixTouchDriver.sys [113312 2015-12-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R3 iaisp; C:\WINDOWS\System32\drivers\iaisp64.sys [38896 2020-03-26] (Intel(R) Intel_ICG -> Intel(R) Corporation) R3 iaspie; C:\WINDOWS\System32\drivers\iaspie.sys [72872 2020-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) R3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [114304 2020-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [105064 2020-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [733680 2021-04-04] (Intel(R) OWR -> ) R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit) R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit) R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit) R3 ov5648; C:\WINDOWS\System32\drivers\ov5648.sys [140576 2016-08-15] (WDKTestCert huizhou1,130864188504416365 -> Intel(R) Corporation) R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [109568 2015-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) R3 rtii2sac64; C:\WINDOWS\System32\drivers\rtii2sac.sys [490976 2021-04-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [757736 2020-03-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [7889408 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2016-07-22] (Microsoft Windows Hardware Compatibility Publisher -> MobileTop) S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2016-07-22] (MCCI Corporation -> MCCI Corporation) S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2016-07-22] (MCCI Corporation -> MCCI Corporation) S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2016-07-22] (MCCI Corporation -> MCCI) S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2016-07-22] (MCCI Corporation -> MCCI Corporation) S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2016-07-22] (MCCI Corporation -> MCCI Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2016-07-22] (MCCI Corporation -> MCCI Corporation) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-03-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [420072 2021-03-22] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-22] (Microsoft Windows -> Microsoft Corporation) S1 eamonm; system32\DRIVERS\eamonm.sys [X] S1 ehdrv; \SystemRoot\system32\DRIVERS\ehdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-06 16:40 - 2021-04-06 16:43 - 000034379 _____ C:\Users\Phillip\Desktop\FRST.txt 2021-04-06 16:39 - 2021-04-06 16:41 - 000000000 ____D C:\FRST 2021-04-06 16:38 - 2021-04-06 16:47 - 010991113 _____ C:\Users\Phillip\Desktop\Bild_-_06_April_2021.pdf 2021-04-06 16:34 - 2021-04-06 16:35 - 002298368 _____ (Farbar) C:\Users\Phillip\Desktop\FRST64.exe 2021-04-05 12:57 - 2021-04-05 12:57 - 000002560 _____ C:\WINDOWS\system32\Drivers\202145_12572178_CheckPoint_Dump.txt 2021-04-05 12:57 - 2021-04-05 12:57 - 000000256 _____ C:\WINDOWS\system32\Drivers\202145_12572178_SHIM_Dump.txt 2021-04-05 12:57 - 2021-04-05 12:57 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2021-04-04 22:31 - 2021-04-04 22:31 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_223142656_CheckPoint_Dump.txt 2021-04-04 22:31 - 2021-04-04 22:31 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_223142990_SHIM_Dump.txt 2021-04-04 20:18 - 2021-04-04 20:18 - 000001159 _____ C:\Users\Phillip\Desktop\Sky Ticket.lnk 2021-04-04 20:13 - 2021-04-04 20:14 - 049922752 _____ (Sky Ticket ) C:\Users\Phillip\Desktop\SkyTicket-Windows.exe 2021-04-04 19:53 - 2021-04-04 19:53 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-04-04 16:50 - 2021-04-04 16:50 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\RenPy 2021-04-04 16:47 - 2021-04-04 16:54 - 000000000 ____D C:\Program Files (x86)\Milfy_City_0.5c_Compressed 2021-04-04 16:37 - 2021-04-04 16:37 - 000000000 ____D C:\Users\Phillip\Desktop\Milfy_City_0.5c_Compressed 2021-04-04 16:21 - 2021-04-04 16:38 - 000000000 ____D C:\Users\Phillip\AppData\LocalLow\BitTorrent 2021-04-04 16:21 - 2021-04-04 16:21 - 000001126 _____ C:\Users\Phillip\Desktop\Milfy_City_0.5c_Compressed.zip.1.torrent 2021-04-04 14:36 - 2021-04-04 14:36 - 003244992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2021-04-04 14:36 - 2021-04-04 14:36 - 003137376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkMic64.dll 2021-04-04 14:36 - 2021-04-04 14:36 - 002783528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkMcp64.dll 2021-04-04 14:36 - 2021-04-04 14:36 - 000949956 _____ C:\WINDOWS\system32\Drivers\realtek_fw_sst.bin 2021-04-04 14:36 - 2021-04-04 14:36 - 000733680 _____ C:\WINDOWS\system32\Drivers\isstrtc.sys 2021-04-04 14:36 - 2021-04-04 14:36 - 000588032 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll 2021-04-04 14:36 - 2021-04-04 14:36 - 000168208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2021-04-04 14:36 - 2021-04-04 14:36 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_143648643_CheckPoint_Dump.txt 2021-04-04 14:36 - 2021-04-04 14:36 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_143648643_SHIM_Dump.txt 2021-04-04 14:09 - 2021-04-04 14:09 - 000490976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtii2sac.sys 2021-04-04 13:53 - 2021-04-04 13:53 - 000003708 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update 2021-04-04 13:50 - 2021-04-04 13:50 - 000003374 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray 2021-04-04 13:49 - 2021-03-25 18:05 - 000209744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2021-04-04 13:49 - 2021-02-09 19:03 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2021-04-04 13:49 - 2019-06-07 15:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys 2021-04-04 13:49 - 2019-03-20 19:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2021-04-04 13:49 - 2019-03-20 19:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2021-04-04 13:49 - 2019-03-20 19:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2021-04-04 13:49 - 2019-03-20 19:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys 2021-04-04 13:43 - 2021-04-04 13:43 - 000003780 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate 2021-04-04 13:43 - 2021-04-04 13:43 - 000000000 ____D C:\Users\Public\Speedup Sessions 2021-04-04 13:42 - 2021-04-04 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2021-04-04 13:28 - 2021-04-04 13:28 - 000000193 _____ C:\WINDOWS\1KKkUSW9SJ5yL50z9zRsypjr4JdgqbOKl@e=download 2021-04-04 12:56 - 2021-04-04 12:56 - 000003238 _____ C:\WINDOWS\nl.exe 2021-04-04 12:56 - 2021-04-04 12:56 - 000003231 _____ C:\WINDOWS\sb.bat 2021-04-04 12:55 - 2021-04-04 12:55 - 000000000 ____D C:\WINDOWS\w 2021-04-04 12:55 - 2021-04-04 12:55 - 000000000 ____D C:\WINDOWS\c 2021-04-04 12:50 - 2021-04-04 12:50 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_125032523_CheckPoint_Dump.txt 2021-04-04 12:50 - 2021-04-04 12:50 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_125032523_SHIM_Dump.txt 2021-04-04 12:33 - 2021-04-04 12:33 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_123310887_CheckPoint_Dump.txt 2021-04-04 12:33 - 2021-04-04 12:33 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_123310887_SHIM_Dump.txt 2021-04-04 11:49 - 2021-04-04 12:06 - 098813504 _____ C:\Users\Phillip\Desktop\Z6969.rar 2021-04-04 11:49 - 2021-04-04 11:49 - 000002968 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Phillip 2021-04-04 11:48 - 2021-04-04 11:48 - 000001438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk 2021-04-04 11:48 - 2021-04-04 11:48 - 000001426 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2021-04-04 11:48 - 2021-04-04 11:48 - 000001426 _____ C:\ProgramData\Desktop\IObit Uninstaller.lnk 2021-04-04 11:48 - 2021-04-04 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2021-04-04 11:39 - 2021-04-04 11:58 - 023544087 _____ C:\Users\Phillip\Desktop\Bild_Am_Sonntag_-_04_April_2021.pdf 2021-04-03 20:57 - 2021-04-03 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security 2021-04-03 20:34 - 2021-04-03 20:34 - 000000000 ____D C:\Users\Phillip\AppData\Local\mbam 2021-04-03 20:15 - 2021-04-03 20:15 - 002084016 _____ (Malwarebytes) C:\Users\Phillip\Desktop\MBSetup.exe 2021-04-03 19:12 - 2021-04-03 19:15 - 000000000 ____D C:\Users\Phillip\Desktop\KASPERSKY 2021 2021-04-03 19:08 - 2021-04-03 19:08 - 028539004 _____ C:\Users\Phillip\Desktop\KASPERSKY 2021.rar 2021-04-03 18:52 - 2021-04-04 05:09 - 000000000 ____D C:\Users\Phillip\AppData\Local\CrashDumps 2021-04-03 18:25 - 2021-04-04 11:46 - 000003932 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1615734101 2021-04-03 18:25 - 2021-04-04 11:46 - 000003674 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1615734086 2021-04-03 18:25 - 2021-04-03 18:25 - 000001405 _____ C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2021-04-03 18:05 - 2021-04-03 18:15 - 012440623 _____ C:\Users\Phillip\Desktop\Bild_-_03_April_2021.pdf 2021-04-03 17:58 - 2021-04-04 11:54 - 000000000 ____D C:\Users\Phillip\AppData\Local\Kaspersky Lab 2021-04-03 17:54 - 2021-04-03 17:54 - 000002560 _____ C:\WINDOWS\system32\Drivers\202143_175415263_CheckPoint_Dump.txt 2021-04-03 17:54 - 2021-04-03 17:54 - 000000256 _____ C:\WINDOWS\system32\Drivers\202143_175415263_SHIM_Dump.txt 2021-04-03 17:40 - 2021-04-03 17:40 - 000002560 _____ C:\WINDOWS\system32\Drivers\202143_174043823_CheckPoint_Dump.txt 2021-04-03 17:40 - 2021-04-03 17:40 - 000000256 _____ C:\WINDOWS\system32\Drivers\202143_174043823_SHIM_Dump.txt 2021-04-03 13:51 - 2021-04-04 12:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2021-04-03 13:46 - 2021-04-03 19:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2021-04-03 13:25 - 2021-04-03 13:26 - 000000000 ____D C:\Users\Phillip\Desktop\CCleaner Professional Plus 5.75 Multilingual + Serial Keys [SadeemPC] 2021-04-02 18:48 - 2021-04-02 18:48 - 000002560 _____ C:\WINDOWS\system32\Drivers\202142_184842363_CheckPoint_Dump.txt 2021-04-02 18:48 - 2021-04-02 18:48 - 000000256 _____ C:\WINDOWS\system32\Drivers\202142_184842363_SHIM_Dump.txt 2021-04-02 18:28 - 2021-04-02 18:41 - 015392284 _____ C:\Users\Phillip\Desktop\Bild_-_01_April_2021.pdf 2021-04-02 16:42 - 2021-04-02 16:43 - 015481295 _____ C:\Users\Phillip\Desktop\Amazon_App.apk 2021-04-01 15:44 - 2021-04-01 15:44 - 005074997 _____ C:\Users\Phillip\Desktop\J. K. Rowling - Harry Potter and the Order of the Phoenix.pdf 2021-04-01 10:18 - 2021-04-01 10:18 - 000002560 _____ C:\WINDOWS\system32\Drivers\202141_101816596_CheckPoint_Dump.txt 2021-04-01 10:18 - 2021-04-01 10:18 - 000000256 _____ C:\WINDOWS\system32\Drivers\202141_101816628_SHIM_Dump.txt 2021-03-31 18:41 - 2021-03-31 18:41 - 000001138 _____ C:\Users\Phillip\Desktop\The Tales Of Beedle The Bard.lnk 2021-03-31 15:17 - 2021-03-31 15:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira 2021-03-31 03:29 - 2021-03-31 03:29 - 000010241 _____ C:\Users\Phillip\Desktop\Brown, Dan.1.torrent 2021-03-31 03:29 - 2021-03-31 03:29 - 000000000 ____D C:\Users\Phillip\Desktop\Brown, Dan 2021-03-31 03:23 - 2021-03-31 03:25 - 000000000 ____D C:\Users\Phillip\Desktop\Stephen King eBooks Collection Epub+Mobi 2021-03-31 03:23 - 2021-03-31 03:23 - 000031090 _____ C:\Users\Phillip\Desktop\Stephen King eBooks Collection Epub+Mobi.1.torrent 2021-03-31 03:22 - 2021-03-31 03:27 - 000000000 ____D C:\Users\Phillip\Desktop\J R R Tolkien (Complete Works - Epubs) 1937 to 2018 2021-03-31 03:22 - 2021-03-31 03:22 - 000024306 _____ C:\Users\Phillip\Desktop\J R R Tolkien (Complete Works - Epubs) 1937 to 2018.1.torrent 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\The Subtle Art of Not Giving a Fck - A Counterintuitive Approach to Living a Good Life (2016) (Epub) Gooner 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\The Complete Book of Home Organization - 200+ Tips and Projects 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\KMS_VL_ALL Activator CMD Windows and Office - August 2019 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\IELTS Advantage - Reading + Writing Skills - by Jeremy Taylor , Jon Wright,by Richard Brown , Lewis Richards - Mantesh 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\Barely Legal - February 2021 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\Artistic Nudes By Various Photographers 2021-03-31 03:10 - 2021-03-31 03:10 - 000012246 _____ C:\Users\Phillip\Desktop\IELTS Advantage - Reading + Writing Skills - by Jeremy Taylor , Jon Wright,by Richard Brown , Lewis Richards - Mantesh.torrent 2021-03-31 03:00 - 2020-09-16 23:58 - 042345058 ____R C:\Users\Phillip\Desktop\Harry Potter and the Cursed Child - J.K. Rowling.exe 2021-03-31 03:00 - 2020-09-16 23:35 - 002538652 _____ C:\Users\Phillip\Desktop\Harry Potter and the Cursed Child - J.K. Rowling.pdf 2021-03-31 02:55 - 2021-03-31 02:55 - 007675697 _____ C:\Users\Phillip\Desktop\The Tales Of Beedle The Bard.pdf 2021-03-31 02:53 - 2021-03-31 02:53 - 000850164 _____ C:\Users\Phillip\Desktop\J_K_Rowling_Quidditch_Through_the_Ages.pdf 2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\The Ickabog by J.K. Rowling EPUB 2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\J.K. Rowling - Harry Potter 2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\J. K. Rowling - The Casual Vacancy (ePub mobi) 2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\J. K. Rowling - Harry Potter Series All ebooks 2021-03-31 02:39 - 2021-03-31 02:26 - 003360816 ____R C:\Users\Phillip\Desktop\J.K. Rowling - Fantastic Beasts & Where to Find Them.pdf 2021-03-31 02:01 - 2021-04-01 23:09 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2021-03-31 02:01 - 2021-04-01 23:09 - 000002325 _____ C:\Users\Public\Desktop\Brave.lnk 2021-03-31 02:01 - 2021-04-01 23:09 - 000002325 _____ C:\ProgramData\Desktop\Brave.lnk 2021-03-31 02:00 - 2021-03-31 02:00 - 000000000 ____D C:\Program Files\BraveSoftware 2021-03-31 01:58 - 2021-04-04 11:46 - 000003426 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA 2021-03-31 01:58 - 2021-04-04 11:46 - 000003202 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore 2021-03-31 01:57 - 2021-03-31 02:01 - 000000000 ____D C:\Users\Phillip\AppData\Local\BraveSoftware 2021-03-31 01:57 - 2021-03-31 01:58 - 000000000 ____D C:\Program Files (x86)\BraveSoftware 2021-03-31 01:57 - 2021-03-31 01:57 - 001242992 _____ (BraveSoftware Inc.) C:\Users\Phillip\Desktop\BraveBrowserSetup.exe 2021-03-31 01:41 - 2021-03-31 01:41 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021331_1411697_CheckPoint_Dump.txt 2021-03-31 01:41 - 2021-03-31 01:41 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021331_1411697_SHIM_Dump.txt 2021-03-31 01:40 - 2021-04-04 22:34 - 001019904 _____ C:\WINDOWS\system32\config\DEFAULT 2021-03-31 01:40 - 2021-04-04 22:34 - 000057344 _____ C:\WINDOWS\system32\config\SECURITY 2021-03-31 01:40 - 2021-04-04 22:31 - 000073728 _____ C:\WINDOWS\system32\config\SAM 2021-03-31 01:40 - 2021-03-31 01:40 - 098181120 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2021-03-31 01:40 - 2021-03-31 01:40 - 098181120 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag 2021-03-31 01:40 - 2021-03-31 01:40 - 001019904 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2021-03-31 01:40 - 2021-03-31 01:40 - 000073728 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak 2021-03-31 01:40 - 2021-03-31 01:40 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2021-03-31 01:40 - 2021-03-31 01:40 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021331_1402190_CheckPoint_Dump.txt 2021-03-31 01:40 - 2021-03-31 01:40 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021331_1402190_SHIM_Dump.txt 2021-03-31 01:40 - 2021-03-31 01:40 - 000000000 ____H C:\asc_rdflag 2021-03-30 21:16 - 2021-04-04 13:54 - 000000000 ____D C:\Users\Public\Security Sessions 2021-03-30 21:12 - 2021-03-30 21:12 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2021-03-30 21:02 - 2021-03-30 21:17 - 000000000 ____D C:\Users\Phillip\AppData\Local\Avira 2021-03-30 21:01 - 2021-03-30 21:01 - 098111488 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit 2021-03-30 21:01 - 2021-03-30 21:01 - 001019904 _____ C:\WINDOWS\system32\config\DEFAULT.iobit 2021-03-30 21:01 - 2021-03-30 21:01 - 000073728 _____ C:\WINDOWS\system32\config\SAM.iobit 2021-03-30 21:01 - 2021-03-30 21:01 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2021-03-30 20:55 - 2021-04-04 13:52 - 000000000 ____D C:\Program Files (x86)\Avira 2021-03-30 20:54 - 2021-04-04 13:52 - 000000000 ____D C:\ProgramData\Avira 2021-03-30 13:51 - 2021-03-30 13:51 - 000000000 ____D C:\Users\Phillip\Desktop\convertPdfTo_ae9b65f78ded003c4905e5d001991627 2021-03-30 13:11 - 2021-03-30 13:11 - 000122572 _____ C:\Users\Phillip\Desktop\Persönliche Darlegung der Gewissensentscheidung.pdf 2021-03-30 12:39 - 2021-03-30 12:39 - 000135352 _____ C:\Users\Phillip\Desktop\Lebenslauf von Phillip Kramer.pdf 2021-03-30 11:55 - 2021-03-30 11:55 - 000110370 _____ C:\Users\Phillip\Desktop\Antragsschreiben mit Berufung auf Art. 4 Abs. 3 GG.pdf 2021-03-29 14:47 - 2021-03-29 14:49 - 009981907 _____ C:\Users\Phillip\Desktop\bild29032021.pdf 2021-03-29 14:45 - 2021-03-29 15:01 - 016807722 _____ C:\Users\Phillip\Desktop\Bild_-_29_März_2021.pdf 2021-03-28 13:57 - 2021-03-28 13:57 - 000000000 ____D C:\Users\Phillip\Desktop\Bil280321 2021-03-27 18:51 - 2021-03-27 20:32 - 000000000 ____D C:\Users\Phillip\Desktop\Kuchen backen 2021-03-27 16:23 - 2021-03-27 16:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-03-27 12:17 - 2021-03-27 12:17 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021327_11179683_CheckPoint_Dump.txt 2021-03-27 12:17 - 2021-03-27 12:17 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021327_11179699_SHIM_Dump.txt 2021-03-15 16:35 - 2021-03-15 16:35 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021315_153529610_CheckPoint_Dump.txt 2021-03-15 16:35 - 2021-03-15 16:35 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021315_153529610_SHIM_Dump.txt 2021-03-14 23:23 - 2021-03-14 23:23 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-03-14 23:22 - 2021-03-14 23:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-03-14 23:20 - 2021-03-14 23:20 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-03-14 23:20 - 2021-03-14 23:20 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-03-14 23:19 - 2021-03-14 23:19 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-03-14 23:18 - 2021-03-14 23:18 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-03-14 23:17 - 2021-03-14 23:17 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-03-14 23:17 - 2021-03-14 23:17 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-03-14 23:15 - 2021-03-14 23:15 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-03-14 23:15 - 2021-03-14 23:15 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-03-14 23:15 - 2021-03-14 23:15 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-03-14 20:25 - 2021-03-30 20:07 - 000000000 ____D C:\Users\Phillip\Desktop\Desktop (nicht löschen) 2021-03-14 17:02 - 2021-03-14 17:02 - 000000000 ____D C:\Users\Phillip\AppData\Local\Opera Software 2021-03-14 14:36 - 2021-03-14 14:36 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021314_133631582_CheckPoint_Dump.txt 2021-03-14 14:36 - 2021-03-14 14:36 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021314_133631582_SHIM_Dump.txt 2021-03-14 14:05 - 2021-03-14 14:54 - 000002648 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask 2021-03-14 12:57 - 2021-03-14 12:57 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Opera Software 2021-03-12 14:30 - 2021-03-12 14:30 - 000000000 ____D C:\Users\Phillip\AppData\Local\Foxit Reader 2021-03-12 14:22 - 2021-03-12 14:44 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Foxit Scanner Images 2021-03-12 14:15 - 2021-03-12 14:15 - 001560064 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrWia09b.dll 2021-03-12 14:15 - 2021-03-12 14:15 - 000050176 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrUsi09a.dll 2021-03-12 13:59 - 2021-04-05 15:36 - 000000419 _____ C:\WINDOWS\BRWMARK.INI 2021-03-10 18:55 - 2021-03-10 18:55 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021310_175540780_CheckPoint_Dump.txt 2021-03-10 18:55 - 2021-03-10 18:55 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021310_175540780_SHIM_Dump.txt 2021-03-10 11:48 - 2021-03-10 11:48 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021310_104820619_CheckPoint_Dump.txt 2021-03-10 11:48 - 2021-03-10 11:48 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021310_104820651_SHIM_Dump.txt 2021-03-08 23:20 - 2021-03-08 23:20 - 000002560 _____ C:\WINDOWS\system32\Drivers\202138_222028780_CheckPoint_Dump.txt 2021-03-08 23:20 - 2021-03-08 23:20 - 000000256 _____ C:\WINDOWS\system32\Drivers\202138_222028780_SHIM_Dump.txt 2021-03-08 21:27 - 2021-03-08 21:33 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\bigoLive 2021-03-08 20:55 - 2021-03-08 20:58 - 000000000 ____D C:\Users\Phillip\AppData\Local\WhatsApp 2021-03-07 15:48 - 2021-03-07 15:48 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS Remote Play.lnk 2021-03-07 15:48 - 2021-03-07 15:48 - 000000000 ____D C:\Program Files (x86)\Sony 2021-03-07 12:12 - 2021-03-07 12:12 - 000002560 _____ C:\WINDOWS\system32\Drivers\202137_111238480_CheckPoint_Dump.txt 2021-03-07 12:12 - 2021-03-07 12:12 - 000000256 _____ C:\WINDOWS\system32\Drivers\202137_111238496_SHIM_Dump.txt ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-06 16:11 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-04-06 15:27 - 2021-01-12 17:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-04-05 19:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-04-05 19:54 - 2020-12-12 18:57 - 000000000 ____D C:\Users\Phillip\AppData\Local\Packages 2021-04-05 19:53 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-04-05 15:36 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-04-05 13:05 - 2021-01-12 17:54 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-04-05 13:05 - 2019-12-07 16:51 - 000746440 _____ C:\WINDOWS\system32\perfh007.dat 2021-04-05 13:05 - 2019-12-07 16:51 - 000150810 _____ C:\WINDOWS\system32\perfc007.dat 2021-04-05 12:58 - 2020-12-12 18:57 - 000000000 __SHD C:\Users\Phillip\IntelGraphicsProfiles 2021-04-05 12:57 - 2021-01-12 18:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-04-05 12:57 - 2021-01-12 17:39 - 000008192 ___SH C:\DumpStack.log.tmp 2021-04-05 12:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-04-04 22:34 - 2019-12-07 11:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2021-04-04 22:32 - 2021-01-31 20:09 - 000441816 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-04-04 22:29 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-04-04 22:26 - 2021-02-06 21:52 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\NOW TV Player 2021-04-04 20:18 - 2021-02-06 21:51 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Ticket 2021-04-04 20:17 - 2021-02-06 21:51 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Sky Ticket 2021-04-04 20:04 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-04-04 19:50 - 2021-01-12 17:42 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2021-04-04 16:38 - 2021-01-10 09:38 - 000000000 ____D C:\Users\Phillip\.btfs 2021-04-04 16:38 - 2021-01-10 09:35 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\BitTorrent 2021-04-04 16:21 - 2021-02-02 16:57 - 000000000 ____D C:\Users\Phillip\AppData\Local\BitTorrentHelper 2021-04-04 13:51 - 2020-12-23 20:25 - 000000000 ____D C:\Users\Phillip\AppData\Local\PlaceholderTileLogoFolder 2021-04-04 13:50 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-04-04 13:49 - 2021-01-13 21:54 - 000002236 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-04-04 13:49 - 2021-01-13 21:54 - 000000000 ____D C:\Program Files\CCleaner 2021-04-04 13:41 - 2021-01-13 22:32 - 000000000 ____D C:\ProgramData\Package Cache 2021-04-04 12:49 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-04-04 12:42 - 2021-02-26 16:38 - 000000000 ____D C:\Program Files (x86)\Rosetta Stone 2021-04-04 12:40 - 2021-02-02 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone 2021-04-04 12:33 - 2021-01-14 19:20 - 000000000 ____D C:\ProgramData\Avast Software 2021-04-04 11:49 - 2021-01-13 16:26 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\IObit 2021-04-04 11:47 - 2021-01-13 16:29 - 000000000 ____D C:\Program Files (x86)\IObit 2021-04-03 20:34 - 2021-01-10 17:28 - 000000000 ____D C:\Users\Phillip\AppData\LocalLow\Mozilla 2021-04-03 20:34 - 2021-01-10 17:28 - 000000000 ____D C:\ProgramData\Mozilla 2021-04-03 20:17 - 2021-01-12 15:45 - 000000000 ____D C:\Program Files\Common Files\AV 2021-04-03 18:27 - 2021-02-12 15:22 - 000002321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-04-03 14:53 - 2021-01-14 22:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-04-03 14:08 - 2021-02-10 23:21 - 000000000 ____D C:\Users\Phillip\dwhelper 2021-04-03 02:50 - 2021-01-09 19:58 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-04-02 17:41 - 2021-01-03 16:44 - 000000000 ____D C:\Users\Phillip\AppData\Local\ElevatedDiagnostics 2021-04-02 13:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-04-02 12:48 - 2021-01-12 17:44 - 000000000 ____D C:\Users\Phillip 2021-04-01 18:22 - 2021-01-12 12:18 - 000000000 ____D C:\Users\Phillip\AppData\Local\D3DSCache 2021-03-31 01:55 - 2021-01-15 12:13 - 000000000 ___HD C:\WINDOWS\msdownld.tmp 2021-03-31 01:41 - 2021-02-03 14:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-30 21:25 - 2019-12-07 16:53 - 000000000 ____D C:\WINDOWS\OCR 2021-03-30 20:33 - 2021-02-06 11:57 - 000000000 ____D C:\Users\Phillip\AppData\Local\Mozilla Thunderbird 2021-03-27 16:23 - 2021-02-03 14:35 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-27 12:32 - 2021-01-13 16:30 - 000000000 ____D C:\ProgramData\ProductData 2021-03-24 18:30 - 2021-02-13 20:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-03-24 15:24 - 2021-01-11 20:29 - 000000000 ____D C:\Users\Phillip\AppData\Local\JDownloader 2.0 2021-03-24 15:18 - 2021-01-11 20:36 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2021-03-22 15:15 - 2020-12-12 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-03-22 15:05 - 2020-12-27 15:46 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2021-03-15 16:32 - 2019-12-07 16:54 - 000000000 ___SD C:\WINDOWS\system32\AppV 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-03-14 20:38 - 2021-01-09 19:41 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-03-14 14:53 - 2021-02-26 17:30 - 000003254 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-03-14 14:53 - 2021-02-12 15:21 - 000003618 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-03-14 14:53 - 2021-02-12 15:21 - 000003394 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-03-14 14:53 - 2021-01-18 14:28 - 000003494 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e8fa71357fd0 2021-03-14 14:53 - 2021-01-12 18:06 - 000003688 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-03-12 17:19 - 2021-01-13 15:16 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\WhatsApp 2021-03-10 12:15 - 2021-01-01 15:39 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-03-10 12:01 - 2021-01-01 15:39 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-03-08 20:58 - 2021-01-13 15:16 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2021-03-08 20:58 - 2021-01-13 15:14 - 000000000 ____D C:\Users\Phillip\AppData\Local\SquirrelTemp ==================== Files in the root of some directories ======== 2021-02-10 21:50 - 2021-02-10 21:50 - 000013000 _____ () C:\Users\Phillip\AppData\Roaming\Comma Separated Values.CAL 2021-04-04 13:22 - 2021-04-04 13:22 - 000135069 _____ () C:\Users\Phillip\AppData\Roaming\TNod-10963.log 2021-02-04 18:41 - 2021-02-04 18:41 - 000000000 _____ () C:\Users\Phillip\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021 Ran by Phillip (06-04-2021 16:48:49) Running from C:\Users\Phillip\Desktop Windows 10 Pro Version 20H2 19042.906 (X64) (2021-01-12 16:07:25) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1307152980-782841198-2650162068-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1307152980-782841198-2650162068-503 - Limited - Disabled) Gast (S-1-5-21-1307152980-782841198-2650162068-501 - Limited - Disabled) Phillip (S-1-5-21-1307152980-782841198-2650162068-1001 - Administrator - Enabled) => C:\Users\Phillip WDAGUtilityAccount (S-1-5-21-1307152980-782841198-2650162068-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Total Security (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} FW: Kaspersky Total Security (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 14.2.0 - IObit) AusweisApp2 (HKLM-x32\...\{F3E22721-7F7E-472F-BBBA-6B5572E15A58}) (Version: 1.22.0 - Governikus GmbH & Co. KG) Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2103.2082 - Avira Operations GmbH & Co. KG) Hidden Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.2.28955 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.46.16549 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;) Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden BitTorrent (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\BitTorrent) (Version: 7.10.5.45967 - BitTorrent Inc.) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.22.71 - Die Brave-Autoren) CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform) Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform) Driver Booster 8 (HKLM-x32\...\Driver Booster_is1) (Version: 8.3.0 - IObit) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5166 - Intel Corporation) IObit Uninstaller 10 (HKLM-x32\...\IObitUninstall) (Version: 10.4.0.12 - IObit) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.13801.20360 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 87.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 87.0 (x86 en-US)) (Version: 87.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 85.0 - Mozilla) Mozilla Thunderbird 78.7.1 (x86 de) (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Mozilla Thunderbird 78.7.1 (x86 de)) (Version: 78.7.1 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20360 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 75.0.3969.93 (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Opera 75.0.3969.93) (Version: 75.0.3969.93 - Opera Software) PS Remote Play (HKLM-x32\...\{E536EB8F-03EF-4EBA-B3FF-C5A544604841}) (Version: 4.0.0.09240 - Ihr Firmenname) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.) Sky Go 21.1.2.0 (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\com.bskyb.skygoplayer_is1) (Version: 21.1.2.0 - Sky) Sky Ticket 8.3.0.0 (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\com.bskyb.skyticket_is1) (Version: 8.3.0.0 - Sky Ticket) Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20113.5 - Samsung Electronics Co., Ltd.) Hidden Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20113.5 - Samsung Electronics Co., Ltd.) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) WhatsApp (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\WhatsApp) (Version: 2.2106.10 - WhatsApp) Wondershare Dr.Fone (Version 11.0.9) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 11.0.9.412 - Wondershare Technology Co.,Ltd.) Packages: ========= Google Maps -> C:\Program Files\WindowsApps\www.google.com-D64B4CD1_1.0.0.0_neutral__2ffpm8sm5xkm2 [2021-04-05] (www.google.com) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2021-02-02] (Apple Inc.) [Startup Task] Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-07] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-02-07] (Microsoft Corporation) [MS Ad] YouPorn -> C:\Program Files\WindowsApps\www.youporn.com-A4D02D72_1.0.0.0_neutral__kqrg6ysfhm7aw [2021-03-24] (www.youporn.com) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2020-12-24] (IObit Information Technology -> IObit) ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd) ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit) ContextMenuHandlers1: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2020-12-24] (IObit Information Technology -> IObit) ContextMenuHandlers2: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2020-12-24] (IObit Information Technology -> IObit) ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit) ContextMenuHandlers4: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2021-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd) ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit) ContextMenuHandlers6: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-01-13 23:46 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-02-13 21:38 - 2021-02-13 21:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Client\AppVIsvSubsystems32.dll 2021-02-13 21:39 - 2021-02-13 21:39 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll 2021-02-13 21:39 - 2021-02-13 21:39 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141 HKU\S-1-5-21-1307152980-782841198-2650162068-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=U220DHP&pc=U220 BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-14] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-09] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2020-12-24] (IObit Information Technology -> IObit) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2020-12-12 18:08 - 2021-03-24 17:29 - 000001091 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 16.217.0.0 127.0.0.1 rosettastone.com 127.0.0.1 launch.rosettastone.com 127.0.0.1 amp.rosettastone.com 127.0.0.1 resources.rosettastone.com 127.0.0.1 updates.rosettastone.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 172.20.10.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "TuneupUI.exe" HKLM\...\StartupApproved\Run32: => "SecurityHealth" HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "AusweisApp2" HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "kpm.exe" HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "Lync" HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "Opera Browser Assistant" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG) FirewallRules: [{CD1AFE80-23C7-4855-9A71-E5B0E8263F43}] => (Allow) C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG) FirewallRules: [UDP Query User{E59E6A11-1D0B-4F48-B65E-5020567B9BA2}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc) FirewallRules: [TCP Query User{2C52D78D-E30B-4F53-B0FF-E3EB5E7FD478}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc) FirewallRules: [{CBEB928E-8713-421A-98D5-7E5652A63273}] => (Allow) C:\Users\Phillip\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{91497513-6D76-44B3-96D3-880B83E4CFAF}] => (Allow) C:\Users\Phillip\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{06AB54E3-554E-47CB-A342-396E710A44BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{189C3A8B-D9E3-4CAF-A742-8B788EDE4673}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B2D9A89A-4033-4A5E-A807-7416367A17C4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{68853000-CBFE-48EE-804A-380DAE9FD62F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8A2E9938-E69D-4D4F-B104-A4EC2B2C2189}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F76D715C-9F81-42D8-95CD-D6B3D78CFB89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D6BD67F1-DD16-466E-9547-F2EB2EC58511}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{07A3C0D8-D001-46AF-9833-BE1C1A892C0F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E1D25FEA-3D1C-491C-ADC4-A702B45793D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7DB00ED5-0BAD-48A1-B738-62FFD06EF4F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3B020F23-6484-4178-84B0-37AB742341DB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1F866C13-2D1F-4EB1-A8BB-E2396C209FBE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3EF0E2D3-1BB0-4AB0-A825-9005C1A967A8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{13FA26B1-62B5-4BDA-911B-F04A889E4C5B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1070EC36-58F1-4374-AEA3-E41365B77D21}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D279502E-207A-453B-BE1C-9063D89A9136}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C7438E5E-363B-4049-85A9-35F28BAF72D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{241F23CF-7289-4874-9315-ECE058BA0669}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2C0C1E09-F4BC-41C9-AA5F-3C0EAD9F01F5}] => (Allow) C:\Program Files (x86)\Sony\PS Remote Play\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive Entertainment Inc.) FirewallRules: [TCP Query User{1DE9CCA3-64D5-45B8-853B-6CF14CAAD3AE}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc) FirewallRules: [UDP Query User{1B4ACEF2-0A22-4CA7-A309-13418CD69822}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc) FirewallRules: [{77891BA2-795F-41F4-9FE9-0ACB40F12688}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{2E9A7CF9-FE7A-40E3-8326-7A7297CBC4AD}] => (Allow) C:\Users\Phillip\AppData\Local\Programs\Opera\75.0.3969.93\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{38D6FCC7-C642-4ABD-8B5D-17A10D83801E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{66AA99E8-B735-44A2-AF6A-1A48C0A4A319}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{3DC330A5-21FD-4908-99AE-534275856E31}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{5AE8F5D5-C72C-4E90-BFB6-778CAF26D2AA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Restore Points ========================= 05-04-2021 19:12:16 Geplanter Prüfpunkt ==================== Faulty Device Manager Devices ============ Name: Camera Sensor OV2680 Description: Camera Sensor OV2680 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: OV2680 Camera Sensor Service: ov2680 Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Kaspersky Security Data Escort Adapter #2 Description: Kaspersky Security Data Escort Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Kaspersky Security Data Escort Provider Service: kltap Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ======================== Application errors: ================== Error: (04/05/2021 07:12:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (04/04/2021 07:05:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (04/04/2021 01:54:16 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT) Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126). Error: (04/04/2021 01:16:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmiprvse.exe, version: 10.0.19041.546, time stamp: 0x5da7ab91 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x80131623 Fault offset: 0x00007ff7a96525ad Faulting process id: 0x17a8 Faulting application start time: 0x01d72943e2c427d1 Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe Faulting module path: unknown Report Id: 60e4107d-99ff-400b-b512-c3cbfe7bb64a Faulting package full name: Faulting package-relative application ID: Error: (04/04/2021 01:16:01 PM) (Source: .NET Runtime) (EventID: 1025) (User: ) Description: Application: wmiprvse.exe Framework Version: v4.0.30319 Description: The application requested process termination through System.Environment.FailFast(string message). Message: Unerwartete Anbieterausnahme: System.IO.FileLoadException: File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers() Stack: at System.Environment.FailFast(System.String) at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink) Error: (04/04/2021 01:15:56 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: ) Description: Event-ID 3002 Error: (04/04/2021 01:15:56 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: ) Description: Event-ID 2002 Error: (04/04/2021 01:15:56 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: ) Description: Event-ID 2003 System errors: ============= Error: (04/05/2021 01:41:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (04/05/2021 12:57:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (04/04/2021 10:32:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (04/04/2021 10:27:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E3LPO85) Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout. Error: (04/04/2021 07:26:31 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (04/04/2021 02:14:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Error: (04/04/2021 01:46:12 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (04/04/2021 12:51:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: WLAN Extensibility Module has failed to start. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error Code: 126 Windows Defender: ================ Date: 2021-04-04 13:36:47 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Ymacco.AAA5&threatid=274880&enterprise=0 Name: Program:Win32/Ymacco.AAA5 Schweregrad: Niedrig Kategorie: Potenziell unerwünschte Software Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\eav_nt32.exe Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Echtzeitschutz Benutzer: Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0 Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5 Date: 2021-04-04 13:32:46 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0 Name: Trojan:Win32/Bomitag.C!rfn Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-E3LPO85\Phillip Prozessname: C:\Windows\System32\cmd.exe Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0 Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5 Date: 2021-04-04 13:32:20 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0 Name: Trojan:Win32/Bomitag.C!rfn Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-E3LPO85\Phillip Prozessname: C:\Windows\System32\cmd.exe Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0 Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5 Date: 2021-04-04 13:32:13 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0 Name: Trojan:Win32/Bomitag.C!rfn Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-E3LPO85\Phillip Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0 Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5 Date: 2021-04-04 13:32:03 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0 Name: Trojan:Win32/Bomitag.C!rfn Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-E3LPO85\Phillip Prozessname: C:\Windows\System32\cmd.exe Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0 Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5 CodeIntegrity: =============== Date: 2021-04-04 13:05:45 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-04-04 06:13:33 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: LENOVO 1HCN31WW 06/02/2016 Motherboard: LENOVO Cavalli Processor: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz Percentage of memory in use: 81% Total physical RAM: 1912.2 MB Available physical RAM: 361.68 MB Total Virtual: 4819.22 MB Available Virtual: 683.17 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:57.64 GB) (Free:5.64 GB) NTFS \\?\Volume{2828e363-b8b6-4826-a1ae-d7bc943b6061}\ () (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS \\?\Volume{29f1cd0b-bd27-4372-8d54-aa737819eb4d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 58.2 GB) (Disk ID: 5E390987) Partition: GPT. ==================== End of Addition.txt ======================= |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:46 Uhr. |
Copyright ©2000-2025, Trojaner-Board