Virus or Malware. idk

[BaBateck]

I want to download a Software, to create Photo Albums, so then i get a "virus" on my Computer.

When i start my PC, something open my files in my "USER/AppData/Local/TEMP" folder.
I tried with Malwarebytes, but dont helped so much.

So i downloaded the HiJackThis. Here is the Logfile.

I hope you can help me. Thank You.

[dragokas]

Hi,
If you need our assistance:

• Read carefully: How to make a request for help in the PC cure section

• Attach 'Collection-[Date].zip' log created by AutoLogger

• Describe your problem in detail.

---

Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics.
Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook.

[BaBateck]

Everytime, when i start my computer, the folder and txt-files opens automaticly. This files are in my "USER/AppData/Local/TEMP" folder. My "Autorun" is full with "Files and Folder". I tried to delete this files, but they came back again.

CollectionLog-2023.10.04-08.57.zip

[Sandor-Helper]

Hello and welcome,

First of all please uninstal useless and unwanted program

Bonjour

Next please collect these logs:
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please attach the logs back here.

[BaBateck]

I done it.
Addition.txt
FRST.txt
Thank you.

[Sandor-Helper]

Temporarily turn off any antivirus.
Highlight following code:

Start::
CreateRestorePoint:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
Startup: C:\Users\Administrator\AppData\Local\Temp\\Adobe []
Startup: C:\Users\Administrator\AppData\Local\Temp\\AdobeVulcan []
Startup: C:\Users\Administrator\AppData\Local\Temp\\bc3902d8132f43e3ae086a009979fa88.db [] () [Datei ist nicht signiert]
Startup: C:\Users\Administrator\AppData\Local\Temp\\bc3902d8132f43e3ae086a009979fa88.db-shm [] () [Datei ist nicht signiert]
Startup: C:\Users\Administrator\AppData\Local\Temp\\bc3902d8132f43e3ae086a009979fa88.db-wal [] () [Datei ist nicht signiert]
Startup: C:\Users\Administrator\AppData\Local\Temp\\bc3902d8132f43e3ae086a009979fa88.db.ses [] () [Datei ist nicht signiert]
Startup: C:\Users\Administrator\AppData\Local\Temp\\chrome_installer.log [] () [Datei ist nicht signiert]
Startup: C:\Users\Administrator\AppData\Local\Temp\\CreativeCloud []
Startup: C:\Users\Administrator\AppData\Local\Temp\\mat-debug-26316.log [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\Administrator\AppData\Local\Temp\\mat-debug-31732.log [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\Administrator\AppData\Local\Temp\\mat-debug-31828.log [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\Administrator\AppData\Local\Temp\\msedge_installer.log [] () [Datei ist nicht signiert]
Startup: C:\Users\Administrator\AppData\Local\Temp\\NGL []
Startup: C:\Users\Administrator\AppData\Local\Temp\\qtsingleapp-Pentab-9c9b-3-lockfile [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\Administrator\AppData\Local\Temp\\skyeTemp []
Startup: C:\Users\Administrator\AppData\Local\Temp\\Spyder3Utility [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\Administrator\AppData\Local\Temp\\TeamViewer []
Startup: C:\Users\Administrator\AppData\Local\Temp\\wctABD.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\Administrator\AppData\Local\Temp\\wctFF34.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\Administrator\AppData\Local\Temp\\wmsetup.log [] () [Datei ist nicht signiert]
Startup: C:\Users\Administrator\AppData\Local\Temp\\{28998E7F-5499-4DFD-8E06-3755945109EC} []
Startup: C:\Users\Administrator\AppData\Local\Temp\\{29C37ECA-17B6-4388-905E-6692C9F28BDF} []
Startup: C:\Users\Administrator\AppData\Local\Temp\\{B77D1CE5-F115-4EC1-9302-F6967F1AE2D9} []
Startup: C:\Users\Administrator\AppData\Local\Temp\\{BF42A119-AFFD-43CC-8210-CDDE951E45A4} []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\.ses [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\21323.200.1078.10964 [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\Adobe []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\AdobeARM.log [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\AdobeVulcan []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\bc3902d8132f43e3ae086a009979fa88.db [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\bc3902d8132f43e3ae086a009979fa88.db.ses [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\chrome_installer.log [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\CreativeCloud []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\cv_debug.log [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\getadmin.vbs [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\Importer_0_4 []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\mat-debug-11248.log [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\mat-debug-23120.log [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\mat-debug-25824.log [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\mat-debug-26240.log [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\mat-debug-27532.log [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\mat-debug-28816.log [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\msedge_installer.log [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\NGL []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\qtsingleapp-Pentab-9c9b-2-lockfile [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\qtsingleapp-Pentab-9c9b-3-lockfile [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\skyeTemp []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\Spyder3Utility [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\SquirrelSetup.log [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\StructuredQuery.log [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\TeamViewer []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\wct288E.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\wct453A.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\wct8868.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\wctF814.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\wmsetup.log [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\wsuBA09.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\wsuBA58.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\wsuBA69.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\wsuBA89.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\{05E93408-608E-4AB7-A7EE-97A388960252} []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\{06EDF28C-AA39-4EA0-8831-6AF928E64DE1} []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\{97ED279E-88B4-4720-ABB3-EAD976F2A48A} []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\{D6C7163D-D856-4A88-9E3D-91CD699116A8} []
Startup: C:\Users\adminmadogrul\AppData\Local\Temp\\{E10B3293-5525-43F4-87F3-20A0FB4496AF} []
Startup: C:\Users\madog\AppData\Local\Temp\\.ses [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0645707579.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0655709115.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0665710436.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0685711935.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0695713277.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0705713845.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0705714515.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0725715957.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0735717206.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0745718385.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\0765719781.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2574444952.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2574445244.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2594446976.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2604448396.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2614449705.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2634450897.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2644452072.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2654453313.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2664454578.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2674455690.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\2694456964.jpg [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\36FE1D0F-0EF1-4FD4-8BEE-1BF111312818 []
Startup: C:\Users\madog\AppData\Local\Temp\\acrobat_sbx []
Startup: C:\Users\madog\AppData\Local\Temp\\acrocef_low []
Startup: C:\Users\madog\AppData\Local\Temp\\acrord32_super_sbx []
Startup: C:\Users\madog\AppData\Local\Temp\\Adobe []
Startup: C:\Users\madog\AppData\Local\Temp\\AdobeARM.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\AdobeVulcan []
Startup: C:\Users\madog\AppData\Local\Temp\\AuProjectTemp []
Startup: C:\Users\madog\AppData\Local\Temp\\AutorunsDisabled []
Startup: C:\Users\madog\AppData\Local\Temp\\CEP11-PHXS.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\CEP11-PPRO.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-AUDT-23.6.1-com.adobe.audition.OnboardingEx-renderer.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-AUDT-23.6.1-com.adobe.audition.OnboardingEx.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-com.adobe.DesignLibraries.angular-renderer.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-com.adobe.DesignLibraries.angular.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension-renderer.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom-renderer.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\cep_cache []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_3452_1570369618 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_3452_498198427 []
Startup: C:\Users\madog\AppData\Local\Temp\\collab_low []
Startup: C:\Users\madog\AppData\Local\Temp\\crash_repo_pref.txt [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\CreativeCloud []
Startup: C:\Users\madog\AppData\Local\Temp\\cv_debug.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\d856c574-c532-4567-bda2-69f6472a4031.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\DAA6.tmp [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\EAClient []
Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_18224_1309315306 []
Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_21588_1231302664 []
Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_21588_1705761957 []
Startup: C:\Users\madog\AppData\Local\Temp\\fontconfig []
Startup: C:\Users\madog\AppData\Local\Temp\\InterOP_CCD_Logs.txt [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\Low []
Startup: C:\Users\madog\AppData\Local\Temp\\mbam []
Startup: C:\Users\madog\AppData\Local\Temp\\NGL []
Startup: C:\Users\madog\AppData\Local\Temp\\oobelib.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\PDApp.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\PhotoshopCrashes []
Startup: C:\Users\madog\AppData\Local\Temp\\qtsingleapp-Pentab-9c9b-1-lockfile [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\skyeTemp []
Startup: C:\Users\madog\AppData\Local\Temp\\StructuredQuery.log [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\Summary.htm [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\TeamViewer []
Startup: C:\Users\madog\AppData\Local\Temp\\UXP []
Startup: C:\Users\madog\AppData\Local\Temp\\wct25BE.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct316.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct31F6.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct363B.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct3AC.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct49C1.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct4DB6.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct53CE.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct54D0.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct5D10.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct6BFC.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wct80B5.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wctDF63.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wctE602.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\wctF9C7.tmp [] () [Datei ist nicht signiert]
Startup: C:\Users\madog\AppData\Local\Temp\\{04CC0E2E-BEE6-49D4-B4F0-13A8394ED13D} []
Startup: C:\Users\madog\AppData\Local\Temp\\{089419F9-4351-4C74-9E9F-CDC16EF74745} []
Startup: C:\Users\madog\AppData\Local\Temp\\{09D97AE7-EB6A-4483-B85B-EF652D072488} []
Startup: C:\Users\madog\AppData\Local\Temp\\{18E15057-9EB7-43F4-8B5D-F55328BEB4A6} - OProcSessId.dat [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\{1AF1243B-4800-4153-B0FA-74A845EED085} []
Startup: C:\Users\madog\AppData\Local\Temp\\{236E94F6-2BBB-456F-8741-227A7DD5ABA9} []
Startup: C:\Users\madog\AppData\Local\Temp\\{242970EF-14AA-4B88-9B00-C89302162223} []
Startup: C:\Users\madog\AppData\Local\Temp\\{260EE85F-5519-4277-83C1-EC0753857F32} []
Startup: C:\Users\madog\AppData\Local\Temp\\{30CB2161-3957-4E1F-823F-3653C9C85077} []
Startup: C:\Users\madog\AppData\Local\Temp\\{37D06371-630C-46A9-A67B-0533E983CDC4} []
Startup: C:\Users\madog\AppData\Local\Temp\\{388F8AFB-89A8-4227-89F2-1A10C1A2C0A0} - OProcSessId.dat [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\{409E946E-A337-4E60-9629-53CF9E9A8C29} - OProcSessId.dat [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\{4182AE31-A7F2-4054-8CC0-1857D72AD662} []
Startup: C:\Users\madog\AppData\Local\Temp\\{41DE2127-778C-4B60-9818-5318811C1963} []
Startup: C:\Users\madog\AppData\Local\Temp\\{50E7DF13-0FF0-4591-8983-6F1FB72CE12C} []
Startup: C:\Users\madog\AppData\Local\Temp\\{535516D1-AD48-491F-8325-0F83FE467992} []
Startup: C:\Users\madog\AppData\Local\Temp\\{5AEFAC0E-A082-46DA-B379-2CE854E84572} []
Startup: C:\Users\madog\AppData\Local\Temp\\{5CF606F1-9FD4-4887-B1D7-A09163C1549D} []
Startup: C:\Users\madog\AppData\Local\Temp\\{5EC11612-1297-4716-BBE8-FEF5DF27F5C5} - OProcSessId.dat [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\{609ACF1A-D96B-4E56-A291-233539D5952E} []
Startup: C:\Users\madog\AppData\Local\Temp\\{67D65226-573F-4298-8EEE-0D05A587FAD8} []
Startup: C:\Users\madog\AppData\Local\Temp\\{6BD3EAAF-5510-4B82-9B8F-CCD38AE4BDF2} - OProcSessId.dat [] () <==== ACHTUNG [Null Byte? (Fehler=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\{6DCAE60E-566F-4F22-8DFA-DA67115228DB} []
Startup: C:\Users\madog\AppData\Local\Temp\\{72515024-5410-47AA-AD20-3820FF9C152B} []
Startup: C:\Users\madog\AppData\Local\Temp\\{7307DEAF-1D06-473C-8511-C29BB02DA7CD} []
Startup: C:\Users\madog\AppData\Local\Temp\\{7CBE7AC1-C700-4558-89F7-35623AD3F740} []
Startup: C:\Users\madog\AppData\Local\Temp\\{80CAC6C7-62B2-4C3D-A75C-A0A934C9D0A9} []
Startup: C:\Users\madog\AppData\Local\Temp\\{86004BFB-D550-486E-B2CD-BBC4191246FB} []
Startup: C:\Users\madog\AppData\Local\Temp\\{8A14C66D-7FAB-4797-9825-80E4BE9C5BDC} []
Startup: C:\Users\madog\AppData\Local\Temp\\{8D04C01A-4149-4457-A869-A1F9874573D6} []
Startup: C:\Users\madog\AppData\Local\Temp\\{9B3AF9BE-EE9B-43CD-B6C8-F56E7FA2AA41} []
Startup: C:\Users\madog\AppData\Local\Temp\\{9CCF05FD-FF3C-4EEE-A312-F2C681BC69CC} []
Startup: C:\Users\madog\AppData\Local\Temp\\{A2DA9A7B-6FE0-41E8-8852-8C6E7B4DD16B} []
Startup: C:\Users\madog\AppData\Local\Temp\\{A5370933-49C5-4BA6-9D28-26671D46DE4C} []
Startup: C:\Users\madog\AppData\Local\Temp\\{A8304350-2ADD-477E-98F2-F647CD5D6584} []
Startup: C:\Users\madog\AppData\Local\Temp\\{ADF5736E-2FC8-4CE8-92A6-194A3058145A} []
Startup: C:\Users\madog\AppData\Local\Temp\\{B27AFD93-FCFF-4B74-8596-75BA606AB7F3} []
Startup: C:\Users\madog\AppData\Local\Temp\\{B37F3C70-D475-43D4-9265-D77875FC4AA6} []
Startup: C:\Users\madog\AppData\Local\Temp\\{B793E7D1-1114-452C-A92A-6EE7F8D3DC27} []
Startup: C:\Users\madog\AppData\Local\Temp\\{C3518B8F-AA97-4523-A298-2675C7097D8A} []
Startup: C:\Users\madog\AppData\Local\Temp\\{C73DDE46-7165-4073-B170-32DF2313B3D4} []
Startup: C:\Users\madog\AppData\Local\Temp\\{CD70A340-C2B7-45C2-B6DE-1B418160416A} []
Startup: C:\Users\madog\AppData\Local\Temp\\{DACDF223-9062-421D-9AFE-131C0F7DF200} []
Startup: C:\Users\madog\AppData\Local\Temp\\{E91933D6-1DCD-4807-99CF-6A58B459F6FB} []
Startup: C:\Users\madog\AppData\Local\Temp\\{EBEEDF8B-E77D-41B7-89E5-D9FB78B166D9} []
Startup: C:\Users\madog\AppData\Local\Temp\\{F25BE399-E2A1-4FF0-83A6-D49C58A66C45} []
Startup: C:\Users\madog\AppData\Local\Temp\\{F4371CDD-DD10-4414-B752-A874E169CF55} []
Startup: C:\Users\madog\AppData\Local\Temp\\{F6ECC378-45FF-43A0-8988-C1BFC1B77AAB} []
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7208]
FirewallRules: [{307BCF80-FED1-4409-909C-378FFE8E0DFD}] => (Allow) LPort=12975
FirewallRules: [{F8A8C1DA-5CD2-40AE-B80D-E6C1A6F2F792}] => (Allow) LPort=32976
FirewallRules: [{6876A6A8-7303-4A81-8122-A60CE45720E1}] => (Allow) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe => Keine Datei
FirewallRules: [{C04454B5-039A-40E9-A829-7A4DAF01C9D5}] => (Allow) LPort=32976
EmptyTemp:
Reboot:
End::

Copy highlighted text (right click - Copy).
Run FRST (FRST64) as Administrator.
Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

[BaBateck]

I hope I did this right.

Fixlog.txt

[BaBateck]

There were fewer windows open now, but there were still some.

[Sandor-Helper]

Please rename file FRST64 (1).exe located in this folder
C:\Users\madog\Downloads
to FRSTEnglish.exe
Delete old and create new logs FRST.txt and Addition.txt

[BaBateck]

Addition.txt
FRST.txt

[Sandor-Helper]

For some reason FRST.txt was not comlete.
Bonjour is still installed, you don't need it at all.

Please delete old logs again and create new FRST.txt and Addition.txt

[BaBateck]

Bonjour is deleted now.

Addition.txt
FRST.txt

[BaBateck]

Im sorry for the late answer. Im not everyday in my office. Thank you for helping.

[Sandor-Helper]

Temporarily turn off any antivirus.
Highlight following code:

Start::
CloseProcesses:
CreateRestorePoint:
SystemRestore: On
HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\MountPoints2: {db7a9914-642e-11ec-98af-5cf370a60e36} - "H:\setup.exe" /AUTORUN
Startup: C:\Users\madog\AppData\Local\Temp\\.ses [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\27840b60-7877-482a-9a91-431ae098a327.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5198509849.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5208510059.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5218510999.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5228512146.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5238513351.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5248514632.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5258515816.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5278516962.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5288518185.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5298519509.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5308520805.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5468536344.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\58895162-0506-443d-9f97-84d0143fc942.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6833235423.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6843235612.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6853236673.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6863237908.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6873239154.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6883240468.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6903241733.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6913242945.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6923244205.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6943245499.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\6953246734.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\acrobat_sbx []
Startup: C:\Users\madog\AppData\Local\Temp\\acrord32_super_sbx []
Startup: C:\Users\madog\AppData\Local\Temp\\Adobe []
Startup: C:\Users\madog\AppData\Local\Temp\\AdobeARM.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\AdobeVulcan []
Startup: C:\Users\madog\AppData\Local\Temp\\AuProjectTemp []
Startup: C:\Users\madog\AppData\Local\Temp\\c63528fd-b2a0-4ae6-8bd6-7fc33ffa9693.tmp [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\CEP11-PHXS.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CEP11-PPRO.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension-renderer.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom-renderer.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\cep_cache []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_1409748620 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_1842460294 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_18096_583500575 []
Startup: C:\Users\madog\AppData\Local\Temp\\com.adobe.dynamiclinkmanagerLR6 [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\crash_repo_pref.txt [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CreativeCloud []
Startup: C:\Users\madog\AppData\Local\Temp\\cv_debug.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\e1f647af-35bd-4b85-a5bd-dcf885df17f5.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\EAClient []
Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_12400_2098176153 []
Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_16424_592201892 []
Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_275944106 []
Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_733106763 []
Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_938001874 []
Startup: C:\Users\madog\AppData\Local\Temp\\edge_BITS_17464_960986859 []
Startup: C:\Users\madog\AppData\Local\Temp\\ee959402-2391-4955-8b4b-0b2477514437.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\InterOP_CCD_Logs.txt [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\mat-debug-13320.log [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\mat-debug-9796.log [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\NGL []
Startup: C:\Users\madog\AppData\Local\Temp\\oobelib.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\PDApp.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\PhotoshopCrashes []
Startup: C:\Users\madog\AppData\Local\Temp\\PProIngestPresetsCacheV07.json [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\qtsingleapp-Pentab-9c9b-1-lockfile [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\skyeTemp []
Startup: C:\Users\madog\AppData\Local\Temp\\StructuredQuery.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\TeamViewer []
Startup: C:\Users\madog\AppData\Local\Temp\\UXP []
Startup: C:\Users\madog\AppData\Local\Temp\\wct6D44.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wct824D.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wctB265.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wctD04E.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\{006F4810-3E6D-47DC-A13C-3D09CA453103} []
Startup: C:\Users\madog\AppData\Local\Temp\\{08F53BCF-CAD2-4D96-8D3B-318CB2BF2EB3} []
Startup: C:\Users\madog\AppData\Local\Temp\\{22832E8B-BBAC-4A5C-B061-88F6C8668939} []
Startup: C:\Users\madog\AppData\Local\Temp\\{2C277E47-B4EA-42F9-B161-F36F2A53F983} []
Startup: C:\Users\madog\AppData\Local\Temp\\{38A41D70-660B-4AB0-9E37-737DA49E9F98} []
Startup: C:\Users\madog\AppData\Local\Temp\\{467FD69C-36A0-4BE3-8F0D-83091525DFDB} []
Startup: C:\Users\madog\AppData\Local\Temp\\{46D8A504-A2D2-4C64-89D3-7B7CE574A33E} []
Startup: C:\Users\madog\AppData\Local\Temp\\{4A24A076-AB6F-4D4F-815A-2DB40CEF855F} []
Startup: C:\Users\madog\AppData\Local\Temp\\{4CFC9E85-A2EC-49F0-A164-2C91FA8FDD51} []
Startup: C:\Users\madog\AppData\Local\Temp\\{6190ADB1-B1C0-4805-85CE-40B9A6338D52} []
Startup: C:\Users\madog\AppData\Local\Temp\\{6C051795-AA4D-434D-BDC8-E5E9563C20B1} []
Startup: C:\Users\madog\AppData\Local\Temp\\{77EB9E16-E349-439B-9B6F-810053F0DB5A} []
Startup: C:\Users\madog\AppData\Local\Temp\\{842C2E66-0450-4B00-BB42-B81BAE1D9C6E} []
Startup: C:\Users\madog\AppData\Local\Temp\\{84FE7A5A-556F-45B8-92CF-F5DBA00F1F25} []
Startup: C:\Users\madog\AppData\Local\Temp\\{9BDAD52C-6EA2-45F1-AB19-4076140DBCD3} []
Startup: C:\Users\madog\AppData\Local\Temp\\{AB872A5B-013C-4820-A50C-4E6BC4BB95E6} []
Startup: C:\Users\madog\AppData\Local\Temp\\{ABC3463D-560C-4AB6-B726-CE4CA8F2194B} []
Startup: C:\Users\madog\AppData\Local\Temp\\{BF708D00-C1BB-494E-8C51-5F12E241C9FF} - OProcSessId.dat [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\{C56142A4-642D-4559-A918-0FE690BDE362} - OProcSessId.dat [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\{C60CDF77-6434-446E-BB85-6A5C23D43CA9} []
Startup: C:\Users\madog\AppData\Local\Temp\\{C8B1BD54-75CE-4A7C-94AA-643C2E30700E} []
Startup: C:\Users\madog\AppData\Local\Temp\\{DA3B6C02-6383-46A9-BB19-C0644D939071} []
Startup: C:\Users\madog\AppData\Local\Temp\\{DC495439-C06D-43F7-8C48-E047C3FC8C67} []
Startup: C:\Users\madog\AppData\Local\Temp\\{DDBE3C99-18FE-4095-A9E2-A0A532DD77D4} []
Startup: C:\Users\madog\AppData\Local\Temp\\{E7A53EDD-B726-476F-B2B9-06B7F467C0F3} []
Startup: C:\Users\madog\AppData\Local\Temp\\{E9DA7674-CC3B-4151-B098-AC2BD8A06649} []
Startup: C:\Users\madog\AppData\Local\Temp\\{EA6A136E-C5F4-45D2-83E2-82539EB58910} []
HKLM\SYSTEM\ControlSet001\Services\Bonjour Service => "C:\Program Files\Bonjour\mDNSResponder.exe" <==== ATTENTION (Rootkit!/Locked Service)
EmptyTemp:
Reboot:
End::

Copy highlighted text (right click - Copy).
Run FRST (FRST64) as Administrator.
Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

You have Malwarebytes installed. Please do a full scan, save results in text file and attach it to your next post.

[BaBateck]

Malwarebytes.txt
Fixlog.txt

[Sandor-Helper]

OK
Please download KVRT and do a full system scan.
After that you'll have its report here:

C:\KVRT2020_Data\Reports

Zip in this folder and attach zip file to your next post.

[BaBateck]

Reports.zip

[Sandor-Helper]

Is this folder

C:\Users\madog\Documents\NBMiner\

known by you?

Does the problem with system start still persists?

[BaBateck]

I used NBMiner for Cryptomining, like Bitcoin/Ethereum. But deleted now.

The Problem still exist.

Sequenz.02_6.mp4

[Sandor-Helper]

Lets have another one log please.
Download Microsoft Safety Scanner and run it.

In the Scan Options choose FULL scan.

Please get a lot of patience cause the scan may take several hours (it depends from the PC speed and amount of files).
Wait until it ends.
Find log named MSERT.log in this folder C:\Windows\debug\msert.log

Attach it to your next post.

[BaBateck]

Found Nothing

msert.log

[Sandor-Helper]

Please now delete old logs and create new two FRST.txt and Addition.txt using
C:\Users\madog\Downloads\FRSTEnglish.exe once again.

[BaBateck]

I think, i have to format the disk and reinstall the Windows again :'D

Addition.txt
FRST.txt

[Sandor-Helper]

That will solve the problem of course.
Do you know what is this file?

c:\Users\Public\Documents\Product Manager\StudioApp.exe

Please upload it to www.virustotal.com and give me link to analysis report.

[BaBateck]

Yes, its just a Software for video editing. But I don't need any more. Will unistall it.

virustotal 0/70 Undetected

[Sandor-Helper]

Ok, before you reinstall system, check - is the problem appears in Safe Mode? Another check is to create a different Windows account and see what happens.

But first do one more fix in Farbar.
Temporarily turn off any antivirus.
Highlight following code:

Start::
CreateRestorePoint:
Startup: C:\Users\madog\AppData\Local\Temp\\.ses [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3295118489.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3305119735.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3325121047.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3335122408.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3345123721.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3365124976.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3375126210.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3385127490.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3405129019.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3415130354.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\3665155042.jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\4e9bf10d-6852-4600-8f2c-4703bdae74d9.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5020d4cb7b19eba8045dc9d043ed9f29 (2).jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\5020d4cb7b19eba8045dc9d043ed9f29 (3).jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\5020d4cb7b19eba8045dc9d043ed9f29.jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\56f9eb82-0ad1-4e46-bb51-7ef45e6a09cb.tmp [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\81NyY90J0fL._SY679_ (2).jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\81NyY90J0fL._SY679_ (3).jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\81NyY90J0fL._SY679_.jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\acrobat_sbx []
Startup: C:\Users\madog\AppData\Local\Temp\\acrocef_low []
Startup: C:\Users\madog\AppData\Local\Temp\\acrord32_super_sbx []
Startup: C:\Users\madog\AppData\Local\Temp\\Adobe []
Startup: C:\Users\madog\AppData\Local\Temp\\AdobeARM.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\AdobeARM_NotLocked.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\AdobeVulcan []
Startup: C:\Users\madog\AppData\Local\Temp\\AE_InstallMsi_24.0.1.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\Amazon Photos []
Startup: C:\Users\madog\AppData\Local\Temp\\BRL00002d60 []
Startup: C:\Users\madog\AppData\Local\Temp\\CEP11-PHXS.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CEP11-PPRO.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension-renderer.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PHXS-25.0.0-ProPanel.extension.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom-renderer.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CEPHtmlEngine11-PPRO-23.6.0-Atom.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\cep_cache []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_10024_318310541 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_20672_1662541654 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_4540_1371843064 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_4540_1538838606 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_4540_53404348 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_9284_154496359 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_9284_1740093842 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_9284_265089726 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_9284_350778499 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_9284_470499130 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_9284_635600884 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_9284_715730251 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_9284_753022936 []
Startup: C:\Users\madog\AppData\Local\Temp\\chrome_BITS_9284_966784243 []
Startup: C:\Users\madog\AppData\Local\Temp\\collab_low []
Startup: C:\Users\madog\AppData\Local\Temp\\crash_repo_pref.txt [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\CreativeCloud []
Startup: C:\Users\madog\AppData\Local\Temp\\cv_debug.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\definitive-harry-potter-character-ranking (2).jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\definitive-harry-potter-character-ranking (3).jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\definitive-harry-potter-character-ranking.jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\EAClient []
Startup: C:\Users\madog\AppData\Local\Temp\\ICM9933.tmp [] (Microsoft Windows -> )
Startup: C:\Users\madog\AppData\Local\Temp\\images (2).jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\images (3).jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\images (4).jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\images (5).jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\images (6).jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\images (7).jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\images (8).jpg [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\images (9).jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\images.jpg [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\installbuilder_installer.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\installbuilder_installer_11616.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\InterOP_CCD_Logs.txt [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\LrCHelp_ACR_Classic_lensblur_acr.mp4 [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\LrCHelp_pointcolor.mp4 [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\mat-debug-2232.log [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\mat-debug-9256.log [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\mbam []
Startup: C:\Users\madog\AppData\Local\Temp\\NGL []
Startup: C:\Users\madog\AppData\Local\Temp\\oobelib.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\PDApp.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\PhotoshopCrashes []
Startup: C:\Users\madog\AppData\Local\Temp\\qtsingleapp-Pentab-9c9b-1-lockfile [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\skyeTemp []
Startup: C:\Users\madog\AppData\Local\Temp\\StructuredQuery.log [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\Summary.htm [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\TeamViewer []
Startup: C:\Users\madog\AppData\Local\Temp\\UXP []
Startup: C:\Users\madog\AppData\Local\Temp\\wct2B9F.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wct3D8A.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wct54F8.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wct6DBA.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wct7997.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wct9A00.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wctA5BD.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wctAF13.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wctAF36.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wctC2F5.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wctCB2F.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wctCB80.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\wctE4F.tmp [] () [File not signed]
Startup: C:\Users\madog\AppData\Local\Temp\\WPF []
Startup: C:\Users\madog\AppData\Local\Temp\\{061D8A6B-B061-438B-AC80-4CEEB58E8034} []
Startup: C:\Users\madog\AppData\Local\Temp\\{073F9766-4214-404B-8218-67E2A91BD143} []
Startup: C:\Users\madog\AppData\Local\Temp\\{0AC3CB43-BBE2-4059-91F1-A10C95206951} []
Startup: C:\Users\madog\AppData\Local\Temp\\{1BF58447-1F6D-4000-AF76-78D5DF4E0715} []
Startup: C:\Users\madog\AppData\Local\Temp\\{23FF9D78-2F78-4E80-B213-C2C3210414D5} []
Startup: C:\Users\madog\AppData\Local\Temp\\{2460D093-13E4-45BE-A1FF-5DF4E88A56F6} []
Startup: C:\Users\madog\AppData\Local\Temp\\{2B6EFCDB-1A00-41BA-A3FB-7A717679A257} []
Startup: C:\Users\madog\AppData\Local\Temp\\{32E72775-1118-4C20-B015-77CD3DDF5D78} []
Startup: C:\Users\madog\AppData\Local\Temp\\{336F18E4-67BA-4BE6-884F-4A5F77EDF07D} []
Startup: C:\Users\madog\AppData\Local\Temp\\{454AA886-3CF4-42ED-B93E-F5D90A2C5609} []
Startup: C:\Users\madog\AppData\Local\Temp\\{4E2EEF31-4F08-43BD-B0CB-B9CDE839FA62} []
Startup: C:\Users\madog\AppData\Local\Temp\\{54145FCF-76CA-4F16-8F42-8C9ABB67A90A} []
Startup: C:\Users\madog\AppData\Local\Temp\\{61427A90-E603-4549-A8B7-4793537A3584} []
Startup: C:\Users\madog\AppData\Local\Temp\\{6F671A14-A230-4BBF-A32F-35DBDBD996FF} - OProcSessId.dat [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\{712A55F6-875E-4189-BE5B-2CB608CE3AA8} []
Startup: C:\Users\madog\AppData\Local\Temp\\{713EBE77-083F-4092-9081-AF1EAC998EAB} []
Startup: C:\Users\madog\AppData\Local\Temp\\{71CE7C3C-227D-44AE-8B02-36AEB3A1619B} []
Startup: C:\Users\madog\AppData\Local\Temp\\{866B3690-4DAE-480E-9660-1CA12DB25EB5} - OProcSessId.dat [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\{8AFA0C54-E2BC-4C51-9660-362D1EC5BADA} []
Startup: C:\Users\madog\AppData\Local\Temp\\{8D698A7B-782B-42CB-84AB-04EBBD2433C2} []
Startup: C:\Users\madog\AppData\Local\Temp\\{9CCBF751-0701-4B23-85EE-4278B1BCA1C0} []
Startup: C:\Users\madog\AppData\Local\Temp\\{A69DD38D-4C91-43FB-881E-A9FDD0764D58} []
Startup: C:\Users\madog\AppData\Local\Temp\\{AC76BA86-1033-FFFF-7760-0C0F074E4100} []
Startup: C:\Users\madog\AppData\Local\Temp\\{AD74EF1C-D0D3-4424-9F25-F33220E11A36} []
Startup: C:\Users\madog\AppData\Local\Temp\\{B6390679-9A89-4EFE-9A00-65BB603A196D} []
Startup: C:\Users\madog\AppData\Local\Temp\\{B821F36B-DA8D-49FB-84A5-BBE8B09590B1} []
Startup: C:\Users\madog\AppData\Local\Temp\\{BB62675C-F8DC-45E8-8AEC-1689D71773E7} []
Startup: C:\Users\madog\AppData\Local\Temp\\{BC4482A5-42CF-4EA4-A009-A2973820D1A5} []
Startup: C:\Users\madog\AppData\Local\Temp\\{BF6D3E80-930D-4A65-9A60-DBEAFB44CDB2} []
Startup: C:\Users\madog\AppData\Local\Temp\\{C1EA83C7-5F52-4B37-B4F2-B5ACEA727E13} []
Startup: C:\Users\madog\AppData\Local\Temp\\{CBD16D78-7752-449C-BE3B-B9DB08C74CCE} []
Startup: C:\Users\madog\AppData\Local\Temp\\{D014E127-67B3-412E-83E4-5D245FE7950B} []
Startup: C:\Users\madog\AppData\Local\Temp\\{D6E984F5-A7C4-4C1E-8284-FBC130A6444D} []
Startup: C:\Users\madog\AppData\Local\Temp\\{D8025289-4772-41F2-8E7E-B17006806A17} []
Startup: C:\Users\madog\AppData\Local\Temp\\{D943892D-9E5C-41B2-AD3A-9BF406807352} []
Startup: C:\Users\madog\AppData\Local\Temp\\{E9096F25-A631-4CFE-9A47-21B849819D8A} []
Startup: C:\Users\madog\AppData\Local\Temp\\{EF9AE893-803C-4681-ACFD-6C39D5701828} []
Startup: C:\Users\madog\AppData\Local\Temp\\{F1E19CA5-EC30-430C-B937-3FF360D68F55} []
Startup: C:\Users\madog\AppData\Local\Temp\\{FDBC1F7B-A854-49BA-95D1-71469F2A846D} - OProcSessId.dat [] () <==== ATTENTION [zero byte? (Error=123)]
Startup: C:\Users\madog\AppData\Local\Temp\\{FDE7E30E-16BA-4563-B06D-2A24DC864CF0} []
Reboot:
End::

Copy highlighted text (right click - Copy).
Run FRST (FRST64) as Administrator.
Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

[BaBateck]

I find the solution.

Anything changed my startup order.
So i changed it back. Everything is okay now.

Thank You 👍

[dragokas]

@BaBateck thank you for let us know. Is any other malware issue left?

[dragokas]

Closed.
Reason: It seems solved.