Zurück   Trojaner-Board > Web/PC > Alles rund um Windows

Alles rund um Windows: Hijacker und Adware im Browser kehren zurück

Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 - als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows.

Thema geschlossen
Alt 17.06.2020, 02:32   #1
Ambisonte
 
Hijacker und Adware im Browser kehren zurück - Standard

Problem: Hijacker und Adware im Browser kehren zurück



Hallo Leute,

habe folgendes Problem, trotz sicherem Verhalten im Internet, fange ich immer wieder meines erachtens Hijacker und Adware ein.
Zum Surfen im Internet verwende ich eine VM mit Linux Ubuntu, mein Browser ist ein Mozilla Firefox mit Addons uBlock Origin, NoScript und AdBlockplus.
Nur zum Download von diversen Programmen verwende ich keine VM sondern auch den Mozilla Firefox Browser inkl. Addons.
Beim Surfen achte ich auch immer darauf, dass ich nur seriöse Internetseiten mit https und Sicherheitszertifikat (Schloss) besuche, dennoch infiziere ich mich immer wieder mit Adware.
Das komplette System wurde schon mal Platt gemacht (Festplatten formatiert) und dennoch finde ich immer wieder Adware mit dem Adwcleaner und Spybot Search and Destroy.
Nach dem der Adwarecleaner gelaufen ist, läuft das System wieder viel besser, doch leider kehrt diese Adware immer wieder schnell zurück und ich muss die Suche von neu beginnen.

Im Anhang ist die FRST- und AdwCleaner Logdatei vielleicht findet ihr ja etwas Auffälliges, ich bin Laie und hoffe auf euer Verständnis.


MFG Robin


Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build:    05-25-2020
# Database: 2020-06-15.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-17-2020
# Duration: 00:00:03
# OS:       Windows 10 Pro
# Cleaned:  6
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset TCP/IP
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1405 octets] - [04/06/2020 00:28:12]
AdwCleaner[C00].txt - [1633 octets] - [04/06/2020 00:31:39]
AdwCleaner[S01].txt - [1527 octets] - [04/06/2020 21:38:40]
AdwCleaner[S02].txt - [1588 octets] - [05/06/2020 23:17:41]
AdwCleaner[S03].txt - [1649 octets] - [07/06/2020 14:21:58]
AdwCleaner[S04].txt - [1710 octets] - [09/06/2020 12:29:29]
AdwCleaner[S05].txt - [1771 octets] - [12/06/2020 23:17:36]
AdwCleaner[S06].txt - [1832 octets] - [16/06/2020 03:32:16]
AdwCleaner[S07].txt - [1893 octets] - [16/06/2020 16:40:44]
AdwCleaner[C07].txt - [2144 octets] - [16/06/2020 17:08:52]
AdwCleaner[S08].txt - [2771 octets] - [17/06/2020 00:40:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C08].txt ##########
         
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by friiii (administrator) on REVISION-PC (Micro-Star International Co., Ltd. MS-7B98) (17-06-2020 00:56:27)
Running from C:\Users\friiii\Downloads
Loaded Profiles: friiii
Platform: Windows 10 Pro Version 1809 17763.1131 (X64) Language: Englisch (Vereinigte Staaten)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitsum LLC -> Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC -> Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(CYBERGHOST S.A. -> CyberGhost S.A.) C:\Program Files\CyberGhost 7\CyberGhost.Service.exe
(Discord Inc. -> Discord Inc.) C:\Users\friiii\AppData\Local\Discord\app-0.0.306\Discord.exe <6>
(Malwarebytes Inc -> Malwarebytes) C:\Users\friiii\Downloads\adwcleaner_8.0.5.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(ND_Apps -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> Nvidia Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA RTX Voice\NVIDIA RTX Voice.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle Corporation -> Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
(Oracle Corporation -> Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
(Oracle Corporation -> Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
(Oracle Corporation -> Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe <3>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe <5>
(ZOTAC Co.Ltd) [File not signed] C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1093352 2020-03-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [FireStormStartUpAutoRun] => C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe [16500224 2020-02-17] (ZOTAC Co.Ltd) [File not signed]
HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:easeofaccess-highcontrast;windowsdefender;windowsinsider
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\...\Policies\Explorer: [AllowOnlineTips] 0
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [AccentColorMenu] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" /v "AccentColorMenu" /t REG_DWORD /f /d 1184274 <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [StartColorMenu] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" /v "StartColorMenu" /t REG_DWORD /f /d 1184274 <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [AppsUseLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 0 <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [SystemUsesLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [GlobalUserDisabled] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /f /d 1 <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [HttpAcceptLanguageOptOut] => REG ADD "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /f /d 1 <==== ATTENTION
HKU\S-1-5-19\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-19\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-19\Software\Policies\...\system: [PublishUserActivities] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\...\RunOnce: [AccentColorMenu] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" /v "AccentColorMenu" /t REG_DWORD /f /d 1184274 <==== ATTENTION
HKU\S-1-5-20\...\RunOnce: [StartColorMenu] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" /v "StartColorMenu" /t REG_DWORD /f /d 1184274 <==== ATTENTION
HKU\S-1-5-20\...\RunOnce: [AppsUseLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 0 <==== ATTENTION
HKU\S-1-5-20\...\RunOnce: [SystemUsesLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 <==== ATTENTION
HKU\S-1-5-20\...\RunOnce: [GlobalUserDisabled] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /f /d 1 <==== ATTENTION
HKU\S-1-5-20\...\RunOnce: [HttpAcceptLanguageOptOut] => REG ADD "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /f /d 1 <==== ATTENTION
HKU\S-1-5-20\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-20\Software\Policies\...\system: [PublishUserActivities] 0
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 7\CyberGhost.exe [1025232 2020-05-13] (CYBERGHOST S.A. -> CyberGhost S.A.)
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32268176 2020-06-16] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [29072568 2020-05-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Run: [Discord] => C:\Users\friiii\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3375904 2020-06-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\Software\Policies\...\system: [PublishUserActivities] 0
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\RunOnce: [AccentColorMenu] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" /v "AccentColorMenu" /t REG_DWORD /f /d 1184274 <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [StartColorMenu] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent" /v "StartColorMenu" /t REG_DWORD /f /d 1184274 <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [AppsUseLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 0 <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SystemUsesLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [GlobalUserDisabled] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /f /d 1 <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [HttpAcceptLanguageOptOut] => REG ADD "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /f /d 1 <==== ATTENTION
HKU\S-1-5-18\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\Software\Policies\...\system: [PublishUserActivities] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\...\Print\Monitors\HP B011 Status Monitor: C:\Windows\system32\hpinkstsB011LM.dll [331664 2012-06-13] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3520 series): C:\Windows\system32\HPDiscoPMB011.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-3074304126-621362620-1679941483-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A30B0A1-3FB8-4A9D-A20D-EB49B618C2A0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1E59DF96-3A1F-4B39-A806-BEA2439027B7} - System32\Tasks\Empty Standby Memory => C:\Empty Standby Memory\EmptyStandbyList.exe [139424 2020-05-28] (Wen Jia Liu -> )
Task: {257B4D01-49E5-4F1D-89D3-C87988FAEAC8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {322D9171-0D47-4AFF-AE29-123691AEFD3F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-27] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {4635AD17-2FC0-4315-8778-E74FDBEDE351} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [1185176 2020-06-01] (Bitsum LLC -> Bitsum LLC)
Task: {4C7599F7-FDB3-4AAB-B9CD-9A5B89511A2D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4DCCD26D-A057-43C9-A713-8373B91F65BA} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [1655192 2020-06-01] (Bitsum LLC -> Bitsum LLC)
Task: {575AD202-7B0C-4270-B6A3-578420ED6847} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5E765B0F-113F-425C-8851-EE5D0D3D96D9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {66327FCC-2281-4419-A409-BDF0B20DB9EE} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7DB3D152-920A-4EAC-BC4D-2A29B2F86204} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24690360 2020-05-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {91872AA9-F17D-4679-929D-D7C578BFF11F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-27] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {92D80DA3-3F92-44C5-80C1-5A97B791812A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A25D39CD-0605-48F8-ACAE-5AF77EBE0C64} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3293168 2020-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AB260384-9C83-4AB0-9301-AE5D6408CB42} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Auffrischen der Anti-Beacon-Immunisierung => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [8790696 2019-12-18] (Safer-Networking Ltd. -> )
Task: {BB57FA78-DA8B-429C-A623-D7DD5C73072F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BE6C8713-926B-4F68-BDB8-A30DF18F1810} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C147C77C-5243-45E4-8FFC-5F45131F6F03} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C86010CE-D907-4215-9FF6-D4C45930AE19} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {D6028920-780F-473D-BD38-B4D52C1826F5} - System32\Tasks\RTXVoice_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA RTX Voice\NVIDIA RTX Voice.exe [5133296 2020-04-08] (NVIDIA Corporation -> Nvidia Corporation)
Task: {EAB89A59-85B6-43B9-8557-BB7E1AD275F8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F9D793DC-44A2-4F74-862B-A8215853D813} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2571704 2020-02-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{22a32e2d-39ee-4f7f-af69-71b61e638d8e}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7238f712-55e7-4673-a42a-fb3fb4035195}: [DhcpNameServer] 10.101.0.243

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://duckduckgo.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://duckduckgo.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://duckduckgo.com/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://duckduckgo.com/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://duckduckgo.com/
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://duckduckgo.com/?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://duckduckgo.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3074304126-621362620-1679941483-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FireFox:
========
FF DefaultProfile: hneuk5c4.default
FF DefaultProfile: fbchyyf1.default
FF ProfilePath: C:\Users\friiii\AppData\Roaming\Waterfox\Profiles\hneuk5c4.default [2020-06-01]
FF ProfilePath: C:\Users\friiii\AppData\Roaming\Waterfox\Profiles\lturqwr3.68-edition-default [2020-06-17]
FF ProfilePath: C:\Users\friiii\AppData\Roaming\Mozilla\Firefox\Profiles\fbchyyf1.default [2020-05-13]
FF ProfilePath: C:\Users\friiii\AppData\Roaming\Mozilla\Firefox\Profiles\dgrkhkab.default-release [2020-06-17]
FF Extension: (HTTPS Everywhere) - C:\Users\friiii\AppData\Roaming\Mozilla\Firefox\Profiles\dgrkhkab.default-release\Extensions\https-everywhere@eff.org.xpi [2020-06-13]
FF Extension: (uBlock Origin) - C:\Users\friiii\AppData\Roaming\Mozilla\Firefox\Profiles\dgrkhkab.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-05-29]
FF Extension: (NoScript) - C:\Users\friiii\AppData\Roaming\Mozilla\Firefox\Profiles\dgrkhkab.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2020-06-03]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\friiii\AppData\Roaming\Mozilla\Firefox\Profiles\dgrkhkab.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-05-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8628736 2020-06-16] (BattlEye Innovations e.K. -> )
R2 CG7Service; C:\Program Files\CyberGhost 7\CyberGhost.Service.exe [87248 2020-05-13] (CYBERGHOST S.A. -> CyberGhost S.A.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-06-16] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [574496 2019-12-13] (ND_Apps -> Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-27] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-27] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-05] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [744968 2020-04-10] (Oracle Corporation -> Oracle Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-02-16] (PassMark Software Pty Ltd -> )
R3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_d7c985d5dd35c00d\e1d68x64.sys [601968 2020-02-06] (Intel(R) INTELND1820 -> Intel Corporation)
R3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [58304 2019-05-22] (ND_QV -> Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\nvlddmkm.sys [23454440 2020-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvrtxvad_WaveExtensible; C:\Windows\system32\drivers\nvrtxvad64v.sys [54504 2020-03-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2020-04-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2020-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [67456 2020-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> Windows (R) Win 7 DDK provider)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 UcmCxUcsiNvppc; C:\Windows\system32\DRIVERS\UcmCxUcsiNvppc.sys [715224 2020-04-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [237824 2020-04-09] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [247224 2020-04-09] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174016 2020-04-09] (Oracle Corporation -> Oracle Corporation)
S3 cpuz149; \??\C:\Windows\temp\cpuz149\cpuz149_x64.sys [X]
S3 cthda; \SystemRoot\system32\drivers\cthda.sys [X]
S3 cthdb; \SystemRoot\system32\DRIVERS\cthdb.sys [X]
U4 dcpsvc; no ImagePath
U4 DiagTrack; no ImagePath
U4 dmwappushsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-17 00:56 - 2020-06-17 00:56 - 000025076 _____ C:\Users\friiii\Downloads\FRST.txt
2020-06-17 00:55 - 2020-06-17 00:56 - 000000000 ___DC C:\FRST
2020-06-17 00:55 - 2020-06-17 00:55 - 002289152 ____C (Farbar) C:\Users\friiii\Downloads\FRST64.exe
2020-06-17 00:55 - 2020-06-17 00:55 - 000000000 ____D C:\Users\friiii\Downloads\FRST-OlderVersion
2020-06-17 00:45 - 2020-06-17 00:45 - 000018018 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-06-17 00:45 - 2020-06-17 00:45 - 000011796 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-06-17 00:45 - 2020-06-17 00:45 - 000008675 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-06-17 00:45 - 2020-06-17 00:45 - 000001209 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-06-17 00:32 - 2020-06-16 17:20 - 000004985 _____ C:\Windows\system32\Drivers\etc\hosts.20200617-003224.backup
2020-06-16 21:20 - 2020-06-16 21:20 - 000000000 ____D C:\Users\friiii\AppData\Local\TslGame
2020-06-16 21:20 - 2020-06-16 21:20 - 000000000 ____D C:\Users\friiii\AppData\Local\BattlEye
2020-06-16 13:37 - 2020-06-16 13:37 - 000000222 _____ C:\Users\friiii\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url
2020-06-16 10:17 - 2020-06-17 00:47 - 000001543 _____ C:\Users\friiii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Delphi Toasts App.lnk
2020-06-16 03:30 - 2020-06-16 03:30 - 000000826 __RSH C:\Users\friiii\ntuser.pol
2020-06-16 01:15 - 2020-06-16 13:37 - 000000000 ____D C:\Users\friiii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-06-16 01:15 - 2020-06-16 01:15 - 000000219 _____ C:\Users\friiii\Desktop\Counter-Strike Global Offensive.url
2020-06-16 00:37 - 2020-06-16 22:52 - 000000000 ____D C:\Program Files (x86)\Steam
2020-06-16 00:37 - 2020-06-16 00:37 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk
2020-06-16 00:37 - 2020-06-16 00:37 - 000001032 _____ C:\ProgramData\Desktop\Steam.lnk
2020-06-16 00:37 - 2020-06-16 00:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-06-15 20:54 - 2020-06-15 20:54 - 000000711 _____ C:\Users\Public\Desktop\Call of Duty Modern Warfare.lnk
2020-06-15 20:54 - 2020-06-15 20:54 - 000000711 _____ C:\ProgramData\Desktop\Call of Duty Modern Warfare.lnk
2020-06-15 20:54 - 2020-06-15 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare
2020-06-15 18:01 - 2020-06-15 18:01 - 000000000 ___DC C:\inetpub
2020-06-15 11:51 - 2020-06-15 11:51 - 000000000 ____D C:\Users\friiii\AppData\Roaming\FiraxisLive
2020-06-15 11:45 - 2020-06-15 11:50 - 000000404 _____ C:\Users\friiii\Desktop\Neues Textdokument (2).txt
2020-06-12 23:21 - 2020-06-12 23:21 - 000003650 _____ C:\Windows\system32\Tasks\RTXVoice_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-12 23:21 - 2020-06-12 23:21 - 000002297 _____ C:\Users\Public\Desktop\NVIDIA RTX Voice.lnk
2020-06-12 23:21 - 2020-06-12 23:21 - 000002297 _____ C:\ProgramData\Desktop\NVIDIA RTX Voice.lnk
2020-06-12 23:21 - 2020-03-12 14:58 - 000177896 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtxaudcap64v.dll
2020-06-12 23:21 - 2020-03-12 14:58 - 000155024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvrtxaudcap32v.dll
2020-06-12 23:21 - 2020-03-12 14:58 - 000054504 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvrtxvad64v.sys
2020-06-12 22:57 - 2020-06-12 22:57 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2020-06-12 01:12 - 2020-06-12 01:12 - 000000000 ____D C:\Users\friiii\AppData\Roaming\CapFrameX
2020-06-12 01:11 - 2020-06-12 14:40 - 000000000 ____D C:\Users\friiii\Documents\CapFrameX
2020-06-12 01:11 - 2020-06-12 01:11 - 000000000 ____D C:\Users\friiii\AppData\Local\CapFrameX
2020-06-12 00:59 - 2020-06-16 23:26 - 000000000 ____D C:\Program Files (x86)\CapFrameX
2020-06-12 00:59 - 2020-06-12 00:59 - 000001758 _____ C:\Users\Public\Desktop\CapFrameX.lnk
2020-06-12 00:59 - 2020-06-12 00:59 - 000001758 _____ C:\ProgramData\Desktop\CapFrameX.lnk
2020-06-12 00:59 - 2020-06-12 00:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CapFrameX
2020-06-12 00:58 - 2020-06-08 23:28 - 067994026 _____ (DevTechProfile) C:\Users\friiii\Downloads\CapFrameX_v1.5.2_Setup.exe
2020-06-12 00:57 - 2020-06-12 00:59 - 095836570 _____ (UNIGINE ) C:\Users\friiii\Downloads\Unigine_Superposition-1.1.exe.part
2020-06-12 00:57 - 2020-06-12 00:57 - 000000000 _____ C:\Users\friiii\Downloads\Unigine_Superposition-1.1.exe
2020-06-12 00:56 - 2020-06-12 00:58 - 067693597 _____ C:\Users\friiii\Downloads\CapFrameX_v1.5.2_Setup.zip
2020-06-12 00:53 - 2020-06-12 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2020-06-12 00:53 - 2020-06-12 00:53 - 000000000 ____D C:\Program Files (x86)\Geeks3D
2020-06-12 00:52 - 2020-06-12 00:52 - 012192665 _____ (Geeks3D ) C:\Users\friiii\Downloads\FurMark_1.21.2.0_Setup.exe
2020-06-12 00:46 - 2020-06-12 00:46 - 000000000 ___DC C:\Program Files\MonitorTest
2020-06-12 00:46 - 2020-06-12 00:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MonitorTest
2020-06-12 00:32 - 2020-06-12 00:46 - 000000000 ____D C:\Users\friiii\AppData\Local\PassMark
2020-06-12 00:32 - 2020-06-12 00:46 - 000000000 ____D C:\ProgramData\Passmark
2020-06-12 00:32 - 2020-06-12 00:39 - 000000000 ___DC C:\Program Files\PerformanceTest
2020-06-12 00:32 - 2020-06-12 00:32 - 000000993 _____ C:\Users\friiii\Desktop\PerformanceTest.lnk
2020-06-12 00:32 - 2020-06-12 00:32 - 000000000 ____D C:\Users\friiii\Documents\PassMark
2020-06-12 00:32 - 2020-06-12 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2020-06-12 00:20 - 2020-06-12 00:20 - 068797320 _____ (Passmark Software ) C:\Users\friiii\Downloads\petst.exe
2020-06-12 00:20 - 2020-06-12 00:20 - 008177704 _____ (PassMark Software ) C:\Users\friiii\Downloads\montest.exe
2020-06-12 00:20 - 2020-06-12 00:20 - 002354456 _____ (PassMark Software ) C:\Users\friiii\Downloads\keytest.exe
2020-06-12 00:19 - 2020-06-12 00:19 - 005836041 _____ (UserBenchmark.com) C:\Users\friiii\Downloads\UserBenchMark.exe
2020-06-11 07:14 - 2020-06-16 01:38 - 000000000 ____D C:\Users\friiii\AppData\Roaming\vlc
2020-06-11 07:14 - 2020-06-11 07:14 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-06-11 07:14 - 2020-06-11 07:14 - 000000916 _____ C:\ProgramData\Desktop\VLC media player.lnk
2020-06-11 07:14 - 2020-06-11 07:14 - 000000000 ___DC C:\Program Files\VideoLAN
2020-06-11 07:14 - 2020-06-11 07:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2020-06-11 07:13 - 2020-06-11 07:13 - 042544720 _____ C:\Users\friiii\Downloads\vlc-3.0.10-win64.exe
2020-06-11 06:04 - 2020-06-11 06:04 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-11 06:04 - 2020-06-11 06:04 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-11 06:04 - 2020-06-11 06:04 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-11 06:04 - 2020-06-11 06:04 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-11 06:04 - 2020-06-11 06:04 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-11 06:04 - 2020-06-11 06:04 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-11 06:04 - 2020-06-11 06:04 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-11 06:04 - 2020-06-11 06:04 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-11 06:04 - 2020-06-11 06:04 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-11 06:04 - 2020-06-11 06:04 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-06-11 06:04 - 2020-06-11 06:04 - 000001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-06-11 06:04 - 2020-06-11 06:04 - 000001485 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-06-11 06:04 - 2020-04-07 18:58 - 002799416 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2020-06-11 06:04 - 2020-04-07 18:58 - 002159592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2020-06-11 06:04 - 2020-04-07 18:58 - 001314792 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2020-06-11 06:04 - 2020-03-27 06:55 - 000170472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2020-06-11 06:04 - 2020-03-27 06:55 - 000146408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2020-06-11 06:04 - 2020-03-18 17:59 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2020-06-11 06:04 - 2020-03-06 11:03 - 000069840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2020-06-11 06:02 - 2020-06-11 06:03 - 122717456 _____ (NVIDIA Corporation New) C:\Users\friiii\Downloads\GeForce_Experience_v3.20.3.63.exe
2020-06-09 23:33 - 2020-06-09 10:10 - 000004985 _____ C:\Windows\system32\Drivers\etc\hosts.20200610-003308.backup
2020-06-09 23:15 - 2020-06-09 23:15 - 000001129 _____ C:\Users\friiii\Desktop\FireStorm.lnk
2020-06-09 23:15 - 2020-06-09 23:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZotacFireStorm
2020-06-09 11:39 - 2020-06-09 11:39 - 010087800 _____ C:\Windows\system32\Drivers\FACEIT2.sys
2020-06-08 23:54 - 2020-06-08 23:58 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2020-06-08 23:54 - 2020-06-08 23:54 - 000000000 ____D C:\Windows\SysWOW64\directx
2020-06-08 23:53 - 2020-06-08 23:53 - 050718256 _____ C:\Users\friiii\Downloads\MSIAfterburnerSetup462.exe
2020-06-08 23:10 - 2015-07-13 10:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys
2020-06-08 23:09 - 2020-06-08 23:09 - 002323432 _____ (Resplendence Software Projects Sp. ) C:\Users\friiii\Downloads\LatencyMon.exe
2020-06-08 23:03 - 2020-06-08 23:03 - 000021232 _____ (Thesycon GmbH) C:\Windows\system32\Drivers\dpclat_driver.sys
2020-06-08 22:36 - 2020-06-09 16:03 - 000000079 _____ C:\Users\friiii\Desktop\Neues Textdokument.txt
2020-06-07 21:08 - 2020-06-07 21:09 - 000000000 ____D C:\Users\friiii\AppData\Local\log
2020-06-07 19:39 - 2020-06-07 19:39 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk
2020-06-07 19:39 - 2020-06-07 19:39 - 000001032 _____ C:\Users\Public\Desktop\TechPowerUp GPU-Z.lnk
2020-06-07 19:39 - 2020-06-07 19:39 - 000001032 _____ C:\ProgramData\Desktop\TechPowerUp GPU-Z.lnk
2020-06-07 19:39 - 2020-06-07 19:39 - 000000000 ____D C:\Program Files (x86)\GPU-Z
2020-06-07 17:03 - 2020-06-07 17:03 - 000000273 _____ C:\Users\friiii\Desktop\Overcooked.url
2020-06-07 17:03 - 2020-06-07 17:03 - 000000000 ____D C:\Users\friiii\AppData\LocalLow\Ghost Town Games
2020-06-07 15:56 - 2020-06-07 15:56 - 000000000 ____D C:\Users\friiii\Documents\Benchmark
2020-06-07 15:47 - 2020-06-07 15:47 - 008052184 _____ (techPowerUp (www.techpowerup.com)) C:\Users\friiii\Downloads\GPU-Z.2.32.0.exe
2020-06-07 15:43 - 2020-06-07 15:43 - 007691872 _____ (Martin Malik - REALiX ) C:\Users\friiii\Downloads\hwi_626.exe
2020-06-07 15:43 - 2020-06-07 15:43 - 000001254 _____ C:\Users\friiii\Desktop\AIDA64 Extreme.lnk
2020-06-07 15:43 - 2020-06-07 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2020-06-07 15:43 - 2020-06-07 15:43 - 000000000 ____D C:\Program Files (x86)\FinalWire
2020-06-07 13:45 - 2020-06-12 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2020-06-07 13:33 - 2020-06-07 13:33 - 028245064 _____ (Audacity Team ) C:\Users\friiii\Downloads\audacity-win-2.4.1.exe
2020-06-06 23:47 - 2020-06-16 02:20 - 000000722 _____ C:\Users\friiii\Desktop\autoexec.cfg
2020-06-06 23:20 - 2020-06-06 23:20 - 000003168 _____ C:\Windows\system32\Tasks\Process Lasso Management Console (GUI)
2020-06-06 23:20 - 2020-06-06 23:20 - 000003158 _____ C:\Windows\system32\Tasks\Process Lasso Core Engine Only
2020-06-06 23:20 - 2020-06-06 23:20 - 000002010 _____ C:\Users\Public\Desktop\Process Lasso.lnk
2020-06-06 23:20 - 2020-06-06 23:20 - 000002010 _____ C:\ProgramData\Desktop\Process Lasso.lnk
2020-06-06 23:20 - 2020-06-06 23:20 - 000000000 ___DC C:\Program Files\Process Lasso
2020-06-06 23:20 - 2020-06-06 23:20 - 000000000 ____D C:\Users\friiii\AppData\Roaming\ProcessLasso
2020-06-06 23:20 - 2020-06-06 23:20 - 000000000 ____D C:\ProgramData\ProcessLasso
2020-06-06 23:20 - 2020-06-06 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2020-06-06 23:19 - 2020-06-06 23:20 - 002464912 _____ (Bitsum LLC) C:\Users\friiii\Downloads\processlassosetup64.exe
2020-06-06 21:50 - 2020-06-06 21:50 - 000002238 _____ C:\Users\friiii\Desktop\Discord.lnk
2020-06-06 21:50 - 2020-06-06 21:50 - 000000000 ____D C:\Users\friiii\AppData\Local\Discord
2020-06-06 19:26 - 2020-06-06 19:27 - 000000000 ____D C:\Users\friiii\AppData\Local\WhatsApp
2020-06-06 00:00 - 2020-06-06 00:00 - 000000000 ____D C:\Users\friiii\Documents\ProcAlyzer Dumps
2020-06-05 23:23 - 2020-06-05 23:23 - 000000000 ____D C:\Users\friiii\Pavark
2020-06-05 23:17 - 2020-06-05 23:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2020-06-05 23:17 - 2020-06-05 23:17 - 000000000 ____D C:\Program Files (x86)\Safer-Networking Ltd
2020-06-05 23:16 - 2020-06-05 23:16 - 001573568 _____ C:\Users\friiii\Downloads\SteamSetup.exe
2020-06-04 21:34 - 2020-06-17 00:56 - 000000000 ____D C:\Users\friiii\AppData\Roaming\discord
2020-06-04 21:34 - 2020-06-07 21:24 - 000000000 ____D C:\Users\friiii\AppData\Local\SquirrelTemp
2020-06-04 21:34 - 2020-06-06 21:50 - 000000000 ____D C:\Users\friiii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-06-04 21:13 - 2020-06-16 14:10 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-06-04 03:22 - 2019-10-18 22:12 - 000897728 _____ (CoderBag) C:\Users\friiii\Desktop\UnparkCpu.exe
2020-06-04 03:07 - 2019-10-18 22:12 - 000897728 _____ (CoderBag) C:\Users\friiii\Downloads\UnparkCpu.exe
2020-06-04 00:49 - 2020-06-04 00:49 - 010430261 _____ C:\Users\friiii\Downloads\Ping Reduction Pack By Trimors.rar
2020-06-04 00:49 - 2020-06-04 00:49 - 000000000 ____D C:\Users\friiii\AppData\Roaming\WinRAR
2020-06-04 00:49 - 2020-05-07 21:12 - 000000000 ____D C:\Users\friiii\Downloads\Ping Reduction Pack By Trimors
2020-06-04 00:29 - 2020-06-04 00:29 - 000000277 _____ C:\Users\friiii\Downloads\Ping Reduction .reg
2020-06-04 00:29 - 2020-06-04 00:29 - 000000018 _____ C:\Users\friiii\Downloads\Clear DNS.cmd
2020-06-04 00:28 - 2020-06-17 00:45 - 000000000 ___DC C:\AdwCleaner
2020-06-04 00:20 - 2020-06-04 00:20 - 008402608 _____ (Malwarebytes) C:\Users\friiii\Downloads\adwcleaner_8.0.5.exe
2020-06-04 00:14 - 2020-06-16 23:56 - 000001466 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2020-06-04 00:14 - 2020-06-16 23:56 - 000001466 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2020-06-04 00:14 - 2020-06-04 00:14 - 000001478 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2020-06-04 00:14 - 2020-06-04 00:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2020-06-04 00:14 - 2019-06-21 16:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Spybot3ELAM.sys
2020-06-04 00:14 - 2018-02-07 03:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2020-06-03 22:13 - 2020-06-03 22:13 - 000162033 _____ C:\Users\friiii\Documents\Scan0002.pdf
2020-06-03 22:10 - 2020-06-03 22:10 - 000000000 ____D C:\Users\friiii\AppData\LocalLow\Temp
2020-06-03 19:45 - 2020-06-03 19:45 - 000002317 _____ C:\Users\Public\Desktop\HP Deskjet 3520 series.lnk
2020-06-03 19:45 - 2020-06-03 19:45 - 000002317 _____ C:\ProgramData\Desktop\HP Deskjet 3520 series.lnk
2020-06-03 19:45 - 2020-06-03 19:45 - 000001250 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Deskjet 3520 series.lnk
2020-06-03 19:45 - 2020-06-03 19:45 - 000001250 _____ C:\ProgramData\Desktop\Shop für Zubehör - HP Deskjet 3520 series.lnk
2020-06-03 19:45 - 2020-06-03 19:45 - 000000057 _____ C:\ProgramData\Ament.ini
2020-06-03 19:45 - 2020-06-03 19:45 - 000000000 ___DC C:\Program Files\HP
2020-06-03 19:45 - 2020-06-03 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2020-06-03 19:45 - 2020-06-03 19:45 - 000000000 ____D C:\ProgramData\HP
2020-06-03 19:45 - 2020-06-03 19:45 - 000000000 ____D C:\Program Files (x86)\HP
2020-06-03 19:45 - 2020-03-23 16:38 - 002865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-06-03 19:45 - 2012-10-17 12:31 - 000741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMB011.dll
2020-06-03 19:43 - 2020-06-03 19:51 - 000000000 ____D C:\Users\friiii\AppData\Local\HP
2020-06-03 19:29 - 2020-06-03 19:29 - 070332736 _____ C:\Users\friiii\Downloads\DJ3520_1315-1.exe
2020-06-03 00:34 - 2020-06-03 19:52 - 000000132 _____ C:\Windows\wininit.ini
2020-06-02 13:22 - 2020-06-02 13:22 - 000010439 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-06-01 23:58 - 2020-06-15 11:41 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-06-01 23:58 - 2020-06-01 23:58 - 000002882 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-06-01 23:58 - 2020-06-01 23:58 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-06-01 23:58 - 2020-06-01 23:58 - 000000865 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-06-01 23:58 - 2020-06-01 23:58 - 000000000 ___DC C:\Program Files\CCleaner
2020-06-01 23:58 - 2020-06-01 23:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-06-01 23:57 - 2020-06-01 23:57 - 025859024 _____ (Piriform Software Ltd) C:\Users\friiii\Downloads\ccsetup567.exe
2020-06-01 21:12 - 2020-06-01 21:35 - 000000000 ____D C:\Users\friiii\AppData\Local\Safer-Networking Ltd
2020-06-01 21:12 - 2020-06-01 21:12 - 011784760 _____ (Safer-Networking Ltd. ) C:\Users\friiii\Downloads\SpybotAntiBeacon-3.5-setup.exe
2020-06-01 21:12 - 2020-06-01 21:12 - 000000000 ____D C:\Windows\system32\Tasks\WPD
2020-06-01 21:07 - 2020-06-17 00:47 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-06-01 21:07 - 2020-06-04 00:14 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-06-01 21:07 - 2020-06-01 21:12 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2020-06-01 21:07 - 2020-06-01 21:07 - 000000000 ____D C:\Users\friiii\AppData\Roaming\Waterfox
2020-06-01 21:07 - 2020-06-01 21:07 - 000000000 ____D C:\Users\friiii\AppData\Local\Waterfox
2020-06-01 21:07 - 2020-06-01 21:07 - 000000000 ____D C:\ProgramData\Waterfox
2020-06-01 21:06 - 2020-06-01 21:06 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\friiii\Downloads\spybotsd-2.8.68.0.exe
2020-06-01 20:35 - 2020-06-01 20:35 - 000000058 _____ C:\Users\friiii\Desktop\scan.txt
2020-06-01 20:32 - 2015-08-24 15:37 - 000081920 _____ (Tebjan Halm) C:\Users\friiii\Desktop\TimerTool.exe
2020-06-01 20:24 - 2020-06-09 23:15 - 000000000 ____D C:\Program Files (x86)\ZotacFireStorm
2020-06-01 20:09 - 2020-06-01 20:09 - 000000000 ____D C:\Windows\pss
2020-06-01 19:53 - 2020-06-01 19:53 - 000000000 ____D C:\Users\friiii\AppData\Local\www.coderbag.com
2020-05-29 23:21 - 2020-03-12 12:08 - 007308368 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2020-05-29 23:21 - 2020-03-12 12:08 - 005831392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPOU64.dll
2020-05-29 23:21 - 2020-03-12 12:08 - 001145464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtCOM64.dll
2020-05-29 23:21 - 2020-03-12 12:08 - 001093352 _____ (Realtek Semiconductor) C:\Windows\system32\RtkAudUService64.exe
2020-05-29 23:21 - 2020-03-12 12:08 - 000844888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64U.dll
2020-05-29 23:21 - 2020-03-12 12:08 - 000495288 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2020-05-29 23:21 - 2020-03-12 12:08 - 000224272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2020-05-29 23:21 - 2020-03-12 08:58 - 038837969 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2020-05-29 23:14 - 2020-05-29 23:14 - 000000000 ____D C:\Program Files (x86)\Realtek
2020-05-29 23:14 - 2019-12-19 23:07 - 002877104 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2020-05-29 21:55 - 2020-05-29 21:55 - 000000078 ___RH C:\Windows\ctfile.rfc
2020-05-29 21:22 - 2020-05-29 21:30 - 000000000 ____D C:\ProgramData\Creative
2020-05-29 21:22 - 2012-11-27 00:52 - 000005783 ____N C:\Windows\system32\CTOPT352.cat
2020-05-29 21:22 - 2012-08-13 22:51 - 000183808 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT352.dll
2020-05-29 21:22 - 2010-10-04 23:20 - 000088576 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT399.dll
2020-05-29 21:22 - 2010-10-03 22:54 - 000005594 ____N C:\Windows\system32\CTOPT399.cat
2020-05-29 21:22 - 2008-12-23 04:13 - 000049664 ____N (Creative Technology Ltd) C:\Windows\system32\CTChkAud.dll
2020-05-29 21:22 - 2006-12-05 21:53 - 000042496 ____N (Creative Technology Ltd.) C:\Windows\system32\AddCat.exe
2020-05-29 21:22 - 2006-10-06 21:17 - 000053248 ____N (Creative Technology Ltd ) C:\Windows\Ctregrun.exe
2020-05-29 21:22 - 2003-06-13 07:25 - 000007062 _____ C:\Windows\SysWOW64\audiopid.vxd
2020-05-29 21:22 - 2000-05-22 23:58 - 000647872 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Mscomct2.ocx
2020-05-29 21:21 - 2020-05-29 21:55 - 000000000 ____D C:\Program Files (x86)\Creative
2020-05-29 21:21 - 2020-05-29 21:21 - 000000000 ____D C:\Users\Public\Creative
2020-05-29 21:21 - 2012-08-17 02:42 - 000004888 _____ C:\Windows\cthdaGER.reg
2020-05-29 08:47 - 2020-06-15 11:50 - 000000000 ____D C:\Users\friiii\AppData\Roaming\2K
2020-05-29 04:01 - 2020-05-29 04:01 - 000000000 ____D C:\Users\friiii\AppData\Roaming\NVIDIA
2020-05-29 02:23 - 2020-05-29 02:23 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2020-05-29 02:22 - 2020-05-18 21:44 - 001729232 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-05-29 02:22 - 2020-05-18 21:44 - 001729232 _____ C:\Windows\system32\vulkaninfo.exe
2020-05-29 02:22 - 2020-05-18 21:44 - 001329360 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-05-29 02:22 - 2020-05-18 21:44 - 001329360 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-05-29 02:22 - 2020-05-18 21:44 - 001079000 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-05-29 02:22 - 2020-05-18 21:44 - 001079000 _____ C:\Windows\system32\vulkan-1.dll
2020-05-29 02:22 - 2020-05-18 21:44 - 000937680 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-05-29 02:22 - 2020-05-18 21:44 - 000937680 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-05-29 02:22 - 2020-05-18 21:44 - 000451480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-05-29 02:22 - 2020-05-18 21:44 - 000348048 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-05-29 02:22 - 2020-05-18 21:41 - 011944864 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2020-05-29 02:22 - 2020-05-18 21:41 - 010286480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2020-05-29 02:22 - 2020-05-18 21:40 - 001005968 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2020-05-29 02:22 - 2020-05-18 21:40 - 000816872 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2020-05-29 02:22 - 2020-05-18 21:40 - 000676240 _____ C:\Windows\system32\nvofapi64.dll
2020-05-29 02:22 - 2020-05-18 21:40 - 000543136 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-05-29 02:22 - 2020-05-18 21:39 - 002073008 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-05-29 02:22 - 2020-05-18 21:39 - 001566104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-05-29 02:22 - 2020-05-18 21:39 - 001482144 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-05-29 02:22 - 2020-05-18 21:39 - 001350576 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2020-05-29 02:22 - 2020-05-18 21:39 - 001142008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-05-29 02:22 - 2020-05-18 21:39 - 001048488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2020-05-29 02:22 - 2020-05-18 21:39 - 000680864 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-05-29 02:22 - 2020-05-18 21:39 - 000561400 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2020-05-29 02:22 - 2020-05-18 21:39 - 000546728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-05-29 02:22 - 2020-05-18 21:38 - 005856664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-05-29 02:22 - 2020-05-18 21:38 - 000811256 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-05-29 02:22 - 2020-05-18 21:38 - 000655080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-05-29 02:22 - 2020-05-18 21:38 - 000444816 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2020-05-29 02:22 - 2020-05-18 21:37 - 017600240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-05-29 02:22 - 2020-05-18 21:37 - 015157992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-05-29 02:22 - 2020-05-18 21:37 - 005590248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2020-05-29 02:22 - 2020-05-18 21:37 - 005159312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-05-29 02:22 - 2020-05-18 21:37 - 000849824 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2020-05-29 02:22 - 2020-05-18 21:36 - 004928256 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-05-29 02:22 - 2020-05-18 21:36 - 004195672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-05-29 02:22 - 2020-05-16 08:07 - 000106838 _____ C:\Windows\system32\nvidia-smi.1.pdf
2020-05-29 02:22 - 2020-05-16 08:07 - 000077294 _____ C:\Windows\system32\nvinfo.pb
2020-05-28 05:36 - 2020-05-28 05:36 - 068120744 _____ (Riot Games, Inc.) C:\Users\friiii\Downloads\Install VALORANT.exe
2020-05-28 02:55 - 2020-06-12 23:03 - 000000000 ____D C:\Users\friiii\AppData\Local\somemorebytes
2020-05-28 01:49 - 2020-05-28 01:49 - 000306928 _____ (Thesycon GmbH) C:\Users\friiii\Downloads\dpclat.exe
2020-05-28 01:03 - 2020-06-12 15:52 - 000003226 _____ C:\Windows\system32\Tasks\Empty Standby Memory
2020-05-28 00:58 - 2020-05-28 00:58 - 000000000 ___DC C:\Empty Standby Memory
2020-05-27 22:03 - 2020-05-27 22:05 - 560938496 _____ (NVIDIA Corporation) C:\Users\friiii\Downloads\446.14-desktop-win10-64bit-international-dch-whql.exe
2020-05-25 01:41 - 2020-06-11 16:58 - 000000000 ___SH C:\Users\Public\Shared Files
2020-05-25 01:34 - 2020-05-25 01:34 - 000000000 ____D C:\Users\friiii\AppData\Local\FortniteGame
2020-05-24 20:59 - 2020-06-11 07:02 - 000000000 ____D C:\Users\friiii\AppData\Local\2K
2020-05-24 20:59 - 2020-05-24 20:59 - 000000000 ____D C:\Users\friiii\Documents\My Games
2020-05-24 20:42 - 2020-05-24 20:42 - 000000298 _____ C:\Users\friiii\Desktop\Sid Meier's Civilization VI.url
2020-05-24 20:13 - 2020-05-24 20:13 - 000000309 _____ C:\Users\friiii\Desktop\Fortnite.url
2020-05-22 23:52 - 2020-05-22 23:52 - 000001299 _____ C:\Users\friiii\Desktop\TeamSpeak 3 Client.lnk
2020-05-22 23:52 - 2020-05-22 23:52 - 000001257 _____ C:\Users\friiii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2020-05-22 19:06 - 2020-05-22 19:06 - 1358495744 _____ C:\Users\friiii\Downloads\AmendOS_3.0_Ready_x64.iso
2020-05-21 07:59 - 2020-05-21 07:59 - 000000000 ____D C:\Users\friiii\Downloads\ZOTACGAMING-FireStorm
2020-05-20 06:53 - 2020-05-25 01:34 - 000000000 ____D C:\Users\friiii\AppData\Roaming\EasyAntiCheat
2020-05-20 06:53 - 2020-05-20 06:53 - 000000000 ____D C:\Users\friiii\AppData\Local\SquadGame
2020-05-18 16:42 - 2020-05-18 17:03 - 000000000 ____D C:\Users\friiii\Documents\Rockstar Games
2020-05-18 16:42 - 2020-05-18 17:03 - 000000000 ____D C:\Users\friiii\AppData\Local\Rockstar Games
2020-05-18 16:27 - 2020-06-07 16:17 - 000000000 ____D C:\Program Files\Rockstar Games
2020-05-18 16:27 - 2020-06-07 16:17 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-05-18 16:27 - 2020-05-18 16:27 - 000000000 ____D C:\ProgramData\Rockstar Games

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-17 00:54 - 2020-05-13 02:23 - 000000000 ____D C:\Users\friiii\AppData\LocalLow\Mozilla
2020-06-17 00:52 - 2020-05-13 05:33 - 000698668 _____ C:\Windows\system32\perfh007.dat
2020-06-17 00:52 - 2020-05-13 05:33 - 000145686 _____ C:\Windows\system32\perfc007.dat
2020-06-17 00:52 - 2020-05-13 01:43 - 001626856 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-17 00:52 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-06-17 00:48 - 2020-05-13 03:14 - 000000000 ____D C:\ProgramData\NVIDIA
2020-06-17 00:48 - 2020-05-13 02:29 - 000000000 ____D C:\Users\friiii\.VirtualBox
2020-06-17 00:48 - 2020-05-13 02:29 - 000000000 ____D C:\ProgramData\VirtualBox
2020-06-17 00:46 - 2020-05-13 01:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-17 00:45 - 2018-09-15 07:09 - 000131072 _____ C:\Windows\system32\config\BBI
2020-06-16 21:20 - 2020-05-13 05:25 - 000000000 ____D C:\Users\friiii\AppData\Local\UnrealEngine
2020-06-16 21:20 - 2020-05-13 03:14 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-16 17:07 - 2020-05-17 20:54 - 000000000 ____D C:\Users\friiii\AppData\Local\Battle.net
2020-06-16 11:16 - 2020-05-13 03:25 - 000000000 ____D C:\Users\friiii\AppData\Local\D3DSCache
2020-06-16 03:30 - 2020-05-13 01:39 - 000000000 ____D C:\Users\friiii
2020-06-16 00:37 - 2020-05-13 01:37 - 000223072 _____ C:\Windows\system32\FNTCACHE.DAT
2020-06-16 00:34 - 2018-09-15 08:33 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-06-16 00:25 - 2020-05-13 01:37 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-06-15 23:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2020-06-15 23:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\inetsrv
2020-06-15 20:43 - 2020-05-17 20:50 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-06-15 18:06 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp
2020-06-13 02:36 - 2020-05-13 02:27 - 000000000 ____D C:\Users\friiii\AppData\Local\CyberGhost
2020-06-12 23:21 - 2020-05-16 19:13 - 000000000 ____D C:\temp
2020-06-12 23:21 - 2020-05-13 03:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-06-12 23:20 - 2020-05-13 03:14 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-06-11 11:25 - 2020-05-13 03:15 - 000000000 ____D C:\Users\friiii\AppData\Local\NVIDIA Corporation
2020-06-11 06:04 - 2020-05-13 03:15 - 000000000 ____D C:\Users\friiii\AppData\Local\NVIDIA
2020-06-11 06:04 - 2020-05-13 03:14 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-06-10 12:22 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-10 12:22 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-06-09 23:52 - 2020-05-13 01:39 - 000000000 ____D C:\Users\friiii\AppData\Local\Packages
2020-06-09 21:34 - 2020-05-13 05:23 - 000000000 ____D C:\Users\friiii\AppData\Local\PlaceholderTileLogoFolder
2020-06-09 21:30 - 2020-05-13 02:33 - 000000000 ____D C:\ProgramData\Packages
2020-06-08 02:31 - 2020-05-13 05:42 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2020-06-08 02:31 - 2020-05-13 05:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-06-07 15:44 - 2020-05-13 21:25 - 000000000 ____D C:\Program Files\HWiNFO64
2020-06-07 15:43 - 2020-05-13 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2020-06-07 13:42 - 2020-03-26 16:33 - 000000000 ____D C:\Windows\Panther
2020-06-06 23:39 - 2020-05-13 21:31 - 000000000 ____D C:\Users\friiii\AppData\Roaming\MAXON
2020-06-06 23:21 - 2020-05-14 08:19 - 000000000 ____D C:\Users\friiii\Downloads\Benchmark
2020-06-05 23:17 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-06-04 22:47 - 2020-05-13 02:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-04 21:34 - 2020-05-13 02:23 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-02 12:35 - 2020-05-13 02:16 - 000000000 ____D C:\Users\friiii\AppData\Local\ElevatedDiagnostics
2020-05-29 23:22 - 2020-05-13 05:45 - 000000000 ___HD C:\Program Files (x86)\Temp
2020-05-29 23:21 - 2020-05-13 05:45 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-05-25 01:41 - 2018-09-15 08:33 - 000000000 __SHD C:\Users\Public\Libraries
2020-05-22 23:52 - 2020-05-16 19:26 - 000000000 ____D C:\Users\friiii\AppData\Local\TeamSpeak 3 Client
2020-05-22 20:35 - 2020-05-17 03:28 - 000000000 ____D C:\Program Files\Epic Games
2020-05-22 19:04 - 2020-05-13 02:31 - 000000000 ____D C:\Users\friiii\VirtualBox VMs
2020-05-21 08:35 - 2020-05-14 08:18 - 000000000 ____D C:\Users\friiii\Documents\Ubuntu
2020-05-20 06:53 - 2020-05-17 03:35 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
// info: Rootkit removal help file
// copyright: (c) 2008-2020 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Users\Public\Shared Files:VersionCache:$DATA"
File:"Unknown ADS","C:\Users\friiii\Application Data:00e481b5e22dbe1f649fcddd505d3eb7:$DATA"
File:"Unknown ADS","C:\Users\friiii\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7:$DATA"
File:"Unknown ADS","C:\Users\friiii\AppData\Local\Microsoft\Feeds:KnownSources:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64:{4A705BBE-C39C-4059-9658-2F0F8F0A4F12}:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64:{B6B3D3B5-E6DA-4ac3-B20B-7AD145E0AF58}:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\","Epic Games"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\","com.epicgames.launcher"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\","com.epicgames.launcher"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\","DefaultIcon"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\","shell"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\shell\","open"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\WOW6432Node\com.epicgames.launcher\shell\open\","command"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\","DefaultIcon"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\","shell"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\shell\","open"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\com.epicgames.launcher\shell\open\","command"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\","Provider"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\","CBP"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\","DPA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\","SecurityApp"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\","WebProtection"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs\","DuState"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\EpicGames\Unreal Engine\","4.0"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Epic Games\","EpicGamesLauncher"
         

Geändert von Ambisonte (17.06.2020 um 03:12 Uhr) Grund: Logdatei anfügen

Alt 17.06.2020, 13:53   #2
M-K-D-B
/// TB-Ausbilder
 
Hijacker und Adware im Browser kehren zurück - Standard

Hijacker und Adware im Browser kehren zurück Anleitung / Hilfe







Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.



Bitte beachten - Unsere Regeln bei der Bereinigung - Welche Informationen wir benötigen:
Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?





Es fehlt noch die Logdatei Addition.txt von FRST, bitte nachreichen.
__________________

__________________

Alt 17.06.2020, 15:48   #3
Ambisonte
 
Hijacker und Adware im Browser kehren zurück - Standard

Hijacker und Adware im Browser kehren zurück Details



ich hoffe das ist die Richtige =)

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by friiii (17-06-2020 02:06:09)
Running from C:\Users\friiii\Downloads
Windows 10 Pro Version 1809 17763.1131 (X64) (2020-05-13 00:38:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3074304126-621362620-1679941483-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3074304126-621362620-1679941483-503 - Limited - Disabled)
friiii (S-1-5-21-3074304126-621362620-1679941483-1001 - Administrator - Enabled) => C:\Users\friiii
Guest (S-1-5-21-3074304126-621362620-1679941483-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3074304126-621362620-1679941483-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AIDA64 Extreme v6.25 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.25 - FinalWire Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version:  - Blizzard Entertainment)
CapFrameX Capture and Analysis Tool (HKLM-x32\...\{5f67a676-c19e-40c8-9f01-c38f79feeca3}) (Version: 1.5.2.1 - DevTechProfile)
CapFrameX Capture and Analysis Tool 1.5.2.1 (HKLM\...\{778D229F-1061-45B0-BFA3-EDD63DEA71B8}) (Version: 1.5.2.1 - DevTechProfile) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.67 - Piriform)
CPUID CPU-Z 1.92 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.92 - CPUID, Inc.)
CrystalDiskInfo 8.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.5.2 - Crystal Dew World)
CrystalDiskMark 7.0.0h (HKLM\...\CrystalDiskMark7_is1) (Version: 7.0.0h - Crystal Dew World)
CyberGhost 7 (HKLM\...\CyberGhost 7) (Version: 7.3.13.5607 - CyberGhost S.A.)
Discord (HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FireStorm version 3.0.0.013 (HKLM-x32\...\FireStorm_is1) (Version: 3.0.0.013 - )
Geeks3D FurMark 1.21.2.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.21.2.0 - Geeks3D)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HWiNFO64 Version 6.26 (HKLM\...\HWiNFO64_is1) (Version: 6.26 - Martin Malik - REALiX)
Intel(R) Network Connections 25.0.0.0 (HKLM\...\PROSetDX) (Version: 25.0.0.0 - Intel)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c4a581e8-a702-448c-80c7-4b6192985db2}) (Version: 10.1.18228.8176 - Intel(R) Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
MonitorTest V4.0 (HKLM\...\{53A1ED80-2BB9-4D69-91CC-4C5E5E6A90E1}_is1) (Version: 4.0 - PassMark Software)
Mozilla Firefox 77.0.1 (x64 de) (HKLM\...\Mozilla Firefox 77.0.1 (x64 de)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 76.0.1 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.3.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 - NVIDIA Corporation)
NVIDIA Grafiktreiber 446.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 446.14 - NVIDIA Corporation)
NVIDIA NVIDIA RTX Voice Driver 1.0.0.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_RTXVoice.Driver) (Version: 1.0.0.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA RTX Voice Application (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_RTXVoice) (Version: 0.5.12.6 - NVIDIA Corporation)
Oracle VM VirtualBox 6.1.6 (HKLM\...\{AD08C64C-9815-4E90-9C78-8B7DC20E5001}) (Version: 6.1.6 - Oracle Corporation)
PerformanceTest v10.0 (HKLM\...\PerformanceTest 10_is1) (Version: 10.0.1006.0 - Passmark Software)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.8.0.54 - Bitsum)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8911.1 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.1.0.170 - Samsung Electronics)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.5 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version:  - TechPowerUp)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)

Packages:
=========
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2020-05-27] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.215.0_x64__dt26b99r8h8gj [2020-05-13] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [2020-06-09] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\nvshext.dll [2020-05-18] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-06-12 23:21 - 2019-12-12 00:27 - 074850816 _____ (NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NVIDIA RTX Voice\cublas64_10.dll
2020-06-12 23:21 - 2019-12-12 00:27 - 036055552 _____ (NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NVIDIA RTX Voice\cublasLt64_10.dll
2020-06-12 23:21 - 2020-03-31 06:58 - 422046720 _____ (NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NVIDIA RTX Voice\cudnn64_7.dll
2020-06-12 23:21 - 2019-12-11 23:17 - 115644416 _____ (NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NVIDIA RTX Voice\cufft64_10.dll
2020-06-01 20:24 - 2012-03-15 06:13 - 001177600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ZotacFireStorm\LIBEAY32.dll
2020-06-12 23:21 - 2019-12-12 00:28 - 003407360 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\NVIDIA Corporation\NVIDIA RTX Voice\libcrypto-1_1-x64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\friiii\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\friiii\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.

IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2020-06-17 00:47 - 000005033 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0	analytics.ff.avast.com
0.0.0.0	analytics.ns1.ff.avast.com
0.0.0.0	v7event.stats.avcdn.net
0.0.0.0	v7.stats.avcdn.net
0.0.0.0	flow.lavasoft.com
0.0.0.0	telemetry.malwarebytes.com
0.0.0.0	ws.mcafee.com
0.0.0.0	analytics.ccs.mcafee.com
0.0.0.0	analyticsdcs.ccs.mcafee.com
0.0.0.0	carcharodon.trendmicro.com
0.0.0.0	a.ads1.msn.com
0.0.0.0	a.ads2.msads.net
0.0.0.0	a.ads2.msn.com
0.0.0.0	a.rad.msn.com
0.0.0.0	a-0001.a-msedge.net
0.0.0.0	a-0002.a-msedge.net
0.0.0.0	a-0003.a-msedge.net
0.0.0.0	a-0004.a-msedge.net
0.0.0.0	a-0005.a-msedge.net
0.0.0.0	a-0006.a-msedge.net
0.0.0.0	a-0007.a-msedge.net
0.0.0.0	a-0008.a-msedge.net
0.0.0.0	a-0009.a-msedge.net
0.0.0.0	ac3.msn.com
0.0.0.0	ad.doubleclick.net
0.0.0.0	adnexus.net
0.0.0.0	adnxs.com
0.0.0.0	ads.msn.com
0.0.0.0	ads1.msads.net
0.0.0.0	ads1.msn.com

There are 93 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3074304126-621362620-1679941483-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: RasMan => 2
MSCONFIG\Services: Rockstar Service => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: WManSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3074304126-621362620-1679941483-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{23E60587-8F43-4850-A74A-EEBCEE41ACC3}C:\program files\windowsapps\spotifyab.spotifymusic_1.134.694.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.134.694.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{184916B4-AAA5-4CD9-9A3E-B1F622D0D8B5}C:\program files\windowsapps\spotifyab.spotifymusic_1.134.694.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.134.694.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{42410C24-0F23-486D-AC63-9D70FC612578}C:\program files (x86)\zotacfirestorm\firestorm.exe] => (Block) C:\program files (x86)\zotacfirestorm\firestorm.exe (ZOTAC Co.Ltd) [File not signed]
FirewallRules: [UDP Query User{77BA2BBB-C095-4226-B1A6-B3B9FCF9F07B}C:\program files (x86)\zotacfirestorm\firestorm.exe] => (Block) C:\program files (x86)\zotacfirestorm\firestorm.exe (ZOTAC Co.Ltd) [File not signed]
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

03-06-2020 23:43:28 DirectX wurde installiert
06-06-2020 00:09:16 DirectX wurde installiert
07-06-2020 12:25:05 DirectX wurde installiert
09-06-2020 00:03:22 Removed Quick CPU
11-06-2020 23:21:32 DirectX wurde installiert
14-06-2020 13:48:34 DirectX wurde installiert
15-06-2020 18:01:09 Windows Modules Installer
16-06-2020 21:20:15 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

==================== Faulty Device Manager Devices ============

Name: Hochpräzisionsereigniszeitgeber
Description: Hochpräzisionsereigniszeitgeber
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/17/2020 02:02:08 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/17/2020 12:46:58 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/16/2020 09:20:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/16/2020 07:37:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/16/2020 05:19:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/16/2020 10:53:35 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/16/2020 10:17:24 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x803F7001
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/16/2020 12:37:31 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe


System errors:
=============
Error: (06/17/2020 12:47:01 AM) (Source: DCOM) (EventID: 10016) (User: REVISION-PC)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "REVISION-PC\friiii" (SID: S-1-5-21-3074304126-621362620-1679941483-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 und der APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 im Anwendungscontainer "SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (06/17/2020 12:46:59 AM) (Source: DCOM) (EventID: 10016) (User: REVISION-PC)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "REVISION-PC\friiii" (SID: S-1-5-21-3074304126-621362620-1679941483-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 und der APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (06/17/2020 12:46:55 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "SDWSCService" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist möglicherweise nicht installiert.

Error: (06/17/2020 12:46:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "luafv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (06/17/2020 12:46:37 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden.

Error: (06/17/2020 12:45:41 AM) (Source: DCOM) (EventID: 10010) (User: REVISION-PC)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (06/17/2020 12:45:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/17/2020 12:45:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================

Date: 2020-06-17 00:47:00.373
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-17 00:46:55.307
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-17 00:46:55.304
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-17 00:46:55.300
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-16 17:19:57.258
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-16 17:19:52.188
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-16 17:19:52.185
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-16 17:19:52.183
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1.80 12/25/2019
Motherboard: Micro-Star International Co., Ltd. Z390-A PRO (MS-7B98)
Processor: Intel(R) Core(TM) i7-9700KF CPU @ 3.60GHz
Percentage of memory in use: 51%
Total physical RAM: 16318.47 MB
Available physical RAM: 7871.05 MB
Total Virtual: 24254.47 MB
Available Virtual: 11219.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.29 GB) (Free:31.68 GB) NTFS
Drive d: () (Fixed) (Total:364.23 GB) (Free:65.67 GB) NTFS

\\?\Volume{cf18b498-9699-4784-a848-dcd3d5f342fa}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{d0bb9622-c706-4fb4-9e28-c1106f50d2ac}\ () (Fixed) (Total:0.5 GB) (Free:0.49 GB) FAT32
\\?\Volume{5e984844-04ee-41c1-be5e-eaa216b90275}\ () (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F3F49FD7)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
         
__________________

Geändert von Ambisonte (17.06.2020 um 15:49 Uhr) Grund: Logfile

Alt 17.06.2020, 16:16   #4
M-K-D-B
/// TB-Ausbilder
 
Hijacker und Adware im Browser kehren zurück - Standard

Lösung: Hijacker und Adware im Browser kehren zurück



Servus,



danke für die Logdateien.


Ich sehe in den Logdateien keine Einträge von Malware, auch nicht von Hijacker oder Adware.

Bei den Funden von AdwCleaner handelt es sich um Fehlalarme, hervorgerufen durch die Einträge von Spybot in der Registry.

Warum du Spybot verwendest, ist mir nicht ganz klar. Dieses Programm können wir aufgrund unserer Erfahrungen der letzten Jahre nicht mehr empfehlen.

Zudem scheint dein System beschädigt zu sein, da der Windows Defender nicht im Sicherheitscenter angezeigt wird, es Probleme bei der Lizenzaktivierung gab (illegale Pro Version?) und diverse Windows Dienste nicht funktionieren.

Am gravierensten ist jedoch die Tatsache, dass du mit einer veralteten Version von Windows 10, nämlich Version 1809 unterwegs ist.
Ich weiß ja nicht, wann du dein System "platt" gemacht hast, aber das war dann schon länger her oder du hast es nicht richtig gemacht oder was anderes gemacht.

Wenn du eine saubere Neuinstallation nach unserer Anleitung durchführst (private Daten vorher sichern), hast du anschließend die Neueste Version von Windows 10 (2004) auf dem Rechner ohne irgendwelche unnötige Software. Voraussetzung dafür ist natürlich eine gültige Windows Lizenz für diese Pro Version.

Weitere Tipps für die Zeit nach der sauberen Installation findest du hier:
Maßnahmen zur Absicherung des Rechners

Geändert von M-K-D-B (17.06.2020 um 16:25 Uhr)

Alt 17.06.2020, 16:51   #5
Ambisonte
 
Hijacker und Adware im Browser kehren zurück - Standard

Wie Hijacker und Adware im Browser kehren zurück



Das nennt sich ReviOS das hab ich mal getestet und ja ich habe nen Lizenschlüssel, bin aber noch nicht dazu gekommen diesen zu aktivieren.

Ich Spiele hauptsächlich auf dem PC und verwende daher ReviOS, da man mit diesem OS mehr Performance hat, den Unterschied merkt man in FPS Shootern enorm.

Ich hatte aber selbige Ergebnisse vom ADWCleaner auch mit dem Normalen WIn 10 OS, aber auch dort immer wenn ADW Cleaner dies säubert, läuft der PC nochmal deutlich besser. =) (Ich hab eure Anleitung schon oft verwendet)

[CODE][Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
/CODE]


Alt 17.06.2020, 17:11   #6
M-K-D-B
/// TB-Ausbilder
 
Hijacker und Adware im Browser kehren zurück - Standard

Wo Hijacker und Adware im Browser kehren zurück Lösung!



Fakt ist, dass das System beschädigt ist.

Was zu tun ist, habe ich auch gesagt.

Damit sind wir hier auch durch.
__________________
--> Hijacker und Adware im Browser kehren zurück

Thema geschlossen

Themen zu Hijacker und Adware im Browser kehren zurück
adware, browser, diverse, download, festplatte, festplatten, firefox, folge, hijacker, hijacker und adware im browser kehren zurück, internet, internetseite, leute, linux, logdatei, mozilla, neu, problem, programme, schnell, seite, seiten, spybot, surfen, system, ubuntu



Ähnliche Themen: Hijacker und Adware im Browser kehren zurück


  1. Ausversehen Adware Programm geöffnet, Browser wird durch Adware Browser ersetzt
    Log-Analyse und Auswertung - 21.04.2017 (19)
  2. Browser Hijacker Adware Elex, ändert Suchmaschine, Startseite, etc. in amisites.com
    Log-Analyse und Auswertung - 25.12.2016 (21)
  3. Windows 8.1 - Versteckter Adware Browser-Hijacker öffnet Werbefenster in jedem Browser - PS4UX.com
    Log-Analyse und Auswertung - 12.08.2016 (1)
  4. Bei Mausklick geht es eine Seite zurück (Browser, Systemsteuerung, Mailprogramm,...)
    Alles rund um Windows - 24.04.2016 (1)
  5. Adware/Browser Hijacker: m55.dnsqa.me
    Plagegeister aller Art und deren Bekämpfung - 23.03.2016 (15)
  6. Apple veröffentlicht Updates für Safari-Browser – und zieht sie wieder zurück
    Nachrichten - 04.12.2014 (0)
  7. Hab mir Adware Bettersurf Win32 eingefangen, eine Adware die unerwünschte Werbungen im Browser aufzeigt, siehe Beschreibung
    Log-Analyse und Auswertung - 10.03.2014 (1)
  8. Browser Hijacker?
    Plagegeister aller Art und deren Bekämpfung - 19.11.2013 (17)
  9. Ihr Browser hat gesperrt... (ist leider wieder zurück)
    Plagegeister aller Art und deren Bekämpfung - 09.11.2013 (16)
  10. Trojaner und Malewares kehren immer wieder zurück!
    Log-Analyse und Auswertung - 12.07.2012 (1)
  11. Browser kehrt immer auf Google-Startseite zurück...Hilfe
    Log-Analyse und Auswertung - 03.06.2008 (1)
  12. browser hijacker
    Mülltonne - 09.04.2007 (1)
  13. Adware und/oder Spyware kehrt immer wieder zurück
    Log-Analyse und Auswertung - 29.06.2006 (13)
  14. Adware Findthewebsiteyouneed hijacker
    Log-Analyse und Auswertung - 14.12.2005 (1)
  15. Browser Hijacker
    Log-Analyse und Auswertung - 31.01.2005 (3)
  16. Browser-Hijacker
    Log-Analyse und Auswertung - 11.11.2004 (13)
  17. was ist das?? browser hijacker??
    Log-Analyse und Auswertung - 09.11.2004 (2)

Zum Thema Hijacker und Adware im Browser kehren zurück - Hallo Leute, habe folgendes Problem, trotz sicherem Verhalten im Internet, fange ich immer wieder meines erachtens Hijacker und Adware ein. Zum Surfen im Internet verwende ich eine VM mit Linux - Hijacker und Adware im Browser kehren zurück...
Archiv
Du betrachtest: Hijacker und Adware im Browser kehren zurück auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.