HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" (No File) HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" (No File) Edge Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlgfaleeejmphhnemjgiaekdbonkagkd [2022-10-04] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-10-04] Edge Extension: (MSN New Tab) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lklfbkdigihjaaeamncibechhgalldgl [2022-10-04] Edge Extension: (Privacy Badger) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2022-10-04] CHR Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2022-10-05] S3 MirayRAMDrive; C:\WINDOWS\System32\drivers\mrdo.sys [65488 2022-02-10] (Miray Software AG -> Miray) CMD: ping google.com CMD: tracert -d google.com CMD: netstat -rn CMD: ipconfig /all CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: