Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2021 Ran by SYSTEM on MININT-KFTE1IL (12-09-2021 16:19:20) Running from F:\FRST Platform: WIN_10 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland) Boot Mode: Recovery ATTENTION: Could not load system hive. Der Vorgang wurde erfolgreich beendet. ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Winlogon: [Userinit] <==== ATTENTION HKLM\...\Winlogon: [Shell] <=== ATTENTION HKLM-x32\...\Winlogon: [Shell] <=== ATTENTION HKLM\...\InprocServer32: [Default-wbemess] <==== ATTENTION HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] <==== ATTENTION HKU\Mark\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26165056 2014-11-17] (Slimware Utilities, Inc. -> SlimWare Utilities, Inc.) HKU\Mark\...\Run: [Dropbox Update] => C:\Users\Mark\AppData\Local\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-16] (Dropbox, Inc -> Dropbox, Inc.) HKU\Mark\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd -> Piriform Ltd) HKLM\Software\...\Winlogon\GPExtensions: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] -> C:\Windows\SysWOW64\scecli.dll [2018-10-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-07-06] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2254\SSScheduler.exe (McAfee, LLC -> McAfee, LLC) Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2021-08-09] ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk [2013-08-30] ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental) Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk [2013-04-01] ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel(R) Software -> Intel® Corporation) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2870024744-3538765025-511711510-1002Core1d239a235cb7002.job => C:\Users\Mark\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2870024744-3538765025-511711510-1002UA1d239a235fa6a60.job => C:\Users\Mark\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d043bcf69744b5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Mark).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (All) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-09-12 16:19 - 2021-09-12 16:19 - 000000000 ____D C:\FRST 2021-09-12 15:47 - 2021-09-12 15:48 - 000000000 ____D C:\Windows\System32\config\backup 2021-09-12 13:47 - 2021-09-12 13:47 - 000000000 __SHD C:\found.000 2021-08-20 19:56 - 2021-09-12 11:20 - 419812590 _____ C:\Windows\MEMORY.DMP 2021-08-18 07:59 - 2021-08-18 08:16 - 000000000 ___HD C:\$WINDOWS.~BT 2021-08-18 07:53 - 2021-08-18 08:17 - 000000000 ___HD C:\$GetCurrent 2021-08-17 09:52 - 2021-08-17 10:36 - 000000000 ____D C:\Users\Mark\Desktop\Urząd Skarbowy 2021-08-17 09:46 - 2021-08-17 10:51 - 000000000 ____D C:\Users\Mark\Desktop\Zrzut z ekranu ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-09-12 12:31 - 2018-06-05 12:25 - 000784794 _____ C:\Windows\System32\perfh015.dat 2021-09-12 12:31 - 2018-06-05 12:25 - 000152418 _____ C:\Windows\System32\perfc015.dat 2021-09-12 12:31 - 2018-06-05 12:00 - 002648564 _____ C:\Windows\System32\PerfStringBackup.INI 2021-09-12 12:31 - 2018-04-12 17:13 - 000731834 _____ C:\Windows\System32\perfh007.dat 2021-09-12 12:31 - 2018-04-12 17:13 - 000149982 _____ C:\Windows\System32\perfc007.dat 2021-09-12 12:30 - 2013-10-06 20:15 - 000000000 ____D C:\Program Files (x86)\Google 2021-09-12 12:27 - 2016-06-23 12:46 - 000147728 ____N (CyberLink Corp.) C:\Windows\System32\Drivers\rikvm_38F51D56.sys 2021-09-12 12:26 - 2018-06-05 12:09 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-09-12 11:20 - 2018-04-04 12:25 - 001409304 _____ C:\Windows\ntbtlog.txt 2021-08-18 11:24 - 2016-11-08 10:26 - 000001186 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2870024744-3538765025-511711510-1002UA1d239a235fa6a60.job 2021-08-18 11:24 - 2016-11-08 10:26 - 000001134 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2870024744-3538765025-511711510-1002Core1d239a235cb7002.job 2021-08-18 11:24 - 2015-04-29 10:50 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-08-18 11:24 - 2014-12-15 13:38 - 000000444 _____ C:\Windows\Tasks\DriverUpdate Startup.job 2021-08-18 11:21 - 2018-06-05 11:50 - 000000000 ____D C:\Windows\System32\SleepStudy 2021-08-18 11:21 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-18 08:16 - 2018-06-05 12:08 - 000001908 _____ C:\Windows\diagwrn.xml 2021-08-18 08:16 - 2018-06-05 12:08 - 000001908 _____ C:\Windows\diagerr.xml 2021-08-18 08:16 - 2018-05-28 18:25 - 000000000 ___DC C:\Windows\Panther 2021-08-18 07:59 - 2019-11-04 12:07 - 000000036 _____ C:\Windows\progress.ini 2021-08-18 07:57 - 2018-04-12 00:36 - 000000000 ____D C:\Windows\INF 2021-08-18 07:56 - 2018-04-12 00:30 - 000000000 ____D C:\Windows\CbsTemp 2021-08-18 07:55 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2021-08-18 07:55 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\AppReadiness 2021-08-18 07:54 - 2013-10-06 20:43 - 000000000 ____D C:\Users\Mark\Documents\Pliki programu Outlook 2021-08-18 07:53 - 2019-10-31 14:07 - 000000000 ____D C:\Windows10Upgrade 2021-08-18 07:53 - 2018-06-05 12:09 - 000004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A12DFB30-0A82-4EFE-8EAB-A197A35B1386} 2021-08-18 07:52 - 2015-06-16 07:46 - 000000000 ____D C:\Users\Mark\AppData\Local\Dropbox 2021-08-18 07:52 - 2014-12-15 13:38 - 000016152 _____ C:\Windows\System32\Drivers\SWDUMon.sys 2021-08-17 11:16 - 2019-06-10 18:53 - 000000000 ____D C:\Users\Mark\Desktop\Felix aktuell 2021-08-17 10:17 - 2020-09-06 20:02 - 000000000 ____D C:\Users\Mark\Desktop\Frau Maciol Finanzamy Wintergarten 2021-08-17 08:24 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\System32\NDF 2021-08-17 08:24 - 2013-12-08 17:32 - 000000000 ____D C:\Users\Mark\AppData\Local\ElevatedDiagnostics 2021-08-16 14:03 - 2018-06-05 12:09 - 000004332 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2870024744-3538765025-511711510-1002UA1d239a235fa6a60 2021-08-16 14:03 - 2018-06-05 12:09 - 000003956 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2870024744-3538765025-511711510-1002Core1d239a235cb7002 ==================== FCheck ================================ (If an entry is included in the fixlist, the file/folder will be moved.) FCheck: C:\Windows\System32\cmintegrator.dll [2018-04-12] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\Phoneutil.dll [2018-05-20] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\PhoneutilRes.dll [2018-04-12] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\ReInfo.dll [2018-04-12] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\RTMediaFrame.dll [2018-06-08] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\SHCore.dll [2018-06-08] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\SmiEngine.dll [2018-04-11] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\storagewmi.dll [2018-04-12] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\storagewmi_passthru.dll [2018-04-12] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\TelephonyInteractiveUser.dll [2018-05-20] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\TokenBrokerCookies.exe [2018-06-08] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\TpmCoreProvisioning.dll [2018-04-12] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\UXInit.dll [2018-04-12] <==== ATTENTION (zero byte File/Folder) ==================== KnownDLLs (Whitelisted) ========================= ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe [2019-12-18 09:52] - [2019-10-02 11:48] - 000678400 _____ (Microsoft Corporation) F1CB5F4E4B2804C4D9A401CCEFFD85CF C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2020-11-26 22:37] - [2020-01-07 10:53] - 004103224 _____ (Microsoft Corporation) 2C1C37277E41F3A71A4FC1EBDA5BD708 C:\Windows\SysWOW64\explorer.exe [2020-11-26 22:37] - [2020-01-07 09:31] - 003755408 _____ (Microsoft Corporation) 294A978F7BB58502EA22E8854D52110C C:\Windows\System32\svchost.exe [2020-11-26 22:37] - [2020-01-07 05:08] - 000051400 _____ (Microsoft Corporation) 38B2442AC21C90615AB39A52ADA3576F C:\Windows\SysWOW64\svchost.exe [2020-11-26 22:37] - [2020-01-07 05:01] - 000044632 _____ (Microsoft Corporation) D2CBFEB7C4619A898890FEB4C4514AA9 C:\Windows\System32\services.exe [2020-11-26 22:37] - [2019-11-28 06:09] - 000636848 _____ (Microsoft Corporation) 1B285CE722E2D2F12481C4CE5E83CEA4 C:\Windows\System32\User32.dll [2020-11-26 22:37] - [2020-02-05 13:34] - 001639864 _____ (Microsoft Corporation) 04E491887F80439FC55EFCE42DAAA6A2 C:\Windows\SysWOW64\User32.dll [2020-11-26 22:37] - [2020-02-05 12:07] - 001628488 _____ (Microsoft Corporation) 57C9691873CC58A827CF05B67A425E6D C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2019-12-18 09:53] - [2019-09-13 05:13] - 001154048 _____ (Microsoft Corporation) 09CD2CCFC59F1AD796C233DF9C074C38 C:\Windows\System32\dnsapi.dll [2019-12-18 09:49] - [2019-07-09 04:19] - 000767232 _____ (Microsoft Corporation) 37C8D784EF2FFB9106CCA462ED6DB968 C:\Windows\SysWOW64\dnsapi.dll [2019-12-18 09:49] - [2019-07-09 04:12] - 000573808 _____ (Microsoft Corporation) 3775EB86C55D2E03C4642E51DD53F740 C:\Windows\System32\dllhost.exe => MD5 is legit C:\Windows\SysWOW64\dllhost.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= HKLM\...\.exe: => <==== ATTENTION HKLM\...\exefile\DefaultIcon: <==== ATTENTION HKLM\...\exefile\shell\open\command: <==== ATTENTION ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 8119.32 MB Available physical RAM: 7139.39 MB Total Virtual: 8119.32 MB Available Virtual: 7183.9 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:915.39 GB) (Free:449.76 GB) NTFS Drive d: (E2B) (Fixed) (Total:50 GB) (Free:18.95 GB) NTFS Drive e: () (Fixed) (Total:0.86 GB) (Free:0.45 GB) NTFS Drive f: (Tools) (Fixed) (Total:69.23 GB) (Free:40.33 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.49 GB) (Free:0.49 GB) NTFS \\?\Volume{dfaf26ae-6ad9-4861-a412-3da68f69a3c3}\ (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS \\?\Volume{d0a1385a-011d-4b4e-8998-19b303bdabe7}\ (PBR Image) (Fixed) (Total:14.12 GB) (Free:0.27 GB) NTFS \\?\Volume{e4413627-31fb-4610-922e-b3808d3fe3ab}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 5FF97DC8) Partition: GPT. ========================================================== Disk: 1 (Size: 8 GB) (Disk ID: 0C488AD2) Partition: GPT. ========================================================== Disk: 2 (Size: 119.2 GB) (Disk ID: 27022677) Partition 1: (Active) - (Size=50 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=69.2 GB) - (Type=0F Extended) Partition 3: (Not Active) - (Size=32 KB) - (Type=21) ==================== End of FRST.txt ========================