Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   MBAM kann Schädlinge nicht entfernen (https://www.trojaner-board.de/201684-mbam-schaedlinge-entfernen.html)

Ladekabel612 25.04.2021 11:05
MBAM kann Schädlinge nicht entfernen
 
Moin,


MBAM kriegt es nicht auf die reihe, die Schädlinge die er findet, effizent in Quarantäne zu stecken, da die bei nem' neuen Suchlauf direkt wieder als Fund auftauchen. Deshalb auch hier mal die bitte, ob man sich das mal angucken kann. :)

Code:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/25/21
Scan Time: 12:00 PM
Log File: 21ec864e-a5ad-11eb-a107-049226d53ae6.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1251
Update Package Version: 1.0.39793
License: Free

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: DESKTOP-J6EBHR7\Lem0th

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 344275
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 2 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.DefaultSearch, C:\USERS\LEM0TH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40A0SGM9.DEFAULT-RELEASE\PREFS.JS, Replaced, 330, 932426, 1.0.39793, , ame, , FF9AFA7A69FA6B299CA82D79DB1A97CC, C70A3D77B7EABAAE0E940CA738F2BB2AB2AF254C2238CCD1EEC1E4CB75A102B2
PUP.Optional.DefaultSearch, C:\USERS\LEM0TH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40A0SGM9.DEFAULT-RELEASE\PREFS.JS, Replaced, 330, 932427, 1.0.39793, , ame, , FF9AFA7A69FA6B299CA82D79DB1A97CC, C70A3D77B7EABAAE0E940CA738F2BB2AB2AF254C2238CCD1EEC1E4CB75A102B2

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


 (end)

Hier noch der, der davor gemacht wurde:


Code:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/25/21
Scan Time: 11:48 AM
Log File: 6cb30f7e-a5ab-11eb-8d6a-049226d53ae6.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1251
Update Package Version: 1.0.39793
License: Free

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: DESKTOP-J6EBHR7\Lem0th

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 344278
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 2 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.DefaultSearch, C:\USERS\LEM0TH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40A0SGM9.DEFAULT-RELEASE\PREFS.JS, Replaced, 330, 932426, 1.0.39793, , ame, , FF9AFA7A69FA6B299CA82D79DB1A97CC, C70A3D77B7EABAAE0E940CA738F2BB2AB2AF254C2238CCD1EEC1E4CB75A102B2
PUP.Optional.DefaultSearch, C:\USERS\LEM0TH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40A0SGM9.DEFAULT-RELEASE\PREFS.JS, Replaced, 330, 932427, 1.0.39793, , ame, , FF9AFA7A69FA6B299CA82D79DB1A97CC, C70A3D77B7EABAAE0E940CA738F2BB2AB2AF254C2238CCD1EEC1E4CB75A102B2

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

M-K-D-B 25.04.2021 11:10
:hallo:



Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.



Bitte beachte unsere Regeln und Hinweise für Hilfesuchende:

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Nur mit diesen Informationen können wir helfen. Vielen Dank für deine Mitarbeit!

Ladekabel612 25.04.2021 11:20
Teile das auf mehrere Beiträge auf, sowie pack den Log von MBAM von Gestern noch mit dazu, wo er das gleiche gefunden hat.



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Lem0th (administrator) on DESKTOP-J6EBHR7 (25-04-2021 12:15:27)
Running from C:\Users\Lem0th\Desktop
Loaded Profiles: Lem0th
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: German (Germany) -> English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(ASUSTeK Computer Inc. -> ) C:\Windows\System32\AsusUpdateCheck.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
(ASUSTeK Computer Inc. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2>
(ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute SAS -> A-Volute) C:\Users\Lem0th\AppData\Local\NhNotifSys\sonicstudio\asusns.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Discord Inc. -> Discord Inc.) C:\Users\Lem0th\AppData\Local\Discord\app-1.0.9001\Discord.exe <6>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(FS Apps) C:\Program Files\WindowsApps\53621FSApps.FluentTerminal_0.7.5.0_x64__87x1pks76srcp\FluentTerminal.App.exe
(FS Apps) C:\Program Files\WindowsApps\53621FSApps.FluentTerminal_0.7.5.0_x64__87x1pks76srcp\FluentTerminal.SystemTray\FluentTerminal.SystemTray.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(GuinpinSoft inc) [File not signed] C:\Program Files (x86)\MakeMKV\makemkv.exe
(GuinpinSoft inc) [File not signed] C:\Program Files (x86)\MakeMKV\makemkvcon64.exe
(GuinpinSoft inc) [File not signed] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Leawo Software) [File not signed] C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mega Limited -> Mega Limited) C:\Users\Lem0th\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Nextcloud GmbH -> Nextcloud GmbH) C:\Program Files\Nextcloud\nextcloud.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Skutta, Kristjan -> ) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Skutta, Kristjan -> ) E:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [797216 2018-10-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [409760 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [Discord] => C:\Users\Lem0th\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14916448 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [pCloud] => C:\Program Files\pCloud Drive\pCloud.exe
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [Opera GX Browser Assistant] => C:\Users\Lem0th\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [2683712 2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\MountPoints2: {a1609cae-7353-11ea-b112-049226d53ae6} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\MountPoints2: {ac55e859-a32b-11eb-b281-049226d53ae6} - "F:\INSTALL.EXE" id=10000015000018000004 ver=1.0.0.0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\90.0.818.46\Installer\setup.exe [2021-04-23] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.85\Installer\chrmstp.exe [2021-04-20] (Google LLC -> Google LLC)
AppInit_DLLs: prio.dll => No File
Startup: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-03-15]
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe (No File)
Startup: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2021-03-27]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Lem0th\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01664F83-85F1-4DC0-90F2-DF330ABC0B0B} - System32\Tasks\Microsoft\Windows\PLA\CPU Usage => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {025189bb-e04b-4b4f-a102-009d1404148c} - no filepath
Task: {093682DD-DEC7-4FDB-9AC9-A9707AD0A33F} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d729a046d57eec => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {0B047319-D529-4AC2-972B-F7F48C2BED95} - System32\Tasks\ASUS\NoiseCancelingEngine.exe => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1238328 2021-01-21] (ASUSTeK Computer Inc. -> ASUS)
Task: {1007b121-f089-480e-90c7-57a8faa3c84f} - no filepath
Task: {1E34214F-8000-4F00-AC43-F06A53BA0439} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Lem0th\Downloads\ESETOnlineScanner_DEU.exe
Task: {20E8D17D-1AB7-4AF6-B9CF-1619BEF4F290} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {23fbd644-894a-4474-a2b3-26241f331b82} - no filepath
Task: {245d09ce-4e9d-4fa2-8e67-cfb4f6511aac} - no filepath
Task: {28297989-FF1C-438C-BBEB-24797DBAF01D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A88A267-71FD-4683-B199-74D7DB593EDD} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]
Task: {2E05A762-241D-4789-A990-4A651EF0DB3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2EE2AD29-8E21-4B17-B828-6D8DA5832077} - System32\Tasks\Opera GX scheduled Autoupdate 1618421482 => C:\Users\Lem0th\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-04-19] (Opera Software AS -> Opera Software)
Task: {301f8965-e4ae-4744-8a4b-33192acbb51d} - no filepath
Task: {33A0FADD-BB17-49D4-99B4-5229E3A0A4F7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {354E9E3B-C861-4333-BB1A-900FC253EEF3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {363e780d-5be2-4194-875f-76ee4e5a6c79} - no filepath
Task: {370059CC-13B8-4D86-8335-B97F10C8F389} - System32\Tasks\NahimicSvc32Run => C:\WINDOWS\SysWOW64\NahimicSvc32.exe [822704 2020-11-04] (A-Volute -> Nahimic)
Task: {38232CC6-BFE4-4886-9306-E71244898D51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-27] (Google Inc -> Google LLC)
Task: {3bb71775-0cb4-4539-b605-135d5ee03325} - no filepath
Task: {470D0E37-5950-432B-B344-3DDEF0D9D0FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-27] (Google Inc -> Google LLC)
Task: {5730c70a-6ec2-44c0-b62c-ff188d990c6d} - no filepath
Task: {58B9B65A-A251-4F0F-AF8E-F1D34202B4D0} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2331486850-4249055999-2076793073-1004 => C:\Users\Lem0th\AppData\Local\MEGAsync\MEGAupdater.exe [1818360 2021-01-28] (Mega Limited -> Mega Limited)
Task: {5ce387bf-dc0a-4cbb-b7f4-4dd795458def} - no filepath
Task: {5F162B60-2A00-4BC5-BABD-783F7FD10A95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6b898014-fd4a-4d4c-a5a3-b29773767e03} - no filepath
Task: {6ff8856b-af2c-4c24-9d7d-3031a3348ede} - no filepath
Task: {738695d2-4931-470f-b610-182cb72dd1c3} - no filepath
Task: {75902e42-c239-4c44-9134-8ae45933e238} - no filepath
Task: {8148F4B7-8A9C-4740-BA58-88B58F16C86B} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {841CF937-49BF-4544-A9B0-303A62294BEF} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {84298132-B677-46E7-873D-5ADD2F5691F6} - System32\Tasks\Alle Fenster minmieren => C:\Users\Lem0th\Documents\screensaver.vbs
Task: {85271E1F-AA3B-4934-9EBD-01D8C3F8C37E} - System32\Tasks\NahimicSvc64Run => C:\WINDOWS\System32\NahimicSvc64.exe [1066416 2020-11-04] (A-Volute -> Nahimic)
Task: {87C720E0-4209-48A2-8DF5-E4583F80EC39} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {88359139-948E-4E05-84E7-58BB653B8387} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Lem0th\Downloads\ESETOnlineScanner_DEU.exe
Task: {89767704-CF05-4A08-8CA2-B12F58431BCF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B088F00-A852-4172-8D88-A2804C0F64E1} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8d4de376-48e2-4c9e-8fe3-14a0550de8c7} - no filepath
Task: {8fad8e1e-46b0-4443-8930-e631802435b8} - no filepath
Task: {981ECBB1-5536-4B5E-804A-EF6102A5823A} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [756224 2021-02-18] (TODO: <Company name>) [File not signed]
Task: {9E7637BD-4851-4DA7-B656-D8C079B9B728} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [113376 2021-03-08] (ASUSTeK Computer Inc. -> ASUS)
Task: {A3FF3403-693A-41BD-AD0E-63707DA9C713} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {aaaa1e8c-715b-4fcc-9159-e4608715675f} - no filepath
Task: {AFB46D49-C509-4C89-8BC6-991FDFE449B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B11E4CF9-199C-47CE-AE3A-616371D739F8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {b3928b7b-3bb2-4fec-a52f-260c733e17b0} - no filepath
Task: {b3cec726-1abf-4308-b869-1d0a1e523858} - no filepath
Task: {B59B6357-7C8E-4B0B-8994-0CD46FF3EE46} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [45557560 2021-02-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {C5460D46-B1A2-4718-A2C4-D7C661262264} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {C960D680-97CC-4C39-B61A-BA08A0491EA3} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1618579602 => C:\Users\Lem0th\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-04-19] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Lem0th\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {C9E56682-6E62-4FBC-A59A-8489CC3AAEF5} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [2120032 2021-03-08] (ASUSTeK Computer Inc. -> ASUS)
Task: {CF513470-94D9-4003-9843-893AF510E726} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1652536 2018-11-05] (Intel(R) Software -> Intel Corporation)
Task: {D4EC6155-3012-46D7-9586-1B8B760AB69C} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {d978b4b9-45d7-4183-9f25-00e0d2630123} - no filepath
Task: {E9196031-4932-415A-BE51-067CA6CD6F7D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {e9c83afe-6b4d-4919-8a2a-cf14ee9e693c} - no filepath
Task: {ecac6b6e-a228-4f90-a467-260e334dc475} - no filepath
Task: {EE033EC3-45C4-4227-AA6D-5E7D46DE6273} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
Task: {f0c223f9-6302-4d9f-a79a-4ed32ab5e219} - no filepath
Task: {fc7448f3-8afa-4b55-ba65-02e8cc565765} - no filepath

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{035a39fa-271c-433c-b0d1-1424d18b82c7}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{035a39fa-271c-433c-b0d1-1424d18b82c7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{127dd634-8b90-4b9b-b0c4-7183103b83dc}: [NameServer] 192.168.178.34,1.0.0.1
Tcpip\..\Interfaces\{127dd634-8b90-4b9b-b0c4-7183103b83dc}: [DhcpNameServer] 192.168.178.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lem0th\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-22]
Edge Notifications: Default -> hxxps://192.168.178.34
Edge Extension: (uBlock Origin) - C:\Users\Lem0th\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-03-24]
StartMenuInternet: Microsoft Edge Beta - C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe

FireFox:
========
FF DefaultProfile: urpz1bnq.default
FF ProfilePath: C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\urpz1bnq.default [2020-05-09]
FF ProfilePath: C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release [2021-04-25]
FF NewTab: Mozilla\Firefox\Profiles\40a0sgm9.default-release -> hxxps://defaultsearch.co/homepage?hp=1&pId=AC191101&iDate=2020-05-09 10:03:19&bName=&bitmask=0600
FF Notifications: Mozilla\Firefox\Profiles\40a0sgm9.default-release -> hxxps://www2a.rudyvalencia.pro; hxxps://www2a.delmarmora.pro; hxxps://192.168.178.34
FF Extension: (English United States Dictionary) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\@unitedstatesenglishdictionary.xpi [2020-10-12]
FF Extension: (Tampermonkey) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\firefox@tampermonkey.net.xpi [2021-03-18]
FF Extension: (Honey) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2020-10-28]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\langpack-de@firefox.mozilla.org.xpi [2021-04-20]
FF Extension: (English (US) Language Pack) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2021-04-20]
FF Extension: (uBlock Origin) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-04-23]
FF Extension: (Picture-In-Picture) - C:\Program Files\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi [2021-04-19] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default [2021-04-22]
CHR Extension: (Präsentationen) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-27]
CHR Extension: (Docs) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-27]
CHR Extension: (Google Drive) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-07]
CHR Extension: (YouTube) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-27]
CHR Extension: (Tabellen) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-18]
CHR Extension: (Google Mail) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-22]

Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004) Opera GXStable - "C:\Users\Lem0th\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [348280 2021-03-22] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe [442416 2021-03-12] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [313008 2020-11-19] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [590360 2021-04-05] (ASUSTeK Computer Inc. -> )
R2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [1097976 2021-04-25] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2021-03-11] (BattlEye Innovations e.K. -> )
R2 CdRomAccessAgentService; C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe [90112 2021-04-22] (Leawo Software) [File not signed]
R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2021-04-21] (GuinpinSoft inc) [File not signed]
R2 CorsairGamingAudioConfig; C:\WINDOWS\system32\CorsairGamingAudioCfgService64.exe [616344 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421536 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [80544 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2021-01-18] (FUTUREMARK INC -> Futuremark)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1874272 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6840672 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3210232 2021-03-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-07] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\90.0.818.46\elevation_service.exe [1567648 2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [2719664 2020-11-04] (A-Volute -> Nahimic)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2535000 2021-03-30] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479640 2021-03-30] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2020-08-29] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1676696 2021-03-27] (Rockstar Games, Inc. -> Rockstar Games)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [5557848 2021-03-24] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13103632 2020-09-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746944 2021-01-07] (Oracle Corporation -> Oracle Corporation)
R2 Wallpaper Engine Service; E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [520296 2021-02-21] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-04-14] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\WINDOWS\system32\drivers\AsIO3.sys [43920 2020-12-16] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 cbfsconnect2017; C:\WINDOWS\system32\drivers\cbfsconnect2017.sys [481296 2020-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudio64.sys [60312 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2021-04-24] (CPUID S.A.R.L.U. -> CPUID)
R3 cpuz150; C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [44832 2021-04-25] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [35344 2021-03-24] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-16] (Malwarebytes Inc -> Malwarebytes)
R3 MpKslbef5e5f1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDDC34A1-254C-4241-B110-F7C7F9421AC9}\MpKslDrv.sys [47336 2021-04-25] (Microsoft Windows -> Microsoft Corporation)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239872 2021-01-07] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249776 2021-01-07] (Oracle Corporation -> Oracle Corporation)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20496 2020-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
U5 vsock; C:\Windows\System32\Drivers\vsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Lem0th\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 SaferVPNNetfilter2; system32\drivers\SaferVPNNetfilter2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-25 12:14 - 2021-04-25 12:16 - 000037370 _____ C:\Users\Lem0th\Desktop\FRST.txt
2021-04-25 11:48 - 2021-04-25 12:15 - 000000000 ____D C:\FRST
2021-04-25 11:48 - 2021-04-25 11:48 - 002298368 _____ (Farbar) C:\Users\Lem0th\Desktop\FRST64.exe
2021-04-25 11:43 - 2021-04-25 12:01 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\IGDump
2021-04-25 09:32 - 2021-04-25 09:32 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-24 22:59 - 2021-04-24 22:59 - 000001258 _____ C:\Users\Public\Desktop\Leawo Prof. Media.lnk
2021-04-24 22:59 - 2021-04-24 22:59 - 000001258 _____ C:\ProgramData\Desktop\Leawo Prof. Media.lnk
2021-04-24 22:59 - 2020-08-12 09:43 - 000606208 _____ (hxxp://www.xvid.org) C:\WINDOWS\SysWOW64\xvidcore.dll
2021-04-24 22:59 - 2020-08-12 09:43 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2021-04-24 22:59 - 2020-08-12 09:43 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2021-04-24 22:59 - 2020-08-12 09:43 - 000139264 _____ (hxxp://www.xvid.org) C:\WINDOWS\SysWOW64\xvid.ax
2021-04-24 21:57 - 2021-04-24 21:57 - 000278775 _____ C:\Users\Lem0th\Downloads\OldNewExplorer.rar
2021-04-24 21:57 - 2021-04-24 21:57 - 000000000 ____D C:\Users\Lem0th\Downloads\OldNewExplorer
2021-04-24 21:40 - 2021-04-24 21:40 - 004105063 _____ C:\Users\Lem0th\Downloads\nemo_by_kdr3w_dc8k7b7.zip
2021-04-24 21:17 - 2021-04-24 21:17 - 000162448 _____ (Manuel Hoefs (Zottel)) C:\Users\Lem0th\Downloads\UltraUXThemePatcher_4.1.2.exe
2021-04-24 15:25 - 2021-04-24 15:25 - 000000000 ____D C:\Users\Lem0th\AppData\Local\SmartTechnology
2021-04-24 15:23 - 2021-04-24 15:25 - 000000000 ____D C:\Users\Public\Documents\Mad Catz
2021-04-24 15:23 - 2021-04-24 15:23 - 000003065 _____ C:\Users\Lem0th\Desktop\MADCATZ R.A.T. 6+.lnk
2021-04-24 15:23 - 2021-04-24 15:23 - 000000000 ____D C:\Program Files\Mad Catz
2021-04-24 15:20 - 2021-04-24 15:22 - 015992319 _____ (Igor Pavlov) C:\Users\Lem0th\Downloads\RAT_6+_x64.exe
2021-04-23 18:07 - 2021-04-23 18:07 - 000000000 ____D C:\ProgramData\aacs
2021-04-23 18:01 - 2021-04-23 18:01 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\dvdcss
2021-04-23 17:45 - 2021-04-23 17:45 - 000046592 _____ C:\Users\Lem0th\Downloads\libdvdcss-2.dll
2021-04-23 17:45 - 2021-04-23 17:45 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\HandBrake
2021-04-23 17:41 - 2021-04-23 17:41 - 013534240 _____ C:\Users\Lem0th\Downloads\HandBrake-1.3.3-x86_64-Win_GUI.exe
2021-04-23 16:04 - 2021-04-23 16:04 - 001421296 _____ C:\Users\Lem0th\Downloads\drive-download-20210423T140444Z-001.zip
2021-04-22 16:56 - 2021-04-22 16:56 - 000050997 _____ C:\Users\Lem0th\Downloads\Unbenanntes Dokument.pdf
2021-04-22 16:45 - 2021-04-22 16:45 - 000088171 _____ C:\Users\Lem0th\Downloads\Aufgaben_Das Arbeitslosengeld_ea8def65b062ba3a4080908b29bb024c.pdf
2021-04-22 14:09 - 2021-04-22 14:10 - 000000000 ____D C:\Users\Lem0th\.dvdcss
2021-04-22 14:07 - 2021-04-22 14:07 - 000000000 ____D C:\Users\Lem0th\Downloads\Leawo Prof. Media 8.3.0.3
2021-04-22 13:53 - 2021-04-22 13:53 - 000094720 _____ C:\Users\Lem0th\Downloads\M65Elite_ISPv3.37.5.bin
2021-04-22 13:42 - 2021-04-22 13:42 - 000000000 ____D C:\Users\Lem0th\vm
2021-04-22 13:19 - 2021-04-22 13:28 - 140258448 _____ C:\Users\Lem0th\Downloads\Leawo Prof. Media 8.3.0.3.rar
2021-04-22 12:57 - 2021-04-22 13:03 - 132984680 _____ (Leawo Software Co., Ltd. ) C:\Users\Lem0th\Downloads\ltmcp_setup.exe
2021-04-22 12:42 - 2021-04-22 12:42 - 003374756 _____ C:\Users\Lem0th\Downloads\9 alte Prüfungsaufgaben allg(1).pdf
2021-04-22 12:28 - 2021-04-22 12:28 - 001614874 _____ C:\Users\Lem0th\Downloads\8 alte Prüfungsaufgabe(1).pdf
2021-04-22 12:14 - 2021-04-22 12:14 - 003335780 _____ C:\Users\Lem0th\Downloads\9 alte Prüfungsaufgaben allg.pdf
2021-04-22 12:10 - 2021-04-22 12:10 - 001591280 _____ C:\Users\Lem0th\Downloads\8 alte Prüfungsaufgabe.pdf
2021-04-22 09:05 - 2021-04-22 09:05 - 000001292 _____ C:\Users\Public\Desktop\Leawo Blu-ray Player.lnk
2021-04-22 09:05 - 2021-04-22 09:05 - 000001292 _____ C:\ProgramData\Desktop\Leawo Blu-ray Player.lnk
2021-04-22 09:05 - 2021-04-22 09:05 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Leawo
2021-04-22 09:04 - 2021-04-22 09:05 - 107116800 _____ (Leawo Software Co., Ltd. ) C:\Users\Lem0th\Downloads\blurayplayer2201_setup.exe
2021-04-22 08:56 - 2021-04-22 08:56 - 000000000 ___HD C:\$Windows.~WS
2021-04-22 08:56 - 2021-04-22 08:56 - 000000000 ____D C:\$WINDOWS.~BT
2021-04-22 08:52 - 2021-04-24 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
2021-04-22 08:52 - 2021-04-22 09:05 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Leawo
2021-04-22 08:52 - 2021-04-22 09:05 - 000000000 ____D C:\ProgramData\Leawo
2021-04-22 08:52 - 2021-04-22 09:05 - 000000000 ____D C:\Program Files (x86)\Leawo
2021-04-22 08:52 - 2021-04-22 08:52 - 000000000 ____D C:\Users\Lem0th\Documents\Leawo
2021-04-22 08:52 - 2021-04-22 08:52 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\tiger-k
2021-04-22 08:52 - 2021-04-22 08:52 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Leawo Prof
2021-04-22 08:52 - 2020-08-12 09:43 - 000066944 _____ (TOSHIBA Corporation) C:\WINDOWS\SysWOW64\thdudf.sys
2021-04-22 08:52 - 2020-08-12 09:43 - 000066944 _____ (TOSHIBA Corporation) C:\WINDOWS\SysWOW64\Drivers\thdudf.sys
2021-04-22 08:47 - 2021-04-22 08:51 - 132984680 _____ (Leawo Software Co., Ltd. ) C:\Users\Lem0th\Downloads\ltmcp_setup_g108568.exe
2021-04-22 08:33 - 2021-04-22 08:33 - 007783723 _____ C:\Users\Lem0th\Downloads\twindexx_rrx_repaint_1.1.zip
2021-04-21 23:05 - 2021-04-22 08:45 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\aacs
2021-04-21 23:05 - 2021-04-21 23:05 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\bluray
2021-04-21 23:04 - 2021-04-21 23:05 - 001235968 _____ C:\Users\Lem0th\Downloads\libaacs.dll
2021-04-21 23:02 - 2021-04-25 11:56 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\vlc
2021-04-21 22:59 - 2021-04-21 22:59 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-04-21 22:59 - 2021-04-21 22:59 - 000000916 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-04-21 22:59 - 2021-04-21 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-21 22:56 - 2021-04-21 22:56 - 042585440 _____ C:\Users\Lem0th\Downloads\vlc-3.0.12-win64.exe
2021-04-21 22:55 - 2021-04-21 22:55 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Macromedia
2021-04-21 19:15 - 2021-04-21 19:15 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\4316
2021-04-21 19:07 - 2021-04-22 16:28 - 000000000 ____D C:\Users\Lem0th\.MakeMKV
2021-04-21 19:07 - 2021-04-21 19:07 - 000001064 _____ C:\Users\Lem0th\Desktop\MakeMKV.lnk
2021-04-21 19:07 - 2021-04-21 19:07 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2021-04-21 19:07 - 2021-04-21 19:07 - 000000000 ____D C:\Program Files\Common Files\cdarbsvc
2021-04-21 19:07 - 2021-04-21 19:07 - 000000000 ____D C:\Program Files (x86)\MakeMKV
2021-04-21 19:06 - 2021-04-21 19:06 - 014233787 _____ (GuinpinSoft inc) C:\Users\Lem0th\Downloads\Setup_MakeMKV_v1.16.3.exe
2021-04-21 19:00 - 2021-04-21 19:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\AnyMP4 Studio
2021-04-21 19:00 - 2021-04-21 19:00 - 000000000 ____D C:\Users\Lem0th\AppData\Local\AnyMP4 Studio
2021-04-21 18:59 - 2021-04-21 18:59 - 001933496 _____ ( ) C:\Users\Lem0th\Downloads\screen-recorder.exe
2021-04-21 18:58 - 2021-04-22 11:28 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\DVDFab
2021-04-21 18:58 - 2021-04-21 18:58 - 000000171 _____ C:\Users\Lem0th\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2021-04-21 18:58 - 2021-04-21 18:58 - 000000000 ____D C:\Users\Lem0th\Downloads\DVDFab
2021-04-21 18:58 - 2021-04-21 18:58 - 000000000 ____D C:\Program Files\DVDFab
2021-04-21 18:57 - 2021-04-21 18:57 - 006131784 _____ (DVDFab 12) C:\Users\Lem0th\Downloads\dvdfab12_online_12026_64021c03.exe
2021-04-21 18:57 - 2021-04-21 18:57 - 000000000 ____D C:\Users\Lem0th\Documents\DVDFab
2021-04-20 16:00 - 2021-04-20 16:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-19 17:04 - 2021-04-21 16:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-18 21:09 - 2021-04-18 21:09 - 003038248 _____ (crosire) C:\Users\Lem0th\Downloads\ReShade_Setup_4.9.1.exe
2021-04-18 12:34 - 2021-04-18 19:36 - 000000000 ____D C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-001
2021-04-18 12:08 - 2021-04-18 12:34 - 001520203 _____ C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-002.zip
2021-04-18 12:08 - 2021-04-18 12:17 - 1132857394 _____ C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-003.zip
2021-04-18 12:07 - 2021-04-18 12:33 - 4282062453 _____ C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-001.zip
2021-04-17 23:17 - 2021-04-17 23:17 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\SKS
2021-04-17 21:09 - 2021-04-18 18:53 - 000693180 _____ C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithoutExif.txt
2021-04-17 20:39 - 2021-04-17 20:39 - 000000113 _____ C:\Users\Lem0th\Desktop\remove files with 120x120 pixels.txt
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithExif.txt
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ C:\Users\Lem0th\AppData\Roaming\GlobalStrData.txt
2021-04-17 16:47 - 2021-04-17 16:47 - 000000733 _____ C:\Users\Lem0th\Downloads\Downloads - Shortcut.lnk
2021-04-17 15:06 - 2021-04-17 15:06 - 000231542 _____ C:\Users\Lem0th\Downloads\überweisung.pdf
2021-04-17 10:01 - 2021-04-17 10:12 - 000000000 ____D C:\nextcloudnew
2021-04-16 19:35 - 2021-04-16 19:35 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-16 17:37 - 2021-04-16 17:37 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\by Mike Baker at Rediscovering Photography
2021-04-16 17:36 - 2021-04-18 18:53 - 000000574 _____ C:\Users\Lem0th\AppData\Roaming\ExtensionCount.csv
2021-04-16 17:34 - 2021-04-18 18:53 - 000000147 _____ C:\Users\Lem0th\AppData\Roaming\PhotoMoveOutput.txt
2021-04-16 17:32 - 2021-04-16 17:42 - 000000000 ____D C:\sort
2021-04-16 17:31 - 2021-04-16 17:31 - 000000000 ____D C:\Users\Lem0th\AppData\Local\by_Mike_Baker_at_Rediscov
2021-04-16 17:31 - 2021-04-16 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoMove 2
2021-04-16 17:31 - 2021-04-16 17:31 - 000000000 ____D C:\Program Files (x86)\PhotoMove 2
2021-04-16 17:29 - 2021-04-25 09:32 - 000000000 ___SD C:\Users\Lem0th\Nextcloud
2021-04-16 17:28 - 2021-04-25 02:44 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Nextcloud
2021-04-16 17:28 - 2021-04-16 17:29 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Nextcloud
2021-04-16 17:28 - 2021-04-16 17:28 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nextcloud.lnk
2021-04-16 17:28 - 2021-04-16 17:28 - 000001912 _____ C:\Users\Public\Desktop\Nextcloud.lnk
2021-04-16 17:28 - 2021-04-16 17:28 - 000001912 _____ C:\ProgramData\Desktop\Nextcloud.lnk
2021-04-16 17:28 - 2021-04-16 17:28 - 000000000 ____D C:\Program Files\Nextcloud
2021-04-16 17:26 - 2021-04-16 17:26 - 007492830 _____ (Mike Baker @ Rediscovering Photography ) C:\Users\Lem0th\Downloads\PhotoMoveSetup.exe
2021-04-16 17:16 - 2021-04-16 17:16 - 088702976 _____ C:\Users\Lem0th\Downloads\Nextcloud-3.2.0-x64.msi
2021-04-16 17:00 - 2021-04-16 17:00 - 000000000 ____D C:\Users\Lem0th\Documents\mk_twindexx_445_1_04_09
2021-04-16 16:44 - 2021-04-16 16:44 - 000000000 ____D C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Triebwagen_dabpbzfa+dabpzfa_21_04_03
2021-04-16 16:42 - 2021-04-16 16:42 - 000000000 ____D C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03(1)
2021-04-16 16:41 - 2021-04-16 16:41 - 081812262 _____ C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Triebwagen_dabpbzfa+dabpzfa_21_04_03.zip
2021-04-16 16:41 - 2021-04-16 16:41 - 037942846 _____ C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03(1).zip
2021-04-16 16:39 - 2021-04-16 16:39 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-16 16:38 - 2021-04-16 16:38 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-16 16:38 - 2021-04-16 16:38 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-16 15:26 - 2021-04-16 15:26 - 000004488 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled assistant Autoupdate 1618579602
2021-04-15 20:56 - 2021-04-15 20:56 - 000162336 _____ C:\Users\Lem0th\Downloads\EPSON002.pdf
2021-04-15 20:29 - 2021-04-15 20:30 - 185762015 _____ C:\Users\Lem0th\Downloads\modwerkstatt_mwagen_1.zip
2021-04-15 15:59 - 2021-04-15 15:59 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\DefaultCompany
2021-04-14 19:31 - 2021-04-20 16:04 - 000004226 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1618421482
2021-04-14 19:31 - 2021-04-20 16:04 - 000001441 _____ C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser .lnk
2021-04-14 19:31 - 2021-04-14 19:31 - 000001445 _____ C:\Users\Lem0th\Desktop\Opera GX Browser .lnk
2021-04-14 19:30 - 2021-04-14 19:30 - 003749584 _____ (Opera Software) C:\Users\Lem0th\Downloads\OperaGXSetup.exe
2021-04-11 21:41 - 2021-04-11 21:41 - 000000000 ____D C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03
2021-04-11 02:31 - 2021-04-11 02:31 - 037942846 _____ C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03.zip
2021-04-11 02:24 - 2021-04-11 02:24 - 000947379 _____ C:\Users\Lem0th\Downloads\compressjpeg(1).zip
2021-04-11 02:22 - 2021-04-11 02:22 - 001054111 _____ C:\Users\Lem0th\Downloads\compressjpeg.zip
2021-04-10 20:31 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2021-04-10 20:30 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-04-10 20:26 - 2021-04-10 20:26 - 000000000 ____D C:\Users\Lem0th\.cache
2021-04-10 20:26 - 2021-04-10 15:24 - 268842274 _____ C:\Users\Lem0th\Downloads\DAS DEUTSCHE SCHLAGER HIT ALBUM 2021..DJ.R.R.S.mp4
2021-04-10 20:22 - 2021-04-10 20:22 - 008166801 _____ C:\Users\Lem0th\Downloads\youtube-dl.exe
2021-04-10 02:12 - 2021-04-10 02:12 - 000011168 _____ C:\Users\Lem0th\Documents\stdout.txt
2021-04-09 20:32 - 2021-04-09 20:32 - 000000000 ____D C:\Users\Lem0th\Downloads\Aloy Explicit Outfits-53-1-6-1615533351
2021-04-09 14:09 - 2021-04-09 14:09 - 000457185 _____ C:\Users\Lem0th\Downloads\FLT_2_KGL3ES16128_0.pdf
2021-04-09 03:18 - 2021-04-09 20:48 - 000000000 ____D C:\Users\Lem0th\Documents\Horizon Zero Dawn
2021-04-09 03:18 - 2021-04-09 03:20 - 149226206 _____ C:\Users\Lem0th\Downloads\Aloy Explicit Outfits-53-1-6-1615533351.7z
2021-04-09 00:02 - 2021-04-09 00:02 - 000457287 _____ C:\Users\Lem0th\Downloads\FLT_4_M4Z81D5246_0.pdf
2021-04-08 00:15 - 2021-04-08 00:23 - 1350631094 _____ C:\Users\Lem0th\Downloads\sc3015-NFSU2M13ELA.rar
2021-04-07 22:04 - 2021-04-07 22:05 - 026724770 _____ (The qBittorrent project) C:\Users\Lem0th\Downloads\qbittorrent_4.3.4.1_x64_setup.exe
2021-04-07 21:45 - 2021-04-07 21:55 - 1595082050 _____ C:\Users\Lem0th\Downloads\ISO.zip
2021-04-05 18:45 - 2021-04-05 18:45 - 006118306 _____ C:\Users\Lem0th\Downloads\CryENB V3.7z
2021-04-05 18:45 - 2021-04-05 18:45 - 000000000 ____D C:\Users\Lem0th\Documents\MEGAsync Downloads
2021-04-05 14:41 - 2021-04-05 14:41 - 000000000 ____D C:\Users\Lem0th\AppData\Local\ASUS
2021-04-05 14:39 - 2021-04-05 14:41 - 000000000 ____D C:\Users\Lem0th\AppData\Local\AcSdkInsLog
2021-04-05 14:39 - 2021-04-05 14:39 - 000000000 ____D C:\Program Files\PHISON
2021-04-05 14:39 - 2021-04-05 14:39 - 000000000 ____D C:\Program Files\PD
2021-04-05 14:39 - 2021-04-05 14:39 - 000000000 ____D C:\Program Files\Patriot
2021-04-05 14:39 - 2021-02-02 15:56 - 000151608 _____ (©ASUSTeK Computer Inc.) C:\WINDOWS\system32\AsIO3.dll
2021-04-05 14:39 - 2021-02-02 15:56 - 000123744 _____ (©ASUSTeK Computer Inc.) C:\WINDOWS\SysWOW64\AsIO3.dll
2021-04-05 14:39 - 2020-12-16 14:46 - 000043920 _____ C:\WINDOWS\system32\Drivers\AsIO3.sys
2021-04-05 14:39 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\WINDOWS\system32\Drivers\MsIo64.sys
2021-04-05 14:39 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\WINDOWS\system32\Drivers\MsIo64.old
2021-04-05 00:20 - 2021-04-23 16:25 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk
2021-04-05 00:17 - 2021-04-05 14:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2021-04-05 00:13 - 2021-04-05 00:13 - 001348212 _____ C:\Users\Lem0th\Downloads\SetupROGLSLService.zip
2021-04-04 18:03 - 2021-04-04 18:03 - 081056014 _____ C:\Users\Lem0th\Downloads\volvofhcmi_20.12.20_Ty.zip
2021-04-04 17:00 - 2021-04-04 17:00 - 000000000 ____D C:\ProgramData\UNITE Team
2021-04-04 14:42 - 2021-04-04 14:43 - 064221968 _____ (Steganos Software GmbH) C:\Users\Lem0th\Downloads\sss21lmv2.exe
2021-04-03 13:59 - 2021-04-03 13:59 - 006891571 _____ C:\Users\Lem0th\Downloads\eis_os_commonapi2_1_20210310-dev(1).zip
2021-04-03 00:02 - 2021-04-03 18:13 - 000000000 ____D C:\Users\Lem0th\Documents\Need For Speed
2021-04-03 00:01 - 2021-04-03 00:01 - 000667460 _____ C:\Users\Lem0th\Downloads\R34 LED v2-16-1-0-1549247967.rar
2021-04-02 23:47 - 2021-04-02 23:51 - 1617651254 _____ (UNITE Team) C:\Users\Lem0th\Downloads\PROJECT UNITE 2015 Installer (1.2.3).exe
2021-04-02 23:43 - 2021-04-03 17:43 - 000000000 ____D C:\Users\Lem0th\Downloads\FrostyModManager_v1.0.5.9
2021-04-02 23:42 - 2021-04-02 23:42 - 032196225 _____ C:\Users\Lem0th\Downloads\FrostyModManager_v1.0.5.9.rar
2021-04-02 23:38 - 2021-04-02 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™
2021-04-02 22:15 - 2021-04-02 22:16 - 000000000 ____D C:\Users\Lem0th\Downloads\promods-v252
2021-04-02 19:44 - 2021-03-26 11:17 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-02 19:44 - 2021-03-26 11:17 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-02 19:44 - 2021-03-26 11:17 - 001452312 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-02 19:44 - 2021-03-26 11:17 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-02 19:44 - 2021-03-26 11:17 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-02 19:44 - 2021-03-26 11:17 - 001191696 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-02 19:44 - 2021-03-26 11:17 - 001094864 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-02 19:44 - 2021-03-26 11:17 - 001094864 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-02 19:44 - 2021-03-26 11:17 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-02 19:44 - 2021-03-26 11:17 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-02 19:44 - 2021-03-26 11:15 - 000715568 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-04-02 19:44 - 2021-03-26 11:15 - 000575760 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001730864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6446589.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001590064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001514288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001490224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6446589.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001166128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 000675120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 000563992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-04-02 19:44 - 2021-03-26 11:13 - 008316192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-04-02 19:44 - 2021-03-26 11:13 - 007433496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-04-02 19:44 - 2021-03-26 11:13 - 004795160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-04-02 19:44 - 2021-03-26 11:13 - 002823440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-04-02 17:44 - 2021-04-02 18:01 - 520031423 _____ C:\Users\Lem0th\Downloads\Microsoft Windows 98 First Edition.7z
2021-04-02 17:18 - 2021-04-02 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2021-04-02 17:15 - 2021-04-02 17:16 - 128980992 _____ C:\Users\Lem0th\Downloads\archiveteam-warrior-v3.2-20210306.ova
2021-04-02 17:15 - 2021-04-02 17:16 - 108257728 _____ (Oracle Corporation) C:\Users\Lem0th\Downloads\VirtualBox-6.1.18-142142-Win.exe
2021-03-28 15:58 - 2021-03-28 15:58 - 000000000 ____D C:\Program Files (x86)\ENE
2021-03-28 15:57 - 2021-03-28 15:57 - 003657432 _____ C:\Users\Lem0th\Downloads\G.SKILL-Trident-Z-Lighting-Control-v1.00.22.zip
2021-03-28 15:51 - 2021-03-28 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2021-03-27 10:34 - 2021-04-16 17:58 - 000000000 ___RD C:\Users\Lem0th\Documents\MEGAsync
2021-03-27 10:33 - 2021-03-27 10:34 - 000000022 _____ C:\Users\Lem0th\Downloads\MEGA-RECOVERYKEY.txt
2021-03-27 10:31 - 2021-03-27 10:31 - 034856824 _____ (MEGA Limited) C:\Users\Lem0th\Downloads\MEGAsyncSetup64.exe
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\MEGA
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\Users\Lem0th\AppData\Local\MEGAsync
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Mega Limited
2021-03-26 20:26 - 2021-03-26 20:27 - 015616404 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.008
2021-03-26 20:11 - 2021-03-26 20:25 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.006
2021-03-26 20:10 - 2021-03-26 20:24 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.007
2021-03-26 19:48 - 2021-03-26 20:03 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.005
2021-03-26 19:48 - 2021-03-26 20:03 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.004
2021-03-26 19:11 - 2021-03-26 19:27 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.003
2021-03-26 18:56 - 2021-03-26 19:12 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.002
2021-03-26 18:56 - 2021-03-26 19:11 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.001
2021-03-26 18:55 - 2021-03-26 18:55 - 003419427 _____ C:\Users\Lem0th\Downloads\promods-def-st-v252.scs

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-25 11:38 - 2019-08-03 12:37 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Discord
2021-04-25 11:37 - 2019-08-03 12:37 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Discord
2021-04-25 10:19 - 2019-08-03 13:37 - 000000000 ____D C:\Users\Lem0th\AppData\Local\CrashDumps
2021-04-25 09:39 - 2020-06-02 16:06 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-25 09:39 - 2019-12-07 16:51 - 000743714 _____ C:\WINDOWS\system32\perfh007.dat
2021-04-25 09:39 - 2019-12-07 16:51 - 000150136 _____ C:\WINDOWS\system32\perfc007.dat
2021-04-25 09:39 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-25 09:36 - 2019-08-03 12:35 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\Mozilla
2021-04-25 09:36 - 2019-04-11 22:29 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-25 09:32 - 2020-08-05 20:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-25 09:32 - 2020-06-02 16:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-25 09:32 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-25 09:32 - 2019-05-04 15:34 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-25 09:32 - 2019-04-12 04:10 - 001136008 _____ C:\WINDOWS\system32\wpbbin.exe
2021-04-25 09:32 - 2019-04-12 04:10 - 001097976 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2021-04-25 02:45 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-25 01:22 - 2020-06-02 15:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-24 21:25 - 2020-06-02 17:04 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-04-24 21:25 - 2019-12-12 18:02 - 000236472 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-04-24 21:25 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-24 21:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-24 21:25 - 2019-11-13 20:51 - 000038328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-04-24 21:25 - 2019-08-08 18:05 - 001695184 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-04-24 21:25 - 2019-08-08 18:05 - 000176592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-04-24 21:25 - 2019-08-08 18:05 - 000159672 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-04-24 21:18 - 2021-01-16 12:27 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2021-04-24 21:18 - 2019-12-07 11:09 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll
2021-04-24 20:51 - 2019-04-11 22:33 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-24 11:38 - 2019-04-15 19:10 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2021-04-24 11:37 - 2019-04-15 19:09 - 000000000 ____D C:\Program Files (x86)\Notepad++
2021-04-24 11:14 - 2020-01-29 18:17 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-23 17:13 - 2019-08-03 12:33 - 000000000 ____D C:\Users\Lem0th\Documents\my games
2021-04-23 16:38 - 2019-08-14 22:33 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-04-23 16:27 - 2021-02-22 17:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-22 14:10 - 2019-12-24 01:29 - 000000000 ____D C:\Users\Lem0th\.VirtualBox
2021-04-22 14:09 - 2020-06-02 15:58 - 000000000 ____D C:\Users\Lem0th
2021-04-22 13:26 - 2019-05-11 10:56 - 000000000 ____D C:\ProgramData\VirtualBox
2021-04-22 09:16 - 2021-02-26 16:39 - 000000000 ____D C:\WINDOWS\Panther
2021-04-22 09:16 - 2019-11-17 13:10 - 000000000 ____D C:\ESD
2021-04-21 22:59 - 2019-10-20 14:51 - 000000000 ____D C:\Program Files\VideoLAN
2021-04-21 18:58 - 2019-05-04 14:57 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-04-21 16:01 - 2019-04-11 22:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-20 21:20 - 2019-10-27 11:46 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-20 21:09 - 2020-06-02 16:02 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 21:09 - 2020-06-02 16:02 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 16:00 - 2019-04-11 22:30 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-20 15:59 - 2020-06-08 07:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-19 17:20 - 2019-08-03 12:39 - 000000000 ____D C:\Users\Lem0th\AppData\Local\D3DSCache
2021-04-19 13:26 - 2021-01-23 17:40 - 000000000 ____D C:\Users\Lem0th\Documents\MAXON
2021-04-19 13:02 - 2020-02-16 00:42 - 000000000 ____D C:\Users\Lem0th\Documents\GTA Vice City User Files
2021-04-19 05:02 - 2020-06-02 15:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-04-19 05:02 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-19 05:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-19 05:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-17 23:06 - 2019-08-03 12:35 - 000000000 ____D C:\Users\Lem0th\Documents\Euro Truck Simulator 2
2021-04-17 21:16 - 2019-04-19 03:03 - 000000000 ____D C:\ProgramData\TruckersMP
2021-04-17 16:16 - 2019-08-24 11:55 - 000000000 ____D C:\Users\Lem0th\AppData\Local\ElevatedDiagnostics
2021-04-17 13:17 - 2019-08-03 12:29 - 000000000 ____D C:\Users\Lem0th\AppData\Local\PlaceholderTileLogoFolder
2021-04-17 13:17 - 2019-08-03 12:28 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Packages
2021-04-16 21:17 - 2021-03-01 23:10 - 000000000 ____D C:\Users\Lem0th\AppData\Local\RuneLite
2021-04-16 21:17 - 2019-11-14 18:03 - 000000045 _____ C:\Users\Lem0th\jagex_cl_oldschool_LIVE.dat
2021-04-16 17:28 - 2019-08-03 12:28 - 000000000 ____D C:\Users\Lem0th\AppData\Local\NVIDIA
2021-04-16 16:40 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-16 16:34 - 2019-04-11 22:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-16 16:32 - 2019-04-11 22:31 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-14 19:31 - 2020-04-26 17:27 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Opera Software
2021-04-14 19:30 - 2020-04-26 17:27 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Opera Software
2021-04-13 16:20 - 2020-06-02 16:02 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-13 16:20 - 2020-06-02 16:02 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-12 21:20 - 2019-08-04 18:43 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Ubisoft Game Launcher
2021-04-11 16:50 - 2019-04-18 22:56 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-04-11 16:48 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-11 02:52 - 2019-04-12 04:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-11 00:46 - 2021-02-07 00:52 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-08 20:08 - 2020-03-02 22:17 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Battle.net
2021-04-08 03:54 - 2020-06-02 15:56 - 000640712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-08 03:53 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-07 23:24 - 2021-02-05 17:28 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\qBittorrent
2021-04-07 15:57 - 2020-06-02 15:56 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-07 15:08 - 2019-04-12 02:37 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-07 15:08 - 2019-04-12 02:37 - 000000000 ____D C:\Program Files\ENE
2021-04-05 15:28 - 2019-04-11 22:22 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-04-05 15:27 - 2019-04-12 04:10 - 000000000 ____D C:\ProgramData\ASUS
2021-04-05 15:27 - 2019-04-12 02:37 - 000000000 ____D C:\Program Files\ASUS
2021-04-05 15:27 - 2019-04-12 02:37 - 000000000 ____D C:\Program Files (x86)\LightingService
2021-04-05 15:21 - 2019-04-12 02:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-04-05 15:21 - 2019-04-12 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2021-04-05 14:42 - 2019-04-11 22:33 - 000000000 ____D C:\ProgramData\Packages
2021-04-05 14:41 - 2019-04-12 04:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-05 00:09 - 2019-11-28 17:28 - 000000000 ____D C:\Program Files (x86)\Corsair
2021-04-03 15:55 - 2020-12-06 13:23 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Origin
2021-04-02 23:12 - 2021-01-25 21:03 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-04-02 23:12 - 2020-03-28 17:54 - 000000000 ____D C:\ProgramData\Origin
2021-04-02 23:09 - 2020-12-06 13:24 - 000000000 ____D C:\Program Files (x86)\Origin
2021-04-02 23:09 - 2020-12-06 13:23 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Origin
2021-04-02 19:45 - 2020-06-02 15:36 - 000000000 ___SD C:\WINDOWS\system32\lxss
2021-04-02 19:45 - 2019-04-11 22:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-03-30 15:42 - 2019-05-08 20:00 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2021-03-28 15:58 - 2019-11-05 18:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2021-03-27 19:40 - 2019-04-14 21:58 - 000000000 ____D C:\Program Files\Rockstar Games
2021-03-27 19:40 - 2019-04-14 21:58 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2021-03-26 11:14 - 2020-12-02 18:13 - 002105648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-03-26 11:14 - 2020-12-02 18:13 - 000811792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-03-26 11:14 - 2020-12-02 18:13 - 000656176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-03-26 11:06 - 2020-12-02 18:13 - 007207552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-03-26 11:06 - 2020-12-02 18:13 - 006154480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-03-26 01:35 - 2020-12-02 18:13 - 000063942 _____ C:\WINDOWS\system32\nvinfo.pb

==================== Files in the root of some directories ========

2019-11-20 21:31 - 2021-01-29 23:28 - 645563019 _____ () C:\Users\Lem0th\AppData\Roaming\.minecraft.7z
2021-04-21 18:58 - 2021-04-21 18:58 - 000000171 _____ () C:\Users\Lem0th\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2021-04-16 17:36 - 2021-04-18 18:53 - 000000574 _____ () C:\Users\Lem0th\AppData\Roaming\ExtensionCount.csv
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ () C:\Users\Lem0th\AppData\Roaming\GlobalStrData.txt
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ () C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithExif.txt
2021-04-17 21:09 - 2021-04-18 18:53 - 000693180 _____ () C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithoutExif.txt
2021-04-16 17:34 - 2021-04-18 18:53 - 000000147 _____ () C:\Users\Lem0th\AppData\Roaming\PhotoMoveOutput.txt
2020-01-06 21:56 - 2020-06-19 19:53 - 000000099 _____ () C:\Users\Lem0th\AppData\Roaming\prio.ini
2020-04-04 13:35 - 2020-05-10 15:33 - 000000128 _____ () C:\Users\Lem0th\AppData\Roaming\PUTTY.RND
2020-10-22 17:32 - 2021-01-08 19:37 - 000000128 _____ () C:\Users\Lem0th\AppData\Roaming\winscp.rnd
2020-11-22 14:33 - 2020-11-22 14:50 - 001065984 _____ () C:\Users\Lem0th\AppData\Local\file__0.localstorage
2019-08-20 16:02 - 2021-03-13 18:09 - 000000205 _____ () C:\Users\Lem0th\AppData\Local\oobelibMkey.log
2020-04-16 20:24 - 2020-04-16 20:24 - 000000529 _____ () C:\Users\Lem0th\AppData\Local\Perfmon.PerfmonCfg
2020-02-07 17:40 - 2021-01-16 14:19 - 000000128 _____ () C:\Users\Lem0th\AppData\Local\PUTTY.RND
2021-02-07 15:48 - 2021-02-07 15:48 - 000000867 _____ () C:\Users\Lem0th\AppData\Local\recently-used.xbel
2019-10-12 15:03 - 2019-10-12 15:03 - 000007602 _____ () C:\Users\Lem0th\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---



Code:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/24/21
Scan Time: 10:23 PM
Log File: f725d11c-a53a-11eb-9559-049226d53ae6.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1251
Update Package Version: 1.0.39779
License: Free

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: DESKTOP-J6EBHR7\Lem0th

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 344146
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 1 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
PUP.Optional.DefaultSearch, C:\USERS\LEM0TH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40A0SGM9.DEFAULT-RELEASE\PREFS.JS, Replaced, 330, 932426, 1.0.39779, , ame, , 7D0EE7CD1D989EBF47213FB1AAEEC227, E58D9AF407E15F319072C163262EFE8E8F72549377C9385233E0EF924B08CA35
PUP.Optional.DefaultSearch, C:\USERS\LEM0TH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\40A0SGM9.DEFAULT-RELEASE\PREFS.JS, Replaced, 330, 932427, 1.0.39779, , ame, , 7D0EE7CD1D989EBF47213FB1AAEEC227, E58D9AF407E15F319072C163262EFE8E8F72549377C9385233E0EF924B08CA35
RiskWare.BitCoinMiner, C:\USERS\LEM0TH\DOWNLOADS\NICEHASHQUICKMINERV742.EXE, Quarantined, 909, 919829, 1.0.39779, 2360B3E9816689CFFC54EB61, dds, 01216341, BD8FFE7630E2CA51EA6D49F8650C5B54, 4ED61B590A297A2C971740E5E5E0DD23DD3E2FB0C5D30555BD3392A1A0B4FE46

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Ladekabel612 25.04.2021 11:21
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Lem0th (25-04-2021 12:16:30)
Running from C:\Users\Lem0th\Desktop
Windows 10 Pro Version 20H2 19042.928 (X64) (2020-06-02 14:02:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2331486850-4249055999-2076793073-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2331486850-4249055999-2076793073-503 - Limited - Disabled)
Gast (S-1-5-21-2331486850-4249055999-2076793073-501 - Limited - Disabled)
Lem0th (S-1-5-21-2331486850-4249055999-2076793073-1004 - Administrator - Enabled) => C:\Users\Lem0th
WDAGUtilityAccount (S-1-5-21-2331486850-4249055999-2076793073-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version:  - Ubisoft)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 4.0.12 - ASUS)
Assassin's Creed Valhalla (HKLM-x32\...\Uplay Install 13504) (Version:  - Ubisoft)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.26.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{260b6df0-e5ca-4321-bc8c-02795bc45d56}) (Version: 1.1.26.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{36aa03d4-9606-4f04-bf3e-a70ebe6650f3}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{a75323e1-f1a4-4aff-a7ce-3858cbc1c0d2}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{ac3dc320-7e5e-4f22-9572-4c2119fcdf85}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{33e3ea9c-baed-4e8a-8dbb-4792a27c9066}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM-x32\...\{a29279dc-f417-4442-8225-4db77f7d35b5}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.05 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.7 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{2357cd84-6c2b-4174-87c7-4f9f9db8746b}) (Version: 0.0.3.1 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{94368c41-8d06-4bfe-993a-bfbd5e5226b5}) (Version: 0.0.3.7 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{1f83836b-be39-4903-b63c-fb22a1303597}) (Version: 2.0.2.3 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.0.2.3 - ASUSTek COMPUTER INC.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{210cdd08-c947-43a2-9378-bc288f651e41}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{3e9b91eb-5bb0-4272-8670-f88d353eb68b}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 1.05.18 - ASUSTek Computer Inc.)
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{add3bacc-578f-4bf9-97e3-a0f0c3ae3323}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM-x32\...\{cc37f609-4db9-4ce3-9e37-9cb1b432452e}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.53 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{9AFE5429-866B-457D-A864-80BCF7672EE8}) (Version: 1.1.06 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{684f7887-cc5b-469a-81e9-36d38142cc46}) (Version: 1.1.06 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.15 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.15 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.35 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{35381ead-8a19-4bff-a272-dcdfe38a5867}) (Version: 3.04.35 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
CORSAIR iCUE Software (HKLM-x32\...\{3D350B22-542B-4FB4-B3AC-EA760941C319}) (Version: 3.38.61 - Corsair)
CPUID CPU-Z 1.93 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.93 - CPUID, Inc.)
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
CrystalDiskInfo 8.2.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.2.0 - Crystal Dew World)
Discord (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Discord) (Version: 0.0.309 - Discord Inc.)
Driver - San Francisco (HKLM-x32\...\Driver - San Francisco_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden
Futuremark SystemInfo (HKLM-x32\...\{20CAF520-CA4A-4BB5-85B3-0E94E4434BD0}) (Version: 5.36.886.0 - Futuremark)
Geeks3D FurMark 1.21.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Git version 2.26.1 (HKLM\...\Git_is1) (Version: 2.26.1 - The Git Development Community)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.85 - Google LLC)
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8301}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8302}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8303}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.0.0.22 - Rockstar Games)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Intel(R) Extreme Tuning Utility (HKLM-x32\...\{92b09894-9d66-465d-97a0-5bcabf264301}) (Version: 6.5.1.321 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2009.14.0.1496 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.59.241.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{fd902053-5f6c-43ea-b78a-7b1269134a9a}) (Version: 1.59.241.0 - Intel Corporation) Hidden
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{511a62a9-1ff0-4cc5-adfe-4a5bd044a3c0}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Leawo Blu-ray Player version  2.2.0.1 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 2.2.0.1 - Leawo Software)
Leawo Prof. Media version  8.3.0.3 (HKLM-x32\...\{A5F041A4-812A-47C2-AD53-8893A81019FB}_is1) (Version: 8.3.0.3 - Leawo Software)
MADCATZ R.A.T. 6+ (HKLM\...\{7FAE3AD3-6937-48C3-A86A-A6286BD72053}) (Version: 1.0.31.0 - MAD CATZ)
MakeMKV v1.16.3 (HKLM-x32\...\MakeMKV) (Version: v1.16.3 - GuinpinSoft inc)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.46 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.46 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{4ffaf7b8-a84a-4813-840c-8b1f1343ae54}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{dd1e9bde-2ad6-4e92-8c07-7d4723eab8b8}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.11 (x64) (HKLM-x32\...\{e746e6a9-8254-4477-bbe0-a05900ec44e3}) (Version: 3.1.11.29516 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 88.0 (x64 de) (HKLM\...\Mozilla Firefox 88.0 (x64 de)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
MSI Afterburner 4.6.1 (HKLM-x32\...\Afterburner) (Version: 4.6.1 - MSI Co., LTD)
Need for Speed Most Wanted (black edition) (HKLM-x32\...\Need for Speed Most Wanted (black edition)) (Version: 1.3 - Electronic Arts)
Need for Speed™ (HKLM-x32\...\{F8643E83-A868-4EE8-A0B9-389386830453}) (Version: 1.3.0.0 - Electronic Arts)
Nextcloud (HKLM\...\{0CF81574-B8CB-4809-8498-B3E604EF6E96}) (Version: 3.2.0.20210409 - Nextcloud GmbH)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.5 - Notepad++ Team)
Npcap 0.995 (HKLM-x32\...\NpcapInst) (Version: 0.995 - Nmap Project)
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Graphics Driver 465.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 465.89 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OpenIV (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Opera GX Stable 73.0.3856.438 (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Opera GX 73.0.3856.438) (Version: 73.0.3856.438 - Opera Software)
Oracle VM VirtualBox 6.1.18 (HKLM\...\{A8F42E56-8D1F-4080-BD79-8375D3AD18BE}) (Version: 6.1.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.96.47386 - Electronic Arts, Inc.)
paint.net (HKLM\...\{6FED3D93-C0FA-4BD7-A36F-7FC53698244F}) (Version: 4.2.15 - dotPDN LLC)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.1 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{e38442c0-a433-48c2-84e2-51ac0b30c3ab}) (Version: 1.0.9.1 - Patriot Memory)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.3 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{8839fbd5-69f9-41c5-a1cf-cdfbec966d66}) (Version: 1.0.6.3 - Patriot Memory)
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PhotoMove 2.5 version 2.5.2.2 (HKLM-x32\...\{546443DF-4D82-484A-8E00-2136243B8B9A}}_is1) (Version: 2.5.2.2 - Mike Baker @ Rediscovering Photography)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python Launcher (HKLM-x32\...\{D722DA3A-92F5-454A-BD5D-A48C94D82300}) (Version: 3.7.6762.0 - Python Software Foundation)
qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8557 - Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1355.23 - Rockstar Games)
REDlauncher (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Revo Uninstaller 2.2.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 7.2.2 (HKLM-x32\...\RTSS) (Version: 7.2.2 - Unwinder)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.36.344 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.9 - Rockstar Games)
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.2.5.0 - ASUSTek COMPUTER INC.)
RuneLite (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\RuneLite Launcher_is1) (Version: 2.1.6 - RuneLite)
smartmontools (HKLM-x32\...\smartmontools) (Version: 6.6 2017-11-05 r4594 (sf-6.6-1) - smartmontools.org)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.10.5 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version:  - TechPowerUp)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 93.1 - Ubisoft)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 4.1.2.0 - Manuel Hoefs (Zottel))
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WinSCP 5.17.9 (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\winscp3_is1) (Version: 5.17.9 - Martin Prikryl)
Wireshark 3.0.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare Filmora9(Build 9.1.2) (HKLM\...\Wondershare Filmora9_is1) (Version:  - Wondershare Software)

Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_4.0.8.0_x64__qmba6cd70vzyy [2021-04-05] (ASUSTeK COMPUTER INC.)
Cinebench -> C:\Program Files\WindowsApps\MAXONComputerGmbH.Cinebench_23.2.0.0_x64__rsne5bsk8s7tj [2021-03-13] (MAXON Computer GmbH)
Debian -> C:\Program Files\WindowsApps\TheDebianProject.DebianGNULinux_1.4.0.0_x64__76v4gfsz19hv4 [2021-04-17] (The Debian Project)
Fluent Terminal -> C:\Program Files\WindowsApps\53621FSApps.FluentTerminal_0.7.5.0_x64__87x1pks76srcp [2021-03-31] (FS Apps) [Startup Task]
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.466.460.2_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Studios)
Microsoft Edge Beta -> C:\Program Files (x86)\Microsoft\Edge Beta\Application [2021-04-23] (0)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-14] (Microsoft Corporation)
Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.752.0_x64__qbz5n2kfra8p0 [2021-03-13] (Python Software Foundation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.147.0_x64__dt26b99r8h8gj [2020-08-23] (Realtek Semiconductor Corp)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{5405618e-4c42-4fb9-a80a-d24d89911296}\localserver32 -> C:\Users\Lem0th\AppData\Local\NhNotifSys\sonicstudio\asusns.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{872bdfc0-9f9f-47d7-83b8-e363d25d6d5f} -> [Nextcloud] => C:\Users\Lem0th\Nextcloud [2021-04-16 17:29]
CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{BC2A58AB-3084-4D85-82C4-41A01B4032E2} -> [MEGAsync] => C:\Users\Lem0th\Documents\MEGAsync [2021-03-27 10:34]
CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InprocServer32 -> C:\Users\Lem0th\AppData\Local\Programs\WinSCP\DragExt64.dll (Martin Prikryl -> Martin Prikryl)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} - C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} - C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} => C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} => C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [  NextcloudError] -> {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudOK] -> {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudOKShared] -> {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudSync] -> {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudWarning] -> {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers3: [NextcloudContextMenuHandler] -> {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\shellext\NCContextMenu.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-03-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2015-04-14] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2015-04-14] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-07-08 17:42 - 2020-07-08 17:42 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2020-07-08 17:42 - 2020-07-08 17:42 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2020-07-14 17:16 - 2020-07-14 17:16 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2021-04-05 14:41 - 2021-02-18 12:07 - 000085504 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\zlib1.dll
2020-04-22 15:35 - 2020-04-22 15:35 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2021-03-05 18:44 - 2021-03-05 18:44 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2021-03-05 18:44 - 2021-03-05 18:44 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 000434688 _____ () [File not signed] C:\Program Files (x86)\MakeMKV\libfdk64.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 001159680 _____ () [File not signed] C:\Program Files (x86)\MakeMKV\libffm64.dll
2018-08-29 16:19 - 2018-08-29 16:19 - 000223232 _____ () [File not signed] C:\Program Files\ASUS\AacOdd\AacOddHal_x86.dll
2018-09-07 00:29 - 2018-09-07 00:29 - 000202752 _____ () [File not signed] C:\Program Files\ASUS\AacTerminalHal\AacStripBusHal_x86.dll
2018-12-27 16:31 - 2018-12-27 16:31 - 000225280 _____ () [File not signed] C:\Program Files\ASUS\CORSAIR_Aac_DRAM\AacCosairDramHal_x86.dll
2021-02-21 12:09 - 2021-02-21 12:09 - 028317184 _____ () [File not signed] C:\Program Files\WindowsApps\53621FSApps.FluentTerminal_0.7.5.0_x64__87x1pks76srcp\FluentTerminal.App.dll
2020-05-26 17:08 - 2020-05-26 17:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 000040448 _____ (GuinpinSoft inc) [File not signed] C:\Program Files (x86)\MakeMKV\libdriveio64.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 000298496 _____ (GuinpinSoft inc) [File not signed] C:\Program Files (x86)\MakeMKV\libmakemkv64.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 000277504 _____ (GuinpinSoft inc) [File not signed] C:\Program Files (x86)\MakeMKV\libmcurl64.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 005492736 _____ (GuinpinSoft inc) [File not signed] C:\Program Files (x86)\MakeMKV\libmqt.dll
2019-08-17 18:22 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-12-07 11:09 - 2021-04-24 21:18 - 000093696 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\uxinit.dll
2020-12-16 09:26 - 2020-12-16 09:26 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2021-04-05 14:41 - 2021-02-18 12:07 - 000287232 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libcurl.dll
2021-04-05 14:41 - 2021-02-18 12:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libcrypto-1_1-x64.dll
2021-04-05 14:41 - 2021-02-18 12:07 - 002281984 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\LIBEAY32.dll
2021-04-05 14:41 - 2021-02-18 12:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libssl-1_1-x64.dll
2021-04-05 14:41 - 2021-02-18 12:07 - 000361472 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\SSLEAY32.dll
2021-04-05 14:41 - 2020-05-14 15:15 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libcrypto-1_1-x64.dll
2021-04-05 14:41 - 2020-05-14 15:15 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libssl-1_1-x64.dll
2020-12-06 13:24 - 2020-12-06 13:24 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-12-06 13:24 - 2020-12-06 13:24 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-03-05 18:43 - 2021-03-05 18:43 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2021-03-05 18:43 - 2021-03-05 18:43 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
2020-12-06 13:24 - 2020-12-06 13:24 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2021-04-09 16:59 - 2021-04-09 16:59 - 006165112 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Program Files\Nextcloud\Qt5Core.dll
2020-04-28 05:05 - 2020-04-28 05:05 - 006164600 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Users\Lem0th\AppData\Local\MEGAsync\Qt5Core.dll
2021-04-24 21:57 - 2019-09-23 23:51 - 000255488 _____ (www.startisback.com) [File not signed] C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer32.dll
2021-04-24 21:57 - 2019-09-23 23:51 - 000261632 _____ (www.startisback.com) [File not signed] C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7}' -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer32.dll [2019-09-23] (www.startisback.com) [File not signed]
BHO-x32: No Name -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7}' -> No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-05-25 15:33 - 2020-05-01 17:24 - 000001256 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70      fitgirlrepacks.co              # Fake FitGirl site
109.94.209.70      fitgirl-repacks.cc              # Fake FitGirl site
109.94.209.70      fitgirl-repack.com              # Fake FitGirl site
109.94.209.70      www.fitgirlrepacks.co          # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.cc          # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.com          # Fake FitGirl site

2019-08-17 10:35 - 2019-09-01 12:37 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.54.81 DESKTOP-J6EBHR7.mshome.net # 2024 8 5 30 10 37 43 403
168.54.87 manjaro.mshome.net # 2019 8 0 25 21 1 57 523
192.168.54.87 manjaro.mshome.net # 2019 8 0 25 21 1 57 523
523
17 9 332
192.168.54.87 manjaro.mshome.net # 2019 8 0 25 21 1 57 523
68.54.0.83 ubuntu.mshome.net # 2019 8 6 24 16 49 48 776
8 776
510
68.54.0.83 ubuntu.mshome.net # 2019 8 6 24 16 49 48 776

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Git\cmd;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\dotnet\
HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.34 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
vEthernet (Default Switch): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Default Switch): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 3: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\StartupFolder: => "Folding@home.lnk"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "SaferVPN"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "pCloud"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E89105E3-8FD6-4574-84A4-54BCA347C477}D:\gtaiv backup before update\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\gtaiv backup before update\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [TCP Query User{2D65D048-5356-4589-B601-298975BFCBEC}D:\gtaiv backup before update\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\gtaiv backup before update\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{0E976DB1-E721-4123-A18D-79BAE324AEA9}D:\games\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) D:\games\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{1356CEB6-6F9D-4BCE-A2F9-0F8419613022}D:\games\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) D:\games\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe => No File
FirewallRules: [{AD7A7C76-4F22-4D6A-9BE5-2510F7701424}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{21381AA7-12F7-4FB8-9EFD-05C992E7A069}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{11544A5B-10BE-4290-B0F1-C69D14F90009}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{CE584792-AF50-4694-9486-707A8EE7F73A}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [UDP Query User{B31B8551-5F5C-40DB-99F5-36A531147524}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{544BF304-B36A-4E47-9FE4-CE9633ECFC11}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{E8739EC8-07F0-4064-A1FC-5923B152E292}D:\need for speed heat\needforspeedheat.exe] => (Block) D:\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{0AC062BC-8110-4E66-A778-FE588ED5F631}D:\need for speed heat\needforspeedheat.exe] => (Block) D:\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [{24EEB3CB-7C5E-443F-927E-C58699A1ACCA}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe => No File
FirewallRules: [{BA231261-5217-49A9-8577-52EA26E13205}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe => No File
FirewallRules: [UDP Query User{9212379A-1F76-4909-A968-B82D34D6C14F}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe => No File
FirewallRules: [TCP Query User{F4B085A6-BE9A-4D67-9C0A-048B6DDC8EA2}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe => No File
FirewallRules: [{DB330616-48D5-4B40-A482-C2489DA90517}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{FA7D41AB-31E6-42C4-B439-AF0E8CFE3B49}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [UDP Query User{FC543287-CDE5-45E8-B6B2-DB310669F2CB}D:\battle.net\battle.net.exe] => (Allow) D:\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{43001272-2E6F-4E4A-8162-22A087519401}D:\battle.net\battle.net.exe] => (Allow) D:\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{80EFF0A2-A3C0-4216-8DE9-0B6A1CD04424}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [{7B301E05-8DFC-4B5E-8C1E-9004E44BCE64}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [UDP Query User{6174AE97-A405-4A30-B6B1-29A7A1FDA3E4}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe => No File
FirewallRules: [TCP Query User{DE0E076B-BA23-4ED4-B2BB-AF690C513E45}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe => No File
FirewallRules: [UDP Query User{AF0C8862-AA4F-4E24-9216-6FF8A8AA1792}C:\program files\core temp\core temp.exe] => (Block) C:\program files\core temp\core temp.exe (ALCPU -> ALCPU)
FirewallRules: [TCP Query User{279B665F-E4DD-4B70-AFB6-EAD32AD09683}C:\program files\core temp\core temp.exe] => (Block) C:\program files\core temp\core temp.exe (ALCPU -> ALCPU)
FirewallRules: [{F492DB98-1F8A-40DB-8FA3-D96B6527DADE}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [{F435FEEB-256B-452D-8AD4-B39322989B67}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [UDP Query User{C6EBDC59-1944-44C3-BEF5-A1D1D50FF6F7}D:\games\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\games\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [TCP Query User{4146D64C-CE13-45F6-B0CB-18A05EB5CA16}D:\games\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\games\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [{3C7FB18B-3AF0-497E-B3D3-26A5B978F3A6}] => (Block) D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe => No File
FirewallRules: [{2DD18129-4517-4B28-B4A6-19B0A82DE548}] => (Block) D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe => No File
FirewallRules: [UDP Query User{923D6CB2-7002-4B5F-8BD3-6BA54E233934}D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe] => (Allow) D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe => No File
FirewallRules: [TCP Query User{D880CDA8-6D0A-49E1-A5CA-08429A39C63A}D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe] => (Allow) D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe => No File
FirewallRules: [{B2C0308D-AE64-431A-A2AB-FE90A2B9BF48}] => (Allow) D:\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{212808BE-57AF-4473-83EB-BD3B0F1AA6B0}] => (Allow) D:\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [UDP Query User{C352A195-ADF2-457B-B217-C0C002E44CF8}D:\origin games\battlefield 4\bf4.exe] => (Allow) D:\origin games\battlefield 4\bf4.exe => No File
FirewallRules: [TCP Query User{90E1BF47-5EAB-4FBF-AB62-FB1246B4392E}D:\origin games\battlefield 4\bf4.exe] => (Allow) D:\origin games\battlefield 4\bf4.exe => No File
FirewallRules: [UDP Query User{6FF50BC2-DC82-419F-B041-55C7662D0AC9}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E05FBCB4-4AB0-4501-820A-A02EFFAA0E81}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [{9248A71D-4E62-46B5-AADD-C41E98F1DE9C}] => (Allow) D:\Steam\steamapps\common\Cities_Skylines\Cities.exe => No File
FirewallRules: [{25932E1C-696B-4ACA-982A-7650163DA715}] => (Allow) D:\Steam\steamapps\common\Cities_Skylines\Cities.exe => No File
FirewallRules: [UDP Query User{59E403CB-D19A-4008-B1DE-D9B3C218C1F4}D:\red dead redemption 2\rdr2.exe] => (Allow) D:\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{6A2E0C5D-9EC2-4ED3-8AC4-F2A11000DA4E}D:\red dead redemption 2\rdr2.exe] => (Allow) D:\red dead redemption 2\rdr2.exe => No File
FirewallRules: [{D17FD6CA-F1E9-4F31-A9D6-E8621A732FEF}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{732D8C68-C484-41E2-BE33-AD13FFD5B90B}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [UDP Query User{E98ECFFC-C735-4693-86EA-0B1D7B98BD74}D:\grand theft auto v\gta5.exe] => (Block) D:\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{03AE9D6E-1310-4124-AE6F-0A5AA87128FE}D:\grand theft auto v\gta5.exe] => (Block) D:\grand theft auto v\gta5.exe => No File
FirewallRules: [{E08442BB-A2F4-4439-8317-6CE69D52576F}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File
FirewallRules: [{4C28B4AE-D8FB-4E69-A3C0-1C2CDD348219}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File
FirewallRules: [{461D493C-EF8D-49C8-971E-BB1A5EDD32FE}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File
FirewallRules: [{33099141-581E-4E95-AF02-D8FC1DD767E6}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File
FirewallRules: [UDP Query User{A1BCD29F-D569-42FF-8B78-8446B7D7C561}D:\games\rockstar launcher\grand theft auto v\gta5.exe] => (Block) D:\games\rockstar launcher\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{A922BE16-3599-4DC6-B0E4-40075F337FC7}D:\games\rockstar launcher\grand theft auto v\gta5.exe] => (Block) D:\games\rockstar launcher\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{ACDC7CBD-74B6-4635-B120-130DC1033A16}D:\games\rockstar games\grand theft auto 521\gta5.exe] => (Block) D:\games\rockstar games\grand theft auto 521\gta5.exe => No File
FirewallRules: [TCP Query User{08CEA24B-C217-4AF2-A6FB-4A8C68D9E5CC}D:\games\rockstar games\grand theft auto 521\gta5.exe] => (Block) D:\games\rockstar games\grand theft auto 521\gta5.exe => No File
FirewallRules: [{BCA502C6-0FA1-4B9A-9402-07E2111B7698}] => (Allow) D:\Games\Anno 2205\Bin\Win64\Anno2205.exe => No File
FirewallRules: [{B9697FB9-955F-4B2F-A36E-1AA1C7DB916C}] => (Allow) D:\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{808ACEB9-E7F4-49C0-B091-7E5C54E27606}] => (Allow) D:\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{FB77CC27-39BC-46E7-A00D-CF235885FE19}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{21869522-1622-426C-B240-4B7E6C63E831}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{D3B17439-64FC-4BB1-97B8-2C1C1BD71445}] => (Allow) C:\Users\Lem0th\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{EB2052C1-D41A-4786-AAFE-AE65B70A44A8}] => (Allow) C:\Users\Lem0th\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{7496CADD-3B71-4106-9E82-A077947AFAA4}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{670812E8-AFDC-4F5C-B3CE-126515B30CA8}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{5CCBCA24-DBD9-4068-854F-8E69A924DD3E}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{FFFC5594-996E-457D-B175-DA1435A140B5}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{5D50EEAD-81CD-4ADD-A4C8-E476D7A7A47F}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{BA034B8A-1BD3-423E-A205-DDFD0C16B670}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{A1E751D7-E18B-49BE-9B76-DDE5CC0BA257}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{717C6496-234C-4984-B4AA-717FDE74B215}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{7254B449-D3D4-442A-AE4D-F3016AE6BD17}] => (Allow) D:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{27B70B7D-9564-4C8E-AC47-82CC6903E9CB}] => (Allow) D:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [UDP Query User{883E82A6-DE6C-4CB8-BC81-6D9EA26AA022}C:\users\lem0th\desktop\eco.v0.7.6.3\eco_data\server\ecoserver.exe] => (Block) C:\users\lem0th\desktop\eco.v0.7.6.3\eco_data\server\ecoserver.exe => No File
FirewallRules: [TCP Query User{B7A3E396-FD42-404D-9041-79E3F8E1771E}C:\users\lem0th\desktop\eco.v0.7.6.3\eco_data\server\ecoserver.exe] => (Block) C:\users\lem0th\desktop\eco.v0.7.6.3\eco_data\server\ecoserver.exe => No File
FirewallRules: [{D56A48A6-041C-4F2A-B4E7-860A4AF9148B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{41DA5E44-BE1B-47EF-86B8-F0988B8933E8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E05C5493-F067-44E6-8D73-3CB905224381}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{44C52E0F-6C5A-4537-96CE-E85AE45AD086}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{0F7F6E19-198E-453E-8345-ED55EEDCEC02}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{650B13C9-0C04-4379-B911-B5E2A0809042}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{75CF4ABB-B729-4372-A88E-33FC8EEB5D22}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{E8830CBC-74CD-49B1-AD66-193AB78BF981}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [TCP Query User{6E37E58B-B768-4BDB-A2F1-6628C1B656C4}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe => No File
FirewallRules: [UDP Query User{7B9BAC9A-51FC-4C81-A10F-B62A2EB0B08B}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe => No File
FirewallRules: [TCP Query User{42BE4BD3-7CA2-4029-8EDE-2319BA6219F0}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{8DF2A931-9E45-4778-A630-423E3F2DF566}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [TCP Query User{90FF74C0-11EC-4303-811E-647FE8A493A4}D:\steam\steamapps\common\grand theft auto iv - kopie\gtaiv\gtaiv.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv - kopie\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{60979074-3E28-437D-B67E-2E30CE0935A0}D:\steam\steamapps\common\grand theft auto iv - kopie\gtaiv\gtaiv.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv - kopie\gtaiv\gtaiv.exe => No File
FirewallRules: [TCP Query User{E12E59CD-015B-455E-8447-9514631855ED}C:\users\jendrik\documents\gta iv\gtaiv.exe] => (Block) C:\users\jendrik\documents\gta iv\gtaiv.exe => No File
FirewallRules: [UDP Query User{848946DF-10A3-46B7-851D-71BF41A8B708}C:\users\jendrik\documents\gta iv\gtaiv.exe] => (Block) C:\users\jendrik\documents\gta iv\gtaiv.exe => No File
FirewallRules: [TCP Query User{E2B89407-BFB9-475D-B00B-E221BF6D37A4}D:\steam\steamapps\common\anno 1404\tools\anno4web.exe] => (Block) D:\steam\steamapps\common\anno 1404\tools\anno4web.exe => No File
FirewallRules: [UDP Query User{A766AC8A-F8D9-4B27-9B00-C6467BCAB491}D:\steam\steamapps\common\anno 1404\tools\anno4web.exe] => (Block) D:\steam\steamapps\common\anno 1404\tools\anno4web.exe => No File
FirewallRules: [TCP Query User{C141FE43-E39F-4B50-809B-43EF843398F0}D:\games\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\games\rockstar games\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{736B1E22-9CCF-4D2C-BBE0-3F3C34C5A2BE}D:\games\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\games\rockstar games\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{2A63D965-0526-48E2-96FF-7228D43616F2}C:\users\jendrik\desktop\grand theft auto 5\gta5.exe] => (Block) C:\users\jendrik\desktop\grand theft auto 5\gta5.exe => No File
FirewallRules: [UDP Query User{AFABB913-1B5A-4BA6-BB73-178042A9576D}C:\users\jendrik\desktop\grand theft auto 5\gta5.exe] => (Block) C:\users\jendrik\desktop\grand theft auto 5\gta5.exe => No File
FirewallRules: [{CC6214EB-488A-4F15-B1FB-E7B3EA0B7EA0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3A56452B-CEAC-4263-AE19-5A13BFD6C74E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{560523C0-A63A-4522-B554-30E6C641A839}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Block) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe => No File
FirewallRules: [UDP Query User{E5DD4852-AAEA-4604-AB80-7C26DDAA5B34}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Block) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe => No File
FirewallRules: [{1C030CEC-5E0B-493C-A748-C896AE4763AA}] => (Allow) D:\UPlay\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File
FirewallRules: [{0461C472-ACAB-4B67-9A63-45DB6D3440B1}] => (Allow) D:\UPlay\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File
FirewallRules: [{75C8FD0A-E614-4C92-A408-26F92B506D6B}] => (Allow) D:\UPlay\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File
FirewallRules: [{FA7F7F14-5EE1-4A6E-BD3B-5768A520C395}] => (Allow) D:\UPlay\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File
FirewallRules: [TCP Query User{4FAD1526-D337-4739-AE54-FF4E9DEF2B57}D:\uplay\assassin's creed iv black flag\ac4bfsp.exe] => (Block) D:\uplay\assassin's creed iv black flag\ac4bfsp.exe => No File
FirewallRules: [UDP Query User{E7E5F8B0-96CB-4C6A-B768-8F3CDB1FE03F}D:\uplay\assassin's creed iv black flag\ac4bfsp.exe] => (Block) D:\uplay\assassin's creed iv black flag\ac4bfsp.exe => No File
FirewallRules: [{885F9E40-5B48-4752-A9A4-F53C23B31091}] => (Allow) D:\UPlay\Watch_Dogs\bin\watch_dogs.exe => No File
FirewallRules: [{0E14150A-34E7-43E1-B8F7-AFFD670B479D}] => (Allow) D:\UPlay\Watch_Dogs\bin\watch_dogs.exe => No File
FirewallRules: [{D72198E1-B2EF-45B2-BD8D-74BFD584704B}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe => No File
FirewallRules: [{0B40FE42-751C-49B5-B28E-D3EA688E8642}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe => No File
FirewallRules: [{27CA865E-D3FB-41E2-BA9F-9FA121003769}] => (Allow) D:\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe => No File
FirewallRules: [{B6C5CAB5-DC4D-47DB-A402-7B5B5F687050}] => (Allow) D:\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe => No File
FirewallRules: [{777B2269-AC5F-4055-8E44-49EF411F11C1}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{BA6471A1-6249-438C-82DB-770A94218F2A}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{AC62BD92-93A4-4AD5-BC3A-D8CCAE25C6CF}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => No File
FirewallRules: [{91E67771-E0D6-4201-B5AA-31AFE16B22FB}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => No File
FirewallRules: [{82464301-3B6E-4359-8C5B-5E21262ACB7E}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => No File
FirewallRules: [{B20A79EE-12D0-40FA-8A11-E41961B5B54C}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => No File
FirewallRules: [{25D2BCAF-B8D7-462D-8C20-57C4A6D0647B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D64B8278-3C0A-4269-A546-89DCA9CB8D9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{760EF2B2-F0A1-458C-BC8D-972203781A13}D:\grand theft auto 5\gta5.exe] => (Block) D:\grand theft auto 5\gta5.exe => No File
FirewallRules: [UDP Query User{42D39CF6-8A3F-4FBB-8779-93466F7F7337}D:\grand theft auto 5\gta5.exe] => (Block) D:\grand theft auto 5\gta5.exe => No File
FirewallRules: [{4EB9EAEC-83E8-4F88-8DEF-67B73B26C4B1}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{31101FA0-114E-4F67-9DFD-64BE8E8F335A}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [TCP Query User{83FFE29A-44E4-428F-A993-4EACBA9D042A}D:\games\driver - san francisco\driver.exe] => (Block) D:\games\driver - san francisco\driver.exe => No File
FirewallRules: [UDP Query User{5E193D23-C55F-49D6-996F-74AE1F84CD62}D:\games\driver - san francisco\driver.exe] => (Block) D:\games\driver - san francisco\driver.exe => No File
FirewallRules: [{873F3E41-1761-43DE-9D3E-CC8E939C70BF}] => (Allow) D:\Games\Factorio.v0.17.8\bin\x64\factorio.exe => No File
FirewallRules: [{7360CC9C-C093-4F70-A425-8B151E637700}] => (Allow) D:\Games\Factorio.v0.17.8\bin\x64\factorio.exe => No File
FirewallRules: [{0FF90A2B-26A1-4301-A162-475F49265F14}] => (Allow) D:\Games\Factorio.v0.17.8\bin\x64\factorio.exe => No File
FirewallRules: [{FDDC9304-E97A-4939-A43E-B95971129C64}] => (Allow) D:\Games\Factorio.v0.17.8\bin\x64\factorio.exe => No File
FirewallRules: [{4B30A9FA-99EF-49BB-AA78-5E7A83D19F89}] => (Allow) D:\Games\Farming Simulator 19\FarmingSimulator2019.exe => No File
FirewallRules: [{9BF437F2-14BF-435E-B2AC-4D37E3D2F516}] => (Allow) D:\Games\Farming Simulator 19\FarmingSimulator2019.exe => No File
FirewallRules: [{7369BA3B-53D8-44AD-A7BA-9D16C2D24D6E}] => (Allow) D:\Games\Prison.Architect.Update.16\Prison Architect64.exe => No File
FirewallRules: [{63F463A5-3F2C-4FAC-BBB9-64FF94B858F8}] => (Allow) D:\Games\Prison.Architect.Update.16\Prison Architect64.exe => No File
FirewallRules: [{812F3FBE-19AF-4C38-A671-EBC317C1EA3B}] => (Allow) D:\Games\Prison.Architect.Update.16\Prison Architect64.exe => No File
FirewallRules: [{F68F4693-E7D1-4928-A208-76A67C6ED57D}] => (Allow) D:\Games\Prison.Architect.Update.16\Prison Architect64.exe => No File
FirewallRules: [TCP Query User{8F86F241-11C3-4BEC-B25A-4D5E20ADE63B}D:\games\mass effect 3\binaries\win32\masseffect3.exe] => (Block) D:\games\mass effect 3\binaries\win32\masseffect3.exe => No File
FirewallRules: [UDP Query User{9D8F50BF-23B8-4817-9331-0DE59977CA05}D:\games\mass effect 3\binaries\win32\masseffect3.exe] => (Block) D:\games\mass effect 3\binaries\win32\masseffect3.exe => No File
FirewallRules: [TCP Query User{79E255EC-A423-4BB8-8DDE-E6BA715D4545}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe => No File
FirewallRules: [UDP Query User{5F60DE7E-0372-413E-8F07-B96E404C08E8}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe => No File
FirewallRules: [{8275FC18-3665-4FEB-B5CF-B10A45858374}] => (Allow) C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [{D392FBC1-B7C5-4AD9-B2C1-2C3F2E75D208}] => (Allow) C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [{59095EF4-CA73-49E5-A81F-B906FA10B1EB}] => (Allow) C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [{3793CBC9-02A6-424B-80E4-DEFBC37EC337}] => (Allow) C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [TCP Query User{DB8F624B-9318-4151-96CA-D549EA4B698C}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe (ALCPU -> ALCPU)
FirewallRules: [UDP Query User{D6539123-BBFD-4FD1-807C-A433521AB404}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe (ALCPU -> ALCPU)
FirewallRules: [TCP Query User{D44DE966-76E5-4766-944B-DAABD313E2E3}D:\games\nfs mw 2012\nfs13.exe] => (Block) D:\games\nfs mw 2012\nfs13.exe => No File
FirewallRules: [UDP Query User{52AA4A1D-1282-4602-A6BC-81FD226FEE10}D:\games\nfs mw 2012\nfs13.exe] => (Block) D:\games\nfs mw 2012\nfs13.exe => No File
FirewallRules: [TCP Query User{1B56BA9E-B957-4C8E-B3BE-CEED87C4B3F6}D:\games\nfs mw 2012\nfs13.exe] => (Allow) D:\games\nfs mw 2012\nfs13.exe => No File
FirewallRules: [UDP Query User{1AEDF068-5207-4232-802F-0CBDE9A89072}D:\games\nfs mw 2012\nfs13.exe] => (Allow) D:\games\nfs mw 2012\nfs13.exe => No File
FirewallRules: [{E21F827C-3955-401B-9742-70B43525402E}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{B75D3868-0C32-44C5-8B91-9906F4AC163C}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [TCP Query User{3551F8C7-56A7-4C24-9697-C5C642161E6A}D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{9824D6B4-E916-405B-9D3C-CDA974B527B2}D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [TCP Query User{5FAF59FB-900D-4F71-9BEF-A73DEFDE0A7A}D:\steam\steamapps\common\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe => No File
FirewallRules: [UDP Query User{1880E064-1FE6-4675-9F74-98192BF86784}D:\steam\steamapps\common\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe => No File
FirewallRules: [TCP Query User{7C4647FB-D505-44EE-882A-670FE813AE9F}D:\games\rockstar games\grand theft auto 5\gta5.exe] => (Allow) D:\games\rockstar games\grand theft auto 5\gta5.exe => No File
FirewallRules: [UDP Query User{4512388E-B5DA-414B-9B31-31EF3BCBBF72}D:\games\rockstar games\grand theft auto 5\gta5.exe] => (Allow) D:\games\rockstar games\grand theft auto 5\gta5.exe => No File
FirewallRules: [TCP Query User{52E01A02-19DE-406B-9184-320EDF9AD0CD}D:\steam\steamapps\common\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) D:\steam\steamapps\common\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{21F1926C-1E79-466A-9E5B-3AA129170155}D:\steam\steamapps\common\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) D:\steam\steamapps\common\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe => No File
FirewallRules: [{FEA652B5-C4E4-4E25-A9CE-8FD29CC53309}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{BBBCF8BE-6B0B-4160-A31E-01B841C9C30D}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{9025F53A-D984-44DA-90C4-45DE9FD11F34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{8C460CDE-76D0-47F5-8733-8F42A307760D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{E1527208-B8AC-4246-A5AA-3D59969C3925}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{4D333ED1-D5DF-4236-BCDE-81AAA704034C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [TCP Query User{9B750E9D-4F76-49BE-B9F6-89953185FD89}D:\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) D:\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{148CB68E-4E26-4757-80E0-4E48870E6D6B}D:\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) D:\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [TCP Query User{DACBD9FC-935C-4CD6-BBBC-C589A08495B3}D:\driver - san francisco\driver.exe] => (Block) D:\driver - san francisco\driver.exe (Ubisoft Entertainment -> )
FirewallRules: [UDP Query User{AFF58A0B-E485-4626-A3C6-C9DD07ED8502}D:\driver - san francisco\driver.exe] => (Block) D:\driver - san francisco\driver.exe (Ubisoft Entertainment -> )
FirewallRules: [TCP Query User{8F85853A-73CE-476F-8778-BB65C02E00D1}D:\steam\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe => No File
FirewallRules: [UDP Query User{2E1FFC5F-FAE0-4C2D-82A7-EBB44ED81825}D:\steam\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe => No File
FirewallRules: [TCP Query User{2C8ACAD6-D759-4F00-AE66-B7B7E90D9B9B}C:\users\lem0th\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\lem0th\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [UDP Query User{A64F7428-E2E2-4356-B306-9AC54CB91A30}C:\users\lem0th\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\lem0th\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{7601CDE4-BE9E-46DC-8951-CE2A0D1AD306}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe => No File
FirewallRules: [{25E9D4EF-1501-4168-86DE-6D3C16A82803}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe => No File
FirewallRules: [{8D54D6C9-62C0-45F7-959F-A291BC44ABE9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{7E6E8CC4-8055-426F-945B-5B56F7C8010D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{C17C5324-B514-4DE0-AB89-12371496238C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{1A7ED13E-4140-40E0-873C-5F0377DB3AE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{7B8AC5C9-0DED-46F9-A7D9-5E9475AB7788}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CB8B1EF4-FE42-45F3-A4E5-11BB77AA30BA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B8582651-BA26-441B-A6E8-6674D97EA55B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{43E534AD-673A-4CA6-B60E-9769830A933F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{1447B30C-42D1-4AFD-831A-EFED144F1F66}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{D1C59F94-C00B-498F-9869-D667EE24CFF3}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3C716091-0AB2-4865-8DD7-0C4DB27E8008}C:\watch dogs legion\bin\watchdogslegion.exe] => (Allow) C:\watch dogs legion\bin\watchdogslegion.exe => No File
FirewallRules: [UDP Query User{FE2400D2-A1A3-4BE1-A511-39514A469174}C:\watch dogs legion\bin\watchdogslegion.exe] => (Allow) C:\watch dogs legion\bin\watchdogslegion.exe => No File
FirewallRules: [{CA505015-3701-4CFF-8802-679130AD1605}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{5192F53C-631D-4FAD-9DB3-883B119D49B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{FF6FE126-121F-4911-854F-82F243DFA464}] => (Allow) D:\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{23C54D33-11C2-4200-AF0F-2E99FA2F6957}] => (Allow) D:\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [TCP Query User{8187D619-05E8-44F8-890C-DE2087BE2CE6}D:\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\tom clancy's ghost recon wildlands\grw.exe => No File
FirewallRules: [UDP Query User{F77EEBE1-2382-45ED-9D5F-E582E1009F29}D:\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\tom clancy's ghost recon wildlands\grw.exe => No File
FirewallRules: [{35FDFA86-BDB3-4F58-BE86-8EA1FCE6A823}] => (Allow) D:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe => No File
FirewallRules: [{D584961B-D494-4EE0-B3CF-A7A246D24324}] => (Allow) D:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe => No File
FirewallRules: [{97E32FCD-D23E-4BA2-B5AD-A5FC173BD631}] => (Allow) D:\Steam\steamapps\common\Transport Fever 2\TransportFever2.exe => No File
FirewallRules: [{F14D343C-C524-4F80-A83C-2FD97842A78D}] => (Allow) D:\Steam\steamapps\common\Transport Fever 2\TransportFever2.exe => No File
FirewallRules: [{516809CC-87A0-4D4F-9397-6AC7F1755FF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever 2\TransportFever2.exe () [File not signed]
FirewallRules: [{08E91F3B-9234-4C87-9B67-237B100D1C6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever 2\TransportFever2.exe () [File not signed]
FirewallRules: [{8DF5C302-243E-4D98-BEBE-1847CDE5ED8F}] => (Allow) D:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{45872A03-8F13-4F6C-AC3B-29CC1E4ED7D4}] => (Allow) D:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{F24085C2-05C8-4516-898F-1FA7F6C98498}] => (Allow) D:\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [{0EB6B250-8AA0-47D7-B609-832C2273CEDA}] => (Allow) D:\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [TCP Query User{26C6191B-0E73-4476-B321-08D3C537ACD5}D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{EF3E8FDA-0ACB-43F4-B4D6-3BFB8EDA04F5}D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{25939520-0D1D-4578-946C-D4EB4291521C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [{4263165D-0308-45B0-931D-112FC416F3D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [TCP Query User{E28E2B5B-758E-456A-960D-8107B899AAB2}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{1A8C3D4C-7DD6-4FAC-AB6B-60FF7DF3B5FB}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{380F1153-43B2-4619-AE20-B37957B52929}] => (Block) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{2AD78FFE-776A-4508-8DEE-F3A7AADC4536}] => (Block) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{02FDCE55-3BB7-4C7A-ADB2-789293EAE0E8}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{2B03FD81-0D4D-449F-A301-0EA955773912}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{A47067D7-E0B9-479A-BA36-B4FDB79BB3F4}] => (Allow) D:\Games\Origin\The Sims 4\Game\Bin_LE\TS4.exe => No File
FirewallRules: [{1D8EA596-A61A-45D1-AC7A-23D62FFDB837}] => (Allow) D:\Games\Origin\The Sims 4\Game\Bin_LE\TS4.exe => No File
FirewallRules: [{7158B635-9A03-4F34-BD06-0B7EDB34A05F}] => (Allow) D:\Games\Origin\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{7E1B3208-CCBE-4EEA-BD52-14272D74996E}] => (Allow) D:\Games\Origin\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{571260C1-6820-4BC5-823A-6723459B82D3}] => (Allow) D:\Steam\steamapps\common\Rollercoaster Tycoon 2\RCT2.EXE => No File
FirewallRules: [{09DC3838-E0E6-4777-A6D9-E66EB34EFCC1}] => (Allow) D:\Steam\steamapps\common\Rollercoaster Tycoon 2\RCT2.EXE => No File
FirewallRules: [TCP Query User{F1EE0D99-7DA4-4881-BA07-F5079EE46C0E}C:\program files\openrct2\openrct2.exe] => (Allow) C:\program files\openrct2\openrct2.exe => No File
FirewallRules: [UDP Query User{35019960-5210-4AB7-96D4-856EC1E7349D}C:\program files\openrct2\openrct2.exe] => (Allow) C:\program files\openrct2\openrct2.exe => No File
FirewallRules: [{D0C8D784-C63C-48AE-A233-B82FFED2B1D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{E9D601C4-A474-4EFD-82A4-9A4F38F3B4E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{F76BFEEC-9A4E-4CDE-B4E7-233E77C50558}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{C89753A0-8B68-4414-AE52-48437D79C60C}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{AA11D7D2-66A6-40AA-8FB4-45456A27A312}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{5069AAEA-C3DE-4C2E-9399-A3B83EC27CDC}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{3B460AC7-5E66-43B1-9EDE-26B8ADDA0906}] => (Allow) E:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe => No File
FirewallRules: [{C3A6F349-0BB4-478D-B7D7-1034B6204655}] => (Allow) E:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe => No File
FirewallRules: [{4919191C-4D14-42C7-B726-4F1EC54EF371}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [{AC9FC706-0E15-4618-BDBA-3043CB146ADC}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [{2F6D4E66-9049-4B63-A709-5B6B18F987C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [{AD31A04C-6602-4CAB-8A81-E96BAC23EE2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [TCP Query User{93D25AC5-BAB1-4BA3-9313-AE4A9A674FB6}D:\rockstar games\grand theft auto 5 - online\gta5.exe] => (Allow) D:\rockstar games\grand theft auto 5 - online\gta5.exe => No File
FirewallRules: [UDP Query User{187F8D3D-9F24-422C-91C0-6B922D88CD1C}D:\rockstar games\grand theft auto 5 - online\gta5.exe] => (Allow) D:\rockstar games\grand theft auto 5 - online\gta5.exe => No File
FirewallRules: [TCP Query User{8006B323-D92E-4E66-816F-127CF249E744}E:\gta\grand theft auto v\gta5.exe] => (Allow) E:\gta\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{4CBDB4E6-DC2E-40BB-A238-C85681084FF4}E:\gta\grand theft auto v\gta5.exe] => (Allow) E:\gta\grand theft auto v\gta5.exe => No File
FirewallRules: [{964D883A-69DD-44BE-B703-C1C93E2C6881}] => (Allow) C:\Users\Lem0th\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{6019C894-49CD-44E3-8B21-1DC459329B05}] => (Allow) C:\Users\Lem0th\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{27C953F7-FA5A-489F-8853-E4C4529F97F2}] => (Allow) C:\Users\Lem0th\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B93A0006-A015-4A41-B0D2-6A1EEED9FB62}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{4E9F02B9-CB33-4F17-BF07-D4EA5F748DA1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{FD5A6A5D-E832-4D05-A056-1270D3AFED1F}] => (Allow) E:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{5BADAB3F-CDE0-474F-9520-9D7A4373ED89}] => (Allow) E:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{80E36785-4930-41E8-972A-EDE6E8B543FB}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{14BCC086-0CA4-4984-83E0-B79AA04B3F37}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{BF112671-93C8-42A9-8399-BAB426810A3B}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{67BDF6E1-1D7D-4CC9-B1A8-73247C1B9BAC}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{608A7D66-FD1B-4F4C-94CB-694CE41FA00A}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{B39643F0-B62A-4E74-9F9A-A126294CD8E6}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{56D8B399-7221-4712-A198-D899073C5625}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => No File
FirewallRules: [{1FB09AAD-FA54-4FF4-AC81-FBFB8670224F}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => No File
FirewallRules: [{D6D6975B-5E47-4B4F-8E75-E01BE141E825}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => No File
FirewallRules: [{125C8DA4-3F89-44EF-A4F3-6014E1A7E78E}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => No File
FirewallRules: [{065F0EA5-B155-4CCD-9FE7-E03641821FF6}] => (Allow) LPort=25552
FirewallRules: [{ACA3D2AE-C4DC-4DB9-8CBB-53D4BAEA7556}] => (Allow) LPort=25552
FirewallRules: [TCP Query User{714B1907-920D-4DCD-A3A9-92AC2CCDCC09}E:\steamlibrary\steamapps\common\fph spedv\fph spedv.exe] => (Block) E:\steamlibrary\steamapps\common\fph spedv\fph spedv.exe => No File
FirewallRules: [UDP Query User{A8E16BD0-A014-4C3C-9DF5-4D6B5ACF37C0}E:\steamlibrary\steamapps\common\fph spedv\fph spedv.exe] => (Block) E:\steamlibrary\steamapps\common\fph spedv\fph spedv.exe => No File
FirewallRules: [{04CA327D-DEBE-4BCF-A3E0-BDDDC0A3E48E}] => (Allow) E:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe () [File not signed]
FirewallRules: [{604863BB-4141-4CA9-BE1F-6241E5550EB2}] => (Allow) E:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe () [File not signed]
FirewallRules: [{BCEE7111-39D5-43B8-B15D-5B09D6F7C97C}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{95D65555-9C1C-45DE-B8FC-557F37E3185E}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{C73DB015-C579-4E9C-8FA1-AB25D70C9715}E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{1A6B6369-C526-4C2D-840F-E7D7733A0DD1}E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{504B845D-5823-4C4A-9D2F-8DB2FFEE012F}] => (Allow) E:\Ubisoft\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe => No File
FirewallRules: [{17987AF4-CBBD-4529-ADFD-FE1E9497B8F6}] => (Allow) E:\Ubisoft\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe => No File
FirewallRules: [{ADA1B7EE-D083-43F0-9AA2-B41845D14388}] => (Allow) E:\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{F59AEA3C-6F42-4F4A-BC00-4B9E28F9BB89}] => (Allow) E:\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{5EE321A0-0AF3-40E0-A028-22CB23F79DB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BBAB3236-832A-4CB2-BF1A-0CB0CD2B5EF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F533A42A-4265-456B-A862-972024EE5CFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E766050C-E6D6-4E80-B5EA-EF30CC57F6FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{9F0F78A1-6E7C-42B7-A73C-6606959842BE}C:\users\lem0th\appdata\roaming\simsync\server\jre11\bin\java.exe] => (Allow) C:\users\lem0th\appdata\roaming\simsync\server\jre11\bin\java.exe
FirewallRules: [UDP Query User{4EE7BF65-17B9-4D7F-BDA0-2A7ED0F21E24}C:\users\lem0th\appdata\roaming\simsync\server\jre11\bin\java.exe] => (Allow) C:\users\lem0th\appdata\roaming\simsync\server\jre11\bin\java.exe
FirewallRules: [{04519660-CD40-4624-8055-B1D556A385BA}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{C0BBB6E8-DE73-4E7B-B5FC-D2A24D5D9350}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{F87D986B-037F-4254-AC03-CAEC2B668A62}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{E7E3FA69-E5EE-4CB2-93D8-6D9F67D7F6CD}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{C7A7A77A-72E7-48D9-9B74-A96B0A2B9CC8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5006DD8-45CC-4F33-B4DB-80A9B51897D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{62CDD108-B80E-42CF-9B8B-81982DDEE982}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{662EF693-B7CE-4E73-9E28-CD4F0578E8C8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F115B1A4-E9E8-4C9A-B1AE-CD34A4184F8A}] => (Allow) E:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{8FD6FC62-EED7-4453-8890-75174FF3C5AE}] => (Allow) E:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{4AFBD6A2-FF70-47F6-B291-384F34F3B608}] => (Allow) E:\Ubisoft\Anno 1800\Bin\Win64\Anno1800.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [{F339E5E2-4EEF-40AB-9DDA-6A4B7E041073}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{85A2578A-E2F2-483B-91A9-79A0835D4E39}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{C1CF126C-6754-4031-837E-8F49C6FEC4F4}] => (Allow) E:\Origin\Need for Speed\NFS16.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{30C80344-9037-43C1-BB62-29FD8D8D6BD3}] => (Allow) E:\Origin\Need for Speed\NFS16.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{E24DA67D-D071-428F-B394-8D7B8945887D}] => (Allow) E:\Origin\Need for Speed\NFS16_trial.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{69D5DFC3-4F85-47D1-9BEF-7AA05642F730}] => (Allow) E:\Origin\Need for Speed\NFS16_trial.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{5704E3C1-4F07-46F7-87D4-DCE50C0A1AEA}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{CCC9C2CB-6DD5-4D1F-A040-4454E93E707D}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{9A09A8CF-2E69-4BF0-A1F2-394A9D8CA4DF}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{67BE7E46-6F23-43D7-BC62-9AB84F4F4EDE}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{F89794A3-741D-4722-A021-675E5172D341}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{4A88E662-2410-47CD-B28B-1115CF93CEF2}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{A1B664B6-10EE-4A07-9471-CA154FC15C9A}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{E7FE9214-96F1-4EEE-A931-4743267E388B}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{7509EEA4-B735-498F-A26D-963CE6C222FB}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{77E05633-F67A-44BA-A0DC-7D5778EF1BBE}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{9B3AACF6-52DC-4942-BB1E-97E9D1AD5772}] => (Allow) E:\SteamLibrary\steamapps\common\Horizon Zero Dawn\HorizonZeroDawn.exe () [File not signed]
FirewallRules: [{1CB462CC-3195-45F8-85B3-640BB2C031CB}] => (Allow) E:\SteamLibrary\steamapps\common\Horizon Zero Dawn\HorizonZeroDawn.exe () [File not signed]
FirewallRules: [{5444CC30-A075-4833-B7D7-2569477F7623}] => (Allow) E:\Ubisoft\Assassin's Creed Valhalla\ACValhalla_Plus.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{3DF5BB23-9B3A-4E55-B852-9A0304586861}] => (Allow) E:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{5D09593E-98B4-42F4-828C-FA1E767A23D9}] => (Allow) E:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{4DFEB931-EF69-44B0-AC62-8F60CCDCE216}] => (Allow) E:\SteamLibrary\steamapps\common\Old School RuneScape\bin\win64\osclient.exe (Jagex Ltd.) [File not signed]
FirewallRules: [{B869F5AA-43D8-4636-9077-350BE0544D66}] => (Allow) E:\SteamLibrary\steamapps\common\Old School RuneScape\bin\win64\osclient.exe (Jagex Ltd.) [File not signed]
FirewallRules: [{0C64D1ED-C736-4397-8E5D-42040C0EFB3A}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{7292B058-C8ED-4FF3-815F-B474DD8A62D3}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{0CA50BFC-7D49-4C82-BFFC-4C5CD12CD58B}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{D8BD84B6-4605-4363-A02A-A27B22CDABA7}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{4B036A20-E42F-451C-B135-8E1BE9D651CB}] => (Allow) E:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{15C6D012-F903-4D23-85EE-D1CC1F508276}] => (Allow) E:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{BB22D606-D54D-4367-AA0A-E4C9E35A95BC}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{1E90D80B-6B05-49F1-828F-7B987136ADD1}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{268B1A54-8AE7-4DBF-9A5E-0B726EDCF9A0}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{CF67E128-75A8-4DDC-AFA4-280D27E4FA79}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{6C8AF79C-D727-42FB-ACD7-FD6AB810D5B3}] => (Allow) E:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.)
FirewallRules: [{D096238E-D4E2-4B5B-8920-0EED8E384033}] => (Allow) E:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.)
FirewallRules: [{6656B092-0D63-4B5B-83F0-4B5C19E7D255}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{B4206252-872E-4544-8B68-22E6461FE490}C:\program files\dvdfab\dvdfab 12\dvdfab64.exe] => (Allow) C:\program files\dvdfab\dvdfab 12\dvdfab64.exe => No File
FirewallRules: [UDP Query User{5AA08D3D-F3E7-4196-B4B1-422748667BE8}C:\program files\dvdfab\dvdfab 12\dvdfab64.exe] => (Allow) C:\program files\dvdfab\dvdfab 12\dvdfab64.exe => No File
FirewallRules: [{C9B627DD-D5C9-40CB-A63D-9E4984436444}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A02A6A4C-9BD1-4CB9-921B-4F42ADE8D107}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\90.0.818.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE60D4EA-66DF-4C0B-BD29-ABFF1D1ACB50}] => (Allow) E:\SteamLibrary\steamapps\common\Call to Arms\binaries\x64\call_to_arms_ed.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{CDC1358E-6CCF-4071-A95D-91DB8728C0A6}] => (Allow) E:\SteamLibrary\steamapps\common\Call to Arms\binaries\x64\call_to_arms_ed.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{7BCD7F92-78DF-4570-B3B3-955F776EFF78}] => (Allow) E:\SteamLibrary\steamapps\common\Call to Arms\binaries\x64\call_to_arms.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{FFE0DD58-524F-48FA-AF4E-8133AFB1D866}] => (Allow) E:\SteamLibrary\steamapps\common\Call to Arms\binaries\x64\call_to_arms.exe (Digitalmindsoft) [File not signed]
FirewallRules: [TCP Query User{C45B3061-A647-433E-AFDF-053136CF1C64}E:\steamlibrary\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe] => (Allow) E:\steamlibrary\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe (Digitalmindsoft) [File not signed]
FirewallRules: [UDP Query User{E99B0A97-0D81-4145-96B9-33A4F6D0364A}E:\steamlibrary\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe] => (Allow) E:\steamlibrary\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{06715197-7AB0-4105-A915-C1490B7AC8CD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

16-04-2021 17:27:50 Installed Nextcloud
24-04-2021 21:18:12 Installed UltraUXThemePatcher 4.1.2
24-04-2021 21:41:12 before adding theme

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/25/2021 12:15:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.4.2021.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 265c

Start Time: 01d739bbc32fb0fd

Termination Time: 4294967295

Application Path: C:\Users\Lem0th\Desktop\FRST64.exe

Report Id: 04227914-310b-473e-b163-af4b33bd08ef

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-process

Error: (04/25/2021 10:19:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc000041d
Fault offset: 0x000000000001894b
Faulting process ID: 0x1da4
Faulting application start time: 0x01d739a52a46035a
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: 3e68c8b6-8953-4c5f-8d86-5788f2fbbcd7
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2021 10:19:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc0000005
Fault offset: 0x000000000001894b
Faulting process ID: 0x1da4
Faulting application start time: 0x01d739a52a46035a
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: bbb5355e-655b-4bac-8871-1529dc6a7b9b
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2021 01:22:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete erneut optimieren on The Big D (D:) because: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A)

Error: (04/24/2021 11:34:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc000041d
Fault offset: 0x000000000001894b
Faulting process ID: 0x1c94
Faulting application start time: 0x01d7394314084ef9
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: 6a894109-bbbc-4a58-9aa8-e977d5dc6a9d
Faulting package full name:
Faulting package-relative application ID:

Error: (04/24/2021 11:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc0000005
Fault offset: 0x000000000001894b
Faulting process ID: 0x1c94
Faulting application start time: 0x01d7394314084ef9
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: 63c32d04-73bf-45e6-81c6-f08744aef2bb
Faulting package full name:
Faulting package-relative application ID:

Error: (04/24/2021 09:12:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iCUE.exe, version: 3.38.61.0, time stamp: 0x60426abe
Faulting module name: Qt5Core.dll, version: 5.14.2.0, time stamp: 0x5e7dfb32
Exception code: 0xc0000005
Fault offset: 0x00023745
Faulting process ID: 0x37dc
Faulting application start time: 0x01d7385b82503be2
Faulting application path: C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
Faulting module path: C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Core.dll
Report ID: f8e494da-100f-4e43-8567-17ac664af24b
Faulting package full name:
Faulting package-relative application ID:

Error: (04/24/2021 06:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: call_to_arms_server.exe, version: 1.2.2.8, time stamp: 0x604b9e98
Faulting module name: steamclient64.dll, version: 6.48.43.99, time stamp: 0x6074971b
Exception code: 0xc0000005
Fault offset: 0x0000000000cd982e
Faulting process ID: 0x32c8
Faulting application start time: 0x01d7391e2f410984
Faulting application path: E:\SteamLibrary\steamapps\common\Call to Arms\binaries\x64\call_to_arms_server.exe
Faulting module path: C:\Program Files (x86)\Steam\steamclient64.dll
Report ID: df1af750-e529-4095-8e61-0dcfec30a595
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/25/2021 02:45:30 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AsusUpdateCheck service did not shut down properly after receiving a pre-shutdown control.

Error: (04/24/2021 10:59:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PHYMEM2 service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/24/2021 10:59:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PHYMEM2 service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/24/2021 09:49:46 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AsusUpdateCheck service did not shut down properly after receiving a pre-shutdown control.

Error: (04/24/2021 09:49:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J6EBHR7)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (04/24/2021 09:49:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J6EBHR7)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (04/24/2021 09:25:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MWPM2CQNLHN-Microsoft.GamingServices.

Error: (04/23/2021 06:11:53 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AsusUpdateCheck service did not shut down properly after receiving a pre-shutdown control.


Windows Defender:
================
Date: 2021-04-25 10:57:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung

Date: 2021-04-25 09:33:01
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Mittel
Category: Einstellungsveränderer
Path: file:_D:\personal stuff\Dokumente\wichtige dokumente\opensuse\.config\chromium\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn\0.9.5.14_0\assets\thirdparties\someonewhocares.org\hosts\hosts
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.1595.0, AS: 1.335.1595.0, NIS: 1.335.1595.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-25 00:46:51
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Mittel
Category: Einstellungsveränderer
Path: file:_D:\personal stuff\Dokumente\wichtige dokumente\opensuse\.config\chromium\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn\0.9.5.14_0\assets\thirdparties\someonewhocares.org\hosts\hosts
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: Benutzer
Process Name: Unknown
Security intelligence Version: AV: 1.335.1595.0, AS: 1.335.1595.0, NIS: 1.335.1595.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-21 23:15:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung

Date: 2021-04-19 04:38:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung

CodeIntegrity:
===============
Date: 2021-04-25 12:02:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-04-25 12:02:32
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 0805 01/29/2019
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX Z390-F GAMING
Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 52%
Total physical RAM: 16301.81 MB
Available physical RAM: 7754.03 MB
Total Virtual: 40877.81 MB
Available Virtual: 28607.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.16 GB) (Free:77.28 GB) NTFS
Drive d: (The Big D) (Fixed) (Total:2794.5 GB) (Free:1952.32 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.5 GB) (Free:87.84 GB) NTFS
Drive f: (DVD_VIDEO) (CDROM) (Total:7.85 GB) (Free:0 GB) UDF

\\?\Volume{91c77463-c94a-42ca-af39-0bf2c08a3dd3}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{67942367-295a-4460-953c-146437c47045}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Ladekabel612 25.04.2021 11:22
Code:
Users shortcut scan result (x64) Version: 17-04-2021
Ran by Lem0th (25-04-2021 12:18:05)
Running from C:\Users\Lem0th\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Valley Benchmark 1.0\Valley Benchmark 1.0.lnk -> C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\valley.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Heaven Benchmark 4.0\Heaven Benchmark 4.0.lnk -> C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\heaven.bat ()


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nextcloud.lnk -> C:\Program Files\Nextcloud\nextcloud.exe (Nextcloud GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk -> C:\Program Files (x86)\GPU-Z\GPU-Z.exe (techPowerUp (www.techpowerup.com))
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk -> C:\Program Files\Wireshark\Wireshark.exe (The Wireshark developer community, hxxps://www.wireshark.org/)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Filmora9\Handbuch.lnk -> C:\Program Files\Wondershare\Filmora9\Filmora9_Help.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Filmora9\Online bestellen.lnk -> C:\Program Files\Wondershare\Filmora9\Filmora9_Order.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Filmora9\Produktseite.lnk -> C:\Program Files\Wondershare\Filmora9\Filmora9_Homepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Filmora9\Wondershare Filmora9 entfernen.lnk -> C:\Program Files\Wondershare\Filmora9\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Filmora9\Wondershare Filmora9.lnk -> C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe (Wondershare)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Valley Benchmark 1.0\Uninstall.lnk -> C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Valley Benchmark 1.0\User manual.lnk -> C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\documentation\User_Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Heaven Benchmark 4.0\Uninstall.lnk -> C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Heaven Benchmark 4.0\User manual.lnk -> C:\Program Files (x86)\Unigine\Heaven Benchmark 4.0\documentation\User_Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP Launcher\TruckersMP.lnk -> C:\Program Files\TruckersMP Launcher\Launcher.exe (Truckersmp.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\drivedb.h update.lnk -> C:\Program Files\smartmontools\bin\update-smart-drivedb.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl (Admin CMD).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartmontools Daily Builds.lnk -> C:\Program Files\smartmontools\doc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartmontools Home Page.lnk -> C:\Program Files\smartmontools\doc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Uninstall smartmontools.lnk -> C:\Program Files\smartmontools\uninst-smartmontools.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\ChangeLog.lnk -> C:\Program Files\smartmontools\doc\ChangeLog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\COPYING.lnk -> C:\Program Files\smartmontools\doc\COPYING.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\NEWS.lnk -> C:\Program Files\smartmontools\doc\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\smartctl manual page (html).lnk -> C:\Program Files\smartmontools\doc\smartctl.8.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\smartctl manual page (pdf).lnk -> C:\Program Files\smartmontools\doc\smartctl.8.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\smartd manual page (html).lnk -> C:\Program Files\smartmontools\doc\smartd.8.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\smartd manual page (pdf).lnk -> C:\Program Files\smartmontools\doc\smartd.8.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\smartd.conf manual page (html).lnk -> C:\Program Files\smartmontools\doc\smartd.conf.5.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\smartd.conf manual page (pdf).lnk -> C:\Program Files\smartmontools\doc\smartd.conf.5.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller entfernen.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller Help.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller Help.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe (VS Revo Group)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Driver - San Francisco\Play Driver - San Francisco.lnk -> D:\Driver - San Francisco\Driver.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Driver - San Francisco\Uninstall Driver - San Francisco.lnk -> C:\Users\Lem0th\AppData\Roaming\Driver - San Francisco\Uninstall\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent\qBittorrent.lnk -> C:\Program Files\qBittorrent\qbittorrent.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent\Uninstall.lnk -> C:\Program Files\qBittorrent\uninst.exe (The qBittorrent project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoMove 2\PhotoMove 2.5.lnk -> C:\Program Files (x86)\PhotoMove 2\PhotoMove 2.exe (by Mike Baker at Rediscovering Photography)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin error reporter.lnk -> C:\Program Files (x86)\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Uninstall Origin.lnk -> C:\Program Files (x86)\Origin\OriginUninstall.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\License (English).lnk -> C:\Program Files\Oracle\VirtualBox\License_en_US.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (CHM, English).lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (PDF, English).lnk -> C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™\Need for Speed™ End User License Agreement.lnk -> E:\Origin\Need for Speed\Support\eula\en_US_eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™\Need for Speed™.lnk -> E:\Origin\Need for Speed\NFS16.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™\Technical Support.lnk -> E:\Origin\Need for Speed\Support\EA Help\Technical Support.en_US.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher\Minecraft Launcher.lnk -> C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe (Mojang)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Prof. Media\ Prof. Media Uninstall.lnk -> C:\Program Files (x86)\Leawo\Prof. Media\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Prof. Media\Prof. Media.lnk -> C:\Program Files (x86)\Leawo\Prof. Media\Leawo Prof. Media.exe (Leawo Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Prof. Media\Xvid\Licence.lnk -> C:\Program Files (x86)\Leawo\Prof. Media\Xvid\License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Blu-ray Player\ Blu-ray Player Uninstall.lnk -> C:\Program Files (x86)\Leawo\Blu-ray Player\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Blu-ray Player\Blu-ray Player.lnk -> C:\Program Files (x86)\Leawo\Blu-ray Player\Leawo Blu-ray Player.exe (Leawo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_271\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -> C:\Program Files\Java\jre1.8.0_271\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files\Java\jre1.8.0_271\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -> C:\Program Files\Java\jre1.8.0_271\bin\java.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Extreme Tuning Utility.lnk -> C:\Windows\Installer\{EC7279C8-6C18-4389-8C21-37884A58C114}\PerfTuneIcon.B089625E_E454_492E_B2F2_7E934E4807F0.exe (Intel(R) Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\GOG Galaxy\GOG GALAXY.lnk -> C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe (GOG.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git GUI.lnk -> C:\Program Files\Git\cmd\git-gui.exe (The Git Development Community)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\FurMark.lnk -> C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe (Geeks3D  (hxxps://geeks3d.com))
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\Uninstall  FurMark.lnk -> C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\unins000.exe (Geeks3D                                                    )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4\Die Sims 4 Endbenutzer-Lizenzvertrag.lnk -> D:\Games\Origin\The Sims 4\Support\eula\de_DE_eula.rtf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4\Kundendienst.lnk -> D:\Games\Origin\The Sims 4\Support\EA Help\Kundendienst.rtf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4\Readme.lnk -> D:\Games\Origin\The Sims 4\Support\readme\readme.de.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo\CrystalDiskInfo.lnk -> C:\Program Files (x86)\CrystalDiskInfo\DiskInfo32.exe (Crystal Dew World)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.ini ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> D:\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Corsair\iCUE.lnk -> C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe (Corsair Memory, Inc.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2020\worlds - Shortcut.lnk -> C:\Users\Lem0th\AppData\Roaming\.minecraft\saves\worlds (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\Sophie - thoughts.odt.lnk -> C:\ESD\Sophie - thoughts.odt (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\Sophie - thoughts.pdf.lnk -> C:\ESD\Sophie - thoughts.pdf (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\sophie answer part1.txt.lnk -> C:\Users\Lem0th\Desktop\sophie answer part1.txt (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\sophie answer part2.txt.lnk -> C:\Users\Lem0th\Desktop\sophie answer part2.txt (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\sophie depri stuff.odt.lnk -> C:\ESD\sophie depri stuff.odt (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\sophie final abschied.txt.lnk -> C:\Users\Lem0th\Desktop\sophie final abschied.txt (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\sophie listen to your heart.txt.lnk -> C:\Users\Lem0th\Desktop\sophie listen to your heart.txt (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\sophie struggle.txt.lnk -> C:\Users\Lem0th\Desktop\sophie struggle.txt (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\sophie text.odt.lnk -> C:\ESD\sophie text.odt (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\sophie.txt.lnk -> C:\Users\lem0th\sophie.txt (No File)
Shortcut: C:\Users\Lem0th\Nextcloud\Photos\2018\sophies daten.lnk -> C:\ProgramData\sophies daten (No File)
Shortcut: C:\Users\Lem0th\Links\Desktop.lnk -> C:\Users\Lem0th\Desktop ()
Shortcut: C:\Users\Lem0th\Links\Downloads.lnk -> C:\Users\Lem0th\Downloads ()
Shortcut: C:\Users\Lem0th\Links\MEGAsync.lnk -> C:\Users\Lem0th\Documents\MEGAsync ()
Shortcut: C:\Users\Lem0th\Links\Nextcloud.lnk -> C:\Users\Lem0th\Nextcloud ()
Shortcut: C:\Users\Lem0th\Downloads\Downloads - Shortcut.lnk -> C:\Users\Lem0th\Downloads ()
Shortcut: C:\Users\Lem0th\Documents\SpedV\ETS2 Telemetry.lnk -> E:\SteamLibrary\steamapps\common\FPH SpedV\Telemetry\Ets2Telemetry.exe (No File)
Shortcut: C:\Users\Lem0th\Documents\SpedV\FPH SpedV.lnk -> E:\SteamLibrary\steamapps\common\FPH SpedV\FPH SpedV.exe (No File)
Shortcut: C:\Users\Lem0th\Documents\MEGAsync\Simon\DVDVideoSoft Free Studio.lnk -> C:\Program Files\Gemeinsame Dateien\DVDVideoSoft\FreeStudioManager.exe (No File)
Shortcut: C:\Users\Lem0th\Documents\MEGAsync\Simon\FotoWorksXL.lnk -> C:\Program Files\FotoWorksXL\FotoWorksXL.exe (No File)
Shortcut: C:\Users\Lem0th\Documents\MEGAsync\Simon\Internet.lnk -> [LFY%!O`]
Shortcut: C:\Users\Lem0th\Documents\MEGAsync\Simon\Verknüpfung mit 04012011070[1].lnk -> C:\Dokumente und Einstellungen\ohne\Eigene Dateien\Meine empfangenen Dateien\04012011070[1] (No File)
Shortcut: C:\Users\Lem0th\Documents\Euro Truck Simulator 2\readme.rtf.lnk -> D:\Steam\steamapps\common\Euro Truck Simulator 2\readme.rtf (No File)
Shortcut: C:\Users\Lem0th\Desktop\MADCATZ R.A.T. 6+.lnk -> C:\Users\Lem0th\AppData\Roaming\Microsoft\Installer\{7FAE3AD3-6937-48C3-A86A-A6286BD72053}\Icon.exe ()
Shortcut: C:\Users\Lem0th\Desktop\MakeMKV.lnk -> C:\Program Files (x86)\MakeMKV\makemkv.exe (GuinpinSoft inc)
Shortcut: C:\Users\Lem0th\Desktop\Opera GX Browser .lnk -> C:\Users\Lem0th\AppData\Local\Programs\Opera GX\launcher.exe (Opera Software)
Shortcut: C:\Users\Lem0th\Desktop\RuneLite.lnk -> C:\Users\Lem0th\AppData\Local\RuneLite\RuneLite.exe ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\OpenIV.lnk -> C:\Users\Lem0th\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe (New Technology Studio)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk -> C:\Users\Lem0th\Downloads\ESETOnlineScanner_DEU.exe (No File)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM Singleplayer.lnk -> C:\Users\Lem0th\AppData\Local\FiveM\FiveM.exe (No File)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser .lnk -> C:\Users\Lem0th\AppData\Local\Programs\Opera GX\launcher.exe (Opera Software)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneLite.lnk -> C:\Users\Lem0th\AppData\Local\RuneLite\RuneLite.exe ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk -> C:\Users\Lem0th\AppData\Local\Programs\WinSCP\WinSCP.exe (Martin Prikryl)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\UbisoftConnect\Ubisoft Connect.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftConnect.exe (Ubisoft)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\UbisoftConnect\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe (No File)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk -> C:\Users\Lem0th\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SnakeBite\MakeBite.lnk -> C:\Users\Lem0th\AppData\Local\SnakeBite\makebite.exe ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SnakeBite\SnakeBite.lnk -> C:\Users\Lem0th\AppData\Local\SnakeBite\SnakeBite.exe ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SnakeBite\Uninstall.lnk -> C:\Users\Lem0th\AppData\Local\SnakeBite\Uninstall.exe ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer\San Andreas Multiplayer.lnk -> C:\Users\Lem0th\Downloads\FSX\samp.exe (No File)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer\Uninstall.lnk -> C:\Users\Lem0th\Downloads\FSX\SAMPUninstall.exe (No File)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTAV Language Switcher.lnk -> D:\Grand Theft Auto V\GTAVLanguageSelect.exe (No File)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Rockstar Games Launcher.lnk -> C:\Program Files\Rockstar Games\Launcher\LauncherPatcher.exe (Rockstar Games)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\MSI Afterburner.lnk -> C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\ReadMe.lnk -> C:\Program Files (x86)\MSI Afterburner\Doc\ReadMe.pdf ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\Uninstall.lnk -> C:\Program Files (x86)\MSI Afterburner\Uninstall.exe ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\MSI Afterburner localization reference.lnk -> C:\Program Files (x86)\MSI Afterburner\SDK\Doc\Localization reference.pdf ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\MSI Afterburner skin format reference.lnk -> C:\Program Files (x86)\MSI Afterburner\SDK\Doc\USF skin format reference.pdf ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\Samples.lnk -> C:\Program Files (x86)\MSI Afterburner\SDK\Samples ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModManager\GTA IV\uninstall-[cars-police cruiser]-22411-ford-crown-victoria-nypd-2012.lnk -> D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\ModManager uninstallers\uninstall-[cars-police cruiser]-22411-ford-crown-victoria-nypd-2012.exe (No File)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModManager\GTA IV\uninstall-[cars-taxi declasse]-22378-ford-crown-victoria-nyc-taxi-2012.lnk -> D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\ModManager uninstallers\uninstall-[cars-taxi declasse]-22378-ford-crown-victoria-nyc-taxi-2012.exe (No File)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk -> C:\Users\Lem0th\AppData\Local\MEGAsync\MEGA Website.url ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk -> C:\Users\Lem0th\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk -> C:\Users\Lem0th\AppData\Local\MEGAsync\uninst.exe (MEGA Limited)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV\MakeMKV Website.lnk -> C:\Program Files (x86)\MakeMKV\MakeMKV.url ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV\MakeMKV.lnk -> C:\Program Files (x86)\MakeMKV\makemkv.exe (GuinpinSoft inc)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV\Uninstall.lnk -> C:\Program Files (x86)\MakeMKV\uninst.exe (GuinpinSoft inc)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\FPH SpedV\ETS2 Telemetry.lnk -> E:\SteamLibrary\steamapps\common\FPH SpedV\Telemetry\Ets2Telemetry.exe (No File)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\FPH SpedV\FPH SpedV.lnk -> E:\SteamLibrary\steamapps\common\FPH SpedV\FPH SpedV.exe (No File)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge Beta.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera GX Browser .lnk -> C:\Users\Lem0th\AppData\Local\Programs\Opera GX\launcher.exe (Opera Software)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk -> D:\Battle.net\Battle.net.exe (Blizzard Entertainment)
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\273b94552e7b76fd\Wallpaper Engine.lnk -> D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe ()
Shortcut: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\26c8e4b9a90483d\Rockstar Games Launcher.lnk -> C:\Program Files\Rockstar Games\Launcher\Launcher.exe (Rockstar Games)
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\GFWLive\Logs\InstallLog.lnk -> C:\Users\Lem0th\AppData\Local\Microsoft\GFWLive\Install\Logs ()
Shortcut: C:\Users\Lem0th\AppData\Local\Microsoft\GFWLive\Install\Logs\ClientLog.lnk -> C:\Users\Lem0th\AppData\Local\Microsoft\GFWLive\Logs ()
Shortcut: C:\Users\Public\Desktop\Leawo Blu-ray Player.lnk -> C:\Program Files (x86)\Leawo\Blu-ray Player\Leawo Blu-ray Player.exe (Leawo)
Shortcut: C:\Users\Public\Desktop\Leawo Prof. Media.lnk -> C:\Program Files (x86)\Leawo\Prof. Media\Leawo Prof. Media.exe (Leawo Software)
Shortcut: C:\Users\Public\Desktop\Nextcloud.lnk -> C:\Program Files\Nextcloud\nextcloud.exe (Nextcloud GmbH)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Daemon start, eventlog.lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartd
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Daemon start, smartd.log.lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartd -l local0
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Daemon stop.lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartd stop
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Debug mode (-d).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartd -d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Do all tests once (-q onecheck).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartd -q onecheck
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Service install, eventlog, 30min.lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartd install
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Service install, smartd.log, 10min.lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartd install -l local0 -i 600
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Service install, smartd.log, 30min.lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartd install -l local0
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Service remove.lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartd remove
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Service start.lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> net start smartd
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\Service stop.lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> net stop smartd
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\smartd.conf (edit).lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) -> "C:\Program Files\smartmontools\bin\smartd.conf"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\smartd.conf (view).lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) -> "C:\Program Files\smartmontools\bin\smartd.conf"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\smartd.log (view).lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) -> "C:\Program Files\smartmontools\bin\smartd.log"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\smartd_mailer.conf.ps1 (create, edit).lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) -> "C:\Program Files\smartmontools\bin\smartd_mailer.conf.ps1"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartd Examples\smartd_mailer.conf.sample.ps1 (view).lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) -> "C:\Program Files\smartmontools\bin\smartd_mailer.conf.sample.ps1"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\All info (-x).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -x sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\Identify drive (-i).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -i sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\SMART attributes (-A -f brief).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -A -f brief sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\SMART capabilities (-c).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -c sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\SMART error log (-l error).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -l error sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\SMART health status (-H).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -H sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\SMART selftest log (-l selftest).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -l selftest sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\Start long selftest (-t long).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -t long sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\Start offline test (-t offline).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -t offline sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\Start short selftest (-t short).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -t short sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\Stop(Abort) selftest (-X).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -X sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\Turn SMART off (-s off).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -s off sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\smartctl Examples\Turn SMART on (-s on).lnk -> C:\Program Files\smartmontools\bin\runcmdu.exe (www.smartmontools.org) -> smartctl -s on sda
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\drivedb-add.h (create, edit).lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) -> "C:\Program Files\smartmontools\bin\drivedb-add.h"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\drivedb.h (view).lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) -> "C:\Program Files\smartmontools\bin\drivedb.h"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools\Documentation\smartd.conf sample.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) -> "C:\Program Files\smartmontools\doc\smartd.conf"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Prof. Media\Xvid\Configure Decoder.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> xvid.ax,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_271\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files\Java\jre1.8.0_271\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_271\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files\Java\jre1.8.0_271\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git Bash.lnk -> C:\Program Files\Git\git-bash.exe (The Git Development Community) -> --cd-to-home
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git CMD.lnk -> C:\Program Files\Git\git-cmd.exe (The Git Development Community) -> --cd-to-home
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk -> C:\Users\Lem0th\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\SendTo\WinSCP (for upload).lnk -> C:\Users\Lem0th\AppData\Local\Programs\WinSCP\WinSCP.exe (Martin Prikryl) -> /upload
ShortcutWithArgument: C:\Users\Lem0th\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4ac866364817f10c\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Lem0th\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller im Internet.url -> URL: hxxps://www.revouninstaller.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Prof. Media\Xvid\XviD Homepage.url -> URL: hxxp://www.xvid.org
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Besuchen Sie Java.com.url -> URL: hxxps://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Hilfe aufrufen.url -> URL: hxxps://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\FurMark online scores and ranking.url -> URL: hxxps://ozone3d.net/redirect.php?id=227
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\Geeks3D.com.url -> URL: hxxps://www.geeks3d.com/category/softwares/geeks3d/furmark/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\Homepage.url -> URL: hxxps://geeks3d.com/furmark/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\Scores comparative tables.url -> URL: hxxps://ozone3d.net/redirect.php?id=222
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D\Benchmarks\FurMark\SLI and CrossFire support.url -> URL: hxxps://ozone3d.net/redirect.php?id=211
InternetURL: C:\Users\Lem0th\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Lem0th\Documents\MEGAsync\Simon\Musik Ordner\DEUTSCHRAP ORDNER\Bass Sultan Hengzt - Der Schmetterlingseffekt (2007)\Bass_Sultan_Hengzt_-_Der_Schmetterlingseffekt-Premium_Ed.-2CD-DE-2007-YSP\fettrap.com.URL -> URL: hxxp://fettrap.com/
InternetURL: C:\Users\Lem0th\Documents\MEGAsync\Simon\Musik Ordner\DEUTSCHRAP ORDNER\Bass Sultan Hengzt - Der Schmetterlingseffekt (2007)\Bass_Sultan_Hengzt_-_Der_Schmetterlingseffekt-Premium_Ed.-2CD-DE-2007-YSP\please vote 4 us for more Stuff.URL -> URL: hxxp://www.fresh.to/vote/Fettrap/
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anno 1800 Benchmark (DX11).url -> URL: uplay://launch/4553/1
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anno 1800 Benchmark (DX12).url -> URL: uplay://launch/4553/2
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anno 1800.url -> URL: uplay://launch/4553/0
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anno 2205.url -> URL: uplay://launch/1253/0
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed II.url -> URL: uplay://launch/5481/0
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed IV Black Flag (Multiplayer).url -> URL: uplay://launch/273/1
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed IV Black Flag (Singleplayer).url -> URL: uplay://launch/273/0
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WATCH_DOGS® 2.url -> URL: uplay://launch/2688/0
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Call to Arms.url -> URL: steam://rungameid/302670
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Cities Skylines.url -> URL: steam://rungameid/255710
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Company of Heroes 2.url -> URL: steam://rungameid/231430
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Cyberpunk 2077.url -> URL: steam://rungameid/1091500
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Euro Truck Simulator 2.url -> URL: steam://rungameid/227300
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Fallout 4.url -> URL: steam://rungameid/377160
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Grand Theft Auto IV The Complete Edition.url -> URL: steam://rungameid/12210
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Grand Theft Auto IV.url -> URL: steam://rungameid/12210
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Grand Theft Auto San Andreas.url -> URL: steam://rungameid/12120
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Grand Theft Auto Vice City.url -> URL: steam://rungameid/12110
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Horizon Zero Dawn.url -> URL: steam://rungameid/1151640
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Just Cause 3.url -> URL: steam://rungameid/225540
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Life is Strange.url -> URL: steam://rungameid/319630
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Old School RuneScape.url -> URL: steam://rungameid/1343370
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\The Elder Scrolls V Skyrim Special Edition.url -> URL: steam://rungameid/489830
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\The Forest.url -> URL: steam://rungameid/242760
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Transport Fever 2.url -> URL: steam://rungameid/1066780
InternetURL: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Wallpaper Engine.url -> URL: steam://rungameid/431960
InternetURL: C:\Users\Lem0th\AppData\Local\MEGAsync\MEGA Website.url -> URL: hxxp://www.mega.nz

==================== End of Shortcut.txt =============================

M-K-D-B 25.04.2021 13:27
Zitat:
RiskWare.BitCoinMiner, C:\USERS\LEM0TH\DOWNLOADS\NICEHASHQUICKMINERV742.EXE, Quarantined
Hast du diese .exe auch ausgeführt gehabt? :balla:








Schritt 1
Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Schritt 2
Führe RogueKiller Anti-Malware gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Schritt 3
  • Starte FRST erneut und klicke auf Untersuchen.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort:
  • die Logdatei von AdwCleaner
  • die Logdatei von RogueKiller
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

Ladekabel612 25.04.2021 13:47
Naja doch, habe das Minen mal probiert aber dann doch relativ schnell wieder aufgegeben


Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-20.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-25-2021
# Duration: 00:00:01
# OS:      Windows 10 Pro
# Cleaned:  10
# Failed:  1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted      C:\Users\Lem0th\AppData\Roaming\GIMP Updater

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted      HKCU\Software\GIMP Updater
Deleted      HKCU\Software\Lavasoft\Web Companion
Deleted      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted      HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted      HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted      HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted      HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted      HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted      HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Not Deleted  Honey - jid1-93CWPmRbVPjRQA@jetpack

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2380 octets] - [25/04/2021 14:31:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Code:
RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : Lem0th [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210423_062556, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/04/25 14:41:48 (Duration : 00:06:46)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Adw.HotspotShield (Malicious)] Hotspot Shield -- %programdata%\Microsoft\Windows\Start Menu\Programs\Hotspot Shield -> Deleted
[PUP.Gen2 (Potentially Malicious)] Honey -- jid1-93CWPmRbVPjRQA@jetpack -> ERROR [0]
[PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename -- Bing Default Search -> Deleted
[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Bing Default Search -> Deleted

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Lem0th (administrator) on DESKTOP-J6EBHR7 (25-04-2021 14:43:33)
Running from C:\Users\Lem0th\Desktop
Loaded Profiles: Lem0th
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: German (Germany) -> English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(ASUSTeK Computer Inc. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2>
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
(ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute SAS -> A-Volute) C:\Users\Lem0th\AppData\Local\NhNotifSys\sonicstudio\asusns.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(FS Apps) C:\Program Files\WindowsApps\53621FSApps.FluentTerminal_0.7.5.0_x64__87x1pks76srcp\FluentTerminal.SystemTray\FluentTerminal.SystemTray.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [797216 2018-10-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [409760 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [Discord] => C:\Users\Lem0th\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14916448 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [pCloud] => C:\Program Files\pCloud Drive\pCloud.exe
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [Opera GX Browser Assistant] => C:\Users\Lem0th\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [2683712 2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\MountPoints2: {a1609cae-7353-11ea-b112-049226d53ae6} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\90.0.818.46\Installer\setup.exe [2021-04-23] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.85\Installer\chrmstp.exe [2021-04-20] (Google LLC -> Google LLC)
AppInit_DLLs: prio.dll => No File
Startup: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-03-15]
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe (No File)
Startup: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2021-03-27]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Lem0th\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01664F83-85F1-4DC0-90F2-DF330ABC0B0B} - System32\Tasks\Microsoft\Windows\PLA\CPU Usage => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {025189bb-e04b-4b4f-a102-009d1404148c} - no filepath
Task: {093682DD-DEC7-4FDB-9AC9-A9707AD0A33F} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d729a046d57eec => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {0B047319-D529-4AC2-972B-F7F48C2BED95} - System32\Tasks\ASUS\NoiseCancelingEngine.exe => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1238328 2021-01-21] (ASUSTeK Computer Inc. -> ASUS)
Task: {1007b121-f089-480e-90c7-57a8faa3c84f} - no filepath
Task: {1E34214F-8000-4F00-AC43-F06A53BA0439} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Lem0th\Downloads\ESETOnlineScanner_DEU.exe
Task: {20E8D17D-1AB7-4AF6-B9CF-1619BEF4F290} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {23fbd644-894a-4474-a2b3-26241f331b82} - no filepath
Task: {245d09ce-4e9d-4fa2-8e67-cfb4f6511aac} - no filepath
Task: {28297989-FF1C-438C-BBEB-24797DBAF01D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A88A267-71FD-4683-B199-74D7DB593EDD} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]
Task: {2E05A762-241D-4789-A990-4A651EF0DB3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2EE2AD29-8E21-4B17-B828-6D8DA5832077} - System32\Tasks\Opera GX scheduled Autoupdate 1618421482 => C:\Users\Lem0th\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-04-19] (Opera Software AS -> Opera Software)
Task: {301f8965-e4ae-4744-8a4b-33192acbb51d} - no filepath
Task: {33A0FADD-BB17-49D4-99B4-5229E3A0A4F7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {354E9E3B-C861-4333-BB1A-900FC253EEF3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {363e780d-5be2-4194-875f-76ee4e5a6c79} - no filepath
Task: {370059CC-13B8-4D86-8335-B97F10C8F389} - System32\Tasks\NahimicSvc32Run => C:\WINDOWS\SysWOW64\NahimicSvc32.exe [822704 2020-11-04] (A-Volute -> Nahimic)
Task: {38232CC6-BFE4-4886-9306-E71244898D51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-27] (Google Inc -> Google LLC)
Task: {3bb71775-0cb4-4539-b605-135d5ee03325} - no filepath
Task: {470D0E37-5950-432B-B344-3DDEF0D9D0FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-27] (Google Inc -> Google LLC)
Task: {5730c70a-6ec2-44c0-b62c-ff188d990c6d} - no filepath
Task: {58B9B65A-A251-4F0F-AF8E-F1D34202B4D0} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2331486850-4249055999-2076793073-1004 => C:\Users\Lem0th\AppData\Local\MEGAsync\MEGAupdater.exe [1818360 2021-01-28] (Mega Limited -> Mega Limited)
Task: {5ce387bf-dc0a-4cbb-b7f4-4dd795458def} - no filepath
Task: {5F162B60-2A00-4BC5-BABD-783F7FD10A95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6b898014-fd4a-4d4c-a5a3-b29773767e03} - no filepath
Task: {6ff8856b-af2c-4c24-9d7d-3031a3348ede} - no filepath
Task: {738695d2-4931-470f-b610-182cb72dd1c3} - no filepath
Task: {75902e42-c239-4c44-9134-8ae45933e238} - no filepath
Task: {8148F4B7-8A9C-4740-BA58-88B58F16C86B} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {841CF937-49BF-4544-A9B0-303A62294BEF} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {84298132-B677-46E7-873D-5ADD2F5691F6} - System32\Tasks\Alle Fenster minmieren => C:\Users\Lem0th\Documents\screensaver.vbs
Task: {85271E1F-AA3B-4934-9EBD-01D8C3F8C37E} - System32\Tasks\NahimicSvc64Run => C:\WINDOWS\System32\NahimicSvc64.exe [1066416 2020-11-04] (A-Volute -> Nahimic)
Task: {87C720E0-4209-48A2-8DF5-E4583F80EC39} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {88359139-948E-4E05-84E7-58BB653B8387} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Lem0th\Downloads\ESETOnlineScanner_DEU.exe
Task: {89767704-CF05-4A08-8CA2-B12F58431BCF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B088F00-A852-4172-8D88-A2804C0F64E1} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8d4de376-48e2-4c9e-8fe3-14a0550de8c7} - no filepath
Task: {8fad8e1e-46b0-4443-8930-e631802435b8} - no filepath
Task: {981ECBB1-5536-4B5E-804A-EF6102A5823A} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [756224 2021-02-18] (TODO: <Company name>) [File not signed]
Task: {9E7637BD-4851-4DA7-B656-D8C079B9B728} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [113376 2021-03-08] (ASUSTeK Computer Inc. -> ASUS)
Task: {A3FF3403-693A-41BD-AD0E-63707DA9C713} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {aaaa1e8c-715b-4fcc-9159-e4608715675f} - no filepath
Task: {AFB46D49-C509-4C89-8BC6-991FDFE449B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B11E4CF9-199C-47CE-AE3A-616371D739F8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {b3928b7b-3bb2-4fec-a52f-260c733e17b0} - no filepath
Task: {b3cec726-1abf-4308-b869-1d0a1e523858} - no filepath
Task: {B59B6357-7C8E-4B0B-8994-0CD46FF3EE46} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [45557560 2021-02-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {C5460D46-B1A2-4718-A2C4-D7C661262264} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {C960D680-97CC-4C39-B61A-BA08A0491EA3} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1618579602 => C:\Users\Lem0th\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-04-19] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Lem0th\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {C9E56682-6E62-4FBC-A59A-8489CC3AAEF5} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [2120032 2021-03-08] (ASUSTeK Computer Inc. -> ASUS)
Task: {CF513470-94D9-4003-9843-893AF510E726} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1652536 2018-11-05] (Intel(R) Software -> Intel Corporation)
Task: {D4EC6155-3012-46D7-9586-1B8B760AB69C} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {d978b4b9-45d7-4183-9f25-00e0d2630123} - no filepath
Task: {E9196031-4932-415A-BE51-067CA6CD6F7D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {e9c83afe-6b4d-4919-8a2a-cf14ee9e693c} - no filepath
Task: {ecac6b6e-a228-4f90-a467-260e334dc475} - no filepath
Task: {EE033EC3-45C4-4227-AA6D-5E7D46DE6273} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
Task: {f0c223f9-6302-4d9f-a79a-4ed32ab5e219} - no filepath
Task: {fc7448f3-8afa-4b55-ba65-02e8cc565765} - no filepath

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{035a39fa-271c-433c-b0d1-1424d18b82c7}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{035a39fa-271c-433c-b0d1-1424d18b82c7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{127dd634-8b90-4b9b-b0c4-7183103b83dc}: [NameServer] 192.168.178.34,1.0.0.1
Tcpip\..\Interfaces\{127dd634-8b90-4b9b-b0c4-7183103b83dc}: [DhcpNameServer] 192.168.178.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lem0th\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-22]
Edge Notifications: Default -> hxxps://192.168.178.34
Edge Extension: (uBlock Origin) - C:\Users\Lem0th\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-03-24]
StartMenuInternet: Microsoft Edge Beta - C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe

FireFox:
========
FF DefaultProfile: urpz1bnq.default
FF ProfilePath: C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\urpz1bnq.default [2020-05-09]
FF ProfilePath: C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release [2021-04-25]
FF NewTab: Mozilla\Firefox\Profiles\40a0sgm9.default-release -> hxxps://defaultsearch.co/homepage?hp=1&pId=AC191101&iDate=2020-05-09 10:03:19&bName=&bitmask=0600
FF Notifications: Mozilla\Firefox\Profiles\40a0sgm9.default-release -> hxxps://www2a.rudyvalencia.pro; hxxps://www2a.delmarmora.pro; hxxps://192.168.178.34
FF Extension: (English United States Dictionary) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\@unitedstatesenglishdictionary.xpi [2020-10-12]
FF Extension: (Tampermonkey) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\firefox@tampermonkey.net.xpi [2021-03-18]
FF Extension: (Honey) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2020-10-28]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\langpack-de@firefox.mozilla.org.xpi [2021-04-20]
FF Extension: (English (US) Language Pack) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2021-04-20]
FF Extension: (uBlock Origin) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-04-23]
FF Extension: (Picture-In-Picture) - C:\Program Files\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi [2021-04-19] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default [2021-04-22]
CHR Extension: (Präsentationen) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-27]
CHR Extension: (Docs) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-27]
CHR Extension: (Google Drive) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-07]
CHR Extension: (YouTube) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-27]
CHR Extension: (Tabellen) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-18]
CHR Extension: (Google Mail) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-22]

Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004) Opera GXStable - "C:\Users\Lem0th\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [348280 2021-03-22] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe [442416 2021-03-12] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [313008 2020-11-19] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [590360 2021-04-05] (ASUSTeK Computer Inc. -> )
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [1097976 2021-04-25] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2021-03-11] (BattlEye Innovations e.K. -> )
S2 CdRomAccessAgentService; C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe [90112 2021-04-22] (Leawo Software) [File not signed]
S2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2021-04-21] (GuinpinSoft inc) [File not signed]
S2 CorsairGamingAudioConfig; C:\WINDOWS\system32\CorsairGamingAudioCfgService64.exe [616344 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421536 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [80544 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2021-01-18] (FUTUREMARK INC -> Futuremark)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1874272 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6840672 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3210232 2021-03-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-07] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\90.0.818.46\elevation_service.exe [1567648 2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [2719664 2020-11-04] (A-Volute -> Nahimic)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2535000 2021-03-30] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479640 2021-03-30] (Electronic Arts, Inc. -> Electronic Arts)
S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2020-08-29] (Even Balance, Inc. -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13688656 2021-03-24] (Adlice -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1676696 2021-03-27] (Rockstar Games, Inc. -> Rockstar Games)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [5557848 2021-03-24] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13103632 2020-09-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746944 2021-01-07] (Oracle Corporation -> Oracle Corporation)
S2 Wallpaper Engine Service; E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [520296 2021-02-21] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-04-14] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\WINDOWS\system32\drivers\AsIO3.sys [43920 2020-12-16] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 cbfsconnect2017; C:\WINDOWS\system32\drivers\cbfsconnect2017.sys [481296 2020-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudio64.sys [60312 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 cpuz149; C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [44320 2021-04-24] (CPUID S.A.R.L.U. -> CPUID)
R3 cpuz150; C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [44832 2021-04-25] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [35344 2021-03-24] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-16] (Malwarebytes Inc -> Malwarebytes)
R3 MpKslbef5e5f1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDDC34A1-254C-4241-B110-F7C7F9421AC9}\MpKslDrv.sys [47336 2021-04-25] (Microsoft Windows -> Microsoft Corporation)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-04-25] (Adlice -> )
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239872 2021-01-07] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249776 2021-01-07] (Oracle Corporation -> Oracle Corporation)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20496 2020-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
U5 vsock; C:\Windows\System32\Drivers\vsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Lem0th\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 SaferVPNNetfilter2; system32\drivers\SaferVPNNetfilter2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-25 14:42 - 2021-04-25 14:42 - 000001974 _____ C:\Users\Lem0th\Desktop\scan.txt
2021-04-25 14:33 - 2021-04-25 14:38 - 000000000 ____D C:\ProgramData\RogueKiller
2021-04-25 14:33 - 2021-04-25 14:33 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-04-25 14:33 - 2021-04-25 14:33 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-04-25 14:33 - 2021-04-25 14:33 - 000000899 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2021-04-25 14:33 - 2021-04-25 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-04-25 14:33 - 2021-04-25 14:33 - 000000000 ____D C:\Program Files\RogueKiller
2021-04-25 14:32 - 2021-04-25 14:32 - 040488656 _____ (Adlice Software ) C:\Users\Lem0th\Downloads\RogueKiller_setup.exe
2021-04-25 14:30 - 2021-04-25 14:31 - 000000000 ____D C:\AdwCleaner
2021-04-25 14:30 - 2021-04-25 14:30 - 008534696 _____ (Malwarebytes) C:\Users\Lem0th\Desktop\adwcleaner_8.2.exe
2021-04-25 12:14 - 2021-04-25 14:44 - 000035222 _____ C:\Users\Lem0th\Desktop\FRST.txt
2021-04-25 11:48 - 2021-04-25 14:43 - 000000000 ____D C:\FRST
2021-04-25 11:48 - 2021-04-25 11:48 - 002298368 _____ (Farbar) C:\Users\Lem0th\Desktop\FRST64.exe
2021-04-25 11:43 - 2021-04-25 13:47 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\IGDump
2021-04-25 09:32 - 2021-04-25 09:32 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-24 22:59 - 2021-04-24 22:59 - 000001258 _____ C:\Users\Public\Desktop\Leawo Prof. Media.lnk
2021-04-24 22:59 - 2021-04-24 22:59 - 000001258 _____ C:\ProgramData\Desktop\Leawo Prof. Media.lnk
2021-04-24 22:59 - 2020-08-12 09:43 - 000606208 _____ (hxxp://www.xvid.org) C:\WINDOWS\SysWOW64\xvidcore.dll
2021-04-24 22:59 - 2020-08-12 09:43 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2021-04-24 22:59 - 2020-08-12 09:43 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2021-04-24 22:59 - 2020-08-12 09:43 - 000139264 _____ (hxxp://www.xvid.org) C:\WINDOWS\SysWOW64\xvid.ax
2021-04-24 21:57 - 2021-04-24 21:57 - 000278775 _____ C:\Users\Lem0th\Downloads\OldNewExplorer.rar
2021-04-24 21:57 - 2021-04-24 21:57 - 000000000 ____D C:\Users\Lem0th\Downloads\OldNewExplorer
2021-04-24 21:40 - 2021-04-24 21:40 - 004105063 _____ C:\Users\Lem0th\Downloads\nemo_by_kdr3w_dc8k7b7.zip
2021-04-24 21:17 - 2021-04-24 21:17 - 000162448 _____ (Manuel Hoefs (Zottel)) C:\Users\Lem0th\Downloads\UltraUXThemePatcher_4.1.2.exe
2021-04-24 15:25 - 2021-04-24 15:25 - 000000000 ____D C:\Users\Lem0th\AppData\Local\SmartTechnology
2021-04-24 15:23 - 2021-04-24 15:25 - 000000000 ____D C:\Users\Public\Documents\Mad Catz
2021-04-24 15:23 - 2021-04-24 15:23 - 000003065 _____ C:\Users\Lem0th\Desktop\MADCATZ R.A.T. 6+.lnk
2021-04-24 15:23 - 2021-04-24 15:23 - 000000000 ____D C:\Program Files\Mad Catz
2021-04-24 15:20 - 2021-04-24 15:22 - 015992319 _____ (Igor Pavlov) C:\Users\Lem0th\Downloads\RAT_6+_x64.exe
2021-04-23 18:07 - 2021-04-23 18:07 - 000000000 ____D C:\ProgramData\aacs
2021-04-23 18:01 - 2021-04-25 13:15 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\dvdcss
2021-04-23 17:45 - 2021-04-23 17:45 - 000046592 _____ C:\Users\Lem0th\Downloads\libdvdcss-2.dll
2021-04-23 17:45 - 2021-04-23 17:45 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\HandBrake
2021-04-23 17:41 - 2021-04-23 17:41 - 013534240 _____ C:\Users\Lem0th\Downloads\HandBrake-1.3.3-x86_64-Win_GUI.exe
2021-04-23 16:04 - 2021-04-23 16:04 - 001421296 _____ C:\Users\Lem0th\Downloads\drive-download-20210423T140444Z-001.zip
2021-04-22 16:56 - 2021-04-22 16:56 - 000050997 _____ C:\Users\Lem0th\Downloads\Unbenanntes Dokument.pdf
2021-04-22 16:45 - 2021-04-22 16:45 - 000088171 _____ C:\Users\Lem0th\Downloads\Aufgaben_Das Arbeitslosengeld_ea8def65b062ba3a4080908b29bb024c.pdf
2021-04-22 14:09 - 2021-04-22 14:10 - 000000000 ____D C:\Users\Lem0th\.dvdcss
2021-04-22 14:07 - 2021-04-22 14:07 - 000000000 ____D C:\Users\Lem0th\Downloads\Leawo Prof. Media 8.3.0.3
2021-04-22 13:53 - 2021-04-22 13:53 - 000094720 _____ C:\Users\Lem0th\Downloads\M65Elite_ISPv3.37.5.bin
2021-04-22 13:42 - 2021-04-22 13:42 - 000000000 ____D C:\Users\Lem0th\vm
2021-04-22 13:19 - 2021-04-22 13:28 - 140258448 _____ C:\Users\Lem0th\Downloads\Leawo Prof. Media 8.3.0.3.rar
2021-04-22 12:57 - 2021-04-22 13:03 - 132984680 _____ (Leawo Software Co., Ltd. ) C:\Users\Lem0th\Downloads\ltmcp_setup.exe
2021-04-22 12:42 - 2021-04-22 12:42 - 003374756 _____ C:\Users\Lem0th\Downloads\9 alte Prüfungsaufgaben allg(1).pdf
2021-04-22 12:28 - 2021-04-22 12:28 - 001614874 _____ C:\Users\Lem0th\Downloads\8 alte Prüfungsaufgabe(1).pdf
2021-04-22 12:14 - 2021-04-22 12:14 - 003335780 _____ C:\Users\Lem0th\Downloads\9 alte Prüfungsaufgaben allg.pdf
2021-04-22 12:10 - 2021-04-22 12:10 - 001591280 _____ C:\Users\Lem0th\Downloads\8 alte Prüfungsaufgabe.pdf
2021-04-22 09:05 - 2021-04-22 09:05 - 000001292 _____ C:\Users\Public\Desktop\Leawo Blu-ray Player.lnk
2021-04-22 09:05 - 2021-04-22 09:05 - 000001292 _____ C:\ProgramData\Desktop\Leawo Blu-ray Player.lnk
2021-04-22 09:05 - 2021-04-22 09:05 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Leawo
2021-04-22 09:04 - 2021-04-22 09:05 - 107116800 _____ (Leawo Software Co., Ltd. ) C:\Users\Lem0th\Downloads\blurayplayer2201_setup.exe
2021-04-22 08:56 - 2021-04-22 08:56 - 000000000 ___HD C:\$Windows.~WS
2021-04-22 08:56 - 2021-04-22 08:56 - 000000000 ____D C:\$WINDOWS.~BT
2021-04-22 08:52 - 2021-04-24 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
2021-04-22 08:52 - 2021-04-22 09:05 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Leawo
2021-04-22 08:52 - 2021-04-22 09:05 - 000000000 ____D C:\ProgramData\Leawo
2021-04-22 08:52 - 2021-04-22 09:05 - 000000000 ____D C:\Program Files (x86)\Leawo
2021-04-22 08:52 - 2021-04-22 08:52 - 000000000 ____D C:\Users\Lem0th\Documents\Leawo
2021-04-22 08:52 - 2021-04-22 08:52 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\tiger-k
2021-04-22 08:52 - 2021-04-22 08:52 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Leawo Prof
2021-04-22 08:52 - 2020-08-12 09:43 - 000066944 _____ (TOSHIBA Corporation) C:\WINDOWS\SysWOW64\thdudf.sys
2021-04-22 08:52 - 2020-08-12 09:43 - 000066944 _____ (TOSHIBA Corporation) C:\WINDOWS\SysWOW64\Drivers\thdudf.sys
2021-04-22 08:47 - 2021-04-22 08:51 - 132984680 _____ (Leawo Software Co., Ltd. ) C:\Users\Lem0th\Downloads\ltmcp_setup_g108568.exe
2021-04-22 08:33 - 2021-04-22 08:33 - 007783723 _____ C:\Users\Lem0th\Downloads\twindexx_rrx_repaint_1.1.zip
2021-04-21 23:05 - 2021-04-22 08:45 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\aacs
2021-04-21 23:05 - 2021-04-21 23:05 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\bluray
2021-04-21 23:04 - 2021-04-21 23:05 - 001235968 _____ C:\Users\Lem0th\Downloads\libaacs.dll
2021-04-21 23:02 - 2021-04-25 13:16 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\vlc
2021-04-21 22:59 - 2021-04-21 22:59 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-04-21 22:59 - 2021-04-21 22:59 - 000000916 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-04-21 22:59 - 2021-04-21 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-21 22:56 - 2021-04-21 22:56 - 042585440 _____ C:\Users\Lem0th\Downloads\vlc-3.0.12-win64.exe
2021-04-21 22:55 - 2021-04-21 22:55 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Macromedia
2021-04-21 19:15 - 2021-04-21 19:15 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\4316
2021-04-21 19:07 - 2021-04-22 16:28 - 000000000 ____D C:\Users\Lem0th\.MakeMKV
2021-04-21 19:07 - 2021-04-21 19:07 - 000001064 _____ C:\Users\Lem0th\Desktop\MakeMKV.lnk
2021-04-21 19:07 - 2021-04-21 19:07 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2021-04-21 19:07 - 2021-04-21 19:07 - 000000000 ____D C:\Program Files\Common Files\cdarbsvc
2021-04-21 19:07 - 2021-04-21 19:07 - 000000000 ____D C:\Program Files (x86)\MakeMKV
2021-04-21 19:06 - 2021-04-21 19:06 - 014233787 _____ (GuinpinSoft inc) C:\Users\Lem0th\Downloads\Setup_MakeMKV_v1.16.3.exe
2021-04-21 19:00 - 2021-04-21 19:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\AnyMP4 Studio
2021-04-21 19:00 - 2021-04-21 19:00 - 000000000 ____D C:\Users\Lem0th\AppData\Local\AnyMP4 Studio
2021-04-21 18:59 - 2021-04-21 18:59 - 001933496 _____ ( ) C:\Users\Lem0th\Downloads\screen-recorder.exe
2021-04-21 18:58 - 2021-04-22 11:28 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\DVDFab
2021-04-21 18:58 - 2021-04-21 18:58 - 000000171 _____ C:\Users\Lem0th\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2021-04-21 18:58 - 2021-04-21 18:58 - 000000000 ____D C:\Users\Lem0th\Downloads\DVDFab
2021-04-21 18:58 - 2021-04-21 18:58 - 000000000 ____D C:\Program Files\DVDFab
2021-04-21 18:57 - 2021-04-21 18:57 - 006131784 _____ (DVDFab 12) C:\Users\Lem0th\Downloads\dvdfab12_online_12026_64021c03.exe
2021-04-21 18:57 - 2021-04-21 18:57 - 000000000 ____D C:\Users\Lem0th\Documents\DVDFab
2021-04-20 16:00 - 2021-04-20 16:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-19 17:04 - 2021-04-21 16:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-18 21:09 - 2021-04-18 21:09 - 003038248 _____ (crosire) C:\Users\Lem0th\Downloads\ReShade_Setup_4.9.1.exe
2021-04-18 12:34 - 2021-04-18 19:36 - 000000000 ____D C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-001
2021-04-18 12:08 - 2021-04-18 12:34 - 001520203 _____ C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-002.zip
2021-04-18 12:08 - 2021-04-18 12:17 - 1132857394 _____ C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-003.zip
2021-04-18 12:07 - 2021-04-18 12:33 - 4282062453 _____ C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-001.zip
2021-04-17 23:17 - 2021-04-17 23:17 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\SKS
2021-04-17 21:09 - 2021-04-18 18:53 - 000693180 _____ C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithoutExif.txt
2021-04-17 20:39 - 2021-04-17 20:39 - 000000113 _____ C:\Users\Lem0th\Desktop\remove files with 120x120 pixels.txt
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithExif.txt
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ C:\Users\Lem0th\AppData\Roaming\GlobalStrData.txt
2021-04-17 16:47 - 2021-04-17 16:47 - 000000733 _____ C:\Users\Lem0th\Downloads\Downloads - Shortcut.lnk
2021-04-17 15:06 - 2021-04-17 15:06 - 000231542 _____ C:\Users\Lem0th\Downloads\überweisung.pdf
2021-04-17 10:01 - 2021-04-17 10:12 - 000000000 ____D C:\nextcloudnew
2021-04-16 19:35 - 2021-04-16 19:35 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-16 17:37 - 2021-04-16 17:37 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\by Mike Baker at Rediscovering Photography
2021-04-16 17:36 - 2021-04-18 18:53 - 000000574 _____ C:\Users\Lem0th\AppData\Roaming\ExtensionCount.csv
2021-04-16 17:34 - 2021-04-18 18:53 - 000000147 _____ C:\Users\Lem0th\AppData\Roaming\PhotoMoveOutput.txt
2021-04-16 17:32 - 2021-04-16 17:42 - 000000000 ____D C:\sort
2021-04-16 17:31 - 2021-04-16 17:31 - 000000000 ____D C:\Users\Lem0th\AppData\Local\by_Mike_Baker_at_Rediscov
2021-04-16 17:31 - 2021-04-16 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoMove 2
2021-04-16 17:31 - 2021-04-16 17:31 - 000000000 ____D C:\Program Files (x86)\PhotoMove 2
2021-04-16 17:29 - 2021-04-25 09:32 - 000000000 ___SD C:\Users\Lem0th\Nextcloud
2021-04-16 17:28 - 2021-04-25 02:44 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Nextcloud
2021-04-16 17:28 - 2021-04-16 17:29 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Nextcloud
2021-04-16 17:28 - 2021-04-16 17:28 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nextcloud.lnk
2021-04-16 17:28 - 2021-04-16 17:28 - 000001912 _____ C:\Users\Public\Desktop\Nextcloud.lnk
2021-04-16 17:28 - 2021-04-16 17:28 - 000001912 _____ C:\ProgramData\Desktop\Nextcloud.lnk
2021-04-16 17:28 - 2021-04-16 17:28 - 000000000 ____D C:\Program Files\Nextcloud
2021-04-16 17:26 - 2021-04-16 17:26 - 007492830 _____ (Mike Baker @ Rediscovering Photography ) C:\Users\Lem0th\Downloads\PhotoMoveSetup.exe
2021-04-16 17:16 - 2021-04-16 17:16 - 088702976 _____ C:\Users\Lem0th\Downloads\Nextcloud-3.2.0-x64.msi
2021-04-16 17:00 - 2021-04-16 17:00 - 000000000 ____D C:\Users\Lem0th\Documents\mk_twindexx_445_1_04_09
2021-04-16 16:44 - 2021-04-16 16:44 - 000000000 ____D C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Triebwagen_dabpbzfa+dabpzfa_21_04_03
2021-04-16 16:42 - 2021-04-16 16:42 - 000000000 ____D C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03(1)
2021-04-16 16:41 - 2021-04-16 16:41 - 081812262 _____ C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Triebwagen_dabpbzfa+dabpzfa_21_04_03.zip
2021-04-16 16:41 - 2021-04-16 16:41 - 037942846 _____ C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03(1).zip
2021-04-16 16:39 - 2021-04-16 16:39 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-16 16:38 - 2021-04-16 16:38 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-16 16:38 - 2021-04-16 16:38 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-16 15:26 - 2021-04-16 15:26 - 000004488 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled assistant Autoupdate 1618579602
2021-04-15 20:56 - 2021-04-15 20:56 - 000162336 _____ C:\Users\Lem0th\Downloads\EPSON002.pdf
2021-04-15 20:29 - 2021-04-15 20:30 - 185762015 _____ C:\Users\Lem0th\Downloads\modwerkstatt_mwagen_1.zip
2021-04-15 15:59 - 2021-04-15 15:59 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\DefaultCompany
2021-04-14 19:31 - 2021-04-20 16:04 - 000004226 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1618421482
2021-04-14 19:31 - 2021-04-20 16:04 - 000001441 _____ C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser .lnk
2021-04-14 19:31 - 2021-04-14 19:31 - 000001445 _____ C:\Users\Lem0th\Desktop\Opera GX Browser .lnk
2021-04-14 19:30 - 2021-04-14 19:30 - 003749584 _____ (Opera Software) C:\Users\Lem0th\Downloads\OperaGXSetup.exe
2021-04-11 21:41 - 2021-04-11 21:41 - 000000000 ____D C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03
2021-04-11 02:31 - 2021-04-11 02:31 - 037942846 _____ C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03.zip
2021-04-11 02:24 - 2021-04-11 02:24 - 000947379 _____ C:\Users\Lem0th\Downloads\compressjpeg(1).zip
2021-04-11 02:22 - 2021-04-11 02:22 - 001054111 _____ C:\Users\Lem0th\Downloads\compressjpeg.zip
2021-04-10 20:31 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2021-04-10 20:30 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-04-10 20:26 - 2021-04-10 20:26 - 000000000 ____D C:\Users\Lem0th\.cache
2021-04-10 20:26 - 2021-04-10 15:24 - 268842274 _____ C:\Users\Lem0th\Downloads\DAS DEUTSCHE SCHLAGER HIT ALBUM 2021..DJ.R.R.S.mp4
2021-04-10 20:22 - 2021-04-10 20:22 - 008166801 _____ C:\Users\Lem0th\Downloads\youtube-dl.exe
2021-04-10 02:12 - 2021-04-10 02:12 - 000011168 _____ C:\Users\Lem0th\Documents\stdout.txt
2021-04-09 20:32 - 2021-04-09 20:32 - 000000000 ____D C:\Users\Lem0th\Downloads\Aloy Explicit Outfits-53-1-6-1615533351
2021-04-09 14:09 - 2021-04-09 14:09 - 000457185 _____ C:\Users\Lem0th\Downloads\FLT_2_KGL3ES16128_0.pdf
2021-04-09 03:18 - 2021-04-09 20:48 - 000000000 ____D C:\Users\Lem0th\Documents\Horizon Zero Dawn
2021-04-09 03:18 - 2021-04-09 03:20 - 149226206 _____ C:\Users\Lem0th\Downloads\Aloy Explicit Outfits-53-1-6-1615533351.7z
2021-04-09 00:02 - 2021-04-09 00:02 - 000457287 _____ C:\Users\Lem0th\Downloads\FLT_4_M4Z81D5246_0.pdf
2021-04-08 00:15 - 2021-04-08 00:23 - 1350631094 _____ C:\Users\Lem0th\Downloads\sc3015-NFSU2M13ELA.rar
2021-04-07 22:04 - 2021-04-07 22:05 - 026724770 _____ (The qBittorrent project) C:\Users\Lem0th\Downloads\qbittorrent_4.3.4.1_x64_setup.exe
2021-04-07 21:45 - 2021-04-07 21:55 - 1595082050 _____ C:\Users\Lem0th\Downloads\ISO.zip
2021-04-05 18:45 - 2021-04-05 18:45 - 006118306 _____ C:\Users\Lem0th\Downloads\CryENB V3.7z
2021-04-05 18:45 - 2021-04-05 18:45 - 000000000 ____D C:\Users\Lem0th\Documents\MEGAsync Downloads
2021-04-05 14:41 - 2021-04-05 14:41 - 000000000 ____D C:\Users\Lem0th\AppData\Local\ASUS
2021-04-05 14:39 - 2021-04-05 14:41 - 000000000 ____D C:\Users\Lem0th\AppData\Local\AcSdkInsLog
2021-04-05 14:39 - 2021-04-05 14:39 - 000000000 ____D C:\Program Files\PHISON
2021-04-05 14:39 - 2021-04-05 14:39 - 000000000 ____D C:\Program Files\PD
2021-04-05 14:39 - 2021-04-05 14:39 - 000000000 ____D C:\Program Files\Patriot
2021-04-05 14:39 - 2021-02-02 15:56 - 000151608 _____ (©ASUSTeK Computer Inc.) C:\WINDOWS\system32\AsIO3.dll
2021-04-05 14:39 - 2021-02-02 15:56 - 000123744 _____ (©ASUSTeK Computer Inc.) C:\WINDOWS\SysWOW64\AsIO3.dll
2021-04-05 14:39 - 2020-12-16 14:46 - 000043920 _____ C:\WINDOWS\system32\Drivers\AsIO3.sys
2021-04-05 14:39 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\WINDOWS\system32\Drivers\MsIo64.sys
2021-04-05 14:39 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\WINDOWS\system32\Drivers\MsIo64.old
2021-04-05 00:20 - 2021-04-23 16:25 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk
2021-04-05 00:17 - 2021-04-05 14:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2021-04-05 00:13 - 2021-04-05 00:13 - 001348212 _____ C:\Users\Lem0th\Downloads\SetupROGLSLService.zip
2021-04-04 18:03 - 2021-04-04 18:03 - 081056014 _____ C:\Users\Lem0th\Downloads\volvofhcmi_20.12.20_Ty.zip
2021-04-04 17:00 - 2021-04-04 17:00 - 000000000 ____D C:\ProgramData\UNITE Team
2021-04-04 14:42 - 2021-04-04 14:43 - 064221968 _____ (Steganos Software GmbH) C:\Users\Lem0th\Downloads\sss21lmv2.exe
2021-04-03 13:59 - 2021-04-03 13:59 - 006891571 _____ C:\Users\Lem0th\Downloads\eis_os_commonapi2_1_20210310-dev(1).zip
2021-04-03 00:02 - 2021-04-03 18:13 - 000000000 ____D C:\Users\Lem0th\Documents\Need For Speed
2021-04-03 00:01 - 2021-04-03 00:01 - 000667460 _____ C:\Users\Lem0th\Downloads\R34 LED v2-16-1-0-1549247967.rar
2021-04-02 23:47 - 2021-04-02 23:51 - 1617651254 _____ (UNITE Team) C:\Users\Lem0th\Downloads\PROJECT UNITE 2015 Installer (1.2.3).exe
2021-04-02 23:43 - 2021-04-03 17:43 - 000000000 ____D C:\Users\Lem0th\Downloads\FrostyModManager_v1.0.5.9
2021-04-02 23:42 - 2021-04-02 23:42 - 032196225 _____ C:\Users\Lem0th\Downloads\FrostyModManager_v1.0.5.9.rar
2021-04-02 23:38 - 2021-04-02 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™
2021-04-02 22:15 - 2021-04-02 22:16 - 000000000 ____D C:\Users\Lem0th\Downloads\promods-v252
2021-04-02 19:44 - 2021-03-26 11:17 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-02 19:44 - 2021-03-26 11:17 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-02 19:44 - 2021-03-26 11:17 - 001452312 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-02 19:44 - 2021-03-26 11:17 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-02 19:44 - 2021-03-26 11:17 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-02 19:44 - 2021-03-26 11:17 - 001191696 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-02 19:44 - 2021-03-26 11:17 - 001094864 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-02 19:44 - 2021-03-26 11:17 - 001094864 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-02 19:44 - 2021-03-26 11:17 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-02 19:44 - 2021-03-26 11:17 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-02 19:44 - 2021-03-26 11:15 - 000715568 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-04-02 19:44 - 2021-03-26 11:15 - 000575760 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001730864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6446589.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001590064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001514288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001490224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6446589.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001166128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 000675120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 000563992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-04-02 19:44 - 2021-03-26 11:13 - 008316192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-04-02 19:44 - 2021-03-26 11:13 - 007433496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-04-02 19:44 - 2021-03-26 11:13 - 004795160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-04-02 19:44 - 2021-03-26 11:13 - 002823440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-04-02 17:44 - 2021-04-02 18:01 - 520031423 _____ C:\Users\Lem0th\Downloads\Microsoft Windows 98 First Edition.7z
2021-04-02 17:18 - 2021-04-02 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2021-04-02 17:15 - 2021-04-02 17:16 - 128980992 _____ C:\Users\Lem0th\Downloads\archiveteam-warrior-v3.2-20210306.ova
2021-04-02 17:15 - 2021-04-02 17:16 - 108257728 _____ (Oracle Corporation) C:\Users\Lem0th\Downloads\VirtualBox-6.1.18-142142-Win.exe
2021-03-28 15:58 - 2021-03-28 15:58 - 000000000 ____D C:\Program Files (x86)\ENE
2021-03-28 15:57 - 2021-03-28 15:57 - 003657432 _____ C:\Users\Lem0th\Downloads\G.SKILL-Trident-Z-Lighting-Control-v1.00.22.zip
2021-03-28 15:51 - 2021-03-28 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2021-03-27 10:34 - 2021-04-16 17:58 - 000000000 ___RD C:\Users\Lem0th\Documents\MEGAsync
2021-03-27 10:33 - 2021-03-27 10:34 - 000000022 _____ C:\Users\Lem0th\Downloads\MEGA-RECOVERYKEY.txt
2021-03-27 10:31 - 2021-03-27 10:31 - 034856824 _____ (MEGA Limited) C:\Users\Lem0th\Downloads\MEGAsyncSetup64.exe
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\MEGA
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\Users\Lem0th\AppData\Local\MEGAsync
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Mega Limited
2021-03-26 20:26 - 2021-03-26 20:27 - 015616404 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.008
2021-03-26 20:11 - 2021-03-26 20:25 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.006
2021-03-26 20:10 - 2021-03-26 20:24 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.007
2021-03-26 19:48 - 2021-03-26 20:03 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.005
2021-03-26 19:48 - 2021-03-26 20:03 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.004
2021-03-26 19:11 - 2021-03-26 19:27 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.003
2021-03-26 18:56 - 2021-03-26 19:12 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.002
2021-03-26 18:56 - 2021-03-26 19:11 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.001
2021-03-26 18:55 - 2021-03-26 18:55 - 003419427 _____ C:\Users\Lem0th\Downloads\promods-def-st-v252.scs

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-25 14:44 - 2019-08-03 12:37 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Discord
2021-04-25 14:44 - 2019-08-03 12:37 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Discord
2021-04-25 14:42 - 2019-08-03 12:35 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\Mozilla
2021-04-25 14:42 - 2019-04-11 22:29 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-25 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-25 14:31 - 2019-05-04 15:34 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-25 14:15 - 2019-08-03 12:35 - 000000000 ____D C:\Users\Lem0th\Documents\Euro Truck Simulator 2
2021-04-25 13:55 - 2019-04-11 22:33 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-25 10:19 - 2019-08-03 13:37 - 000000000 ____D C:\Users\Lem0th\AppData\Local\CrashDumps
2021-04-25 09:39 - 2020-06-02 16:06 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-25 09:39 - 2019-12-07 16:51 - 000743714 _____ C:\WINDOWS\system32\perfh007.dat
2021-04-25 09:39 - 2019-12-07 16:51 - 000150136 _____ C:\WINDOWS\system32\perfc007.dat
2021-04-25 09:39 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-25 09:32 - 2020-08-05 20:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-25 09:32 - 2020-06-02 16:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-25 09:32 - 2019-04-12 04:10 - 001136008 _____ C:\WINDOWS\system32\wpbbin.exe
2021-04-25 09:32 - 2019-04-12 04:10 - 001097976 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2021-04-25 02:45 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-25 01:22 - 2020-06-02 15:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-24 21:25 - 2020-06-02 17:04 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-04-24 21:25 - 2019-12-12 18:02 - 000236472 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-04-24 21:25 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-24 21:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-24 21:25 - 2019-11-13 20:51 - 000038328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-04-24 21:25 - 2019-08-08 18:05 - 001695184 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-04-24 21:25 - 2019-08-08 18:05 - 000176592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-04-24 21:25 - 2019-08-08 18:05 - 000159672 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-04-24 21:18 - 2021-01-16 12:27 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2021-04-24 21:18 - 2019-12-07 11:09 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll
2021-04-24 11:38 - 2019-04-15 19:10 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2021-04-24 11:37 - 2019-04-15 19:09 - 000000000 ____D C:\Program Files (x86)\Notepad++
2021-04-24 11:14 - 2020-01-29 18:17 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-23 17:13 - 2019-08-03 12:33 - 000000000 ____D C:\Users\Lem0th\Documents\my games
2021-04-23 16:38 - 2019-08-14 22:33 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-04-23 16:27 - 2021-02-22 17:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-22 14:10 - 2019-12-24 01:29 - 000000000 ____D C:\Users\Lem0th\.VirtualBox
2021-04-22 14:09 - 2020-06-02 15:58 - 000000000 ____D C:\Users\Lem0th
2021-04-22 13:26 - 2019-05-11 10:56 - 000000000 ____D C:\ProgramData\VirtualBox
2021-04-22 09:16 - 2021-02-26 16:39 - 000000000 ____D C:\WINDOWS\Panther
2021-04-22 09:16 - 2019-11-17 13:10 - 000000000 ____D C:\ESD
2021-04-21 22:59 - 2019-10-20 14:51 - 000000000 ____D C:\Program Files\VideoLAN
2021-04-21 18:58 - 2019-05-04 14:57 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-04-21 16:01 - 2019-04-11 22:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-20 21:20 - 2019-10-27 11:46 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-20 21:09 - 2020-06-02 16:02 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 21:09 - 2020-06-02 16:02 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 16:00 - 2019-04-11 22:30 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-20 15:59 - 2020-06-08 07:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-19 17:20 - 2019-08-03 12:39 - 000000000 ____D C:\Users\Lem0th\AppData\Local\D3DSCache
2021-04-19 13:26 - 2021-01-23 17:40 - 000000000 ____D C:\Users\Lem0th\Documents\MAXON
2021-04-19 13:02 - 2020-02-16 00:42 - 000000000 ____D C:\Users\Lem0th\Documents\GTA Vice City User Files
2021-04-19 05:02 - 2020-06-02 15:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-04-19 05:02 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-19 05:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-19 05:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-17 21:16 - 2019-04-19 03:03 - 000000000 ____D C:\ProgramData\TruckersMP
2021-04-17 16:16 - 2019-08-24 11:55 - 000000000 ____D C:\Users\Lem0th\AppData\Local\ElevatedDiagnostics
2021-04-17 13:17 - 2019-08-03 12:29 - 000000000 ____D C:\Users\Lem0th\AppData\Local\PlaceholderTileLogoFolder
2021-04-17 13:17 - 2019-08-03 12:28 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Packages
2021-04-16 21:17 - 2021-03-01 23:10 - 000000000 ____D C:\Users\Lem0th\AppData\Local\RuneLite
2021-04-16 21:17 - 2019-11-14 18:03 - 000000045 _____ C:\Users\Lem0th\jagex_cl_oldschool_LIVE.dat
2021-04-16 17:28 - 2019-08-03 12:28 - 000000000 ____D C:\Users\Lem0th\AppData\Local\NVIDIA
2021-04-16 16:40 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-16 16:34 - 2019-04-11 22:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-16 16:32 - 2019-04-11 22:31 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-14 19:31 - 2020-04-26 17:27 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Opera Software
2021-04-14 19:30 - 2020-04-26 17:27 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Opera Software
2021-04-13 16:20 - 2020-06-02 16:02 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-13 16:20 - 2020-06-02 16:02 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-12 21:20 - 2019-08-04 18:43 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Ubisoft Game Launcher
2021-04-11 16:50 - 2019-04-18 22:56 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-04-11 16:48 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-11 02:52 - 2019-04-12 04:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-11 00:46 - 2021-02-07 00:52 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-08 20:08 - 2020-03-02 22:17 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Battle.net
2021-04-08 03:54 - 2020-06-02 15:56 - 000640712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-08 03:53 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-07 23:24 - 2021-02-05 17:28 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\qBittorrent
2021-04-07 15:57 - 2020-06-02 15:56 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-07 15:08 - 2019-04-12 02:37 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-07 15:08 - 2019-04-12 02:37 - 000000000 ____D C:\Program Files\ENE
2021-04-05 15:28 - 2019-04-11 22:22 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-04-05 15:27 - 2019-04-12 04:10 - 000000000 ____D C:\ProgramData\ASUS
2021-04-05 15:27 - 2019-04-12 02:37 - 000000000 ____D C:\Program Files\ASUS
2021-04-05 15:27 - 2019-04-12 02:37 - 000000000 ____D C:\Program Files (x86)\LightingService
2021-04-05 15:21 - 2019-04-12 02:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-04-05 15:21 - 2019-04-12 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2021-04-05 14:42 - 2019-04-11 22:33 - 000000000 ____D C:\ProgramData\Packages
2021-04-05 14:41 - 2019-04-12 04:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-05 00:09 - 2019-11-28 17:28 - 000000000 ____D C:\Program Files (x86)\Corsair
2021-04-03 15:55 - 2020-12-06 13:23 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Origin
2021-04-02 23:12 - 2021-01-25 21:03 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-04-02 23:12 - 2020-03-28 17:54 - 000000000 ____D C:\ProgramData\Origin
2021-04-02 23:09 - 2020-12-06 13:24 - 000000000 ____D C:\Program Files (x86)\Origin
2021-04-02 23:09 - 2020-12-06 13:23 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Origin
2021-04-02 19:45 - 2020-06-02 15:36 - 000000000 ___SD C:\WINDOWS\system32\lxss
2021-04-02 19:45 - 2019-04-11 22:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-03-30 15:42 - 2019-05-08 20:00 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2021-03-28 15:58 - 2019-11-05 18:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2021-03-27 19:40 - 2019-04-14 21:58 - 000000000 ____D C:\Program Files\Rockstar Games
2021-03-27 19:40 - 2019-04-14 21:58 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2021-03-26 11:14 - 2020-12-02 18:13 - 002105648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-03-26 11:14 - 2020-12-02 18:13 - 000811792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-03-26 11:14 - 2020-12-02 18:13 - 000656176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-03-26 11:06 - 2020-12-02 18:13 - 007207552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-03-26 11:06 - 2020-12-02 18:13 - 006154480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-03-26 01:35 - 2020-12-02 18:13 - 000063942 _____ C:\WINDOWS\system32\nvinfo.pb

==================== Files in the root of some directories ========

2019-11-20 21:31 - 2021-01-29 23:28 - 645563019 _____ () C:\Users\Lem0th\AppData\Roaming\.minecraft.7z
2021-04-21 18:58 - 2021-04-21 18:58 - 000000171 _____ () C:\Users\Lem0th\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2021-04-16 17:36 - 2021-04-18 18:53 - 000000574 _____ () C:\Users\Lem0th\AppData\Roaming\ExtensionCount.csv
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ () C:\Users\Lem0th\AppData\Roaming\GlobalStrData.txt
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ () C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithExif.txt
2021-04-17 21:09 - 2021-04-18 18:53 - 000693180 _____ () C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithoutExif.txt
2021-04-16 17:34 - 2021-04-18 18:53 - 000000147 _____ () C:\Users\Lem0th\AppData\Roaming\PhotoMoveOutput.txt
2020-01-06 21:56 - 2020-06-19 19:53 - 000000099 _____ () C:\Users\Lem0th\AppData\Roaming\prio.ini
2020-04-04 13:35 - 2020-05-10 15:33 - 000000128 _____ () C:\Users\Lem0th\AppData\Roaming\PUTTY.RND
2020-10-22 17:32 - 2021-01-08 19:37 - 000000128 _____ () C:\Users\Lem0th\AppData\Roaming\winscp.rnd
2020-11-22 14:33 - 2020-11-22 14:50 - 001065984 _____ () C:\Users\Lem0th\AppData\Local\file__0.localstorage
2019-08-20 16:02 - 2021-03-13 18:09 - 000000205 _____ () C:\Users\Lem0th\AppData\Local\oobelibMkey.log
2020-04-16 20:24 - 2020-04-16 20:24 - 000000529 _____ () C:\Users\Lem0th\AppData\Local\Perfmon.PerfmonCfg
2020-02-07 17:40 - 2021-01-16 14:19 - 000000128 _____ () C:\Users\Lem0th\AppData\Local\PUTTY.RND
2021-02-07 15:48 - 2021-02-07 15:48 - 000000867 _____ () C:\Users\Lem0th\AppData\Local\recently-used.xbel
2019-10-12 15:03 - 2019-10-12 15:03 - 000007602 _____ () C:\Users\Lem0th\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---

--- --- ---

Ladekabel612 25.04.2021 13:48
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Lem0th (25-04-2021 14:44:38)
Running from C:\Users\Lem0th\Desktop
Windows 10 Pro Version 20H2 19042.928 (X64) (2020-06-02 14:02:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2331486850-4249055999-2076793073-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2331486850-4249055999-2076793073-503 - Limited - Disabled)
Gast (S-1-5-21-2331486850-4249055999-2076793073-501 - Limited - Disabled)
Lem0th (S-1-5-21-2331486850-4249055999-2076793073-1004 - Administrator - Enabled) => C:\Users\Lem0th
WDAGUtilityAccount (S-1-5-21-2331486850-4249055999-2076793073-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version:  - Ubisoft)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 4.0.12 - ASUS)
Assassin's Creed Valhalla (HKLM-x32\...\Uplay Install 13504) (Version:  - Ubisoft)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.26.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{260b6df0-e5ca-4321-bc8c-02795bc45d56}) (Version: 1.1.26.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{36aa03d4-9606-4f04-bf3e-a70ebe6650f3}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{a75323e1-f1a4-4aff-a7ce-3858cbc1c0d2}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{ac3dc320-7e5e-4f22-9572-4c2119fcdf85}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{33e3ea9c-baed-4e8a-8dbb-4792a27c9066}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM-x32\...\{a29279dc-f417-4442-8225-4db77f7d35b5}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.05 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.7 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{2357cd84-6c2b-4174-87c7-4f9f9db8746b}) (Version: 0.0.3.1 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{94368c41-8d06-4bfe-993a-bfbd5e5226b5}) (Version: 0.0.3.7 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{1f83836b-be39-4903-b63c-fb22a1303597}) (Version: 2.0.2.3 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.0.2.3 - ASUSTek COMPUTER INC.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{210cdd08-c947-43a2-9378-bc288f651e41}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{3e9b91eb-5bb0-4272-8670-f88d353eb68b}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 1.05.18 - ASUSTek Computer Inc.)
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{add3bacc-578f-4bf9-97e3-a0f0c3ae3323}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM-x32\...\{cc37f609-4db9-4ce3-9e37-9cb1b432452e}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.53 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{9AFE5429-866B-457D-A864-80BCF7672EE8}) (Version: 1.1.06 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{684f7887-cc5b-469a-81e9-36d38142cc46}) (Version: 1.1.06 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.15 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.15 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.35 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{35381ead-8a19-4bff-a272-dcdfe38a5867}) (Version: 3.04.35 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
CORSAIR iCUE Software (HKLM-x32\...\{3D350B22-542B-4FB4-B3AC-EA760941C319}) (Version: 3.38.61 - Corsair)
CPUID CPU-Z 1.93 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.93 - CPUID, Inc.)
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
CrystalDiskInfo 8.2.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.2.0 - Crystal Dew World)
Discord (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Discord) (Version: 0.0.309 - Discord Inc.)
Driver - San Francisco (HKLM-x32\...\Driver - San Francisco_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden
Futuremark SystemInfo (HKLM-x32\...\{20CAF520-CA4A-4BB5-85B3-0E94E4434BD0}) (Version: 5.36.886.0 - Futuremark)
Geeks3D FurMark 1.21.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Git version 2.26.1 (HKLM\...\Git_is1) (Version: 2.26.1 - The Git Development Community)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.85 - Google LLC)
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8301}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8302}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8303}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.0.0.22 - Rockstar Games)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Intel(R) Extreme Tuning Utility (HKLM-x32\...\{92b09894-9d66-465d-97a0-5bcabf264301}) (Version: 6.5.1.321 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2009.14.0.1496 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.59.241.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{fd902053-5f6c-43ea-b78a-7b1269134a9a}) (Version: 1.59.241.0 - Intel Corporation) Hidden
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{511a62a9-1ff0-4cc5-adfe-4a5bd044a3c0}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Leawo Blu-ray Player version  2.2.0.1 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 2.2.0.1 - Leawo Software)
Leawo Prof. Media version  8.3.0.3 (HKLM-x32\...\{A5F041A4-812A-47C2-AD53-8893A81019FB}_is1) (Version: 8.3.0.3 - Leawo Software)
MADCATZ R.A.T. 6+ (HKLM\...\{7FAE3AD3-6937-48C3-A86A-A6286BD72053}) (Version: 1.0.31.0 - MAD CATZ)
MakeMKV v1.16.3 (HKLM-x32\...\MakeMKV) (Version: v1.16.3 - GuinpinSoft inc)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.46 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.46 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{4ffaf7b8-a84a-4813-840c-8b1f1343ae54}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{dd1e9bde-2ad6-4e92-8c07-7d4723eab8b8}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.11 (x64) (HKLM-x32\...\{e746e6a9-8254-4477-bbe0-a05900ec44e3}) (Version: 3.1.11.29516 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 88.0 (x64 de) (HKLM\...\Mozilla Firefox 88.0 (x64 de)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
MSI Afterburner 4.6.1 (HKLM-x32\...\Afterburner) (Version: 4.6.1 - MSI Co., LTD)
Need for Speed Most Wanted (black edition) (HKLM-x32\...\Need for Speed Most Wanted (black edition)) (Version: 1.3 - Electronic Arts)
Need for Speed™ (HKLM-x32\...\{F8643E83-A868-4EE8-A0B9-389386830453}) (Version: 1.3.0.0 - Electronic Arts)
Nextcloud (HKLM\...\{0CF81574-B8CB-4809-8498-B3E604EF6E96}) (Version: 3.2.0.20210409 - Nextcloud GmbH)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.5 - Notepad++ Team)
Npcap 0.995 (HKLM-x32\...\NpcapInst) (Version: 0.995 - Nmap Project)
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Graphics Driver 465.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 465.89 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OpenIV (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Opera GX Stable 73.0.3856.438 (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Opera GX 73.0.3856.438) (Version: 73.0.3856.438 - Opera Software)
Oracle VM VirtualBox 6.1.18 (HKLM\...\{A8F42E56-8D1F-4080-BD79-8375D3AD18BE}) (Version: 6.1.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.96.47386 - Electronic Arts, Inc.)
paint.net (HKLM\...\{6FED3D93-C0FA-4BD7-A36F-7FC53698244F}) (Version: 4.2.15 - dotPDN LLC)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.1 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{e38442c0-a433-48c2-84e2-51ac0b30c3ab}) (Version: 1.0.9.1 - Patriot Memory)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.3 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{8839fbd5-69f9-41c5-a1cf-cdfbec966d66}) (Version: 1.0.6.3 - Patriot Memory)
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PhotoMove 2.5 version 2.5.2.2 (HKLM-x32\...\{546443DF-4D82-484A-8E00-2136243B8B9A}}_is1) (Version: 2.5.2.2 - Mike Baker @ Rediscovering Photography)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python Launcher (HKLM-x32\...\{D722DA3A-92F5-454A-BD5D-A48C94D82300}) (Version: 3.7.6762.0 - Python Software Foundation)
qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8557 - Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1355.23 - Rockstar Games)
REDlauncher (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Revo Uninstaller 2.2.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 7.2.2 (HKLM-x32\...\RTSS) (Version: 7.2.2 - Unwinder)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.36.344 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.9 - Rockstar Games)
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.2.5.0 - ASUSTek COMPUTER INC.)
RogueKiller version 14.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.6.0 - Adlice Software)
RuneLite (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\RuneLite Launcher_is1) (Version: 2.1.6 - RuneLite)
smartmontools (HKLM-x32\...\smartmontools) (Version: 6.6 2017-11-05 r4594 (sf-6.6-1) - smartmontools.org)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.10.5 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version:  - TechPowerUp)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 93.1 - Ubisoft)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 4.1.2.0 - Manuel Hoefs (Zottel))
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WinSCP 5.17.9 (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\winscp3_is1) (Version: 5.17.9 - Martin Prikryl)
Wireshark 3.0.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare Filmora9(Build 9.1.2) (HKLM\...\Wondershare Filmora9_is1) (Version:  - Wondershare Software)

Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_4.0.8.0_x64__qmba6cd70vzyy [2021-04-05] (ASUSTeK COMPUTER INC.)
Cinebench -> C:\Program Files\WindowsApps\MAXONComputerGmbH.Cinebench_23.2.0.0_x64__rsne5bsk8s7tj [2021-03-13] (MAXON Computer GmbH)
Debian -> C:\Program Files\WindowsApps\TheDebianProject.DebianGNULinux_1.4.0.0_x64__76v4gfsz19hv4 [2021-04-17] (The Debian Project)
Fluent Terminal -> C:\Program Files\WindowsApps\53621FSApps.FluentTerminal_0.7.5.0_x64__87x1pks76srcp [2021-03-31] (FS Apps) [Startup Task]
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.466.460.2_x64__8wekyb3d8bbwe [2021-03-31] (Microsoft Studios)
Microsoft Edge Beta -> C:\Program Files (x86)\Microsoft\Edge Beta\Application [2021-04-23] (0)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-14] (Microsoft Corporation)
Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.752.0_x64__qbz5n2kfra8p0 [2021-03-13] (Python Software Foundation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.147.0_x64__dt26b99r8h8gj [2020-08-23] (Realtek Semiconductor Corp)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{5405618e-4c42-4fb9-a80a-d24d89911296}\localserver32 -> C:\Users\Lem0th\AppData\Local\NhNotifSys\sonicstudio\asusns.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{872bdfc0-9f9f-47d7-83b8-e363d25d6d5f} -> [Nextcloud] => C:\Users\Lem0th\Nextcloud [2021-04-16 17:29]
CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{BC2A58AB-3084-4D85-82C4-41A01B4032E2} -> [MEGAsync] => C:\Users\Lem0th\Documents\MEGAsync [2021-03-27 10:34]
CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InprocServer32 -> C:\Users\Lem0th\AppData\Local\Programs\WinSCP\DragExt64.dll (Martin Prikryl -> Martin Prikryl)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} - C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} - C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} => C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} => C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [  NextcloudError] -> {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudOK] -> {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudOKShared] -> {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudSync] -> {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudWarning] -> {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers3: [NextcloudContextMenuHandler] -> {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\shellext\NCContextMenu.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-03-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2015-04-14] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2015-04-14] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-07-08 17:42 - 2020-07-08 17:42 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2020-07-08 17:42 - 2020-07-08 17:42 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2020-07-14 17:16 - 2020-07-14 17:16 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2020-04-22 15:35 - 2020-04-22 15:35 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2018-08-29 16:19 - 2018-08-29 16:19 - 000223232 _____ () [File not signed] C:\Program Files\ASUS\AacOdd\AacOddHal_x86.dll
2018-09-07 00:29 - 2018-09-07 00:29 - 000202752 _____ () [File not signed] C:\Program Files\ASUS\AacTerminalHal\AacStripBusHal_x86.dll
2018-12-27 16:31 - 2018-12-27 16:31 - 000225280 _____ () [File not signed] C:\Program Files\ASUS\CORSAIR_Aac_DRAM\AacCosairDramHal_x86.dll
2020-05-26 17:08 - 2020-05-26 17:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2019-08-17 18:22 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-12-07 11:09 - 2021-04-24 21:18 - 000093696 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\uxinit.dll
2020-12-16 09:26 - 2020-12-16 09:26 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2021-04-24 21:57 - 2019-09-23 23:51 - 000255488 _____ (www.startisback.com) [File not signed] C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer32.dll
2021-04-24 21:57 - 2019-09-23 23:51 - 000261632 _____ (www.startisback.com) [File not signed] C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7}' -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer32.dll [2019-09-23] (www.startisback.com) [File not signed]
BHO-x32: No Name -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7}' -> No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-05-25 15:33 - 2020-05-01 17:24 - 000001256 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70      fitgirlrepacks.co              # Fake FitGirl site
109.94.209.70      fitgirl-repacks.cc              # Fake FitGirl site
109.94.209.70      fitgirl-repack.com              # Fake FitGirl site
109.94.209.70      www.fitgirlrepacks.co          # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.cc          # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.com          # Fake FitGirl site

2019-08-17 10:35 - 2019-09-01 12:37 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.54.81 DESKTOP-J6EBHR7.mshome.net # 2024 8 5 30 10 37 43 403
168.54.87 manjaro.mshome.net # 2019 8 0 25 21 1 57 523
192.168.54.87 manjaro.mshome.net # 2019 8 0 25 21 1 57 523
523
17 9 332
192.168.54.87 manjaro.mshome.net # 2019 8 0 25 21 1 57 523
68.54.0.83 ubuntu.mshome.net # 2019 8 6 24 16 49 48 776
8 776
510
68.54.0.83 ubuntu.mshome.net # 2019 8 6 24 16 49 48 776

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Git\cmd;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\dotnet\
HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.34 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
vEthernet (Default Switch): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Default Switch): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 3: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\StartupFolder: => "Folding@home.lnk"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "SaferVPN"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "pCloud"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E89105E3-8FD6-4574-84A4-54BCA347C477}D:\gtaiv backup before update\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\gtaiv backup before update\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [TCP Query User{2D65D048-5356-4589-B601-298975BFCBEC}D:\gtaiv backup before update\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\gtaiv backup before update\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{0E976DB1-E721-4123-A18D-79BAE324AEA9}D:\games\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) D:\games\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{1356CEB6-6F9D-4BCE-A2F9-0F8419613022}D:\games\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) D:\games\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe => No File
FirewallRules: [{AD7A7C76-4F22-4D6A-9BE5-2510F7701424}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{21381AA7-12F7-4FB8-9EFD-05C992E7A069}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{11544A5B-10BE-4290-B0F1-C69D14F90009}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [{CE584792-AF50-4694-9486-707A8EE7F73A}] => (Allow) D:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File
FirewallRules: [UDP Query User{B31B8551-5F5C-40DB-99F5-36A531147524}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{544BF304-B36A-4E47-9FE4-CE9633ECFC11}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{E8739EC8-07F0-4064-A1FC-5923B152E292}D:\need for speed heat\needforspeedheat.exe] => (Block) D:\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{0AC062BC-8110-4E66-A778-FE588ED5F631}D:\need for speed heat\needforspeedheat.exe] => (Block) D:\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [{24EEB3CB-7C5E-443F-927E-C58699A1ACCA}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe => No File
FirewallRules: [{BA231261-5217-49A9-8577-52EA26E13205}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe => No File
FirewallRules: [UDP Query User{9212379A-1F76-4909-A968-B82D34D6C14F}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe => No File
FirewallRules: [TCP Query User{F4B085A6-BE9A-4D67-9C0A-048B6DDC8EA2}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe => No File
FirewallRules: [{DB330616-48D5-4B40-A482-C2489DA90517}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{FA7D41AB-31E6-42C4-B439-AF0E8CFE3B49}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [UDP Query User{FC543287-CDE5-45E8-B6B2-DB310669F2CB}D:\battle.net\battle.net.exe] => (Allow) D:\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{43001272-2E6F-4E4A-8162-22A087519401}D:\battle.net\battle.net.exe] => (Allow) D:\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{80EFF0A2-A3C0-4216-8DE9-0B6A1CD04424}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [{7B301E05-8DFC-4B5E-8C1E-9004E44BCE64}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe => No File
FirewallRules: [UDP Query User{6174AE97-A405-4A30-B6B1-29A7A1FDA3E4}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe => No File
FirewallRules: [TCP Query User{DE0E076B-BA23-4ED4-B2BB-AF690C513E45}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe => No File
FirewallRules: [UDP Query User{AF0C8862-AA4F-4E24-9216-6FF8A8AA1792}C:\program files\core temp\core temp.exe] => (Block) C:\program files\core temp\core temp.exe (ALCPU -> ALCPU)
FirewallRules: [TCP Query User{279B665F-E4DD-4B70-AFB6-EAD32AD09683}C:\program files\core temp\core temp.exe] => (Block) C:\program files\core temp\core temp.exe (ALCPU -> ALCPU)
FirewallRules: [{F492DB98-1F8A-40DB-8FA3-D96B6527DADE}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [{F435FEEB-256B-452D-8AD4-B39322989B67}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [UDP Query User{C6EBDC59-1944-44C3-BEF5-A1D1D50FF6F7}D:\games\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\games\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [TCP Query User{4146D64C-CE13-45F6-B0CB-18A05EB5CA16}D:\games\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) D:\games\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [{3C7FB18B-3AF0-497E-B3D3-26A5B978F3A6}] => (Block) D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe => No File
FirewallRules: [{2DD18129-4517-4B28-B4A6-19B0A82DE548}] => (Block) D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe => No File
FirewallRules: [UDP Query User{923D6CB2-7002-4B5F-8BD3-6BA54E233934}D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe] => (Allow) D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe => No File
FirewallRules: [TCP Query User{D880CDA8-6D0A-49E1-A5CA-08429A39C63A}D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe] => (Allow) D:\steam\steamapps\common\farming simulator 19\dedicatedserver.exe => No File
FirewallRules: [{B2C0308D-AE64-431A-A2AB-FE90A2B9BF48}] => (Allow) D:\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{212808BE-57AF-4473-83EB-BD3B0F1AA6B0}] => (Allow) D:\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [UDP Query User{C352A195-ADF2-457B-B217-C0C002E44CF8}D:\origin games\battlefield 4\bf4.exe] => (Allow) D:\origin games\battlefield 4\bf4.exe => No File
FirewallRules: [TCP Query User{90E1BF47-5EAB-4FBF-AB62-FB1246B4392E}D:\origin games\battlefield 4\bf4.exe] => (Allow) D:\origin games\battlefield 4\bf4.exe => No File
FirewallRules: [UDP Query User{6FF50BC2-DC82-419F-B041-55C7662D0AC9}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E05FBCB4-4AB0-4501-820A-A02EFFAA0E81}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [{9248A71D-4E62-46B5-AADD-C41E98F1DE9C}] => (Allow) D:\Steam\steamapps\common\Cities_Skylines\Cities.exe => No File
FirewallRules: [{25932E1C-696B-4ACA-982A-7650163DA715}] => (Allow) D:\Steam\steamapps\common\Cities_Skylines\Cities.exe => No File
FirewallRules: [UDP Query User{59E403CB-D19A-4008-B1DE-D9B3C218C1F4}D:\red dead redemption 2\rdr2.exe] => (Allow) D:\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{6A2E0C5D-9EC2-4ED3-8AC4-F2A11000DA4E}D:\red dead redemption 2\rdr2.exe] => (Allow) D:\red dead redemption 2\rdr2.exe => No File
FirewallRules: [{D17FD6CA-F1E9-4F31-A9D6-E8621A732FEF}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{732D8C68-C484-41E2-BE33-AD13FFD5B90B}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [UDP Query User{E98ECFFC-C735-4693-86EA-0B1D7B98BD74}D:\grand theft auto v\gta5.exe] => (Block) D:\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{03AE9D6E-1310-4124-AE6F-0A5AA87128FE}D:\grand theft auto v\gta5.exe] => (Block) D:\grand theft auto v\gta5.exe => No File
FirewallRules: [{E08442BB-A2F4-4439-8317-6CE69D52576F}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File
FirewallRules: [{4C28B4AE-D8FB-4E69-A3C0-1C2CDD348219}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File
FirewallRules: [{461D493C-EF8D-49C8-971E-BB1A5EDD32FE}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File
FirewallRules: [{33099141-581E-4E95-AF02-D8FC1DD767E6}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File
FirewallRules: [UDP Query User{A1BCD29F-D569-42FF-8B78-8446B7D7C561}D:\games\rockstar launcher\grand theft auto v\gta5.exe] => (Block) D:\games\rockstar launcher\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{A922BE16-3599-4DC6-B0E4-40075F337FC7}D:\games\rockstar launcher\grand theft auto v\gta5.exe] => (Block) D:\games\rockstar launcher\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{ACDC7CBD-74B6-4635-B120-130DC1033A16}D:\games\rockstar games\grand theft auto 521\gta5.exe] => (Block) D:\games\rockstar games\grand theft auto 521\gta5.exe => No File
FirewallRules: [TCP Query User{08CEA24B-C217-4AF2-A6FB-4A8C68D9E5CC}D:\games\rockstar games\grand theft auto 521\gta5.exe] => (Block) D:\games\rockstar games\grand theft auto 521\gta5.exe => No File
FirewallRules: [{BCA502C6-0FA1-4B9A-9402-07E2111B7698}] => (Allow) D:\Games\Anno 2205\Bin\Win64\Anno2205.exe => No File
FirewallRules: [{B9697FB9-955F-4B2F-A36E-1AA1C7DB916C}] => (Allow) D:\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{808ACEB9-E7F4-49C0-B091-7E5C54E27606}] => (Allow) D:\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{FB77CC27-39BC-46E7-A00D-CF235885FE19}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{21869522-1622-426C-B240-4B7E6C63E831}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{D3B17439-64FC-4BB1-97B8-2C1C1BD71445}] => (Allow) C:\Users\Lem0th\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{EB2052C1-D41A-4786-AAFE-AE65B70A44A8}] => (Allow) C:\Users\Lem0th\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{7496CADD-3B71-4106-9E82-A077947AFAA4}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{670812E8-AFDC-4F5C-B3CE-126515B30CA8}] => (Allow) D:\Steam\steamapps\common\Starbound\win32\starbound.exe => No File
FirewallRules: [{5CCBCA24-DBD9-4068-854F-8E69A924DD3E}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{FFFC5594-996E-457D-B175-DA1435A140B5}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe => No File
FirewallRules: [{5D50EEAD-81CD-4ADD-A4C8-E476D7A7A47F}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{BA034B8A-1BD3-423E-A205-DDFD0C16B670}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound_server.exe => No File
FirewallRules: [{A1E751D7-E18B-49BE-9B76-DDE5CC0BA257}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{717C6496-234C-4984-B4AA-717FDE74B215}] => (Allow) D:\Steam\steamapps\common\Starbound\win64\starbound.exe => No File
FirewallRules: [{7254B449-D3D4-442A-AE4D-F3016AE6BD17}] => (Allow) D:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{27B70B7D-9564-4C8E-AC47-82CC6903E9CB}] => (Allow) D:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [UDP Query User{883E82A6-DE6C-4CB8-BC81-6D9EA26AA022}C:\users\lem0th\desktop\eco.v0.7.6.3\eco_data\server\ecoserver.exe] => (Block) C:\users\lem0th\desktop\eco.v0.7.6.3\eco_data\server\ecoserver.exe => No File
FirewallRules: [TCP Query User{B7A3E396-FD42-404D-9041-79E3F8E1771E}C:\users\lem0th\desktop\eco.v0.7.6.3\eco_data\server\ecoserver.exe] => (Block) C:\users\lem0th\desktop\eco.v0.7.6.3\eco_data\server\ecoserver.exe => No File
FirewallRules: [{D56A48A6-041C-4F2A-B4E7-860A4AF9148B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{41DA5E44-BE1B-47EF-86B8-F0988B8933E8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E05C5493-F067-44E6-8D73-3CB905224381}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{44C52E0F-6C5A-4537-96CE-E85AE45AD086}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{0F7F6E19-198E-453E-8345-ED55EEDCEC02}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{650B13C9-0C04-4379-B911-B5E2A0809042}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{75CF4ABB-B729-4372-A88E-33FC8EEB5D22}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{E8830CBC-74CD-49B1-AD66-193AB78BF981}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [TCP Query User{6E37E58B-B768-4BDB-A2F1-6628C1B656C4}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe => No File
FirewallRules: [UDP Query User{7B9BAC9A-51FC-4C81-A10F-B62A2EB0B08B}D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe => No File
FirewallRules: [TCP Query User{42BE4BD3-7CA2-4029-8EDE-2319BA6219F0}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{8DF2A931-9E45-4778-A630-423E3F2DF566}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [TCP Query User{90FF74C0-11EC-4303-811E-647FE8A493A4}D:\steam\steamapps\common\grand theft auto iv - kopie\gtaiv\gtaiv.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv - kopie\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{60979074-3E28-437D-B67E-2E30CE0935A0}D:\steam\steamapps\common\grand theft auto iv - kopie\gtaiv\gtaiv.exe] => (Allow) D:\steam\steamapps\common\grand theft auto iv - kopie\gtaiv\gtaiv.exe => No File
FirewallRules: [TCP Query User{E12E59CD-015B-455E-8447-9514631855ED}C:\users\jendrik\documents\gta iv\gtaiv.exe] => (Block) C:\users\jendrik\documents\gta iv\gtaiv.exe => No File
FirewallRules: [UDP Query User{848946DF-10A3-46B7-851D-71BF41A8B708}C:\users\jendrik\documents\gta iv\gtaiv.exe] => (Block) C:\users\jendrik\documents\gta iv\gtaiv.exe => No File
FirewallRules: [TCP Query User{E2B89407-BFB9-475D-B00B-E221BF6D37A4}D:\steam\steamapps\common\anno 1404\tools\anno4web.exe] => (Block) D:\steam\steamapps\common\anno 1404\tools\anno4web.exe => No File
FirewallRules: [UDP Query User{A766AC8A-F8D9-4B27-9B00-C6467BCAB491}D:\steam\steamapps\common\anno 1404\tools\anno4web.exe] => (Block) D:\steam\steamapps\common\anno 1404\tools\anno4web.exe => No File
FirewallRules: [TCP Query User{C141FE43-E39F-4B50-809B-43EF843398F0}D:\games\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\games\rockstar games\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{736B1E22-9CCF-4D2C-BBE0-3F3C34C5A2BE}D:\games\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\games\rockstar games\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{2A63D965-0526-48E2-96FF-7228D43616F2}C:\users\jendrik\desktop\grand theft auto 5\gta5.exe] => (Block) C:\users\jendrik\desktop\grand theft auto 5\gta5.exe => No File
FirewallRules: [UDP Query User{AFABB913-1B5A-4BA6-BB73-178042A9576D}C:\users\jendrik\desktop\grand theft auto 5\gta5.exe] => (Block) C:\users\jendrik\desktop\grand theft auto 5\gta5.exe => No File
FirewallRules: [{CC6214EB-488A-4F15-B1FB-E7B3EA0B7EA0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3A56452B-CEAC-4263-AE19-5A13BFD6C74E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{560523C0-A63A-4522-B554-30E6C641A839}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Block) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe => No File
FirewallRules: [UDP Query User{E5DD4852-AAEA-4604-AB80-7C26DDAA5B34}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Block) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe => No File
FirewallRules: [{1C030CEC-5E0B-493C-A748-C896AE4763AA}] => (Allow) D:\UPlay\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File
FirewallRules: [{0461C472-ACAB-4B67-9A63-45DB6D3440B1}] => (Allow) D:\UPlay\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File
FirewallRules: [{75C8FD0A-E614-4C92-A408-26F92B506D6B}] => (Allow) D:\UPlay\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File
FirewallRules: [{FA7F7F14-5EE1-4A6E-BD3B-5768A520C395}] => (Allow) D:\UPlay\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File
FirewallRules: [TCP Query User{4FAD1526-D337-4739-AE54-FF4E9DEF2B57}D:\uplay\assassin's creed iv black flag\ac4bfsp.exe] => (Block) D:\uplay\assassin's creed iv black flag\ac4bfsp.exe => No File
FirewallRules: [UDP Query User{E7E5F8B0-96CB-4C6A-B768-8F3CDB1FE03F}D:\uplay\assassin's creed iv black flag\ac4bfsp.exe] => (Block) D:\uplay\assassin's creed iv black flag\ac4bfsp.exe => No File
FirewallRules: [{885F9E40-5B48-4752-A9A4-F53C23B31091}] => (Allow) D:\UPlay\Watch_Dogs\bin\watch_dogs.exe => No File
FirewallRules: [{0E14150A-34E7-43E1-B8F7-AFFD670B479D}] => (Allow) D:\UPlay\Watch_Dogs\bin\watch_dogs.exe => No File
FirewallRules: [{D72198E1-B2EF-45B2-BD8D-74BFD584704B}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe => No File
FirewallRules: [{0B40FE42-751C-49B5-B28E-D3EA688E8642}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe => No File
FirewallRules: [{27CA865E-D3FB-41E2-BA9F-9FA121003769}] => (Allow) D:\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe => No File
FirewallRules: [{B6C5CAB5-DC4D-47DB-A402-7B5B5F687050}] => (Allow) D:\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe => No File
FirewallRules: [{777B2269-AC5F-4055-8E44-49EF411F11C1}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{BA6471A1-6249-438C-82DB-770A94218F2A}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{AC62BD92-93A4-4AD5-BC3A-D8CCAE25C6CF}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => No File
FirewallRules: [{91E67771-E0D6-4201-B5AA-31AFE16B22FB}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => No File
FirewallRules: [{82464301-3B6E-4359-8C5B-5E21262ACB7E}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => No File
FirewallRules: [{B20A79EE-12D0-40FA-8A11-E41961B5B54C}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => No File
FirewallRules: [{25D2BCAF-B8D7-462D-8C20-57C4A6D0647B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D64B8278-3C0A-4269-A546-89DCA9CB8D9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{760EF2B2-F0A1-458C-BC8D-972203781A13}D:\grand theft auto 5\gta5.exe] => (Block) D:\grand theft auto 5\gta5.exe => No File
FirewallRules: [UDP Query User{42D39CF6-8A3F-4FBB-8779-93466F7F7337}D:\grand theft auto 5\gta5.exe] => (Block) D:\grand theft auto 5\gta5.exe => No File
FirewallRules: [{4EB9EAEC-83E8-4F88-8DEF-67B73B26C4B1}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{31101FA0-114E-4F67-9DFD-64BE8E8F335A}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [TCP Query User{83FFE29A-44E4-428F-A993-4EACBA9D042A}D:\games\driver - san francisco\driver.exe] => (Block) D:\games\driver - san francisco\driver.exe => No File
FirewallRules: [UDP Query User{5E193D23-C55F-49D6-996F-74AE1F84CD62}D:\games\driver - san francisco\driver.exe] => (Block) D:\games\driver - san francisco\driver.exe => No File
FirewallRules: [{873F3E41-1761-43DE-9D3E-CC8E939C70BF}] => (Allow) D:\Games\Factorio.v0.17.8\bin\x64\factorio.exe => No File
FirewallRules: [{7360CC9C-C093-4F70-A425-8B151E637700}] => (Allow) D:\Games\Factorio.v0.17.8\bin\x64\factorio.exe => No File
FirewallRules: [{0FF90A2B-26A1-4301-A162-475F49265F14}] => (Allow) D:\Games\Factorio.v0.17.8\bin\x64\factorio.exe => No File
FirewallRules: [{FDDC9304-E97A-4939-A43E-B95971129C64}] => (Allow) D:\Games\Factorio.v0.17.8\bin\x64\factorio.exe => No File
FirewallRules: [{4B30A9FA-99EF-49BB-AA78-5E7A83D19F89}] => (Allow) D:\Games\Farming Simulator 19\FarmingSimulator2019.exe => No File
FirewallRules: [{9BF437F2-14BF-435E-B2AC-4D37E3D2F516}] => (Allow) D:\Games\Farming Simulator 19\FarmingSimulator2019.exe => No File
FirewallRules: [{7369BA3B-53D8-44AD-A7BA-9D16C2D24D6E}] => (Allow) D:\Games\Prison.Architect.Update.16\Prison Architect64.exe => No File
FirewallRules: [{63F463A5-3F2C-4FAC-BBB9-64FF94B858F8}] => (Allow) D:\Games\Prison.Architect.Update.16\Prison Architect64.exe => No File
FirewallRules: [{812F3FBE-19AF-4C38-A671-EBC317C1EA3B}] => (Allow) D:\Games\Prison.Architect.Update.16\Prison Architect64.exe => No File
FirewallRules: [{F68F4693-E7D1-4928-A208-76A67C6ED57D}] => (Allow) D:\Games\Prison.Architect.Update.16\Prison Architect64.exe => No File
FirewallRules: [TCP Query User{8F86F241-11C3-4BEC-B25A-4D5E20ADE63B}D:\games\mass effect 3\binaries\win32\masseffect3.exe] => (Block) D:\games\mass effect 3\binaries\win32\masseffect3.exe => No File
FirewallRules: [UDP Query User{9D8F50BF-23B8-4817-9331-0DE59977CA05}D:\games\mass effect 3\binaries\win32\masseffect3.exe] => (Block) D:\games\mass effect 3\binaries\win32\masseffect3.exe => No File
FirewallRules: [TCP Query User{79E255EC-A423-4BB8-8DDE-E6BA715D4545}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe => No File
FirewallRules: [UDP Query User{5F60DE7E-0372-413E-8F07-B96E404C08E8}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe => No File
FirewallRules: [{8275FC18-3665-4FEB-B5CF-B10A45858374}] => (Allow) C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [{D392FBC1-B7C5-4AD9-B2C1-2C3F2E75D208}] => (Allow) C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [{59095EF4-CA73-49E5-A81F-B906FA10B1EB}] => (Allow) C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [{3793CBC9-02A6-424B-80E4-DEFBC37EC337}] => (Allow) C:\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [TCP Query User{DB8F624B-9318-4151-96CA-D549EA4B698C}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe (ALCPU -> ALCPU)
FirewallRules: [UDP Query User{D6539123-BBFD-4FD1-807C-A433521AB404}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe (ALCPU -> ALCPU)
FirewallRules: [TCP Query User{D44DE966-76E5-4766-944B-DAABD313E2E3}D:\games\nfs mw 2012\nfs13.exe] => (Block) D:\games\nfs mw 2012\nfs13.exe => No File
FirewallRules: [UDP Query User{52AA4A1D-1282-4602-A6BC-81FD226FEE10}D:\games\nfs mw 2012\nfs13.exe] => (Block) D:\games\nfs mw 2012\nfs13.exe => No File
FirewallRules: [TCP Query User{1B56BA9E-B957-4C8E-B3BE-CEED87C4B3F6}D:\games\nfs mw 2012\nfs13.exe] => (Allow) D:\games\nfs mw 2012\nfs13.exe => No File
FirewallRules: [UDP Query User{1AEDF068-5207-4232-802F-0CBDE9A89072}D:\games\nfs mw 2012\nfs13.exe] => (Allow) D:\games\nfs mw 2012\nfs13.exe => No File
FirewallRules: [{E21F827C-3955-401B-9742-70B43525402E}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{B75D3868-0C32-44C5-8B91-9906F4AC163C}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [TCP Query User{3551F8C7-56A7-4C24-9697-C5C642161E6A}D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{9824D6B4-E916-405B-9D3C-CDA974B527B2}D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [TCP Query User{5FAF59FB-900D-4F71-9BEF-A73DEFDE0A7A}D:\steam\steamapps\common\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe => No File
FirewallRules: [UDP Query User{1880E064-1FE6-4675-9F74-98192BF86784}D:\steam\steamapps\common\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe => No File
FirewallRules: [TCP Query User{7C4647FB-D505-44EE-882A-670FE813AE9F}D:\games\rockstar games\grand theft auto 5\gta5.exe] => (Allow) D:\games\rockstar games\grand theft auto 5\gta5.exe => No File
FirewallRules: [UDP Query User{4512388E-B5DA-414B-9B31-31EF3BCBBF72}D:\games\rockstar games\grand theft auto 5\gta5.exe] => (Allow) D:\games\rockstar games\grand theft auto 5\gta5.exe => No File
FirewallRules: [TCP Query User{52E01A02-19DE-406B-9184-320EDF9AD0CD}D:\steam\steamapps\common\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) D:\steam\steamapps\common\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{21F1926C-1E79-466A-9E5B-3AA129170155}D:\steam\steamapps\common\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) D:\steam\steamapps\common\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe => No File
FirewallRules: [{FEA652B5-C4E4-4E25-A9CE-8FD29CC53309}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{BBBCF8BE-6B0B-4160-A31E-01B841C9C30D}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{9025F53A-D984-44DA-90C4-45DE9FD11F34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{8C460CDE-76D0-47F5-8733-8F42A307760D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{E1527208-B8AC-4246-A5AA-3D59969C3925}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{4D333ED1-D5DF-4236-BCDE-81AAA704034C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [TCP Query User{9B750E9D-4F76-49BE-B9F6-89953185FD89}D:\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) D:\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{148CB68E-4E26-4757-80E0-4E48870E6D6B}D:\grand theft auto iv\gtaiv\gtaiv.exe] => (Block) D:\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [TCP Query User{DACBD9FC-935C-4CD6-BBBC-C589A08495B3}D:\driver - san francisco\driver.exe] => (Block) D:\driver - san francisco\driver.exe (Ubisoft Entertainment -> )
FirewallRules: [UDP Query User{AFF58A0B-E485-4626-A3C6-C9DD07ED8502}D:\driver - san francisco\driver.exe] => (Block) D:\driver - san francisco\driver.exe (Ubisoft Entertainment -> )
FirewallRules: [TCP Query User{8F85853A-73CE-476F-8778-BB65C02E00D1}D:\steam\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe => No File
FirewallRules: [UDP Query User{2E1FFC5F-FAE0-4C2D-82A7-EBB44ED81825}D:\steam\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe => No File
FirewallRules: [TCP Query User{2C8ACAD6-D759-4F00-AE66-B7B7E90D9B9B}C:\users\lem0th\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\lem0th\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [UDP Query User{A64F7428-E2E2-4356-B306-9AC54CB91A30}C:\users\lem0th\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\lem0th\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{7601CDE4-BE9E-46DC-8951-CE2A0D1AD306}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe => No File
FirewallRules: [{25E9D4EF-1501-4168-86DE-6D3C16A82803}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe => No File
FirewallRules: [{8D54D6C9-62C0-45F7-959F-A291BC44ABE9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{7E6E8CC4-8055-426F-945B-5B56F7C8010D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{C17C5324-B514-4DE0-AB89-12371496238C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{1A7ED13E-4140-40E0-873C-5F0377DB3AE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{7B8AC5C9-0DED-46F9-A7D9-5E9475AB7788}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CB8B1EF4-FE42-45F3-A4E5-11BB77AA30BA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B8582651-BA26-441B-A6E8-6674D97EA55B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{43E534AD-673A-4CA6-B60E-9769830A933F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{1447B30C-42D1-4AFD-831A-EFED144F1F66}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{D1C59F94-C00B-498F-9869-D667EE24CFF3}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3C716091-0AB2-4865-8DD7-0C4DB27E8008}C:\watch dogs legion\bin\watchdogslegion.exe] => (Allow) C:\watch dogs legion\bin\watchdogslegion.exe => No File
FirewallRules: [UDP Query User{FE2400D2-A1A3-4BE1-A511-39514A469174}C:\watch dogs legion\bin\watchdogslegion.exe] => (Allow) C:\watch dogs legion\bin\watchdogslegion.exe => No File
FirewallRules: [{CA505015-3701-4CFF-8802-679130AD1605}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{5192F53C-631D-4FAD-9DB3-883B119D49B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{FF6FE126-121F-4911-854F-82F243DFA464}] => (Allow) D:\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{23C54D33-11C2-4200-AF0F-2E99FA2F6957}] => (Allow) D:\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [TCP Query User{8187D619-05E8-44F8-890C-DE2087BE2CE6}D:\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\tom clancy's ghost recon wildlands\grw.exe => No File
FirewallRules: [UDP Query User{F77EEBE1-2382-45ED-9D5F-E582E1009F29}D:\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\tom clancy's ghost recon wildlands\grw.exe => No File
FirewallRules: [{35FDFA86-BDB3-4F58-BE86-8EA1FCE6A823}] => (Allow) D:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe => No File
FirewallRules: [{D584961B-D494-4EE0-B3CF-A7A246D24324}] => (Allow) D:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe => No File
FirewallRules: [{97E32FCD-D23E-4BA2-B5AD-A5FC173BD631}] => (Allow) D:\Steam\steamapps\common\Transport Fever 2\TransportFever2.exe => No File
FirewallRules: [{F14D343C-C524-4F80-A83C-2FD97842A78D}] => (Allow) D:\Steam\steamapps\common\Transport Fever 2\TransportFever2.exe => No File
FirewallRules: [{516809CC-87A0-4D4F-9397-6AC7F1755FF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever 2\TransportFever2.exe () [File not signed]
FirewallRules: [{08E91F3B-9234-4C87-9B67-237B100D1C6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever 2\TransportFever2.exe () [File not signed]
FirewallRules: [{8DF5C302-243E-4D98-BEBE-1847CDE5ED8F}] => (Allow) D:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{45872A03-8F13-4F6C-AC3B-29CC1E4ED7D4}] => (Allow) D:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{F24085C2-05C8-4516-898F-1FA7F6C98498}] => (Allow) D:\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [{0EB6B250-8AA0-47D7-B609-832C2273CEDA}] => (Allow) D:\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [TCP Query User{26C6191B-0E73-4476-B321-08D3C537ACD5}D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{EF3E8FDA-0ACB-43F4-B4D6-3BFB8EDA04F5}D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{25939520-0D1D-4578-946C-D4EB4291521C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [{4263165D-0308-45B0-931D-112FC416F3D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [TCP Query User{E28E2B5B-758E-456A-960D-8107B899AAB2}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{1A8C3D4C-7DD6-4FAC-AB6B-60FF7DF3B5FB}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{380F1153-43B2-4619-AE20-B37957B52929}] => (Block) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{2AD78FFE-776A-4508-8DEE-F3A7AADC4536}] => (Block) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{02FDCE55-3BB7-4C7A-ADB2-789293EAE0E8}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{2B03FD81-0D4D-449F-A301-0EA955773912}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{A47067D7-E0B9-479A-BA36-B4FDB79BB3F4}] => (Allow) D:\Games\Origin\The Sims 4\Game\Bin_LE\TS4.exe => No File
FirewallRules: [{1D8EA596-A61A-45D1-AC7A-23D62FFDB837}] => (Allow) D:\Games\Origin\The Sims 4\Game\Bin_LE\TS4.exe => No File
FirewallRules: [{7158B635-9A03-4F34-BD06-0B7EDB34A05F}] => (Allow) D:\Games\Origin\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{7E1B3208-CCBE-4EEA-BD52-14272D74996E}] => (Allow) D:\Games\Origin\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{571260C1-6820-4BC5-823A-6723459B82D3}] => (Allow) D:\Steam\steamapps\common\Rollercoaster Tycoon 2\RCT2.EXE => No File
FirewallRules: [{09DC3838-E0E6-4777-A6D9-E66EB34EFCC1}] => (Allow) D:\Steam\steamapps\common\Rollercoaster Tycoon 2\RCT2.EXE => No File
FirewallRules: [TCP Query User{F1EE0D99-7DA4-4881-BA07-F5079EE46C0E}C:\program files\openrct2\openrct2.exe] => (Allow) C:\program files\openrct2\openrct2.exe => No File
FirewallRules: [UDP Query User{35019960-5210-4AB7-96D4-856EC1E7349D}C:\program files\openrct2\openrct2.exe] => (Allow) C:\program files\openrct2\openrct2.exe => No File
FirewallRules: [{D0C8D784-C63C-48AE-A233-B82FFED2B1D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{E9D601C4-A474-4EFD-82A4-9A4F38F3B4E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{F76BFEEC-9A4E-4CDE-B4E7-233E77C50558}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{C89753A0-8B68-4414-AE52-48437D79C60C}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{AA11D7D2-66A6-40AA-8FB4-45456A27A312}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{5069AAEA-C3DE-4C2E-9399-A3B83EC27CDC}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{3B460AC7-5E66-43B1-9EDE-26B8ADDA0906}] => (Allow) E:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe => No File
FirewallRules: [{C3A6F349-0BB4-478D-B7D7-1034B6204655}] => (Allow) E:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe => No File
FirewallRules: [{4919191C-4D14-42C7-B726-4F1EC54EF371}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [{AC9FC706-0E15-4618-BDBA-3043CB146ADC}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe => No File
FirewallRules: [{2F6D4E66-9049-4B63-A709-5B6B18F987C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [{AD31A04C-6602-4CAB-8A81-E96BAC23EE2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [TCP Query User{93D25AC5-BAB1-4BA3-9313-AE4A9A674FB6}D:\rockstar games\grand theft auto 5 - online\gta5.exe] => (Allow) D:\rockstar games\grand theft auto 5 - online\gta5.exe => No File
FirewallRules: [UDP Query User{187F8D3D-9F24-422C-91C0-6B922D88CD1C}D:\rockstar games\grand theft auto 5 - online\gta5.exe] => (Allow) D:\rockstar games\grand theft auto 5 - online\gta5.exe => No File
FirewallRules: [TCP Query User{8006B323-D92E-4E66-816F-127CF249E744}E:\gta\grand theft auto v\gta5.exe] => (Allow) E:\gta\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{4CBDB4E6-DC2E-40BB-A238-C85681084FF4}E:\gta\grand theft auto v\gta5.exe] => (Allow) E:\gta\grand theft auto v\gta5.exe => No File
FirewallRules: [{964D883A-69DD-44BE-B703-C1C93E2C6881}] => (Allow) C:\Users\Lem0th\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{6019C894-49CD-44E3-8B21-1DC459329B05}] => (Allow) C:\Users\Lem0th\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{27C953F7-FA5A-489F-8853-E4C4529F97F2}] => (Allow) C:\Users\Lem0th\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B93A0006-A015-4A41-B0D2-6A1EEED9FB62}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{4E9F02B9-CB33-4F17-BF07-D4EA5F748DA1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{FD5A6A5D-E832-4D05-A056-1270D3AFED1F}] => (Allow) E:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{5BADAB3F-CDE0-474F-9520-9D7A4373ED89}] => (Allow) E:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{80E36785-4930-41E8-972A-EDE6E8B543FB}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{14BCC086-0CA4-4984-83E0-B79AA04B3F37}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{BF112671-93C8-42A9-8399-BAB426810A3B}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{67BDF6E1-1D7D-4CC9-B1A8-73247C1B9BAC}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{608A7D66-FD1B-4F4C-94CB-694CE41FA00A}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{B39643F0-B62A-4E74-9F9A-A126294CD8E6}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{56D8B399-7221-4712-A198-D899073C5625}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => No File
FirewallRules: [{1FB09AAD-FA54-4FF4-AC81-FBFB8670224F}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => No File
FirewallRules: [{D6D6975B-5E47-4B4F-8E75-E01BE141E825}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => No File
FirewallRules: [{125C8DA4-3F89-44EF-A4F3-6014E1A7E78E}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => No File
FirewallRules: [{065F0EA5-B155-4CCD-9FE7-E03641821FF6}] => (Allow) LPort=25552
FirewallRules: [{ACA3D2AE-C4DC-4DB9-8CBB-53D4BAEA7556}] => (Allow) LPort=25552
FirewallRules: [TCP Query User{714B1907-920D-4DCD-A3A9-92AC2CCDCC09}E:\steamlibrary\steamapps\common\fph spedv\fph spedv.exe] => (Block) E:\steamlibrary\steamapps\common\fph spedv\fph spedv.exe => No File
FirewallRules: [UDP Query User{A8E16BD0-A014-4C3C-9DF5-4D6B5ACF37C0}E:\steamlibrary\steamapps\common\fph spedv\fph spedv.exe] => (Block) E:\steamlibrary\steamapps\common\fph spedv\fph spedv.exe => No File
FirewallRules: [{04CA327D-DEBE-4BCF-A3E0-BDDDC0A3E48E}] => (Allow) E:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe () [File not signed]
FirewallRules: [{604863BB-4141-4CA9-BE1F-6241E5550EB2}] => (Allow) E:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe () [File not signed]
FirewallRules: [{BCEE7111-39D5-43B8-B15D-5B09D6F7C97C}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{95D65555-9C1C-45DE-B8FC-557F37E3185E}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{C73DB015-C579-4E9C-8FA1-AB25D70C9715}E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{1A6B6369-C526-4C2D-840F-E7D7733A0DD1}E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{504B845D-5823-4C4A-9D2F-8DB2FFEE012F}] => (Allow) E:\Ubisoft\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe => No File
FirewallRules: [{17987AF4-CBBD-4529-ADFD-FE1E9497B8F6}] => (Allow) E:\Ubisoft\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe => No File
FirewallRules: [{ADA1B7EE-D083-43F0-9AA2-B41845D14388}] => (Allow) E:\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{F59AEA3C-6F42-4F4A-BC00-4B9E28F9BB89}] => (Allow) E:\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{5EE321A0-0AF3-40E0-A028-22CB23F79DB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BBAB3236-832A-4CB2-BF1A-0CB0CD2B5EF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F533A42A-4265-456B-A862-972024EE5CFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E766050C-E6D6-4E80-B5EA-EF30CC57F6FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{9F0F78A1-6E7C-42B7-A73C-6606959842BE}C:\users\lem0th\appdata\roaming\simsync\server\jre11\bin\java.exe] => (Allow) C:\users\lem0th\appdata\roaming\simsync\server\jre11\bin\java.exe
FirewallRules: [UDP Query User{4EE7BF65-17B9-4D7F-BDA0-2A7ED0F21E24}C:\users\lem0th\appdata\roaming\simsync\server\jre11\bin\java.exe] => (Allow) C:\users\lem0th\appdata\roaming\simsync\server\jre11\bin\java.exe
FirewallRules: [{04519660-CD40-4624-8055-B1D556A385BA}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{C0BBB6E8-DE73-4E7B-B5FC-D2A24D5D9350}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{F87D986B-037F-4254-AC03-CAEC2B668A62}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{E7E3FA69-E5EE-4CB2-93D8-6D9F67D7F6CD}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{C7A7A77A-72E7-48D9-9B74-A96B0A2B9CC8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5006DD8-45CC-4F33-B4DB-80A9B51897D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{62CDD108-B80E-42CF-9B8B-81982DDEE982}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{662EF693-B7CE-4E73-9E28-CD4F0578E8C8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F115B1A4-E9E8-4C9A-B1AE-CD34A4184F8A}] => (Allow) E:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{8FD6FC62-EED7-4453-8890-75174FF3C5AE}] => (Allow) E:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{4AFBD6A2-FF70-47F6-B291-384F34F3B608}] => (Allow) E:\Ubisoft\Anno 1800\Bin\Win64\Anno1800.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [{F339E5E2-4EEF-40AB-9DDA-6A4B7E041073}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{85A2578A-E2F2-483B-91A9-79A0835D4E39}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{C1CF126C-6754-4031-837E-8F49C6FEC4F4}] => (Allow) E:\Origin\Need for Speed\NFS16.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{30C80344-9037-43C1-BB62-29FD8D8D6BD3}] => (Allow) E:\Origin\Need for Speed\NFS16.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{E24DA67D-D071-428F-B394-8D7B8945887D}] => (Allow) E:\Origin\Need for Speed\NFS16_trial.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{69D5DFC3-4F85-47D1-9BEF-7AA05642F730}] => (Allow) E:\Origin\Need for Speed\NFS16_trial.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{5704E3C1-4F07-46F7-87D4-DCE50C0A1AEA}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{CCC9C2CB-6DD5-4D1F-A040-4454E93E707D}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{9A09A8CF-2E69-4BF0-A1F2-394A9D8CA4DF}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{67BE7E46-6F23-43D7-BC62-9AB84F4F4EDE}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{F89794A3-741D-4722-A021-675E5172D341}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{4A88E662-2410-47CD-B28B-1115CF93CEF2}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{A1B664B6-10EE-4A07-9471-CA154FC15C9A}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{E7FE9214-96F1-4EEE-A931-4743267E388B}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{7509EEA4-B735-498F-A26D-963CE6C222FB}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{77E05633-F67A-44BA-A0DC-7D5778EF1BBE}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{9B3AACF6-52DC-4942-BB1E-97E9D1AD5772}] => (Allow) E:\SteamLibrary\steamapps\common\Horizon Zero Dawn\HorizonZeroDawn.exe () [File not signed]
FirewallRules: [{1CB462CC-3195-45F8-85B3-640BB2C031CB}] => (Allow) E:\SteamLibrary\steamapps\common\Horizon Zero Dawn\HorizonZeroDawn.exe () [File not signed]
FirewallRules: [{5444CC30-A075-4833-B7D7-2569477F7623}] => (Allow) E:\Ubisoft\Assassin's Creed Valhalla\ACValhalla_Plus.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{3DF5BB23-9B3A-4E55-B852-9A0304586861}] => (Allow) E:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{5D09593E-98B4-42F4-828C-FA1E767A23D9}] => (Allow) E:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{4DFEB931-EF69-44B0-AC62-8F60CCDCE216}] => (Allow) E:\SteamLibrary\steamapps\common\Old School RuneScape\bin\win64\osclient.exe (Jagex Ltd.) [File not signed]
FirewallRules: [{B869F5AA-43D8-4636-9077-350BE0544D66}] => (Allow) E:\SteamLibrary\steamapps\common\Old School RuneScape\bin\win64\osclient.exe (Jagex Ltd.) [File not signed]
FirewallRules: [{0C64D1ED-C736-4397-8E5D-42040C0EFB3A}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{7292B058-C8ED-4FF3-815F-B474DD8A62D3}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{0CA50BFC-7D49-4C82-BFFC-4C5CD12CD58B}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{D8BD84B6-4605-4363-A02A-A27B22CDABA7}] => (Allow) E:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{4B036A20-E42F-451C-B135-8E1BE9D651CB}] => (Allow) E:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{15C6D012-F903-4D23-85EE-D1CC1F508276}] => (Allow) E:\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{BB22D606-D54D-4367-AA0A-E4C9E35A95BC}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{1E90D80B-6B05-49F1-828F-7B987136ADD1}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{268B1A54-8AE7-4DBF-9A5E-0B726EDCF9A0}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{CF67E128-75A8-4DDC-AFA4-280D27E4FA79}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{6C8AF79C-D727-42FB-ACD7-FD6AB810D5B3}] => (Allow) E:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.)
FirewallRules: [{D096238E-D4E2-4B5B-8920-0EED8E384033}] => (Allow) E:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.)
FirewallRules: [{6656B092-0D63-4B5B-83F0-4B5C19E7D255}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{B4206252-872E-4544-8B68-22E6461FE490}C:\program files\dvdfab\dvdfab 12\dvdfab64.exe] => (Allow) C:\program files\dvdfab\dvdfab 12\dvdfab64.exe => No File
FirewallRules: [UDP Query User{5AA08D3D-F3E7-4196-B4B1-422748667BE8}C:\program files\dvdfab\dvdfab 12\dvdfab64.exe] => (Allow) C:\program files\dvdfab\dvdfab 12\dvdfab64.exe => No File
FirewallRules: [{C9B627DD-D5C9-40CB-A63D-9E4984436444}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A02A6A4C-9BD1-4CB9-921B-4F42ADE8D107}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\90.0.818.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE60D4EA-66DF-4C0B-BD29-ABFF1D1ACB50}] => (Allow) E:\SteamLibrary\steamapps\common\Call to Arms\binaries\x64\call_to_arms_ed.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{CDC1358E-6CCF-4071-A95D-91DB8728C0A6}] => (Allow) E:\SteamLibrary\steamapps\common\Call to Arms\binaries\x64\call_to_arms_ed.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{7BCD7F92-78DF-4570-B3B3-955F776EFF78}] => (Allow) E:\SteamLibrary\steamapps\common\Call to Arms\binaries\x64\call_to_arms.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{FFE0DD58-524F-48FA-AF4E-8133AFB1D866}] => (Allow) E:\SteamLibrary\steamapps\common\Call to Arms\binaries\x64\call_to_arms.exe (Digitalmindsoft) [File not signed]
FirewallRules: [TCP Query User{C45B3061-A647-433E-AFDF-053136CF1C64}E:\steamlibrary\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe] => (Allow) E:\steamlibrary\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe (Digitalmindsoft) [File not signed]
FirewallRules: [UDP Query User{E99B0A97-0D81-4145-96B9-33A4F6D0364A}E:\steamlibrary\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe] => (Allow) E:\steamlibrary\steamapps\common\call to arms\binaries\x64\call_to_arms_server.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{06715197-7AB0-4105-A915-C1490B7AC8CD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

16-04-2021 17:27:50 Installed Nextcloud
24-04-2021 21:18:12 Installed UltraUXThemePatcher 4.1.2
24-04-2021 21:41:12 before adding theme

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/25/2021 12:15:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.4.2021.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 265c

Start Time: 01d739bbc32fb0fd

Termination Time: 4294967295

Application Path: C:\Users\Lem0th\Desktop\FRST64.exe

Report Id: 04227914-310b-473e-b163-af4b33bd08ef

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-process

Error: (04/25/2021 10:19:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc000041d
Fault offset: 0x000000000001894b
Faulting process ID: 0x1da4
Faulting application start time: 0x01d739a52a46035a
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: 3e68c8b6-8953-4c5f-8d86-5788f2fbbcd7
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2021 10:19:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc0000005
Fault offset: 0x000000000001894b
Faulting process ID: 0x1da4
Faulting application start time: 0x01d739a52a46035a
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: bbb5355e-655b-4bac-8871-1529dc6a7b9b
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2021 01:22:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete erneut optimieren on The Big D (D:) because: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A)

Error: (04/24/2021 11:34:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc000041d
Fault offset: 0x000000000001894b
Faulting process ID: 0x1c94
Faulting application start time: 0x01d7394314084ef9
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: 6a894109-bbbc-4a58-9aa8-e977d5dc6a9d
Faulting package full name:
Faulting package-relative application ID:

Error: (04/24/2021 11:34:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc0000005
Fault offset: 0x000000000001894b
Faulting process ID: 0x1c94
Faulting application start time: 0x01d7394314084ef9
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: 63c32d04-73bf-45e6-81c6-f08744aef2bb
Faulting package full name:
Faulting package-relative application ID:

Error: (04/24/2021 09:12:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iCUE.exe, version: 3.38.61.0, time stamp: 0x60426abe
Faulting module name: Qt5Core.dll, version: 5.14.2.0, time stamp: 0x5e7dfb32
Exception code: 0xc0000005
Fault offset: 0x00023745
Faulting process ID: 0x37dc
Faulting application start time: 0x01d7385b82503be2
Faulting application path: C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
Faulting module path: C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Core.dll
Report ID: f8e494da-100f-4e43-8567-17ac664af24b
Faulting package full name:
Faulting package-relative application ID:

Error: (04/24/2021 06:40:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: call_to_arms_server.exe, version: 1.2.2.8, time stamp: 0x604b9e98
Faulting module name: steamclient64.dll, version: 6.48.43.99, time stamp: 0x6074971b
Exception code: 0xc0000005
Fault offset: 0x0000000000cd982e
Faulting process ID: 0x32c8
Faulting application start time: 0x01d7391e2f410984
Faulting application path: E:\SteamLibrary\steamapps\common\Call to Arms\binaries\x64\call_to_arms_server.exe
Faulting module path: C:\Program Files (x86)\Steam\steamclient64.dll
Report ID: df1af750-e529-4095-8e61-0dcfec30a595
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/25/2021 02:31:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LightingService service terminated unexpectedly. It has done this 1 time(s).

Error: (04/25/2021 02:31:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Neustart des Diensts.

Error: (04/25/2021 02:31:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/25/2021 02:31:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Neustart des Diensts.

Error: (04/25/2021 02:31:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ROG Live Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Neustart des Diensts.

Error: (04/25/2021 02:31:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Corsair Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Neustart des Diensts.

Error: (04/25/2021 02:31:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/25/2021 02:31:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Nahimic service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Neustart des Diensts.


Windows Defender:
================
Date: 2021-04-25 12:34:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung

Date: 2021-04-25 10:57:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung

Date: 2021-04-25 09:33:01
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Mittel
Category: Einstellungsveränderer
Path: file:_D:\personal stuff\Dokumente\wichtige dokumente\opensuse\.config\chromium\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn\0.9.5.14_0\assets\thirdparties\someonewhocares.org\hosts\hosts
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.1595.0, AS: 1.335.1595.0, NIS: 1.335.1595.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-25 00:46:51
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Mittel
Category: Einstellungsveränderer
Path: file:_D:\personal stuff\Dokumente\wichtige dokumente\opensuse\.config\chromium\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn\0.9.5.14_0\assets\thirdparties\someonewhocares.org\hosts\hosts
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: Benutzer
Process Name: Unknown
Security intelligence Version: AV: 1.335.1595.0, AS: 1.335.1595.0, NIS: 1.335.1595.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-21 23:15:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung

CodeIntegrity:
===============
Date: 2021-04-25 13:49:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-04-25 13:49:32
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 0805 01/29/2019
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX Z390-F GAMING
Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 42%
Total physical RAM: 16301.81 MB
Available physical RAM: 9415.84 MB
Total Virtual: 40877.81 MB
Available Virtual: 31185.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.16 GB) (Free:75.02 GB) NTFS
Drive d: (The Big D) (Fixed) (Total:2794.5 GB) (Free:1942.6 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.5 GB) (Free:87.74 GB) NTFS
Drive f: (TFATF_G51) (CDROM) (Total:38.07 GB) (Free:0 GB) UDF

\\?\Volume{91c77463-c94a-42ca-af39-0bf2c08a3dd3}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{67942367-295a-4460-953c-146437c47045}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

M-K-D-B 25.04.2021 17:02
Schritt 1
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    CloseProcesses:
    AppInit_DLLs: prio.dll => No File
    Startup: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-03-15]
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    Task: {025189bb-e04b-4b4f-a102-009d1404148c} - no filepath
    Task: {1007b121-f089-480e-90c7-57a8faa3c84f} - no filepath
    Task: {23fbd644-894a-4474-a2b3-26241f331b82} - no filepath
    Task: {245d09ce-4e9d-4fa2-8e67-cfb4f6511aac} - no filepath
    Task: {301f8965-e4ae-4744-8a4b-33192acbb51d} - no filepath
    Task: {363e780d-5be2-4194-875f-76ee4e5a6c79} - no filepath
    Task: {3bb71775-0cb4-4539-b605-135d5ee03325} - no filepath
    Task: {5730c70a-6ec2-44c0-b62c-ff188d990c6d} - no filepath
    Task: {5ce387bf-dc0a-4cbb-b7f4-4dd795458def} - no filepath
    Task: {6b898014-fd4a-4d4c-a5a3-b29773767e03} - no filepath
    Task: {6ff8856b-af2c-4c24-9d7d-3031a3348ede} - no filepath
    Task: {738695d2-4931-470f-b610-182cb72dd1c3} - no filepath
    Task: {75902e42-c239-4c44-9134-8ae45933e238} - no filepath
    Task: {8d4de376-48e2-4c9e-8fe3-14a0550de8c7} - no filepath
    Task: {8fad8e1e-46b0-4443-8930-e631802435b8} - no filepath
    Task: {aaaa1e8c-715b-4fcc-9159-e4608715675f} - no filepath
    Task: {b3928b7b-3bb2-4fec-a52f-260c733e17b0} - no filepath
    Task: {b3cec726-1abf-4308-b869-1d0a1e523858} - no filepath
    Task: {d978b4b9-45d7-4183-9f25-00e0d2630123} - no filepath
    Task: {e9c83afe-6b4d-4919-8a2a-cf14ee9e693c} - no filepath
    Task: {ecac6b6e-a228-4f90-a467-260e334dc475} - no filepath
    Task: {f0c223f9-6302-4d9f-a79a-4ed32ab5e219} - no filepath
    Task: {fc7448f3-8afa-4b55-ba65-02e8cc565765} - no filepath
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    CMD: type "C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\prefs.js"
    C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\prefs.js
    FF Extension: (Honey) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2020-10-28]
    S3 ALSysIO; \??\C:\Users\Lem0th\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
    S1 SaferVPNNetfilter2; system32\drivers\SaferVPNNetfilter2.sys [X]
    C:\Users\Lem0th\AppData\Roaming\prio.ini
    C:\Users\Lem0th\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
    ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
    ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
    ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
    ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
    ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
    ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
    BHO: No Name -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7}' -> No File
    BHO-x32: No Name -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7}' -> No File
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: Bitsadmin /Reset /Allusers
    powershell: Set-MpPreference -PUAProtection Enabled
    powershell: Set-MpPreference -DisableScanningNetworkFiles 0
    RemoveProxy:
    SystemRestore: On
    EmptyTemp:
    End::
  • Starte nun FRST und klicke direkt den Reparieren Button.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
  • Starte FRST erneut und klicke auf Untersuchen.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort:
  • die Logdatei des FRST-Fix (fixlog.txt)
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

Ladekabel612 25.04.2021 17:27

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Lem0th (administrator) on DESKTOP-J6EBHR7 (25-04-2021 18:22:09)
Running from C:\Users\Lem0th\Desktop
Loaded Profiles: Lem0th
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: German (Germany) -> English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
(ASUSTeK Computer Inc. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2>
(ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute SAS -> A-Volute) C:\Users\Lem0th\AppData\Local\NhNotifSys\sonicstudio\asusns.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(GuinpinSoft inc) [File not signed] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Leawo Software) [File not signed] C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mega Limited -> Mega Limited) C:\Users\Lem0th\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.52.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(Nextcloud GmbH -> Nextcloud GmbH) C:\Program Files\Nextcloud\nextcloud.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Skutta, Kristjan -> ) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Skutta, Kristjan -> ) E:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [797216 2018-10-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [409760 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [Discord] => C:\Users\Lem0th\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14916448 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [pCloud] => C:\Program Files\pCloud Drive\pCloud.exe
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [Opera GX Browser Assistant] => C:\Users\Lem0th\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [2683712 2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\MountPoints2: {a1609cae-7353-11ea-b112-049226d53ae6} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\90.0.818.46\Installer\setup.exe [2021-04-23] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.85\Installer\chrmstp.exe [2021-04-20] (Google LLC -> Google LLC)
Startup: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2021-03-27]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Lem0th\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01664F83-85F1-4DC0-90F2-DF330ABC0B0B} - System32\Tasks\Microsoft\Windows\PLA\CPU Usage => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {01EB0D2D-9242-4029-8BCA-471044BEB93B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {093682DD-DEC7-4FDB-9AC9-A9707AD0A33F} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d729a046d57eec => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {0B047319-D529-4AC2-972B-F7F48C2BED95} - System32\Tasks\ASUS\NoiseCancelingEngine.exe => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1238328 2021-01-21] (ASUSTeK Computer Inc. -> ASUS)
Task: {1E34214F-8000-4F00-AC43-F06A53BA0439} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Lem0th\Downloads\ESETOnlineScanner_DEU.exe
Task: {28297989-FF1C-438C-BBEB-24797DBAF01D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A88A267-71FD-4683-B199-74D7DB593EDD} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]
Task: {2AFAE5D6-E448-4BD0-A2EB-E822F7266794} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2E05A762-241D-4789-A990-4A651EF0DB3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2EE2AD29-8E21-4B17-B828-6D8DA5832077} - System32\Tasks\Opera GX scheduled Autoupdate 1618421482 => C:\Users\Lem0th\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-04-19] (Opera Software AS -> Opera Software)
Task: {33A040C4-FFBD-4F8C-8FDF-A87FBC882CE3} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {370059CC-13B8-4D86-8335-B97F10C8F389} - System32\Tasks\NahimicSvc32Run => C:\WINDOWS\SysWOW64\NahimicSvc32.exe [822704 2020-11-04] (A-Volute -> Nahimic)
Task: {38232CC6-BFE4-4886-9306-E71244898D51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-27] (Google Inc -> Google LLC)
Task: {470D0E37-5950-432B-B344-3DDEF0D9D0FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-27] (Google Inc -> Google LLC)
Task: {47ED6285-C387-4DE8-902D-A50F39C4B7F5} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [756224 2021-02-18] (TODO: <Company name>) [File not signed]
Task: {48F98980-F45C-433A-8108-36E61B16A719} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [45585520 2021-03-29] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {58B9B65A-A251-4F0F-AF8E-F1D34202B4D0} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2331486850-4249055999-2076793073-1004 => C:\Users\Lem0th\AppData\Local\MEGAsync\MEGAupdater.exe [1818360 2021-01-28] (Mega Limited -> Mega Limited)
Task: {5963C6C5-4988-468A-8954-3E08943788C9} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F162B60-2A00-4BC5-BABD-783F7FD10A95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F1CAFE6-D9B8-4AF0-BEFA-4344F51077B4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {8148F4B7-8A9C-4740-BA58-88B58F16C86B} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {84298132-B677-46E7-873D-5ADD2F5691F6} - System32\Tasks\Alle Fenster minmieren => C:\Users\Lem0th\Documents\screensaver.vbs
Task: {85271E1F-AA3B-4934-9EBD-01D8C3F8C37E} - System32\Tasks\NahimicSvc64Run => C:\WINDOWS\System32\NahimicSvc64.exe [1066416 2020-11-04] (A-Volute -> Nahimic)
Task: {88359139-948E-4E05-84E7-58BB653B8387} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Lem0th\Downloads\ESETOnlineScanner_DEU.exe
Task: {9E7637BD-4851-4DA7-B656-D8C079B9B728} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [113376 2021-03-08] (ASUSTeK Computer Inc. -> ASUS)
Task: {9F8718FC-0BC5-44DD-BA5F-7D94D269D1BA} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AB8E148C-1196-423A-A059-6DC90934C514} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AFB46D49-C509-4C89-8BC6-991FDFE449B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B8CC6603-77F9-409A-BB32-130E22454001} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B95C791B-B514-41D0-97C7-9DE49E035D7F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C5460D46-B1A2-4718-A2C4-D7C661262264} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {C960D680-97CC-4C39-B61A-BA08A0491EA3} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1618579602 => C:\Users\Lem0th\AppData\Local\Programs\Opera GX\launcher.exe [1720472 2021-04-19] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Lem0th\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {C9E56682-6E62-4FBC-A59A-8489CC3AAEF5} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [2120032 2021-03-08] (ASUSTeK Computer Inc. -> ASUS)
Task: {CF513470-94D9-4003-9843-893AF510E726} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1652536 2018-11-05] (Intel(R) Software -> Intel Corporation)
Task: {D4EC6155-3012-46D7-9586-1B8B760AB69C} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {E13BB522-48E3-4D96-89EF-3CD86877A71B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EE033EC3-45C4-4227-AA6D-5E7D46DE6273} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{035a39fa-271c-433c-b0d1-1424d18b82c7}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{035a39fa-271c-433c-b0d1-1424d18b82c7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{127dd634-8b90-4b9b-b0c4-7183103b83dc}: [NameServer] 192.168.178.34,1.0.0.1
Tcpip\..\Interfaces\{127dd634-8b90-4b9b-b0c4-7183103b83dc}: [DhcpNameServer] 192.168.178.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lem0th\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-22]
Edge Notifications: Default -> hxxps://192.168.178.34
Edge Extension: (uBlock Origin) - C:\Users\Lem0th\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-03-24]
StartMenuInternet: Microsoft Edge Beta - C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe

FireFox:
========
FF DefaultProfile: urpz1bnq.default
FF ProfilePath: C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\urpz1bnq.default [2021-04-25]
FF ProfilePath: C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release [2021-04-25]
FF Notifications: Mozilla\Firefox\Profiles\40a0sgm9.default-release -> hxxps://www2a.rudyvalencia.pro; hxxps://www2a.delmarmora.pro; hxxps://192.168.178.34
FF Extension: (English United States Dictionary) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\@unitedstatesenglishdictionary.xpi [2020-10-12]
FF Extension: (Tampermonkey) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\firefox@tampermonkey.net.xpi [2021-03-18]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\langpack-de@firefox.mozilla.org.xpi [2021-04-20]
FF Extension: (English (US) Language Pack) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2021-04-20]
FF Extension: (uBlock Origin) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-04-23]
FF Extension: (Picture-In-Picture) - C:\Program Files\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi [2021-04-19] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default [2021-04-25]
CHR Extension: (Präsentationen) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-27]
CHR Extension: (Docs) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-27]
CHR Extension: (Google Drive) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-07]
CHR Extension: (YouTube) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-27]
CHR Extension: (Tabellen) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-18]
CHR Extension: (Google Mail) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Lem0th\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-22]

Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004) Opera GXStable - "C:\Users\Lem0th\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [348280 2021-03-22] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe [449336 2021-02-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [313008 2020-11-19] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [167384 2021-04-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [591176 2021-04-25] (ASUSTeK Computer Inc. -> )
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [1097976 2021-04-25] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2021-03-11] (BattlEye Innovations e.K. -> )
R2 CdRomAccessAgentService; C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe [90112 2021-04-22] (Leawo Software) [File not signed]
R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2021-04-21] (GuinpinSoft inc) [File not signed]
R2 CorsairGamingAudioConfig; C:\WINDOWS\system32\CorsairGamingAudioCfgService64.exe [616344 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421536 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [80544 2021-03-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2021-01-18] (FUTUREMARK INC -> Futuremark)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [409456 2021-03-30] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1874272 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6840672 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3210232 2021-03-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-07] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\90.0.818.46\elevation_service.exe [1567648 2021-04-22] (Microsoft Corporation -> Microsoft Corporation)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [2719664 2020-11-04] (A-Volute -> Nahimic)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2535000 2021-03-30] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479640 2021-03-30] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2020-08-29] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1676696 2021-03-27] (Rockstar Games, Inc. -> Rockstar Games)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [5557848 2021-03-24] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13103632 2020-09-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746944 2021-01-07] (Oracle Corporation -> Oracle Corporation)
R2 Wallpaper Engine Service; E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [520296 2021-02-21] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-04-14] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\WINDOWS\system32\drivers\AsIO3.sys [43920 2020-12-16] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 cbfsconnect2017; C:\WINDOWS\system32\drivers\cbfsconnect2017.sys [481296 2020-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudio64.sys [60312 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz150; C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [44832 2021-04-25] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [35344 2021-03-24] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239872 2021-01-07] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249776 2021-01-07] (Oracle Corporation -> Oracle Corporation)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20496 2020-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
U5 vsock; C:\Windows\System32\Drivers\vsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-25 18:22 - 2021-04-25 18:22 - 000033784 _____ C:\Users\Lem0th\Desktop\FRST.txt
2021-04-25 18:20 - 2021-04-25 18:20 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-25 18:20 - 2021-04-25 18:20 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-04-25 18:11 - 2021-04-25 18:19 - 000043173 _____ C:\Users\Lem0th\Desktop\Fixlog.txt
2021-04-25 17:04 - 2021-04-25 17:04 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-04-25 17:04 - 2021-04-13 11:26 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-25 17:04 - 2021-04-13 11:26 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-25 17:04 - 2021-04-13 11:25 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-25 17:04 - 2021-04-13 11:25 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-25 17:04 - 2021-04-13 11:25 - 001452312 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-25 17:04 - 2021-04-13 11:25 - 001191704 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-25 17:04 - 2021-04-13 11:25 - 001094864 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-25 17:04 - 2021-04-13 11:25 - 001094864 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-25 17:04 - 2021-04-13 11:25 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-25 17:04 - 2021-04-13 11:25 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-25 17:04 - 2021-04-13 11:22 - 001514784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-04-25 17:04 - 2021-04-13 11:22 - 001166112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-04-25 17:04 - 2021-04-13 11:22 - 000715552 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-04-25 17:04 - 2021-04-13 11:22 - 000675096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-04-25 17:04 - 2021-04-13 11:22 - 000575776 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-04-25 17:04 - 2021-04-13 11:22 - 000564000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-04-25 17:04 - 2021-04-13 11:21 - 002106144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-04-25 17:04 - 2021-04-13 11:21 - 001590552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-04-25 17:04 - 2021-04-13 11:21 - 000811800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-04-25 17:04 - 2021-04-13 11:20 - 008317216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-04-25 17:04 - 2021-04-13 11:20 - 007434008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-04-25 17:04 - 2021-04-13 11:20 - 004795184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-04-25 17:04 - 2021-04-13 11:20 - 002823456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-04-25 17:04 - 2021-04-13 11:20 - 001730848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6446611.dll
2021-04-25 17:04 - 2021-04-13 11:20 - 001490208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6446611.dll
2021-04-25 16:59 - 2020-08-14 09:59 - 000043416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys
2021-04-25 16:13 - 2021-04-25 16:14 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Magic.TXD config
2021-04-25 16:02 - 2021-04-25 16:02 - 000000000 ____D C:\Program Files\Magic TXD
2021-04-25 16:00 - 2021-04-25 16:02 - 000000000 ____D C:\Users\Lem0th\Desktop\mods gta sa
2021-04-25 16:00 - 2021-04-25 16:00 - 022725711 _____ C:\Users\Lem0th\Downloads\setup_11_rc3.zip
2021-04-25 15:11 - 2021-04-25 15:11 - 001377907 _____ C:\Users\Lem0th\Downloads\ArmouryCrateInstallTool.zip
2021-04-25 14:32 - 2021-04-25 14:32 - 040488656 _____ (Adlice Software ) C:\Users\Lem0th\Downloads\RogueKiller_setup.exe
2021-04-25 14:30 - 2021-04-25 14:31 - 000000000 ____D C:\AdwCleaner
2021-04-25 11:48 - 2021-04-25 18:22 - 000000000 ____D C:\FRST
2021-04-25 11:48 - 2021-04-25 11:48 - 002298368 _____ (Farbar) C:\Users\Lem0th\Desktop\FRST64.exe
2021-04-25 11:43 - 2021-04-25 13:47 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\IGDump
2021-04-24 22:59 - 2021-04-24 22:59 - 000001258 _____ C:\Users\Public\Desktop\Leawo Prof. Media.lnk
2021-04-24 22:59 - 2021-04-24 22:59 - 000001258 _____ C:\ProgramData\Desktop\Leawo Prof. Media.lnk
2021-04-24 22:59 - 2020-08-12 09:43 - 000606208 _____ (hxxp://www.xvid.org) C:\WINDOWS\SysWOW64\xvidcore.dll
2021-04-24 22:59 - 2020-08-12 09:43 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2021-04-24 22:59 - 2020-08-12 09:43 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2021-04-24 22:59 - 2020-08-12 09:43 - 000139264 _____ (hxxp://www.xvid.org) C:\WINDOWS\SysWOW64\xvid.ax
2021-04-24 21:57 - 2021-04-24 21:57 - 000278775 _____ C:\Users\Lem0th\Downloads\OldNewExplorer.rar
2021-04-24 21:57 - 2021-04-24 21:57 - 000000000 ____D C:\Users\Lem0th\Downloads\OldNewExplorer
2021-04-24 21:40 - 2021-04-24 21:40 - 004105063 _____ C:\Users\Lem0th\Downloads\nemo_by_kdr3w_dc8k7b7.zip
2021-04-24 21:17 - 2021-04-24 21:17 - 000162448 _____ (Manuel Hoefs (Zottel)) C:\Users\Lem0th\Downloads\UltraUXThemePatcher_4.1.2.exe
2021-04-24 15:25 - 2021-04-24 15:25 - 000000000 ____D C:\Users\Lem0th\AppData\Local\SmartTechnology
2021-04-24 15:23 - 2021-04-24 15:25 - 000000000 ____D C:\Users\Public\Documents\Mad Catz
2021-04-24 15:23 - 2021-04-24 15:23 - 000003065 _____ C:\Users\Lem0th\Desktop\MADCATZ R.A.T. 6+.lnk
2021-04-24 15:23 - 2021-04-24 15:23 - 000000000 ____D C:\Program Files\Mad Catz
2021-04-24 15:20 - 2021-04-24 15:22 - 015992319 _____ (Igor Pavlov) C:\Users\Lem0th\Downloads\RAT_6+_x64.exe
2021-04-23 18:07 - 2021-04-23 18:07 - 000000000 ____D C:\ProgramData\aacs
2021-04-23 18:01 - 2021-04-25 13:15 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\dvdcss
2021-04-23 17:45 - 2021-04-23 17:45 - 000046592 _____ C:\Users\Lem0th\Downloads\libdvdcss-2.dll
2021-04-23 17:45 - 2021-04-23 17:45 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\HandBrake
2021-04-23 17:41 - 2021-04-23 17:41 - 013534240 _____ C:\Users\Lem0th\Downloads\HandBrake-1.3.3-x86_64-Win_GUI.exe
2021-04-23 16:04 - 2021-04-23 16:04 - 001421296 _____ C:\Users\Lem0th\Downloads\drive-download-20210423T140444Z-001.zip
2021-04-22 16:56 - 2021-04-22 16:56 - 000050997 _____ C:\Users\Lem0th\Downloads\Unbenanntes Dokument.pdf
2021-04-22 16:45 - 2021-04-22 16:45 - 000088171 _____ C:\Users\Lem0th\Downloads\Aufgaben_Das Arbeitslosengeld_ea8def65b062ba3a4080908b29bb024c.pdf
2021-04-22 14:09 - 2021-04-22 14:10 - 000000000 ____D C:\Users\Lem0th\.dvdcss
2021-04-22 14:07 - 2021-04-22 14:07 - 000000000 ____D C:\Users\Lem0th\Downloads\Leawo Prof. Media 8.3.0.3
2021-04-22 13:53 - 2021-04-22 13:53 - 000094720 _____ C:\Users\Lem0th\Downloads\M65Elite_ISPv3.37.5.bin
2021-04-22 13:42 - 2021-04-22 13:42 - 000000000 ____D C:\Users\Lem0th\vm
2021-04-22 13:19 - 2021-04-22 13:28 - 140258448 _____ C:\Users\Lem0th\Downloads\Leawo Prof. Media 8.3.0.3.rar
2021-04-22 12:57 - 2021-04-22 13:03 - 132984680 _____ (Leawo Software Co., Ltd. ) C:\Users\Lem0th\Downloads\ltmcp_setup.exe
2021-04-22 12:42 - 2021-04-22 12:42 - 003374756 _____ C:\Users\Lem0th\Downloads\9 alte Prüfungsaufgaben allg(1).pdf
2021-04-22 12:28 - 2021-04-22 12:28 - 001614874 _____ C:\Users\Lem0th\Downloads\8 alte Prüfungsaufgabe(1).pdf
2021-04-22 12:14 - 2021-04-22 12:14 - 003335780 _____ C:\Users\Lem0th\Downloads\9 alte Prüfungsaufgaben allg.pdf
2021-04-22 12:10 - 2021-04-22 12:10 - 001591280 _____ C:\Users\Lem0th\Downloads\8 alte Prüfungsaufgabe.pdf
2021-04-22 09:05 - 2021-04-22 09:05 - 000001292 _____ C:\Users\Public\Desktop\Leawo Blu-ray Player.lnk
2021-04-22 09:05 - 2021-04-22 09:05 - 000001292 _____ C:\ProgramData\Desktop\Leawo Blu-ray Player.lnk
2021-04-22 09:05 - 2021-04-22 09:05 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Leawo
2021-04-22 09:04 - 2021-04-22 09:05 - 107116800 _____ (Leawo Software Co., Ltd. ) C:\Users\Lem0th\Downloads\blurayplayer2201_setup.exe
2021-04-22 08:56 - 2021-04-22 08:56 - 000000000 ___HD C:\$Windows.~WS
2021-04-22 08:56 - 2021-04-22 08:56 - 000000000 ____D C:\$WINDOWS.~BT
2021-04-22 08:52 - 2021-04-24 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
2021-04-22 08:52 - 2021-04-22 09:05 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Leawo
2021-04-22 08:52 - 2021-04-22 09:05 - 000000000 ____D C:\ProgramData\Leawo
2021-04-22 08:52 - 2021-04-22 09:05 - 000000000 ____D C:\Program Files (x86)\Leawo
2021-04-22 08:52 - 2021-04-22 08:52 - 000000000 ____D C:\Users\Lem0th\Documents\Leawo
2021-04-22 08:52 - 2021-04-22 08:52 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\tiger-k
2021-04-22 08:52 - 2021-04-22 08:52 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Leawo Prof
2021-04-22 08:52 - 2020-08-12 09:43 - 000066944 _____ (TOSHIBA Corporation) C:\WINDOWS\SysWOW64\thdudf.sys
2021-04-22 08:52 - 2020-08-12 09:43 - 000066944 _____ (TOSHIBA Corporation) C:\WINDOWS\SysWOW64\Drivers\thdudf.sys
2021-04-22 08:47 - 2021-04-22 08:51 - 132984680 _____ (Leawo Software Co., Ltd. ) C:\Users\Lem0th\Downloads\ltmcp_setup_g108568.exe
2021-04-22 08:33 - 2021-04-22 08:33 - 007783723 _____ C:\Users\Lem0th\Downloads\twindexx_rrx_repaint_1.1.zip
2021-04-21 23:05 - 2021-04-22 08:45 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\aacs
2021-04-21 23:05 - 2021-04-21 23:05 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\bluray
2021-04-21 23:04 - 2021-04-21 23:05 - 001235968 _____ C:\Users\Lem0th\Downloads\libaacs.dll
2021-04-21 23:02 - 2021-04-25 16:09 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\vlc
2021-04-21 22:59 - 2021-04-21 22:59 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-04-21 22:59 - 2021-04-21 22:59 - 000000916 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-04-21 22:59 - 2021-04-21 22:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-21 22:56 - 2021-04-21 22:56 - 042585440 _____ C:\Users\Lem0th\Downloads\vlc-3.0.12-win64.exe
2021-04-21 22:55 - 2021-04-21 22:55 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Macromedia
2021-04-21 19:15 - 2021-04-21 19:15 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\4316
2021-04-21 19:07 - 2021-04-22 16:28 - 000000000 ____D C:\Users\Lem0th\.MakeMKV
2021-04-21 19:07 - 2021-04-21 19:07 - 000001064 _____ C:\Users\Lem0th\Desktop\MakeMKV.lnk
2021-04-21 19:07 - 2021-04-21 19:07 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2021-04-21 19:07 - 2021-04-21 19:07 - 000000000 ____D C:\Program Files\Common Files\cdarbsvc
2021-04-21 19:07 - 2021-04-21 19:07 - 000000000 ____D C:\Program Files (x86)\MakeMKV
2021-04-21 19:06 - 2021-04-21 19:06 - 014233787 _____ (GuinpinSoft inc) C:\Users\Lem0th\Downloads\Setup_MakeMKV_v1.16.3.exe
2021-04-21 19:00 - 2021-04-21 19:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\AnyMP4 Studio
2021-04-21 19:00 - 2021-04-21 19:00 - 000000000 ____D C:\Users\Lem0th\AppData\Local\AnyMP4 Studio
2021-04-21 18:59 - 2021-04-21 18:59 - 001933496 _____ ( ) C:\Users\Lem0th\Downloads\screen-recorder.exe
2021-04-21 18:58 - 2021-04-22 11:28 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\DVDFab
2021-04-21 18:58 - 2021-04-21 18:58 - 000000000 ____D C:\Users\Lem0th\Downloads\DVDFab
2021-04-21 18:58 - 2021-04-21 18:58 - 000000000 ____D C:\Program Files\DVDFab
2021-04-21 18:57 - 2021-04-21 18:57 - 006131784 _____ (DVDFab 12) C:\Users\Lem0th\Downloads\dvdfab12_online_12026_64021c03.exe
2021-04-21 18:57 - 2021-04-21 18:57 - 000000000 ____D C:\Users\Lem0th\Documents\DVDFab
2021-04-20 16:00 - 2021-04-20 16:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-19 17:04 - 2021-04-21 16:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-18 21:09 - 2021-04-18 21:09 - 003038248 _____ (crosire) C:\Users\Lem0th\Downloads\ReShade_Setup_4.9.1.exe
2021-04-18 12:34 - 2021-04-18 19:36 - 000000000 ____D C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-001
2021-04-18 12:08 - 2021-04-18 12:34 - 001520203 _____ C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-002.zip
2021-04-18 12:08 - 2021-04-18 12:17 - 1132857394 _____ C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-003.zip
2021-04-18 12:07 - 2021-04-18 12:33 - 4282062453 _____ C:\Users\Lem0th\Downloads\takeout-20210417T205906Z-001.zip
2021-04-17 23:17 - 2021-04-17 23:17 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\SKS
2021-04-17 21:09 - 2021-04-18 18:53 - 000693180 _____ C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithoutExif.txt
2021-04-17 20:39 - 2021-04-17 20:39 - 000000113 _____ C:\Users\Lem0th\Desktop\remove files with 120x120 pixels.txt
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithExif.txt
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ C:\Users\Lem0th\AppData\Roaming\GlobalStrData.txt
2021-04-17 16:47 - 2021-04-17 16:47 - 000000733 _____ C:\Users\Lem0th\Downloads\Downloads - Shortcut.lnk
2021-04-17 15:06 - 2021-04-17 15:06 - 000231542 _____ C:\Users\Lem0th\Downloads\überweisung.pdf
2021-04-17 10:01 - 2021-04-17 10:12 - 000000000 ____D C:\nextcloudnew
2021-04-16 19:35 - 2021-04-25 17:41 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-16 17:37 - 2021-04-16 17:37 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\by Mike Baker at Rediscovering Photography
2021-04-16 17:36 - 2021-04-18 18:53 - 000000574 _____ C:\Users\Lem0th\AppData\Roaming\ExtensionCount.csv
2021-04-16 17:34 - 2021-04-18 18:53 - 000000147 _____ C:\Users\Lem0th\AppData\Roaming\PhotoMoveOutput.txt
2021-04-16 17:32 - 2021-04-16 17:42 - 000000000 ____D C:\sort
2021-04-16 17:31 - 2021-04-16 17:31 - 000000000 ____D C:\Users\Lem0th\AppData\Local\by_Mike_Baker_at_Rediscov
2021-04-16 17:31 - 2021-04-16 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoMove 2
2021-04-16 17:31 - 2021-04-16 17:31 - 000000000 ____D C:\Program Files (x86)\PhotoMove 2
2021-04-16 17:29 - 2021-04-25 09:32 - 000000000 ___SD C:\Users\Lem0th\Nextcloud
2021-04-16 17:28 - 2021-04-25 02:44 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Nextcloud
2021-04-16 17:28 - 2021-04-16 17:29 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Nextcloud
2021-04-16 17:28 - 2021-04-16 17:28 - 000001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nextcloud.lnk
2021-04-16 17:28 - 2021-04-16 17:28 - 000001912 _____ C:\Users\Public\Desktop\Nextcloud.lnk
2021-04-16 17:28 - 2021-04-16 17:28 - 000001912 _____ C:\ProgramData\Desktop\Nextcloud.lnk
2021-04-16 17:28 - 2021-04-16 17:28 - 000000000 ____D C:\Program Files\Nextcloud
2021-04-16 17:26 - 2021-04-16 17:26 - 007492830 _____ (Mike Baker @ Rediscovering Photography ) C:\Users\Lem0th\Downloads\PhotoMoveSetup.exe
2021-04-16 17:16 - 2021-04-16 17:16 - 088702976 _____ C:\Users\Lem0th\Downloads\Nextcloud-3.2.0-x64.msi
2021-04-16 17:00 - 2021-04-16 17:00 - 000000000 ____D C:\Users\Lem0th\Documents\mk_twindexx_445_1_04_09
2021-04-16 16:44 - 2021-04-16 16:44 - 000000000 ____D C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Triebwagen_dabpbzfa+dabpzfa_21_04_03
2021-04-16 16:42 - 2021-04-16 16:42 - 000000000 ____D C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03(1)
2021-04-16 16:41 - 2021-04-16 16:41 - 081812262 _____ C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Triebwagen_dabpbzfa+dabpzfa_21_04_03.zip
2021-04-16 16:41 - 2021-04-16 16:41 - 037942846 _____ C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03(1).zip
2021-04-16 16:39 - 2021-04-16 16:39 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-16 16:38 - 2021-04-16 16:38 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-16 16:38 - 2021-04-16 16:38 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-16 15:26 - 2021-04-16 15:26 - 000004488 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled assistant Autoupdate 1618579602
2021-04-15 20:56 - 2021-04-15 20:56 - 000162336 _____ C:\Users\Lem0th\Downloads\EPSON002.pdf
2021-04-15 20:29 - 2021-04-15 20:30 - 185762015 _____ C:\Users\Lem0th\Downloads\modwerkstatt_mwagen_1.zip
2021-04-15 15:59 - 2021-04-15 15:59 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\DefaultCompany
2021-04-14 19:31 - 2021-04-20 16:04 - 000004226 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1618421482
2021-04-14 19:31 - 2021-04-20 16:04 - 000001441 _____ C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser .lnk
2021-04-14 19:31 - 2021-04-14 19:31 - 000001445 _____ C:\Users\Lem0th\Desktop\Opera GX Browser .lnk
2021-04-14 19:30 - 2021-04-14 19:30 - 003749584 _____ (Opera Software) C:\Users\Lem0th\Downloads\OperaGXSetup.exe
2021-04-11 21:41 - 2021-04-11 21:41 - 000000000 ____D C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03
2021-04-11 02:31 - 2021-04-11 02:31 - 037942846 _____ C:\Users\Lem0th\Downloads\Twindexx_Repaint_Vorlagen_Hocheinstieg_Mittelwagen_21_04_03.zip
2021-04-11 02:24 - 2021-04-11 02:24 - 000947379 _____ C:\Users\Lem0th\Downloads\compressjpeg(1).zip
2021-04-11 02:22 - 2021-04-11 02:22 - 001054111 _____ C:\Users\Lem0th\Downloads\compressjpeg.zip
2021-04-10 20:31 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2021-04-10 20:30 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-04-10 20:26 - 2021-04-10 20:26 - 000000000 ____D C:\Users\Lem0th\.cache
2021-04-10 20:26 - 2021-04-10 15:24 - 268842274 _____ C:\Users\Lem0th\Downloads\DAS DEUTSCHE SCHLAGER HIT ALBUM 2021..DJ.R.R.S.mp4
2021-04-10 20:22 - 2021-04-10 20:22 - 008166801 _____ C:\Users\Lem0th\Downloads\youtube-dl.exe
2021-04-10 02:12 - 2021-04-10 02:12 - 000011168 _____ C:\Users\Lem0th\Documents\stdout.txt
2021-04-09 20:32 - 2021-04-09 20:32 - 000000000 ____D C:\Users\Lem0th\Downloads\Aloy Explicit Outfits-53-1-6-1615533351
2021-04-09 14:09 - 2021-04-09 14:09 - 000457185 _____ C:\Users\Lem0th\Downloads\FLT_2_KGL3ES16128_0.pdf
2021-04-09 03:18 - 2021-04-09 20:48 - 000000000 ____D C:\Users\Lem0th\Documents\Horizon Zero Dawn
2021-04-09 03:18 - 2021-04-09 03:20 - 149226206 _____ C:\Users\Lem0th\Downloads\Aloy Explicit Outfits-53-1-6-1615533351.7z
2021-04-09 00:02 - 2021-04-09 00:02 - 000457287 _____ C:\Users\Lem0th\Downloads\FLT_4_M4Z81D5246_0.pdf
2021-04-08 00:15 - 2021-04-08 00:23 - 1350631094 _____ C:\Users\Lem0th\Downloads\sc3015-NFSU2M13ELA.rar
2021-04-07 22:04 - 2021-04-07 22:05 - 026724770 _____ (The qBittorrent project) C:\Users\Lem0th\Downloads\qbittorrent_4.3.4.1_x64_setup.exe
2021-04-07 21:45 - 2021-04-07 21:55 - 1595082050 _____ C:\Users\Lem0th\Downloads\ISO.zip
2021-04-05 18:45 - 2021-04-05 18:45 - 006118306 _____ C:\Users\Lem0th\Downloads\CryENB V3.7z
2021-04-05 18:45 - 2021-04-05 18:45 - 000000000 ____D C:\Users\Lem0th\Documents\MEGAsync Downloads
2021-04-05 14:41 - 2021-04-05 14:41 - 000000000 ____D C:\Users\Lem0th\AppData\Local\ASUS
2021-04-05 14:39 - 2021-04-25 15:14 - 000000000 ____D C:\Users\Lem0th\AppData\Local\AcSdkInsLog
2021-04-05 14:39 - 2021-04-05 14:39 - 000000000 ____D C:\Program Files\PHISON
2021-04-05 14:39 - 2021-04-05 14:39 - 000000000 ____D C:\Program Files\PD
2021-04-05 14:39 - 2021-04-05 14:39 - 000000000 ____D C:\Program Files\Patriot
2021-04-05 14:39 - 2021-02-02 15:56 - 000151608 _____ (©ASUSTeK Computer Inc.) C:\WINDOWS\system32\AsIO3.dll
2021-04-05 14:39 - 2021-02-02 15:56 - 000123744 _____ (©ASUSTeK Computer Inc.) C:\WINDOWS\SysWOW64\AsIO3.dll
2021-04-05 14:39 - 2020-12-16 14:46 - 000043920 _____ C:\WINDOWS\system32\Drivers\AsIO3.sys
2021-04-05 14:39 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\WINDOWS\system32\Drivers\MsIo64.sys
2021-04-05 14:39 - 2020-01-19 19:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\WINDOWS\system32\Drivers\MsIo64.old
2021-04-05 00:20 - 2021-04-23 16:25 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk
2021-04-05 00:17 - 2021-04-25 15:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2021-04-05 00:13 - 2021-04-05 00:13 - 001348212 _____ C:\Users\Lem0th\Downloads\SetupROGLSLService.zip
2021-04-04 18:03 - 2021-04-04 18:03 - 081056014 _____ C:\Users\Lem0th\Downloads\volvofhcmi_20.12.20_Ty.zip
2021-04-04 17:00 - 2021-04-04 17:00 - 000000000 ____D C:\ProgramData\UNITE Team
2021-04-04 14:42 - 2021-04-04 14:43 - 064221968 _____ (Steganos Software GmbH) C:\Users\Lem0th\Downloads\sss21lmv2.exe
2021-04-03 13:59 - 2021-04-03 13:59 - 006891571 _____ C:\Users\Lem0th\Downloads\eis_os_commonapi2_1_20210310-dev(1).zip
2021-04-03 00:02 - 2021-04-03 18:13 - 000000000 ____D C:\Users\Lem0th\Documents\Need For Speed
2021-04-03 00:01 - 2021-04-03 00:01 - 000667460 _____ C:\Users\Lem0th\Downloads\R34 LED v2-16-1-0-1549247967.rar
2021-04-02 23:47 - 2021-04-02 23:51 - 1617651254 _____ (UNITE Team) C:\Users\Lem0th\Downloads\PROJECT UNITE 2015 Installer (1.2.3).exe
2021-04-02 23:43 - 2021-04-03 17:43 - 000000000 ____D C:\Users\Lem0th\Downloads\FrostyModManager_v1.0.5.9
2021-04-02 23:42 - 2021-04-02 23:42 - 032196225 _____ C:\Users\Lem0th\Downloads\FrostyModManager_v1.0.5.9.rar
2021-04-02 23:38 - 2021-04-02 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™
2021-04-02 22:15 - 2021-04-02 22:16 - 000000000 ____D C:\Users\Lem0th\Downloads\promods-v252
2021-04-02 19:44 - 2021-03-26 11:14 - 001730864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6446589.dll
2021-04-02 19:44 - 2021-03-26 11:14 - 001490224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6446589.dll
2021-04-02 17:44 - 2021-04-02 18:01 - 520031423 _____ C:\Users\Lem0th\Downloads\Microsoft Windows 98 First Edition.7z
2021-04-02 17:18 - 2021-04-02 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2021-04-02 17:15 - 2021-04-02 17:16 - 128980992 _____ C:\Users\Lem0th\Downloads\archiveteam-warrior-v3.2-20210306.ova
2021-04-02 17:15 - 2021-04-02 17:16 - 108257728 _____ (Oracle Corporation) C:\Users\Lem0th\Downloads\VirtualBox-6.1.18-142142-Win.exe
2021-03-28 15:58 - 2021-03-28 15:58 - 000000000 ____D C:\Program Files (x86)\ENE
2021-03-28 15:57 - 2021-03-28 15:57 - 003657432 _____ C:\Users\Lem0th\Downloads\G.SKILL-Trident-Z-Lighting-Control-v1.00.22.zip
2021-03-28 15:51 - 2021-03-28 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2021-03-27 10:34 - 2021-04-16 17:58 - 000000000 ___RD C:\Users\Lem0th\Documents\MEGAsync
2021-03-27 10:33 - 2021-03-27 10:34 - 000000022 _____ C:\Users\Lem0th\Downloads\MEGA-RECOVERYKEY.txt
2021-03-27 10:31 - 2021-03-27 10:31 - 034856824 _____ (MEGA Limited) C:\Users\Lem0th\Downloads\MEGAsyncSetup64.exe
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\MEGA
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\Users\Lem0th\AppData\Local\MEGAsync
2021-03-27 10:31 - 2021-03-27 10:31 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Mega Limited
2021-03-26 20:26 - 2021-03-26 20:27 - 015616404 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.008
2021-03-26 20:11 - 2021-03-26 20:25 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.006
2021-03-26 20:10 - 2021-03-26 20:24 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.007
2021-03-26 19:48 - 2021-03-26 20:03 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.005
2021-03-26 19:48 - 2021-03-26 20:03 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.004
2021-03-26 19:11 - 2021-03-26 19:27 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.003
2021-03-26 18:56 - 2021-03-26 19:12 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.002
2021-03-26 18:56 - 2021-03-26 19:11 - 262144000 _____ C:\Users\Lem0th\Downloads\promods-v252.7z.001
2021-03-26 18:55 - 2021-03-26 18:55 - 003419427 _____ C:\Users\Lem0th\Downloads\promods-def-st-v252.scs

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-25 18:22 - 2019-08-03 13:37 - 000000000 ____D C:\Users\Lem0th\AppData\Local\CrashDumps
2021-04-25 18:22 - 2019-04-11 22:29 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-25 18:21 - 2019-08-03 12:35 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\Mozilla
2021-04-25 18:21 - 2019-05-04 15:34 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-25 18:20 - 2020-08-05 20:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-25 18:20 - 2020-06-08 07:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-25 18:20 - 2020-06-02 16:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-25 18:20 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-25 18:20 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-25 18:20 - 2019-04-12 04:10 - 001136008 _____ C:\WINDOWS\system32\wpbbin.exe
2021-04-25 18:20 - 2019-04-12 04:10 - 001097976 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2021-04-25 18:15 - 2020-06-02 16:06 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-25 18:15 - 2019-12-07 16:51 - 000743714 _____ C:\WINDOWS\system32\perfh007.dat
2021-04-25 18:15 - 2019-12-07 16:51 - 000150136 _____ C:\WINDOWS\system32\perfc007.dat
2021-04-25 18:15 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-25 18:14 - 2019-09-03 16:27 - 000000000 ____D C:\Users\Lem0th\AppData\LocalLow\Temp
2021-04-25 18:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-04-25 18:11 - 2019-08-03 12:37 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Discord
2021-04-25 18:11 - 2018-09-15 09:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-04-25 18:09 - 2019-08-03 12:37 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Discord
2021-04-25 18:08 - 2019-08-03 12:28 - 000000000 ____D C:\Users\Lem0th\AppData\Local\NVIDIA
2021-04-25 18:07 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-25 18:07 - 2019-04-11 22:33 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-25 18:06 - 2019-08-03 12:35 - 000000000 ____D C:\Users\Lem0th\Documents\Euro Truck Simulator 2
2021-04-25 16:59 - 2020-06-02 16:02 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-25 16:59 - 2020-06-02 16:02 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-25 16:59 - 2020-06-02 16:02 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-25 16:59 - 2020-06-02 16:02 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-25 16:59 - 2020-06-02 16:02 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-25 16:59 - 2020-06-02 16:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-25 16:59 - 2020-06-02 16:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-25 16:59 - 2020-06-02 16:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-25 16:59 - 2020-06-02 16:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-25 16:59 - 2020-06-02 16:02 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-25 16:59 - 2019-04-11 22:30 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-04-25 16:59 - 2019-04-11 22:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-04-25 16:59 - 2019-04-11 22:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-04-25 16:45 - 2019-09-02 17:14 - 000000000 ____D C:\Users\Lem0th\Documents\GTA San Andreas User Files
2021-04-25 16:37 - 2019-08-03 13:37 - 000000000 ____D C:\Users\Lem0th\AppData\Local\modloader
2021-04-25 16:37 - 2019-06-02 03:24 - 000000000 ____D C:\ProgramData\modloader
2021-04-25 15:41 - 2019-08-14 22:33 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-04-25 15:15 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-25 15:15 - 2019-04-11 22:22 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-04-25 15:14 - 2019-04-12 04:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-25 15:14 - 2019-04-12 04:10 - 000000000 ____D C:\ProgramData\ASUS
2021-04-25 15:14 - 2019-04-12 02:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-04-25 15:14 - 2019-04-12 02:37 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-25 15:14 - 2019-04-12 02:37 - 000000000 ____D C:\Program Files\ASUS
2021-04-25 01:22 - 2020-06-02 15:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-24 21:25 - 2020-06-02 17:04 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-04-24 21:25 - 2019-12-12 18:02 - 000236472 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-04-24 21:25 - 2019-11-13 20:51 - 000038328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-04-24 21:25 - 2019-08-08 18:05 - 001695184 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-04-24 21:25 - 2019-08-08 18:05 - 000176592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-04-24 21:25 - 2019-08-08 18:05 - 000159672 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-04-24 21:18 - 2021-01-16 12:27 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2021-04-24 21:18 - 2019-12-07 11:09 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll
2021-04-24 11:38 - 2019-04-15 19:10 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2021-04-24 11:37 - 2019-04-15 19:09 - 000000000 ____D C:\Program Files (x86)\Notepad++
2021-04-24 11:14 - 2020-01-29 18:17 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-23 17:13 - 2019-08-03 12:33 - 000000000 ____D C:\Users\Lem0th\Documents\my games
2021-04-23 16:27 - 2021-02-22 17:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-22 14:10 - 2019-12-24 01:29 - 000000000 ____D C:\Users\Lem0th\.VirtualBox
2021-04-22 14:09 - 2020-06-02 15:58 - 000000000 ____D C:\Users\Lem0th
2021-04-22 13:26 - 2019-05-11 10:56 - 000000000 ____D C:\ProgramData\VirtualBox
2021-04-22 09:16 - 2021-02-26 16:39 - 000000000 ____D C:\WINDOWS\Panther
2021-04-22 09:16 - 2019-11-17 13:10 - 000000000 ____D C:\ESD
2021-04-21 22:59 - 2019-10-20 14:51 - 000000000 ____D C:\Program Files\VideoLAN
2021-04-21 18:58 - 2019-05-04 14:57 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-04-21 16:01 - 2019-04-11 22:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-20 21:20 - 2019-10-27 11:46 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-20 21:09 - 2020-06-02 16:02 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 21:09 - 2020-06-02 16:02 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 16:00 - 2019-04-11 22:30 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-19 17:20 - 2019-08-03 12:39 - 000000000 ____D C:\Users\Lem0th\AppData\Local\D3DSCache
2021-04-19 13:26 - 2021-01-23 17:40 - 000000000 ____D C:\Users\Lem0th\Documents\MAXON
2021-04-19 13:02 - 2020-02-16 00:42 - 000000000 ____D C:\Users\Lem0th\Documents\GTA Vice City User Files
2021-04-19 05:02 - 2020-06-02 15:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-04-19 05:02 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-19 05:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-19 05:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-17 21:16 - 2019-04-19 03:03 - 000000000 ____D C:\ProgramData\TruckersMP
2021-04-17 16:16 - 2019-08-24 11:55 - 000000000 ____D C:\Users\Lem0th\AppData\Local\ElevatedDiagnostics
2021-04-17 13:17 - 2019-08-03 12:29 - 000000000 ____D C:\Users\Lem0th\AppData\Local\PlaceholderTileLogoFolder
2021-04-17 13:17 - 2019-08-03 12:28 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Packages
2021-04-16 21:17 - 2021-03-01 23:10 - 000000000 ____D C:\Users\Lem0th\AppData\Local\RuneLite
2021-04-16 21:17 - 2019-11-14 18:03 - 000000045 _____ C:\Users\Lem0th\jagex_cl_oldschool_LIVE.dat
2021-04-16 16:40 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-16 16:34 - 2019-04-11 22:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-16 16:32 - 2019-04-11 22:31 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-14 19:31 - 2020-04-26 17:27 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Opera Software
2021-04-14 19:30 - 2020-04-26 17:27 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Opera Software
2021-04-13 16:20 - 2020-06-02 16:02 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-13 16:20 - 2020-06-02 16:02 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-13 11:21 - 2020-12-02 18:13 - 000656152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-04-13 11:17 - 2020-12-02 18:13 - 007212248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-04-13 11:17 - 2020-12-02 18:13 - 006159176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-04-13 01:48 - 2020-12-02 18:13 - 000063943 _____ C:\WINDOWS\system32\nvinfo.pb
2021-04-12 21:48 - 2020-12-02 18:15 - 005666672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-04-12 21:48 - 2020-12-02 18:15 - 002636656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2021-04-12 21:48 - 2020-12-02 18:15 - 001758064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2021-04-12 21:48 - 2020-12-02 18:15 - 000990064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2021-04-12 21:48 - 2020-12-02 18:15 - 000120176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2021-04-12 21:48 - 2020-12-02 18:15 - 000082288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2021-04-12 21:20 - 2019-08-04 18:43 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Ubisoft Game Launcher
2021-04-11 16:50 - 2019-04-18 22:56 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-04-11 16:48 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-11 02:52 - 2019-04-12 04:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-11 00:46 - 2021-02-07 00:52 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-08 20:08 - 2020-03-02 22:17 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Battle.net
2021-04-08 03:54 - 2020-06-02 15:56 - 000640712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-08 03:53 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-08 03:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-07 23:24 - 2021-02-05 17:28 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\qBittorrent
2021-04-07 17:41 - 2020-12-02 18:15 - 009527077 _____ C:\WINDOWS\system32\nvcoproc.bin
2021-04-07 15:57 - 2020-06-02 15:56 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-07 15:08 - 2019-04-12 02:37 - 000000000 ____D C:\Program Files\ENE
2021-04-07 13:38 - 2019-05-06 19:27 - 002817904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-04-07 13:38 - 2019-05-06 19:27 - 002171760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-04-07 13:38 - 2019-05-06 19:27 - 001293680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2021-04-05 15:27 - 2019-04-12 02:37 - 000000000 ____D C:\Program Files (x86)\LightingService
2021-04-05 15:21 - 2019-04-12 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2021-04-05 14:42 - 2019-04-11 22:33 - 000000000 ____D C:\ProgramData\Packages
2021-04-05 00:09 - 2019-11-28 17:28 - 000000000 ____D C:\Program Files (x86)\Corsair
2021-04-03 15:55 - 2020-12-06 13:23 - 000000000 ____D C:\Users\Lem0th\AppData\Roaming\Origin
2021-04-02 23:12 - 2021-01-25 21:03 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-04-02 23:12 - 2020-03-28 17:54 - 000000000 ____D C:\ProgramData\Origin
2021-04-02 23:09 - 2020-12-06 13:24 - 000000000 ____D C:\Program Files (x86)\Origin
2021-04-02 23:09 - 2020-12-06 13:23 - 000000000 ____D C:\Users\Lem0th\AppData\Local\Origin
2021-04-02 19:45 - 2020-06-02 15:36 - 000000000 ___SD C:\WINDOWS\system32\lxss
2021-03-30 15:42 - 2019-05-08 20:00 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2021-03-30 12:57 - 2020-12-12 12:59 - 000074608 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-03-30 12:57 - 2020-12-12 12:59 - 000064880 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-03-28 15:58 - 2019-11-05 18:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2021-03-27 19:40 - 2019-04-14 21:58 - 000000000 ____D C:\Program Files\Rockstar Games
2021-03-27 19:40 - 2019-04-14 21:58 - 000000000 ____D C:\Program Files (x86)\Rockstar Games

==================== Files in the root of some directories ========

2019-11-20 21:31 - 2021-01-29 23:28 - 645563019 _____ () C:\Users\Lem0th\AppData\Roaming\.minecraft.7z
2021-04-16 17:36 - 2021-04-18 18:53 - 000000574 _____ () C:\Users\Lem0th\AppData\Roaming\ExtensionCount.csv
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ () C:\Users\Lem0th\AppData\Roaming\GlobalStrData.txt
2021-04-17 18:38 - 2021-04-18 18:53 - 000537074 _____ () C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithExif.txt
2021-04-17 21:09 - 2021-04-18 18:53 - 000693180 _____ () C:\Users\Lem0th\AppData\Roaming\GlobalStrDataWithoutExif.txt
2021-04-16 17:34 - 2021-04-18 18:53 - 000000147 _____ () C:\Users\Lem0th\AppData\Roaming\PhotoMoveOutput.txt
2020-04-04 13:35 - 2020-05-10 15:33 - 000000128 _____ () C:\Users\Lem0th\AppData\Roaming\PUTTY.RND
2020-10-22 17:32 - 2021-01-08 19:37 - 000000128 _____ () C:\Users\Lem0th\AppData\Roaming\winscp.rnd
2020-11-22 14:33 - 2020-11-22 14:50 - 001065984 _____ () C:\Users\Lem0th\AppData\Local\file__0.localstorage
2019-08-20 16:02 - 2021-03-13 18:09 - 000000205 _____ () C:\Users\Lem0th\AppData\Local\oobelibMkey.log
2020-04-16 20:24 - 2020-04-16 20:24 - 000000529 _____ () C:\Users\Lem0th\AppData\Local\Perfmon.PerfmonCfg
2020-02-07 17:40 - 2021-01-16 14:19 - 000000128 _____ () C:\Users\Lem0th\AppData\Local\PUTTY.RND
2021-02-07 15:48 - 2021-02-07 15:48 - 000000867 _____ () C:\Users\Lem0th\AppData\Local\recently-used.xbel
2019-10-12 15:03 - 2019-10-12 15:03 - 000007602 _____ () C:\Users\Lem0th\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---



Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Lem0th (25-04-2021 18:11:37) Run:1
Running from C:\Users\Lem0th\Desktop
Loaded Profiles: Lem0th
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
AppInit_DLLs: prio.dll => No File
Startup: C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-03-15]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {025189bb-e04b-4b4f-a102-009d1404148c} - no filepath
Task: {1007b121-f089-480e-90c7-57a8faa3c84f} - no filepath
Task: {23fbd644-894a-4474-a2b3-26241f331b82} - no filepath
Task: {245d09ce-4e9d-4fa2-8e67-cfb4f6511aac} - no filepath
Task: {301f8965-e4ae-4744-8a4b-33192acbb51d} - no filepath
Task: {363e780d-5be2-4194-875f-76ee4e5a6c79} - no filepath
Task: {3bb71775-0cb4-4539-b605-135d5ee03325} - no filepath
Task: {5730c70a-6ec2-44c0-b62c-ff188d990c6d} - no filepath
Task: {5ce387bf-dc0a-4cbb-b7f4-4dd795458def} - no filepath
Task: {6b898014-fd4a-4d4c-a5a3-b29773767e03} - no filepath
Task: {6ff8856b-af2c-4c24-9d7d-3031a3348ede} - no filepath
Task: {738695d2-4931-470f-b610-182cb72dd1c3} - no filepath
Task: {75902e42-c239-4c44-9134-8ae45933e238} - no filepath
Task: {8d4de376-48e2-4c9e-8fe3-14a0550de8c7} - no filepath
Task: {8fad8e1e-46b0-4443-8930-e631802435b8} - no filepath
Task: {aaaa1e8c-715b-4fcc-9159-e4608715675f} - no filepath
Task: {b3928b7b-3bb2-4fec-a52f-260c733e17b0} - no filepath
Task: {b3cec726-1abf-4308-b869-1d0a1e523858} - no filepath
Task: {d978b4b9-45d7-4183-9f25-00e0d2630123} - no filepath
Task: {e9c83afe-6b4d-4919-8a2a-cf14ee9e693c} - no filepath
Task: {ecac6b6e-a228-4f90-a467-260e334dc475} - no filepath
Task: {f0c223f9-6302-4d9f-a79a-4ed32ab5e219} - no filepath
Task: {fc7448f3-8afa-4b55-ba65-02e8cc565765} - no filepath
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CMD: type "C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\prefs.js"
C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\prefs.js
FF Extension: (Honey) - C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2020-10-28]
S3 ALSysIO; \??\C:\Users\Lem0th\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S1 SaferVPNNetfilter2; system32\drivers\SaferVPNNetfilter2.sys [X]
C:\Users\Lem0th\AppData\Roaming\prio.ini
C:\Users\Lem0th\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
BHO: No Name -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7}' -> No File
BHO-x32: No Name -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7}' -> No File
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
RemoveProxy:
SystemRestore: On
EmptyTemp:

*****************

Processes closed successfully.
"prio.dll" => Value data removed successfully
C:\Users\Lem0th\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk => moved successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{025189bb-e04b-4b4f-a102-009d1404148c}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1007b121-f089-480e-90c7-57a8faa3c84f}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23fbd644-894a-4474-a2b3-26241f331b82}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{245d09ce-4e9d-4fa2-8e67-cfb4f6511aac}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{301f8965-e4ae-4744-8a4b-33192acbb51d}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{363e780d-5be2-4194-875f-76ee4e5a6c79}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3bb71775-0cb4-4539-b605-135d5ee03325}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5730c70a-6ec2-44c0-b62c-ff188d990c6d}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ce387bf-dc0a-4cbb-b7f4-4dd795458def}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6b898014-fd4a-4d4c-a5a3-b29773767e03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ff8856b-af2c-4c24-9d7d-3031a3348ede}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{738695d2-4931-470f-b610-182cb72dd1c3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75902e42-c239-4c44-9134-8ae45933e238}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8d4de376-48e2-4c9e-8fe3-14a0550de8c7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8fad8e1e-46b0-4443-8930-e631802435b8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{aaaa1e8c-715b-4fcc-9159-e4608715675f}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b3928b7b-3bb2-4fec-a52f-260c733e17b0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b3cec726-1abf-4308-b869-1d0a1e523858}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d978b4b9-45d7-4183-9f25-00e0d2630123}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e9c83afe-6b4d-4919-8a2a-cf14ee9e693c}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ecac6b6e-a228-4f90-a467-260e334dc475}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{f0c223f9-6302-4d9f-a79a-4ed32ab5e219}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{fc7448f3-8afa-4b55-ba65-02e8cc565765}" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully

========= type "C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\prefs.js" =========

// Mozilla User Preferences

// DO NOT EDIT THIS FILE.
//
// If you make changes to this file while the application is running,
// the changes will be overwritten when the application exits.
//
// To change a preference value, you can either:
// - modify it via the UI (e.g. via about:config in the browser); or
// - set it within a user.js file in your profile.

user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.normandy.first_run", false);
user_pref("app.normandy.migrationsApplied", 10);
user_pref("app.normandy.startupRolloutPrefs.app.normandy.onsync_skew_sec", 3300);
user_pref("app.normandy.startupRolloutPrefs.browser.migrate.showBookmarksToolbarAfterMigration", true);
user_pref("app.normandy.startupRolloutPrefs.browser.partnerlink.useAttributionURL", true);
user_pref("app.normandy.startupRolloutPrefs.browser.topsites.experiment.ebay-2020-1", true);
user_pref("app.normandy.startupRolloutPrefs.browser.topsites.useRemoteSetting", true);
user_pref("app.normandy.startupRolloutPrefs.extensions.formautofill.creditCards.available", true);
user_pref("app.normandy.startupRolloutPrefs.extensions.formautofill.creditCards.enabled", true);
user_pref("app.normandy.startupRolloutPrefs.extensions.formautofill.creditCards.hideui", false);
user_pref("app.normandy.startupRolloutPrefs.media.videocontrols.picture-in-picture.video-toggle.mode", 2);
user_pref("app.normandy.startupRolloutPrefs.pdfjs.renderInteractiveForms", true);
user_pref("app.normandy.startupRolloutPrefs.security.bad_cert_domain_error.url_fix_enabled", true);
user_pref("app.normandy.startupRolloutPrefs.security.remote_settings.intermediates.downloads_per_poll", 3000);
user_pref("app.normandy.user_id", "1c090834-6ba8-4d61-9435-8e559abec8aa");
user_pref("app.shield.optoutstudies.enabled", false);
user_pref("app.update.auto.migrated", true);
user_pref("app.update.download.attempts", 0);
user_pref("app.update.elevate.attempts", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1619364439);
user_pref("app.update.lastUpdateTime.background-update-timer", 1619345604);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1588690616);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1619365012);
user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1619358052);
user_pref("app.update.lastUpdateTime.region-update-timer", 1619191488);
user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1608230489);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1619357932);
user_pref("app.update.lastUpdateTime.services-settings-poll-changes", 1619359971);
user_pref("app.update.lastUpdateTime.telemetry_modules_ping", 1619208785);
user_pref("app.update.lastUpdateTime.telemetry_untrustedmodules_ping", 1619360092);
user_pref("app.update.lastUpdateTime.xpi-signature-verification", 1619364559);
user_pref("app.update.migrated.updateDir2.308046B0AF4A39CB", true);
user_pref("browser.bookmarks.defaultLocation", "unfiled");
user_pref("browser.bookmarks.editDialog.confirmationHintShowCount", 3);
user_pref("browser.bookmarks.restore_default_bookmarks", false);
user_pref("browser.cache.disk.amount_written", 1730818);
user_pref("browser.cache.disk.capacity", 1048576);
user_pref("browser.cache.disk.filesystem_reported", 1);
user_pref("browser.cache.disk.hashstats_reported", 1);
user_pref("browser.cache.disk.telemetry_report_ID", 525);
user_pref("browser.contentblocking.category", "custom");
user_pref("browser.contentblocking.cfr-milestone.milestone-achieved", 50000);
user_pref("browser.contentblocking.cfr-milestone.milestone-shown-time", "1614456572583");
user_pref("browser.contentblocking.introCount", 5);
user_pref("browser.download.lastDir", "C:\\Users\\Lem0th\\Desktop");
user_pref("browser.download.panel.shown", true);
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.download.viewableInternally.typeWasRegistered.svg", true);
user_pref("browser.download.viewableInternally.typeWasRegistered.webp", true);
user_pref("browser.download.viewableInternally.typeWasRegistered.xml", true);
user_pref("browser.eme.ui.firstContentShown", true);
user_pref("browser.engagement.downloads-button.has-used", true);
user_pref("browser.engagement.fxa-toolbar-menu-button.has-used", true);
user_pref("browser.engagement.home-button.has-used", true);
user_pref("browser.engagement.library-button.has-used", true);
user_pref("browser.fixup.domainwhitelist.pi.hole", true);
user_pref("browser.laterrun.bookkeeping.profileCreationTime", 1564828533);
user_pref("browser.laterrun.bookkeeping.sessionCount", 42);
user_pref("browser.launcherProcess.enabled", true);
user_pref("browser.migration.version", 107);
user_pref("browser.newtab.url", "https://defaultsearch.co/homepage?hp=1&pId=AC191101&iDate=2020-05-09 10:03:19&bName=&bitmask=0600");
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories.rec.impressions", "{\"50514\":1576509949641,\"50522\":1576509949641,\"50529\":1576526810929,\"50542\":1576509949641,\"50553\":1576521192832,\"50555\":1576522412673,\"50561\":1576529422983,\"50572\":1576594386344,\"50579\":1576594386344,\"50600\":1576594386344}");
user_pref("browser.newtabpage.activity-stream.impressionId", "{e6899aa6-c782-48d9-bf72-85d0bb12c506}");
user_pref("browser.newtabpage.pinned", "[]");
user_pref("browser.newtabpage.storageVersion", 1);
user_pref("browser.newtabpage.url", "https://defaultsearch.co/homepage?hp=1&pId=AC191101&iDate=2020-05-09 10:03:19&bName=&bitmask=0600");
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"pinTab\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"addSearchEngine\",\"sendToDevice\",\"shareURL\",\"pocket\"],\"idsInUrlbar\":[\"pocket\",\"bookmark\"]}");
user_pref("browser.pagethumbnails.storage_version", 3);
user_pref("browser.protections_panel.infoMessage.seen", true);
user_pref("browser.region.update.updated", 1619191489);
user_pref("browser.rights.3.shown", true);
user_pref("browser.safebrowsing.provider.google4.lastupdatetime", "1619366974266");
user_pref("browser.safebrowsing.provider.google4.nextupdatetime", "1619368747266");
user_pref("browser.safebrowsing.provider.mozilla.lastupdatetime", "1619357787501");
user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "1619379387501");
user_pref("browser.search.hiddenOneOffs", "DuckDuckGo");
user_pref("browser.search.region", "DE");
user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20210415204500");
user_pref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true);
user_pref("browser.shell.mostRecentDateSetAsDefault", "1619366973");
user_pref("browser.slowStartup.averageTime", 1204);
user_pref("browser.slowStartup.samples", 1);
user_pref("browser.startup.homepage_override.buildID", "20210415204500");
user_pref("browser.startup.homepage_override.mstone", "88.0");
user_pref("browser.startup.lastColdStartupCheck", 1619366973);
user_pref("browser.toolbars.bookmarks.visibility", "never");
user_pref("browser.topsites.migratedToRemoteSetting.id", 1);
user_pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"home-button\",\"customizableui-special-spring1\",\"urlbar-container\",\"customizableui-special-spring2\",\"downloads-button\",\"library-button\",\"sidebar-button\",\"fxa-toolbar-menu-button\",\"ublock0_raymondhill_net-browser-action\",\"_1c56fa07-34c5-4e5c-b765-89b79fe53e74_-browser-action\",\"_75afe46a-7a50-4c6b-b866-c43a1075b071_-browser-action\",\"user-agent-switcher_ninetailed_ninja-browser-action\",\"_f209234a-76f0-4735-9920-eb62507a54cd_-browser-action\",\"jid1-93cwpmrbvpjrqa_jetpack-browser-action\",\"https-everywhere_eff_org-browser-action\",\"firefox_tampermonkey_net-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"personal-bookmarks\",\"managed-bookmarks\"]},\"seen\":[\"developer-button\",\"ublock0_raymondhill_net-browser-action\",\"_1c56fa07-34c5-4e5c-b765-89b79fe53e74_-browser-action\",\"_75afe46a-7a50-4c6b-b866-c43a1075b071_-browser-action\",\"user-agent-switcher_ninetailed_ninja-browser-action\",\"_f209234a-76f0-4735-9920-eb62507a54cd_-browser-action\",\"jid1-93cwpmrbvpjrqa_jetpack-browser-action\",\"https-everywhere_eff_org-browser-action\",\"firefox_tampermonkey_net-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\"],\"dirtyAreaCache\":[\"nav-bar\",\"toolbar-menubar\",\"TabsToolbar\",\"PersonalToolbar\"],\"currentVersion\":16,\"newElementCount\":3}");
user_pref("browser.urlbar.placeholderName", "Google");
user_pref("browser.urlbar.placeholderName.private", "Google");
user_pref("browser.urlbar.resultBuckets", "{\"children\":[{\"maxResultCount\":1,\"children\":[{\"group\":\"heuristicTest\"},{\"group\":\"heuristicExtension\"},{\"group\":\"heuristicSearchTip\"},{\"group\":\"heuristicOmnibox\"},{\"group\":\"heuristicUnifiedComplete\"},{\"group\":\"heuristicAutofill\"},{\"group\":\"heuristicTokenAliasEngine\"},{\"group\":\"heuristicFallback\"}]},{\"group\":\"extension\",\"maxResultCount\":5},{\"flexChildren\":true,\"children\":[{\"flexChildren\":true,\"children\":[{\"flex\":2,\"group\":\"formHistory\"},{\"flex\":4,\"group\":\"remoteSuggestion\"},{\"flex\":0,\"group\":\"tailSuggestion\"}],\"flex\":2},{\"group\":\"general\",\"flex\":1}]}]}");
user_pref("browser.urlbar.tabToSearch.onboard.interactionsLeft", 2);
user_pref("browser.urlbar.tipShownCount.searchTip_onboard", 4);
user_pref("browser.urlbar.tipShownCount.searchTip_redirect", 4);
user_pref("browser.urlbar.tipShownCount.tabToSearch", 60);
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 2);
user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1564828539962");
user_pref("devtools.debugger.prefs-schema-version", 11);
user_pref("devtools.onboarding.telemetry.logged", true);
user_pref("devtools.responsive.html.displayedDeviceList", "{\"added\":[\"bingbot\"],\"removed\":[\"iPhone 6/7/8\",\"iPad\",\"Kindle Fire HDX\"]}");
user_pref("devtools.responsive.reloadNotification.enabled", false);
user_pref("devtools.toolsidebar-height.inspector", 350);
user_pref("devtools.toolsidebar-width.inspector", 700);
user_pref("devtools.toolsidebar-width.inspector.splitsidebar", 350);
user_pref("distribution.iniFile.exists.appversion", "88.0");
user_pref("distribution.iniFile.exists.value", false);
user_pref("doh-rollout.balrog-migration-done", true);
user_pref("doh-rollout.doneFirstRun", true);
user_pref("dom.push.userAgentID", "ea080b3f21194cfb96c774433e00c373");
user_pref("dom.security.https_only_mode", true);
user_pref("dom.security.https_only_mode_ever_enabled", true);
user_pref("extensions.activeThemeID", "firefox-compact-dark@mozilla.org");
user_pref("extensions.blocklist.lastModified", "Tue, 21 Jan 2020 16:26:51 GMT");
user_pref("extensions.blocklist.pingCountTotal", 173);
user_pref("extensions.blocklist.pingCountVersion", -1);
user_pref("extensions.databaseSchema", 33);
user_pref("extensions.fxmonitor.firstAlertShown", true);
user_pref("extensions.getAddons.cache.lastUpdate", 1619364440);
user_pref("extensions.getAddons.databaseSchema", 6);
user_pref("extensions.incognito.migrated", true);
user_pref("extensions.lastAppBuildId", "20210415204500");
user_pref("extensions.lastAppVersion", "88.0");
user_pref("extensions.lastPlatformVersion", "88.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.pictureinpicture.enable_picture_in_picture_overrides", true);
user_pref("extensions.privatebrowsing.notification", true);
user_pref("extensions.reset_default_search.runonce.1", true);
user_pref("extensions.reset_default_search.runonce.3", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.ui.dictionary.hidden", false);
user_pref("extensions.ui.extension.hidden", false);
user_pref("extensions.ui.lastCategory", "addons://list/extension");
user_pref("extensions.ui.locale.hidden", false);
user_pref("extensions.webcompat.enable_picture_in_picture_overrides", true);
user_pref("extensions.webcompat.enable_shims", true);
user_pref("extensions.webcompat.perform_injections", true);
user_pref("extensions.webcompat.perform_ua_overrides", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.doh-rollout@mozilla.org", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.firefox@tampermonkey.net", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.jid1-93CWPmRbVPjRQA@jetpack", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.uBlock0@raymondhill.net", true);
user_pref("extensions.webextensions.uuids", "{\"formautofill@mozilla.org\":\"bf64ff84-a91b-46aa-ab8c-84a9ebc1a068\",\"fxmonitor@mozilla.org\":\"a8403fd3-24d0-463b-a01d-3f4aceb7eae9\",\"screenshots@mozilla.org\":\"4015147a-1a99-41be-88eb-79fbbabe3254\",\"webcompat-reporter@mozilla.org\":\"368e8379-7652-4888-857c-f984723a0030\",\"webcompat@mozilla.org\":\"a6c75f4d-f27d-4b15-ab58-fcc7efb854bd\",\"default-theme@mozilla.org\":\"d5c62600-b26b-4755-aa7a-b0d15f1819be\",\"google@search.mozilla.org\":\"edfb824a-e5c0-490f-a38d-51c4814a3078\",\"amazon@search.mozilla.org\":\"ba8c2479-d4b9-46d2-a5f7-516b1ecd2919\",\"bing@search.mozilla.org\":\"d0eee53f-b3c4-4688-a225-34ecd418f332\",\"ddg@search.mozilla.org\":\"ecf5ec01-8e68-43d3-8726-01cfa89d47a1\",\"ebay@search.mozilla.org\":\"aa71252a-ea04-4355-9830-557e79a2c09f\",\"ecosia@search.mozilla.org\":\"5cbf7a6e-372a-4dc6-b2b5-ed9d324a5bbc\",\"leo_ende_de@search.mozilla.org\":\"85f00478-0c31-4c6a-b840-124da1903180\",\"wikipedia@search.mozilla.org\":\"f80e43d0-8cc9-4d6e-aaaa-454290060c9c\",\"uBlock0@raymondhill.net\":\"386f5184-83ea-4d5f-9461-09b9c9681afa\",\"firefox-compact-dark@mozilla.org\":\"d1e72f9d-c32d-451e-8bad-e6b0ff986fbb\",\"amazondotcom@search.mozilla.org\":\"2d6e6a1b-8d6a-4ce2-a948-661b06102011\",\"twitter@search.mozilla.org\":\"b8f49636-b40a-4e83-9efc-44ba703b3bbe\",\"doh-rollout@mozilla.org\":\"26b0147f-47d6-4e35-9f0d-c6f62b88595c\",\"jid1-93CWPmRbVPjRQA@jetpack\":\"691c3372-a621-4d0a-8018-9df0c235192a\",\"firefox@tampermonkey.net\":\"97acb09e-8142-4108-8c34-299096190f13\",\"reset-search-defaults@mozilla.com\":\"e57c2f04-98e8-4423-acf1-61e9f0ae5bc9\",\"pictureinpicture@mozilla.org\":\"14043934-136e-44dc-84c5-a23bb9e8a05a\"}");
user_pref("findbar.entireword", true);
user_pref("findbar.highlightAll", true);
user_pref("fission.experiment.max-origins.last-disqualified", 0);
user_pref("fission.experiment.max-origins.last-qualified", 1614353704);
user_pref("fission.experiment.max-origins.qualified", true);
user_pref("font.internaluseonly.changed", false);
user_pref("general.smoothScroll.mouseWheel.migrationPercent", 0);
user_pref("gfx-shader-check.build-version", "20210415204500");
user_pref("gfx-shader-check.device-id", "0x1f07");
user_pref("gfx-shader-check.driver-version", "27.21.14.6611");
user_pref("gfx.crash-guard.status.wmfvpxvideo", 2);
user_pref("gfx.crash-guard.wmfvpxvideo.appVersion", "88.0");
user_pref("gfx.crash-guard.wmfvpxvideo.deviceID", "0x1f07");
user_pref("gfx.crash-guard.wmfvpxvideo.driverVersion", "27.21.14.6611");
user_pref("identity.fxaccounts.toolbar.accessed", true);
user_pref("idle.lastDailyNotification", 1619364753);
user_pref("intl.locale.requested", "en-US,de");
user_pref("layers.mlgpu.sanity-test-failed", true);
user_pref("media.benchmark.vp9.fps", 356);
user_pref("media.benchmark.vp9.versioncheck", 5);
user_pref("media.gmp-gmpopenh264.abi", "x86_64-msvc-x64");
user_pref("media.gmp-gmpopenh264.lastUpdate", 1572078457);
user_pref("media.gmp-gmpopenh264.version", "1.8.1.1");
user_pref("media.gmp-manager.buildID", "20210415204500");
user_pref("media.gmp-manager.lastCheck", 1619293944);
user_pref("media.gmp-widevinecdm.abi", "x86_64-msvc-x64");
user_pref("media.gmp-widevinecdm.lastUpdate", 1618927287);
user_pref("media.gmp-widevinecdm.version", "4.10.2209.1");
user_pref("media.gmp.storage.version.observed", 1);
user_pref("media.hardware-video-decoding.failed", false);
user_pref("media.peerconnection.ice.default_address_only", true);
user_pref("media.peerconnection.ice.no_host", true);
user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
user_pref("media.videocontrols.picture-in-picture.video-toggle.has-used", true);
user_pref("network.captive-portal-service.enabled", false);
user_pref("network.dns.disablePrefetch", true);
user_pref("network.http.speculative-parallel-limit", 0);
user_pref("network.predictor.cleaned-up", true);
user_pref("network.predictor.enabled", false);
user_pref("network.prefetch-next", false);
user_pref("network.trr.blocklist_cleanup_done", true);
user_pref("network.trr.mode", 2);
user_pref("pdfjs.enabledCache.state", true);
user_pref("pdfjs.migrationVersion", 2);
user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
user_pref("pdfjs.previousHandler.preferredAction", 4);
user_pref("permissions.eventTelemetry.salt", "{441a2b64-f178-4d7f-91ed-34c332c597f7}");
user_pref("places.database.lastMaintenance", 1619102331);
user_pref("places.history.expiration.transient_current_max_pages", 147549);
user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
user_pref("pref.general.disable_button.default_browser", false);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_bgcolor", false);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_bgimages", false);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_duplex", 0);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_edge_bottom", 0);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_edge_left", 0);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_edge_right", 0);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_edge_top", 0);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_evenpages", true);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_footercenter", "");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_footerleft", "&PT");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_footerright", "&D");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_headercenter", "");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_headerleft", "&T");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_headerright", "&U");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_in_color", true);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_margin_bottom", "0.5");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_margin_left", "0.5");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_margin_right", "0.5");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_margin_top", "0.5");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_oddpages", true);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_orientation", 0);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_page_delay", 50);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_paper_data", 1);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_paper_height", "11.6929");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_paper_id", "9");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_paper_name", "");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_paper_size_unit", 0);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_paper_width", "8.26772");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_resolution", 360);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_reversed", false);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_scaling", "1");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_shrink_to_fit", true);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_to_file", false);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_to_filename", "");
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_unwriteable_margin_bottom", 12);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_unwriteable_margin_left", 12);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_unwriteable_margin_right", 12);
user_pref("print.printer_EPSON127DF5_(XP-540_Series).print_unwriteable_margin_top", 12);
user_pref("print.printer_Microsoft_Print_to_PDF.print_bgcolor", false);
user_pref("print.printer_Microsoft_Print_to_PDF.print_bgimages", false);
user_pref("print.printer_Microsoft_Print_to_PDF.print_duplex", 0);
user_pref("print.printer_Microsoft_Print_to_PDF.print_edge_bottom", 0);
user_pref("print.printer_Microsoft_Print_to_PDF.print_edge_left", 0);
user_pref("print.printer_Microsoft_Print_to_PDF.print_edge_right", 0);
user_pref("print.printer_Microsoft_Print_to_PDF.print_edge_top", 0);
user_pref("print.printer_Microsoft_Print_to_PDF.print_evenpages", true);
user_pref("print.printer_Microsoft_Print_to_PDF.print_footercenter", "");
user_pref("print.printer_Microsoft_Print_to_PDF.print_footerleft", "&PT");
user_pref("print.printer_Microsoft_Print_to_PDF.print_footerright", "&D");
user_pref("print.printer_Microsoft_Print_to_PDF.print_headercenter", "");
user_pref("print.printer_Microsoft_Print_to_PDF.print_headerleft", "&T");
user_pref("print.printer_Microsoft_Print_to_PDF.print_headerright", "&U");
user_pref("print.printer_Microsoft_Print_to_PDF.print_in_color", true);
user_pref("print.printer_Microsoft_Print_to_PDF.print_margin_bottom", "0.5");
user_pref("print.printer_Microsoft_Print_to_PDF.print_margin_left", "0.5");
user_pref("print.printer_Microsoft_Print_to_PDF.print_margin_right", "0.5");
user_pref("print.printer_Microsoft_Print_to_PDF.print_margin_top", "0.5");
user_pref("print.printer_Microsoft_Print_to_PDF.print_oddpages", true);
user_pref("print.printer_Microsoft_Print_to_PDF.print_orientation", 0);
user_pref("print.printer_Microsoft_Print_to_PDF.print_page_delay", 50);
user_pref("print.printer_Microsoft_Print_to_PDF.print_paper_data", 1);
user_pref("print.printer_Microsoft_Print_to_PDF.print_paper_height", "297");
user_pref("print.printer_Microsoft_Print_to_PDF.print_paper_id", "9");
user_pref("print.printer_Microsoft_Print_to_PDF.print_paper_name", "");
user_pref("print.printer_Microsoft_Print_to_PDF.print_paper_size_unit", 1);
user_pref("print.printer_Microsoft_Print_to_PDF.print_paper_width", "210");
user_pref("print.printer_Microsoft_Print_to_PDF.print_resolution", 600);
user_pref("print.printer_Microsoft_Print_to_PDF.print_reversed", false);
user_pref("print.printer_Microsoft_Print_to_PDF.print_scaling", "1");
user_pref("print.printer_Microsoft_Print_to_PDF.print_shrink_to_fit", true);
user_pref("print.printer_Microsoft_Print_to_PDF.print_to_file", false);
user_pref("print.printer_Microsoft_Print_to_PDF.print_to_filename", "");
user_pref("print.printer_Microsoft_Print_to_PDF.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_Microsoft_Print_to_PDF.print_unwriteable_margin_left", 0);
user_pref("print.printer_Microsoft_Print_to_PDF.print_unwriteable_margin_right", 0);
user_pref("print.printer_Microsoft_Print_to_PDF.print_unwriteable_margin_top", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_bgcolor", false);
user_pref("print.printer_Mozilla_Save_to_PDF.print_bgimages", false);
user_pref("print.printer_Mozilla_Save_to_PDF.print_duplex", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_edge_bottom", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_edge_left", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_edge_right", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_edge_top", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_footercenter", "");
user_pref("print.printer_Mozilla_Save_to_PDF.print_footerleft", "&PT");
user_pref("print.printer_Mozilla_Save_to_PDF.print_footerright", "&D");
user_pref("print.printer_Mozilla_Save_to_PDF.print_headercenter", "");
user_pref("print.printer_Mozilla_Save_to_PDF.print_headerleft", "&T");
user_pref("print.printer_Mozilla_Save_to_PDF.print_headerright", "&U");
user_pref("print.printer_Mozilla_Save_to_PDF.print_in_color", true);
user_pref("print.printer_Mozilla_Save_to_PDF.print_margin_bottom", "0.5");
user_pref("print.printer_Mozilla_Save_to_PDF.print_margin_left", "0.5");
user_pref("print.printer_Mozilla_Save_to_PDF.print_margin_right", "0.5");
user_pref("print.printer_Mozilla_Save_to_PDF.print_margin_top", "0.5");
user_pref("print.printer_Mozilla_Save_to_PDF.print_orientation", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_page_delay", 50);
user_pref("print.printer_Mozilla_Save_to_PDF.print_paper_height", "11");
user_pref("print.printer_Mozilla_Save_to_PDF.print_paper_id", "na_letter");
user_pref("print.printer_Mozilla_Save_to_PDF.print_paper_size_unit", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_paper_width", "8.5");
user_pref("print.printer_Mozilla_Save_to_PDF.print_resolution", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_reversed", false);
user_pref("print.printer_Mozilla_Save_to_PDF.print_scaling", "1");
user_pref("print.printer_Mozilla_Save_to_PDF.print_shrink_to_fit", true);
user_pref("print.printer_Mozilla_Save_to_PDF.print_to_file", true);
user_pref("print.printer_Mozilla_Save_to_PDF.print_to_filename", "C:\\Users\\Lem0th\\Downloads\\Jagex Games Studio.pdf");
user_pref("print.printer_Mozilla_Save_to_PDF.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_unwriteable_margin_left", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_unwriteable_margin_right", 0);
user_pref("print.printer_Mozilla_Save_to_PDF.print_unwriteable_margin_top", 0);
user_pref("print_printer", "Microsoft Print to PDF");
user_pref("privacy.purge_trackers.date_in_cookie_database", "0");
user_pref("privacy.purge_trackers.last_purge", "1619364755788");
user_pref("privacy.sanitize.pending", "[{\"id\":\"newtab-container\",\"itemsToClear\":[],\"options\":{}}]");
user_pref("privacy.socialtracking.notification.counter", 2);
user_pref("privacy.socialtracking.notification.lastShown", "1572280869704");
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.socialtracking.enabled", true);
user_pref("sanity-test.advanced-layers", false);
user_pref("sanity-test.device-id", "0x1f07");
user_pref("sanity-test.driver-version", "27.21.14.6611");
user_pref("sanity-test.running", false);
user_pref("sanity-test.version", "20210415204500");
user_pref("sanity-test.webrender.force-disabled", false);
user_pref("security.disable_button.openCertManager", false);
user_pref("security.remote_settings.crlite_filters.checked", 1619359347);
user_pref("security.remote_settings.intermediates.checked", 1619359347);
user_pref("security.sandbox.content.tempDirSuffix", "{2acfd792-b93f-49d9-b4ef-9d772c8cdef8}");
user_pref("security.sandbox.plugin.tempDirSuffix", "{ff4693ef-2a69-48c6-ae55-ea54ebe2d53e}");
user_pref("security.ssl.errorReporting.automatic", true);
user_pref("services.blocklist.addons-mlbf.checked", 1619359347);
user_pref("services.blocklist.addons.checked", 1597160658);
user_pref("services.blocklist.gfx.checked", 1619359347);
user_pref("services.blocklist.pinning.checked", 1619359347);
user_pref("services.blocklist.plugins.checked", 1619359347);
user_pref("services.settings.clock_skew_seconds", 1);
user_pref("services.settings.last_etag", "\"1619359120525\"");
user_pref("services.settings.last_update_seconds", 1619359970);
user_pref("services.settings.main.anti-tracking-url-decoration.last_check", 1619359347);
user_pref("services.settings.main.cfr-fxa.last_check", 1619359347);
user_pref("services.settings.main.cfr.last_check", 1619359347);
user_pref("services.settings.main.fxmonitor-breaches.last_check", 1619359347);
user_pref("services.settings.main.hijack-blocklists.last_check", 1619359347);
user_pref("services.settings.main.language-dictionaries.last_check", 1619359347);
user_pref("services.settings.main.message-groups.last_check", 1619359347);
user_pref("services.settings.main.messaging-experiments.last_check", 1605290424);
user_pref("services.settings.main.nimbus-desktop-experiments.last_check", 1619359347);
user_pref("services.settings.main.normandy-recipes-capabilities.last_check", 1619359347);
user_pref("services.settings.main.normandy-recipes.last_check", 1575651913);
user_pref("services.settings.main.onboarding.last_check", 1566400579);
user_pref("services.settings.main.partitioning-exempt-urls.last_check", 1619359347);
user_pref("services.settings.main.password-recipes.last_check", 1619359347);
user_pref("services.settings.main.pioneer-study-addons-v1.last_check", 1619359347);
user_pref("services.settings.main.pioneer-study-addons.last_check", 1619359347);
user_pref("services.settings.main.public-suffix-list.last_check", 1619359347);
user_pref("services.settings.main.search-config.last_check", 1619359347);
user_pref("services.settings.main.search-default-override-allowlist.last_check", 1619359347);
user_pref("services.settings.main.search-telemetry.last_check", 1619359347);
user_pref("services.settings.main.sites-classification.last_check", 1619359347);
user_pref("services.settings.main.tippytop.last_check", 1619359347);
user_pref("services.settings.main.top-sites.last_check", 1619359347);
user_pref("services.settings.main.url-classifier-skip-urls.last_check", 1619359347);
user_pref("services.settings.main.websites-with-shared-credential-backends.last_check", 1619359347);
user_pref("services.settings.main.whats-new-panel.last_check", 1619359347);
user_pref("services.settings.security.onecrl.checked", 1619359347);
user_pref("services.sync.clients.lastSync", "0");
user_pref("services.sync.declinedEngines", "");
user_pref("services.sync.globalScore", 0);
user_pref("services.sync.nextSync", 0);
user_pref("services.sync.tabs.lastSync", "0");
user_pref("signon.importedFromSqlite", true);
user_pref("signon.suggestImportCount", 1);
user_pref("signon.usage.hasEntry", true);
user_pref("signon.usage.lastUsed", 1608064879);
user_pref("storage.vacuum.last.index", 1);
user_pref("storage.vacuum.last.places.sqlite", 1619276275);
user_pref("toolkit.startup.last_success", 1619366971);
user_pref("toolkit.telemetry.cachedClientID", "c0ffeec0-ffee-c0ff-eec0-ffeec0ffeec0");
user_pref("toolkit.telemetry.pioneer-new-studies-available", true);
user_pref("toolkit.telemetry.previousBuildID", "20210415204500");
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("trailhead.firstrun.didSeeAboutWelcome", true);
user_pref("ui.osk.debug.keyboardDisplayReason", "IKPOS: Touch screen not found.");

========= End of CMD: =========

C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\prefs.js => moved successfully
C:\Users\Lem0th\AppData\Roaming\Mozilla\Firefox\Profiles\40a0sgm9.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi => moved successfully
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully
HKLM\System\CurrentControlSet\Services\SaferVPNNetfilter2 => removed successfully
SaferVPNNetfilter2 => service removed successfully
C:\Users\Lem0th\AppData\Roaming\prio.ini => moved successfully
C:\Users\Lem0th\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0 => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA2FFF0C-1001-440D-9B9F-6ED7094288B7}' => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA2FFF0C-1001-440D-9B9F-6ED7094288B7}' => removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= Set-MpPreference -PUAProtection Enabled =========


========= End of Powershell: =========


========= Set-MpPreference -DisableScanningNetworkFiles 0 =========


========= End of Powershell: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

SystemRestore: On => completed

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2095863473 B
Java, Flash, Steam htmlcache => 591574184 B
Windows/system/drivers => 9646694 B
Edge => 3672016 B
Chrome => 18669749 B
Firefox => 1831616022 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 432 B
LocalService => 109692 B
NetworkService => 24095760 B
Lem0th => 498589736 B

RecycleBin => 20804056753 B
EmptyTemp: => 24.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:19:41 ====

Ladekabel612 25.04.2021 17:27
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Lem0th (25-04-2021 18:23:21)
Running from C:\Users\Lem0th\Desktop
Windows 10 Pro Version 20H2 19042.928 (X64) (2020-06-02 14:02:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2331486850-4249055999-2076793073-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2331486850-4249055999-2076793073-503 - Limited - Disabled)
Gast (S-1-5-21-2331486850-4249055999-2076793073-501 - Limited - Disabled)
Lem0th (S-1-5-21-2331486850-4249055999-2076793073-1004 - Administrator - Enabled) => C:\Users\Lem0th
WDAGUtilityAccount (S-1-5-21-2331486850-4249055999-2076793073-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version:  - Ubisoft)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 4.0.12 - ASUS)
Assassin's Creed Valhalla (HKLM-x32\...\Uplay Install 13504) (Version:  - Ubisoft)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.29.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{a960a1c7-d72b-4ec6-b1f6-716be2b3bf1c}) (Version: 1.1.29.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{36aa03d4-9606-4f04-bf3e-a70ebe6650f3}) (Version: 1.1.19 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.6 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{1711cc08-cf9a-486c-9c75-1acb98ccfc17}) (Version: 1.1.0.6 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{ac3dc320-7e5e-4f22-9572-4c2119fcdf85}) (Version: 1.1.16 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{33e3ea9c-baed-4e8a-8dbb-4792a27c9066}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM-x32\...\{a29279dc-f417-4442-8225-4db77f7d35b5}) (Version: 1.0.7 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.05 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.7 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{2357cd84-6c2b-4174-87c7-4f9f9db8746b}) (Version: 0.0.3.1 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{94368c41-8d06-4bfe-993a-bfbd5e5226b5}) (Version: 0.0.3.7 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{80f60ecc-98e1-474b-aee2-0c470f02dbbc}) (Version: 2.0.2.6 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.0.2.6 - ASUSTek COMPUTER INC.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{210cdd08-c947-43a2-9378-bc288f651e41}) (Version: 1.0.27 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{3e9b91eb-5bb0-4272-8670-f88d353eb68b}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 1.05.18 - ASUSTek Computer Inc.)
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{add3bacc-578f-4bf9-97e3-a0f0c3ae3323}) (Version: 1.0.24 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM-x32\...\{cc37f609-4db9-4ce3-9e37-9cb1b432452e}) (Version: 1.0.0.6 - ASUSTek COMPUTER INC.) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.53 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{9AFE5429-866B-457D-A864-80BCF7672EE8}) (Version: 1.1.08 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{2eecc44a-87e0-466b-8ab7-5dc32e35e225}) (Version: 1.1.08 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.15 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.15 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.35 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{35381ead-8a19-4bff-a272-dcdfe38a5867}) (Version: 3.04.35 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{da7ebf10-b0be-494e-a79d-568546795a51}) (Version: 1.0.6 - CORSAIR COMPONENTS INC.) Hidden
CORSAIR iCUE Software (HKLM-x32\...\{3D350B22-542B-4FB4-B3AC-EA760941C319}) (Version: 3.38.61 - Corsair)
CPUID CPU-Z 1.93 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.93 - CPUID, Inc.)
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
CrystalDiskInfo 8.2.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.2.0 - Crystal Dew World)
Discord (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Discord) (Version: 0.0.309 - Discord Inc.)
Driver - San Francisco (HKLM-x32\...\Driver - San Francisco_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.31.3 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{b8828d84-ec63-417e-a33a-070eec4c01b4}) (Version: 1.1.31.3 - Ene Tech.) Hidden
Futuremark SystemInfo (HKLM-x32\...\{20CAF520-CA4A-4BB5-85B3-0E94E4434BD0}) (Version: 5.36.886.0 - Futuremark)
Geeks3D FurMark 1.21.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Git version 2.26.1 (HKLM\...\Git_is1) (Version: 2.26.1 - The Git Development Community)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.85 - Google LLC)
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8301}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8302}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8303}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.0.0.22 - Rockstar Games)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Intel(R) Extreme Tuning Utility (HKLM-x32\...\{92b09894-9d66-465d-97a0-5bcabf264301}) (Version: 6.5.1.321 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2009.14.0.1496 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.59.241.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{fd902053-5f6c-43ea-b78a-7b1269134a9a}) (Version: 1.59.241.0 - Intel Corporation) Hidden
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.6 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{e0aaca9b-330a-49be-ae69-dd2f943d5fc1}) (Version: 1.1.6 - KINGSTON COMPONENTS INC.) Hidden
Leawo Blu-ray Player version  2.2.0.1 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 2.2.0.1 - Leawo Software)
Leawo Prof. Media version  8.3.0.3 (HKLM-x32\...\{A5F041A4-812A-47C2-AD53-8893A81019FB}_is1) (Version: 8.3.0.3 - Leawo Software)
MADCATZ R.A.T. 6+ (HKLM\...\{7FAE3AD3-6937-48C3-A86A-A6286BD72053}) (Version: 1.0.31.0 - MAD CATZ)
Magic.TXD (HKLM\...\Magic.TXD) (Version: 1.0 - GTA community)
MakeMKV v1.16.3 (HKLM-x32\...\MakeMKV) (Version: v1.16.3 - GuinpinSoft inc)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.46 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.46 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{4ffaf7b8-a84a-4813-840c-8b1f1343ae54}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{dd1e9bde-2ad6-4e92-8c07-7d4723eab8b8}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.11 (x64) (HKLM-x32\...\{e746e6a9-8254-4477-bbe0-a05900ec44e3}) (Version: 3.1.11.29516 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 88.0 (x64 de) (HKLM\...\Mozilla Firefox 88.0 (x64 de)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
MSI Afterburner 4.6.1 (HKLM-x32\...\Afterburner) (Version: 4.6.1 - MSI Co., LTD)
Need for Speed Most Wanted (black edition) (HKLM-x32\...\Need for Speed Most Wanted (black edition)) (Version: 1.3 - Electronic Arts)
Need for Speed™ (HKLM-x32\...\{F8643E83-A868-4EE8-A0B9-389386830453}) (Version: 1.3.0.0 - Electronic Arts)
Nextcloud (HKLM\...\{0CF81574-B8CB-4809-8498-B3E604EF6E96}) (Version: 3.2.0.20210409 - Nextcloud GmbH)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.5 - Notepad++ Team)
Npcap 0.995 (HKLM-x32\...\NpcapInst) (Version: 0.995 - Nmap Project)
NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.22.0.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 - NVIDIA Corporation)
NVIDIA Graphics Driver 466.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OpenIV (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Opera GX Stable 73.0.3856.438 (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\Opera GX 73.0.3856.438) (Version: 73.0.3856.438 - Opera Software)
Oracle VM VirtualBox 6.1.18 (HKLM\...\{A8F42E56-8D1F-4080-BD79-8375D3AD18BE}) (Version: 6.1.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.96.47386 - Electronic Arts, Inc.)
paint.net (HKLM\...\{6FED3D93-C0FA-4BD7-A36F-7FC53698244F}) (Version: 4.2.15 - dotPDN LLC)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.1 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{e38442c0-a433-48c2-84e2-51ac0b30c3ab}) (Version: 1.0.9.1 - Patriot Memory)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.3 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{8839fbd5-69f9-41c5-a1cf-cdfbec966d66}) (Version: 1.0.6.3 - Patriot Memory)
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PhotoMove 2.5 version 2.5.2.2 (HKLM-x32\...\{546443DF-4D82-484A-8E00-2136243B8B9A}}_is1) (Version: 2.5.2.2 - Mike Baker @ Rediscovering Photography)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python Launcher (HKLM-x32\...\{D722DA3A-92F5-454A-BD5D-A48C94D82300}) (Version: 3.7.6762.0 - Python Software Foundation)
qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8557 - Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1355.23 - Rockstar Games)
REDlauncher (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Revo Uninstaller 2.2.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 7.2.2 (HKLM-x32\...\RTSS) (Version: 7.2.2 - Unwinder)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.36.344 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.9 - Rockstar Games)
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.2.5.0 - ASUSTek COMPUTER INC.)
RuneLite (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\RuneLite Launcher_is1) (Version: 2.1.6 - RuneLite)
smartmontools (HKLM-x32\...\smartmontools) (Version: 6.6 2017-11-05 r4594 (sf-6.6-1) - smartmontools.org)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.10.5 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version:  - TechPowerUp)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 93.1 - Ubisoft)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 4.1.2.0 - Manuel Hoefs (Zottel))
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WinSCP 5.17.9 (HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\winscp3_is1) (Version: 5.17.9 - Martin Prikryl)
Wireshark 3.0.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare Filmora9(Build 9.1.2) (HKLM\...\Wondershare Filmora9_is1) (Version:  - Wondershare Software)

Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_4.0.8.0_x64__qmba6cd70vzyy [2021-04-25] (ASUSTeK COMPUTER INC.)
Cinebench -> C:\Program Files\WindowsApps\MAXONComputerGmbH.Cinebench_23.2.0.0_x64__rsne5bsk8s7tj [2021-03-13] (MAXON Computer GmbH)
Debian -> C:\Program Files\WindowsApps\TheDebianProject.DebianGNULinux_1.4.0.0_x64__76v4gfsz19hv4 [2021-04-17] (The Debian Project)
Fluent Terminal -> C:\Program Files\WindowsApps\53621FSApps.FluentTerminal_0.7.5.0_x64__87x1pks76srcp [2021-03-31] (FS Apps) [Startup Task]
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.467.506.2_x64__8wekyb3d8bbwe [2021-04-25] (Microsoft Studios)
Microsoft Edge Beta -> C:\Program Files (x86)\Microsoft\Edge Beta\Application [2021-04-23] (0)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-14] (Microsoft Corporation)
Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.1264.0_x64__qbz5n2kfra8p0 [2021-04-25] (Python Software Foundation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.147.0_x64__dt26b99r8h8gj [2020-08-23] (Realtek Semiconductor Corp)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{5405618e-4c42-4fb9-a80a-d24d89911296}\localserver32 -> C:\Users\Lem0th\AppData\Local\NhNotifSys\sonicstudio\asusns.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{872bdfc0-9f9f-47d7-83b8-e363d25d6d5f} -> [Nextcloud] => C:\Users\Lem0th\Nextcloud [2021-04-16 17:29]
CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{BC2A58AB-3084-4D85-82C4-41A01B4032E2} -> [MEGAsync] => C:\Users\Lem0th\Documents\MEGAsync [2021-03-27 10:34]
CustomCLSID: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004_Classes\CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InprocServer32 -> C:\Users\Lem0th\AppData\Local\Programs\WinSCP\DragExt64.dll (Martin Prikryl -> Martin Prikryl)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} - C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} - C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} => C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {CA2FFF0C-1001-440D-9B9F-6ED7094288B7} => C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers: [  NextcloudError] -> {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudOK] -> {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudOKShared] -> {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudSync] -> {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [  NextcloudWarning] -> {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers3: [NextcloudContextMenuHandler] -> {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\shellext\NCContextMenu.dll [2021-04-09] (Nextcloud GmbH -> Nextcloud GmbH)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lem0th\AppData\Local\MEGAsync\ShellExtX64.dll [2021-01-28] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-04-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-07] (Malwarebytes Corporation -> Malwarebytes)
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2015-04-14] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2015-04-14] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-03-09 10:01 - 2021-03-09 10:01 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2021-03-09 10:01 - 2021-03-09 10:01 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2021-03-09 10:01 - 2021-03-09 10:01 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2021-04-25 15:14 - 2021-02-18 12:07 - 000085504 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\zlib1.dll
2021-03-09 10:01 - 2021-03-09 10:01 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2021-03-05 18:44 - 2021-03-05 18:44 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2021-03-05 18:44 - 2021-03-05 18:44 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 000434688 _____ () [File not signed] C:\Program Files (x86)\MakeMKV\libfdk64.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 001159680 _____ () [File not signed] C:\Program Files (x86)\MakeMKV\libffm64.dll
2018-08-29 16:19 - 2018-08-29 16:19 - 000223232 _____ () [File not signed] C:\Program Files\ASUS\AacOdd\AacOddHal_x86.dll
2018-09-07 00:29 - 2018-09-07 00:29 - 000202752 _____ () [File not signed] C:\Program Files\ASUS\AacTerminalHal\AacStripBusHal_x86.dll
2018-12-27 16:31 - 2018-12-27 16:31 - 000225280 _____ () [File not signed] C:\Program Files\ASUS\CORSAIR_Aac_DRAM\AacCosairDramHal_x86.dll
2020-05-26 17:08 - 2020-05-26 17:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 000040448 _____ (GuinpinSoft inc) [File not signed] C:\Program Files (x86)\MakeMKV\libdriveio64.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 000298496 _____ (GuinpinSoft inc) [File not signed] C:\Program Files (x86)\MakeMKV\libmakemkv64.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 000277504 _____ (GuinpinSoft inc) [File not signed] C:\Program Files (x86)\MakeMKV\libmcurl64.dll
2021-03-18 13:47 - 2021-03-18 13:47 - 005492736 _____ (GuinpinSoft inc) [File not signed] C:\Program Files (x86)\MakeMKV\libmqt.dll
2019-12-07 11:09 - 2021-04-24 21:18 - 000093696 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\uxinit.dll
2020-12-16 09:26 - 2020-12-16 09:26 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2021-04-25 15:14 - 2021-02-18 12:07 - 000287232 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libcurl.dll
2021-04-25 15:14 - 2021-02-18 12:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libcrypto-1_1-x64.dll
2021-04-25 15:14 - 2021-02-18 12:07 - 002281984 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\LIBEAY32.dll
2021-04-25 15:14 - 2021-02-18 12:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\libssl-1_1-x64.dll
2021-04-25 15:14 - 2021-02-18 12:07 - 000361472 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\SSLEAY32.dll
2021-04-05 14:41 - 2020-05-14 15:15 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libcrypto-1_1-x64.dll
2021-04-05 14:41 - 2020-05-14 15:15 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libssl-1_1-x64.dll
2020-12-06 13:24 - 2020-12-06 13:24 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-12-06 13:24 - 2020-12-06 13:24 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-03-05 18:43 - 2021-03-05 18:43 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2021-03-05 18:43 - 2021-03-05 18:43 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
2020-12-06 13:24 - 2020-12-06 13:24 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-04-02 23:09 - 2020-12-06 13:24 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2021-04-09 16:59 - 2021-04-09 16:59 - 006165112 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Program Files\Nextcloud\Qt5Core.dll
2020-04-28 05:05 - 2020-04-28 05:05 - 006164600 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Users\Lem0th\AppData\Local\MEGAsync\Qt5Core.dll
2021-04-24 21:57 - 2019-09-23 23:51 - 000255488 _____ (www.startisback.com) [File not signed] C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer32.dll
2021-04-24 21:57 - 2019-09-23 23:51 - 000261632 _____ (www.startisback.com) [File not signed] C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer32.dll [2019-09-23] (www.startisback.com) [File not signed]

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-05-25 15:33 - 2020-05-01 17:24 - 000001256 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70      fitgirlrepacks.co              # Fake FitGirl site
109.94.209.70      fitgirl-repacks.cc              # Fake FitGirl site
109.94.209.70      fitgirl-repack.com              # Fake FitGirl site
109.94.209.70      www.fitgirlrepacks.co          # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.cc          # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.com          # Fake FitGirl site

2019-08-17 10:35 - 2019-09-01 12:37 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.54.81 DESKTOP-J6EBHR7.mshome.net # 2024 8 5 30 10 37 43 403
168.54.87 manjaro.mshome.net # 2019 8 0 25 21 1 57 523
192.168.54.87 manjaro.mshome.net # 2019 8 0 25 21 1 57 523
523
17 9 332
192.168.54.87 manjaro.mshome.net # 2019 8 0 25 21 1 57 523
68.54.0.83 ubuntu.mshome.net # 2019 8 6 24 16 49 48 776
8 776
510
68.54.0.83 ubuntu.mshome.net # 2019 8 6 24 16 49 48 776

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Git\cmd;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\dotnet\
HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.34 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
vEthernet (Default Switch): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Default Switch): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 3: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\StartupFolder: => "Folding@home.lnk"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "SaferVPN"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-2331486850-4249055999-2076793073-1004\...\StartupApproved\Run: => "pCloud"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{422AF7E2-DE53-45B3-949C-C3AEE0231737}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Block) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [UDP Query User{07E4E40D-7D24-4354-AFDD-0F1B20210EC5}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Block) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [TCP Query User{15037E88-C94E-4A09-9105-66112F2A4F48}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Block) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [UDP Query User{D0549A4D-DEEC-4CC3-852A-889C1A5128E1}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Block) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)

==================== Restore Points =========================

16-04-2021 17:27:50 Installed Nextcloud
24-04-2021 21:18:12 Installed UltraUXThemePatcher 4.1.2
24-04-2021 21:41:12 before adding theme

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/25/2021 06:22:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc000041d
Fault offset: 0x000000000001894b
Faulting process ID: 0x130c
Faulting application start time: 0x01d739eef4378bae
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: 9aa49f1e-ba23-4d4e-a968-c0a78d754396
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2021 06:22:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc0000005
Fault offset: 0x000000000001894b
Faulting process ID: 0x130c
Faulting application start time: 0x01d739eef4378bae
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: ad39ea13-06e6-4a0e-9bd1-2c6c726c59c0
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2021 04:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc000041d
Fault offset: 0x000000000001894b
Faulting process ID: 0x1b20
Faulting application start time: 0x01d739d517353c0d
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: 148b05c5-64d9-4bbd-9798-e618e4de774d
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2021 04:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc0000005
Fault offset: 0x000000000001894b
Faulting process ID: 0x1b20
Faulting application start time: 0x01d739d517353c0d
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: 02ba0eb2-3c17-43df-9c2e-83ba2d688307
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2021 12:15:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.4.2021.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 265c

Start Time: 01d739bbc32fb0fd

Termination Time: 4294967295

Application Path: C:\Users\Lem0th\Desktop\FRST64.exe

Report Id: 04227914-310b-473e-b163-af4b33bd08ef

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-process

Error: (04/25/2021 10:19:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc000041d
Fault offset: 0x000000000001894b
Faulting process ID: 0x1da4
Faulting application start time: 0x01d739a52a46035a
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: 3e68c8b6-8953-4c5f-8d86-5788f2fbbcd7
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2021 10:19:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Faulting module name: ArmourySocketServer.exe, version: 0.0.5.33, time stamp: 0x604624c0
Exception code: 0xc0000005
Fault offset: 0x000000000001894b
Faulting process ID: 0x1da4
Faulting application start time: 0x01d739a52a46035a
Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Faulting module path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
Report ID: bbb5355e-655b-4bac-8871-1529dc6a7b9b
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2021 01:22:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete erneut optimieren on The Big D (D:) because: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A)


System errors:
=============
Error: (04/25/2021 06:19:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J6EBHR7)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (04/25/2021 06:13:41 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: DCOM got error "1053" attempting to start the service asComSvc with arguments "Nicht verfügbar" in order to run the server:
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}

Error: (04/25/2021 06:13:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ASUS Com Service service to connect.

Error: (04/25/2021 06:12:59 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: DCOM got error "1053" attempting to start the service asComSvc with arguments "Nicht verfügbar" in order to run the server:
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}

Error: (04/25/2021 06:12:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ASUS Com Service service to connect.

Error: (04/25/2021 06:11:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/25/2021 06:11:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Neustart des Diensts.

Error: (04/25/2021 06:11:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Gaming Services service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================
Date: 2021-04-25 18:21:14
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Mittel
Category: Einstellungsveränderer
Path: file:_D:\personal stuff\Dokumente\wichtige dokumente\opensuse\.config\chromium\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn\0.9.5.14_0\assets\thirdparties\someonewhocares.org\hosts\hosts
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.1651.0, AS: 1.335.1651.0, NIS: 1.335.1651.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-25 18:08:50
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Mittel
Category: Einstellungsveränderer
Path: file:_D:\personal stuff\Dokumente\wichtige dokumente\opensuse\.config\chromium\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn\0.9.5.14_0\assets\thirdparties\someonewhocares.org\hosts\hosts
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.1636.0, AS: 1.335.1636.0, NIS: 1.335.1636.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-25 12:34:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung

Date: 2021-04-25 10:57:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung

Date: 2021-04-25 09:33:01
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Mittel
Category: Einstellungsveränderer
Path: file:_D:\personal stuff\Dokumente\wichtige dokumente\opensuse\.config\chromium\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn\0.9.5.14_0\assets\thirdparties\someonewhocares.org\hosts\hosts
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.335.1595.0, AS: 1.335.1595.0, NIS: 1.335.1595.0
Engine Version: AM: 1.1.18000.5, NIS: 1.1.18000.5

CodeIntegrity:
===============
Date: 2021-04-25 18:21:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-04-25 13:49:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Users\Lem0th\Downloads\OldNewExplorer\OldNewExplorer64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-04-25 13:49:32
Description:
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 0805 01/29/2019
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX Z390-F GAMING
Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 30%
Total physical RAM: 16301.81 MB
Available physical RAM: 11280.34 MB
Total Virtual: 40877.81 MB
Available Virtual: 33490.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.16 GB) (Free:71.95 GB) NTFS
Drive d: (The Big D) (Fixed) (Total:2794.5 GB) (Free:1919.95 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.5 GB) (Free:87.18 GB) NTFS
Drive f: (TFATF_TD_G51) (CDROM) (Total:44.2 GB) (Free:0 GB) UDF

\\?\Volume{91c77463-c94a-42ca-af39-0bf2c08a3dd3}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{67942367-295a-4460-953c-146437c47045}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

M-K-D-B 25.04.2021 19:14
Schritt 1
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    DeleteQuarantine:
    Unlock: C:\FRST
    Reboot:
    End::
  • Starte nun FRST und klicke direkt den Reparieren Button.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.








Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc


Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:

Lesestoff:
Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners




Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:
Vielleicht möchtest du das Forum mit einer kleinen Spende https://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:


Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B 27.04.2021 08:07
Wir sind froh, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131