| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Misleading:Win32/Lodi Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.10.2020, 17:08
| #1 |
 |  Misleading:Win32/Lodi Virus? Hallo Freunde, nachdem ich viele Jahre meine Ruhe hatte und lange keine Probleme mit Viren hat es mich wohl wieder einmal erwischt... ich bekomme alle 5 Minuten die Nachricht von Windows, dass eine Potenzielle Bedrohung auf meinem Rechner gefunden wurde. Misleading:Win32/Lodi Hier ist einmal ein frisches FRST und die Addition.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
durchgeführt von Azad (Administrator) auf DESKTOP-VOMS6S7 (13-10-2020 18:03:58)
Gestartet von C:\Users\Azad\Downloads
Geladene Profile: Azad (Verfügbare Profile: Azad)
Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
konnte nicht auf den Prozess zugreifen -> Registry
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
konnte nicht auf den Prozess zugreifen -> Memory Compression
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Electronic Arts) D:\Origin\OriginWebHelperService.exe
(Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
(Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\System32\CompPkgSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\ProgramData\iMobieDNA\AppleDriver\AppleMobileDeviceProcess.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.23741.0_x64__8wekyb3d8bbwe\Cortana.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\ApplicationFrameHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12009.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20082.10421.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.46.22742.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsBroker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Windows\system32\SecurityHealthSystray.exe [86016 2019-12-07] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [638352 2018-05-17] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [407440 2018-05-17] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [30870320 2019-12-07] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [30870320 2019-12-07] (Microsoft Corporation)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [OneDrive] => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1915752 2020-09-11] (Microsoft Corporation)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Steam] => C:\Steam\steam.exe [3416352 2020-10-07] (Valve Corporation)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Discord] => C:\Users\Azad\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Spotify] => C:\Users\Azad\AppData\Roaming\Spotify\Spotify.exe [22824680 2020-05-22] (Spotify Ltd)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [com.blitz.app] => C:\Users\Azad\AppData\Local\Blitz\Update.exe --processStart "Blitz.exe" --process-start-args "--hidden"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [AnyTransToolHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe [572928 2020-08-31] (iMobie Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileSyncShell.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileSyncShell.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileSyncShell.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileSyncShell.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileSyncShell.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileSyncShell.dll [2020-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileSyncShell.dll [2020-09-11] (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D090920-A74DCDF78DC&form=CONMHP&conlogo=CT3335043
SearchScopes: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D090920-N0700A74DCDF78DC&form=CONBDF&conlogo=CT3335043&q={searchTerms}
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\BHO\ie_to_edge_bho_64.dll [2020-10-08] (Microsoft Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-07-23] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-07-23] (Oracle Corporation)
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\BHO\ie_to_edge_bho.dll [2020-10-08] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2019-12-07] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2019-12-07] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d7c8a815-ac65-4c33-bc3f-70bb13fdd9e7}: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default
FF NewTab: https://defaultsearch.co/homepage?hp=1&pId=CH180901FF&iDate=2020-09-09 04:09:01&bName=&bitmask=0600
FF DefaultSearchEngine: Bing Default Search
FF SelectedSearchEngine: Bing Default Search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-09-08] ()
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-07-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-07-23] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2018-05-17] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2019-06-25] (Microsoft Corporation)
FF Extension: Kein Name - C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2018-11-06]
FF Extension: Kein Name - C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-08-29]
StartMenuInternet: Firefox-308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Slides) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-22]
CHR Extension: (Docs) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-22]
CHR Extension: (Google Drive) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-22]
CHR Extension: (YouTube) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-22]
CHR Extension: (Sheets) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-10-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-22]
CHR Extension: (Gmail) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-22]
==================== Services (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-08] (Adobe)
S3 AJRouter; C:\Windows\System32\AJRouter.dll [26112 2019-12-07] (Microsoft Corporation)
S4 AppVClient; C:\Windows\system32\AppVClient.exe [756552 2020-08-11] (Microsoft Corporation)
S3 AssignedAccessManagerSvc; C:\Windows\System32\assignedaccessmanagersvc.dll [859136 2020-09-11] (Microsoft Corporation)
S3 autotimesvc; C:\Windows\System32\autotimesvc.dll [114176 2019-12-07] (Microsoft Corporation)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-06] ()
R2 BrokerInfrastructure; C:\Windows\System32\psmsrv.dll [247296 2020-08-11] (Microsoft Corporation)
S3 BTAGService; C:\Windows\System32\BTAGService.dll [1021952 2020-09-11] (Microsoft Corporation)
S3 BTAGService; C:\Windows\SysWOW64\BTAGService.dll [733184 2020-09-11] (Microsoft Corporation)
R3 BthAvctpSvc; C:\Windows\System32\BthAvctpSvc.dll [392192 2020-08-11] (Microsoft Corporation)
R3 camsvc; C:\Windows\system32\CapabilityAccessManager.dll [389632 2020-08-11] (Microsoft Corporation)
R2 CDPSvc; C:\Windows\System32\CDPSvc.dll [609792 2020-09-11] (Microsoft Corporation)
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2018-10-25] (Chip Digital GmbH) [Datei ist nicht signiert]
S3 ClipSVC; C:\Windows\System32\ClipSVC.dll [1092392 2020-09-11] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [986976 2020-08-14] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [630088 2020-08-14] (Microsoft Corporation)
S3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [65024 2019-12-07] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [94208 2020-09-11] (Microsoft Corporation)
S3 diagsvc; C:\Windows\system32\DiagSvc.dll [203264 2020-08-11] (Microsoft Corporation)
R2 DispBrokerDesktopSvc; C:\Windows\System32\DispBroker.Desktop.dll [378368 2020-08-11] (Microsoft Corporation)
R3 DisplayEnhancementService; C:\Windows\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [1188352 2020-08-11] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [1008640 2020-09-11] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [707584 2020-09-11] (Microsoft Corporation)
S3 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [58880 2019-12-07] (Microsoft Corporation)
S2 DoSvc; C:\Windows\System32\svchost.exe [57368 2019-12-07] (Microsoft Corporation)
S2 DoSvc; C:\Windows\SysWOW64\svchost.exe [47232 2019-12-07] (Microsoft Corporation)
R3 DsSvc; C:\Windows\System32\DsSvc.dll [162816 2020-08-11] (Microsoft Corporation)
R2 DusmSvc; C:\Windows\System32\dusmsvc.dll [341504 2019-12-07] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-02-28] (EasyAntiCheat Ltd)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224160 2020-08-09] (Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224160 2020-08-09] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [160256 2019-12-07] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [592384 2020-08-11] (Microsoft Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [986624 2020-08-14] (Microsoft Corporation)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.75\elevation_service.exe [1406448 2020-10-05] (Google LLC)
S3 GraphicsPerfSvc; C:\Windows\System32\GraphicsPerfSvc.dll [106496 2019-12-07] (Microsoft Corporation)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [66360 2019-12-07] (Microsoft Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [237568 2020-09-11] (Microsoft Corporation)
R3 InstallService; C:\Windows\system32\InstallService.dll [2422784 2020-09-11] (Microsoft Corporation)
R3 InstallService; C:\Windows\SysWOW64\InstallService.dll [1834496 2020-09-11] (Microsoft Corporation)
S3 IpxlatCfgSvc; C:\Windows\System32\IpxlatCfg.dll [66048 2019-12-07] (Microsoft Corporation)
R3 lfsvc; C:\Windows\System32\lfsvc.dll [48640 2019-12-07] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [51200 2019-12-07] (Microsoft Corporation)
S3 LxpSvc; C:\Windows\System32\LanguageOverlayServer.dll [302592 2019-12-07] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [94720 2019-12-07] (Microsoft Corporation)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.38\elevation_service.exe [1535376 2020-10-08] (Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\Windows\System32\MixedRealityRuntime.dll [134248 2019-12-07] (Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\Windows\SysWOW64\MixedRealityRuntime.dll [104808 2019-12-07] (Microsoft Corporation)
S3 NaturalAuthentication; C:\Windows\System32\NaturalAuth.dll [454144 2020-08-11] (Microsoft Corporation)
S3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [309248 2019-12-07] (Microsoft Corporation)
R3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [768512 2020-08-14] (Microsoft Corporation)
R3 NgcSvc; C:\Windows\system32\ngcsvc.dll [922112 2020-08-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [884024 2020-09-24] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2519864 2020-09-09] (Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3473216 2020-09-09] (Electronic Arts)
S3 perceptionsimulation; C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe [105984 2020-08-11] (Microsoft Corporation)
S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [954880 2020-08-11] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2020-07-10] ()
S3 PushToInstall; C:\Windows\system32\PushToInstall.dll [263168 2020-08-11] (Microsoft Corporation)
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [170352 2020-04-10] (TMRG, Inc.) <==== ATTENTION
S3 RetailDemo; C:\Windows\system32\RDXService.dll [738304 2019-12-07] (Microsoft Corporation)
R3 RmSvc; C:\Windows\System32\RMapi.dll [152576 2020-08-14] (Microsoft Corporation)
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor)
R3 SecurityHealthService; C:\Windows\system32\SecurityHealthService.exe [976680 2020-09-11] (Microsoft Corporation)
S3 SEMgrSvc; C:\Windows\system32\SEMgrSvc.dll [1222656 2020-08-11] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5097896 2020-09-11] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1263104 2019-12-07] (Microsoft Corporation)
S3 SensorService; C:\Windows\system32\SensorService.dll [466432 2020-08-11] (Microsoft Corporation)
R2 SgrmBroker; C:\Windows\system32\SgrmBroker.exe [329496 2020-08-11] (Microsoft Corporation)
S3 SharedRealitySvc; C:\Windows\System32\SharedRealitySvc.dll [306688 2019-12-07] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [224768 2020-08-11] (Microsoft Corporation)
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [625664 2019-12-07] (Microsoft Corporation)
S3 spectrum; C:\Windows\system32\spectrum.exe [874496 2020-08-11] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [384512 2019-10-15] ()
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [5870496 2020-09-11] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [5430480 2020-09-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13109264 2020-06-22] (TeamViewer Germany GmbH)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [325632 2019-12-07] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [179200 2019-12-07] (Microsoft Corporation)
R3 TokenBroker; C:\Windows\System32\TokenBroker.dll [1530880 2020-09-11] (Microsoft Corporation)
R3 TokenBroker; C:\Windows\SysWOW64\TokenBroker.dll [1239552 2020-08-11] (Microsoft Corporation)
S3 TroubleshootingSvc; C:\Windows\system32\MitigationClient.dll [417792 2020-08-11] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [97792 2019-12-07] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\SysWOW64\tzautoupdate.dll [73216 2019-12-07] (Microsoft Corporation)
S4 UevAgentService; C:\Windows\system32\AgentService.exe [1201152 2020-09-11] (Microsoft Corporation)
R2 UserManager; C:\Windows\System32\usermgr.dll [1488384 2020-09-11] (Microsoft Corporation)
R2 UsoSvc; C:\Windows\system32\usosvc.dll [566272 2020-09-11] (Microsoft Corporation)
S3 VacSvc; C:\Windows\System32\vac.dll [383224 2020-08-11] (Microsoft Corporation)
S3 VBoxSDS; D:\Virtual Box\VBoxSDS.exe [744968 2020-06-04] (Oracle Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [304640 2020-08-11] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\icsvc.dll [292152 2019-12-07] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [304640 2020-08-11] (Microsoft Corporation)
R3 WaaSMedicSvc; C:\Windows\System32\WaaSMedicSvc.dll [362496 2020-08-14] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [441856 2020-08-14] (Microsoft Corporation)
S3 WarpJITSvc; C:\Windows\System32\Windows.WARP.JITService.dll [65536 2019-12-07] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\Windows\System32\wfdsconmgrsvc.dll [675840 2019-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [939448 2020-09-11] (Microsoft Corporation)
S3 wisvc; C:\Windows\SysWOW64\flightsettings.dll [750976 2020-09-11] (Microsoft Corporation)
S3 wlpasvc; C:\Windows\System32\lpasvc.dll [1253376 2020-08-14] (Microsoft Corporation)
S3 WManSvc; C:\Windows\system32\Windows.Management.Service.dll [934912 2020-09-11] (Microsoft Corporation)
S3 WpcMonSvc; C:\Windows\System32\WpcDesktopMonSvc.dll [1905664 2020-09-11] (Microsoft Corporation)
R2 WpnService; C:\Windows\system32\WpnService.dll [244736 2019-12-07] (Microsoft Corporation)
R3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [1046528 2020-08-14] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1267712 2020-08-11] (Microsoft Corporation)
S3 XboxGipSvc; C:\Windows\System32\XboxGipSvc.dll [72704 2019-12-07] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1293824 2020-09-11] (Microsoft Corporation)
R3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare UniConverter (Desktop Deutsch)\Transfer\DriverInstall.exe" [X]
==================== Drivers (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AarSvc; No ImagePath
R3 AarSvc_95637d8b; No ImagePath
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [23040 2019-12-07] (Microsoft Corporation)
S3 Acx01000; C:\Windows\System32\drivers\Acx01000.sys [415232 2019-12-07] (Microsoft Corporation)
R1 afunix; C:\Windows\system32\drivers\afunix.sys [41984 2020-09-11] (Microsoft Corporation)
S3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [18432 2019-12-07] (Advanced Micro Devices, Inc)
S3 amdi2c; C:\Windows\System32\drivers\amdi2c.sys [45568 2019-12-07] (Advanced Micro Devices, Inc)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (Apple Inc.)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [18432 2020-09-11] (Microsoft Corporation)
S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [138272 2019-12-07] (Microsoft Corporation)
S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [174608 2019-12-07] (Microsoft Corporation)
S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [154936 2019-12-07] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533816 2019-12-07] (QLogic Corporation)
R1 bam; C:\Windows\System32\drivers\bam.sys [78136 2019-12-07] (Microsoft Corporation)
R1 BasicDisplay; C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_62ba5773ba05edee\BasicDisplay.sys [68608 2019-12-07] (Microsoft Corporation)
R1 BasicRender; C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_49a8589f00d970d9\BasicRender.sys [38912 2020-08-11] (Microsoft Corporation)
S3 BcastDVRUserService; No ImagePath
S3 BcastDVRUserService_95637d8b; No ImagePath
R2 bindflt; C:\Windows\system32\drivers\bindflt.sys [143160 2020-08-11] (Microsoft Corporation)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-07-26] (Bluestack System Inc. )
S3 BluetoothUserService; No ImagePath
S3 BluetoothUserService_95637d8b; No ImagePath
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [106496 2020-09-11] (Microsoft Corporation)
S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [45568 2020-09-11] (Microsoft Corporation)
S0 bttflt; C:\Windows\System32\drivers\bttflt.sys [43832 2019-12-07] (Microsoft Corporation)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [44032 2019-12-07] (Microsoft Corporation)
S3 CAD; C:\Windows\System32\drivers\CAD.sys [66576 2019-12-07] (Microsoft Corporation)
S3 CaptureService; No ImagePath
S3 CaptureService_95637d8b; No ImagePath
S3 cbdhsvc; No ImagePath
R3 cbdhsvc_95637d8b; No ImagePath
S2 CDPUserSvc; No ImagePath
R2 CDPUserSvc_95637d8b; No ImagePath
S0 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [319800 2019-12-07] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [1853752 2019-12-07] (Chelsio Communications)
R1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [91136 2019-12-07] ()
R2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [491520 2020-09-11] (Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [40968 2019-12-07] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys [41984 2019-12-07] (Microsoft Corporation)
S3 ConsentUxUserSvc; No ImagePath
S3 ConsentUxUserSvc_95637d8b; No ImagePath
S3 CredentialEnrollmentManagerUserSvc; No ImagePath
S3 CredentialEnrollmentManagerUserSvc_95637d8b; No ImagePath
S3 DeviceAssociationBrokerSvc; No ImagePath
S3 DeviceAssociationBrokerSvc_95637d8b; No ImagePath
S3 DevicePickerUserSvc; No ImagePath
S3 DevicePickerUserSvc_95637d8b; No ImagePath
S3 DevicesFlowUserSvc; No ImagePath
S3 DevicesFlowUserSvc_95637d8b; No ImagePath
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [254528 2018-11-26] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3418936 2019-12-07] (QLogic Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [59392 2019-12-07] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys [23040 2019-12-07] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8704 2019-12-07] (Microsoft Corporation)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [55824 2019-12-07] (Microsoft Corporation)
S3 hidspi; C:\Windows\System32\drivers\hidspi.sys [66560 2019-12-07] (Microsoft Corporation)
S4 hvcrash; C:\Windows\System32\drivers\hvcrash.sys [35128 2019-12-07] (Microsoft Corporation)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [95032 2020-09-11] (Microsoft Corporation)
S3 HwNClx0101; C:\Windows\System32\Drivers\mshwnclx.sys [30208 2019-12-07] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [36352 2019-12-07] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [91136 2019-12-07] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [79360 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_GPIO2_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [93184 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [171520 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [175104 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys [177152 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2019-12-07] (Intel Corporation)
S0 iaStorAVC; C:\Windows\System32\drivers\iaStorAVC.sys [884752 2019-12-07] (Intel Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [558904 2019-12-07] (Mellanox)
S1 iecwkmqd; C:\WINDOWS\system32\drivers\iecwkmqd.sys [72816 2020-10-13] (Microsoft Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [47104 2019-12-07] (Microsoft Corporation)
S3 intelpmax; C:\Windows\System32\drivers\intelpmax.sys [30720 2019-12-07] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [57360 2019-12-07] (Microsoft Corporation)
S3 IPT; C:\Windows\System32\drivers\ipt.sys [59704 2019-12-07] (Microsoft Corporation)
S1 irwuvrud; C:\WINDOWS\system32\drivers\irwuvrud.sys [72816 2020-10-13] (Microsoft Corporation)
S0 ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [172344 2019-12-07] (Avago Technologies)
S1 kvkgwdaj; C:\WINDOWS\system32\drivers\kvkgwdaj.sys [72816 2020-10-13] (Microsoft Corporation)
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [124216 2019-12-07] (LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [135992 2019-12-07] (Avago Technologies)
S3 mausbhost; C:\Windows\System32\drivers\mausbhost.sys [537608 2019-12-07] (Microsoft Corporation)
S3 mausbip; C:\Windows\System32\drivers\mausbip.sys [64016 2019-12-07] (Microsoft Corporation)
S3 MbbCx; C:\Windows\System32\drivers\MbbCx.sys [386048 2020-08-14] (Microsoft Corporation)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [59704 2019-12-07] (Avago Technologies)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [81720 2019-12-07] (Avago Technologies)
S0 megasas35i; C:\Windows\System32\drivers\megasas35i.sys [105480 2019-12-07] (Avago Technologies)
R3 MEIx64; C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_85021432489d6a1c\x64\TeeDriverW8x64.sys [266128 2019-04-17] (Intel Corporation)
S3 MessagingService; No ImagePath
S3 MessagingService_95637d8b; No ImagePath
S3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [65024 2019-12-07] (Microsoft Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [1131320 2019-12-07] (Mellanox)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [53248 2019-12-07] (Microsoft Corporation)
R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B61A155A-0FC1-4511-ACFD-2F59EF093A8E}\MpKslDrv.sys [47328 2020-10-13] (Microsoft Corporation)
R3 MsQuic; C:\Windows\System32\drivers\msquic.sys [322376 2020-09-11] (Microsoft Corporation)
R0 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [293176 2020-08-14] (Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [146232 2019-12-07] (Mellanox)
S3 NDKPing; C:\Windows\System32\drivers\NDKPing.sys [72720 2019-12-07] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [206336 2019-12-07] (Microsoft Corporation)
S3 netvsc; C:\Windows\System32\drivers\netvsc.sys [249144 2019-12-07] (Microsoft Corporation)
S0 nvdimm; C:\Windows\System32\drivers\nvdimm.sys [168464 2019-12-07] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7c6629f3404619ed\nvlddmkm.sys [32460528 2020-09-26] (NVIDIA Corporation)
R3 NvModuleTracker; C:\Windows\System32\drivers\NvModuleTracker.sys [50592 2020-03-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [67456 2020-03-11] (NVIDIA Corporation)
S2 OneSyncSvc; No ImagePath
R2 OneSyncSvc_95637d8b; No ImagePath
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58680 2019-12-07] (Avago Technologies)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [68408 2019-12-07] (Avago Technologies)
S3 PimIndexMaintenanceSvc; No ImagePath
R3 PimIndexMaintenanceSvc_95637d8b; No ImagePath
S3 PktMon; C:\Windows\System32\drivers\PktMon.sys [104456 2019-12-07] (Microsoft Corporation)
S0 pmem; C:\Windows\System32\drivers\pmem.sys [138040 2019-12-07] (Microsoft Corporation)
S3 portcfg; C:\Windows\System32\drivers\portcfg.sys [27136 2019-12-07] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; No ImagePath
R3 PrintWorkflowUserSvc_95637d8b; No ImagePath
S0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [42296 2019-12-07] (Microsoft Corporation)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [990008 2019-12-07] (Microsoft Corporation)
S3 rhproxy; C:\Windows\System32\drivers\rhproxy.sys [115712 2019-12-07] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1167768 2019-11-20] (Realtek )
S1 rvtdidqw; C:\WINDOWS\system32\drivers\rvtdidqw.sys [72816 2020-10-13] (Microsoft Corporation)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [158736 2019-12-07] (Microsoft Corporation)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [35128 2019-12-07] (Microsoft Corporation)
R0 SgrmAgent; C:\Windows\System32\drivers\SgrmAgent.sys [88080 2019-12-07] (Microsoft Corporation)
S0 SmartSAMD; C:\Windows\System32\drivers\SmartSAMD.sys [209720 2019-12-07] (Microsemi Corportation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [172544 2019-12-07] (Microsoft Corporation)
S3 spaceparser; C:\Windows\System32\drivers\spaceparser.sys [26624 2019-12-07] (Microsoft Corporation)
S3 SpatialGraphFilter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [90936 2019-12-07] (Microsoft Corporation)
R3 SteamStreamingMicrophone; C:\Windows\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\Windows\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [92984 2019-12-07] (Microsoft Corporation)
S0 storufs; C:\Windows\System32\drivers\storufs.sys [60744 2020-09-11] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys [18952 2019-12-07] (Microsoft Corporation)
R0 Telemetry; C:\Windows\System32\drivers\IntelTA.sys [26600 2020-08-14] (Microsoft Corporation)
S1 tzaasctk; C:\WINDOWS\system32\drivers\tzaasctk.sys [72816 2020-10-13] (Microsoft Corporation)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [160256 2019-12-07] (Microsoft Corporation)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [188416 2019-12-07] (Microsoft Corporation)
S3 UcmUcsiAcpiClient; C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys [36864 2019-12-07] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\Windows\System32\Drivers\UcmUcsiCx.sys [113152 2020-09-11] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [52736 2019-12-07] (Microsoft Corporation)
S3 UdkUserSvc; No ImagePath
R3 UdkUserSvc_95637d8b; No ImagePath
R3 UEFI; C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys [34104 2019-12-07] (Microsoft Corporation)
S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [41488 2019-12-07] (Microsoft Corporation)
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [321040 2019-12-07] (Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys [110608 2019-12-07] (Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [168248 2019-12-07] (Microsoft Corporation)
R3 umbus; C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys [58368 2019-12-07] (Microsoft Corporation)
S3 UnistoreSvc; No ImagePath
R3 UnistoreSvc_95637d8b; No ImagePath
S3 UrsChipidea; C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys [32056 2019-12-07] (Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [76304 2019-12-07] (Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys [29496 2019-12-07] (Microsoft Corporation)
S3 usbaudio2; C:\Windows\System32\drivers\usbaudio2.sys [260608 2019-12-07] (Microsoft Corporation)
S3 UserDataSvc; No ImagePath
R3 UserDataSvc_95637d8b; No ImagePath
S3 VBoxNetAdp; C:\Windows\System32\drivers\VBoxNetAdp6.sys [237832 2020-06-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [247232 2020-06-04] (Oracle Corporation)
S3 vhf; C:\Windows\System32\drivers\vhf.sys [47616 2019-12-07] (Microsoft Corporation)
S3 VirtualRender; C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys [11264 2019-12-07] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [19768 2019-12-07] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16696 2019-12-07] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [202552 2019-12-07] (Microsoft Corporation)
S3 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [93184 2019-12-07] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [951808 2020-09-11] (Microsoft Corporation)
S3 WdmCompanionFilter; C:\Windows\System32\drivers\WdmCompanionFilter.sys [23560 2019-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Corporation)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [76984 2019-12-07] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [18920 2019-12-07] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [36152 2019-12-07] (Mellanox)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [259584 2020-09-11] (Microsoft Corporation)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [73016 2019-12-07] (Mellanox)
S2 WpnUserService; No ImagePath
R2 WpnUserService_95637d8b; No ImagePath
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [324608 2019-12-07] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [48640 2019-12-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
NETSVC: InstallService -> C:\Windows\system32\InstallService.dll (Microsoft Corporation)
NETSVC: PushToInstall -> C:\Windows\system32\PushToInstall.dll (Microsoft Corporation)
NETSVC: TroubleshootingSvc -> C:\Windows\system32\MitigationClient.dll (Microsoft Corporation)
NETSVC: LxpSvc -> C:\Windows\System32\LanguageOverlayServer.dll (Microsoft Corporation)
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVC: DmEnrollmentSvc -> C:\Windows\system32\Windows.Internal.Management.dll (Microsoft Corporation)
NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: NetSetupSvc -> C:\Windows\System32\NetSetupSvc.dll (Microsoft Corporation)
NETSVC: TokenBroker -> C:\Windows\System32\TokenBroker.dll (Microsoft Corporation)
NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)
NETSVC: dmwappushservice -> C:\Windows\system32\dmwappushsvc.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UsoSvc -> C:\Windows\system32\usosvc.dll (Microsoft Corporation)
NETSVC: XboxGipSvc -> C:\Windows\System32\XboxGipSvc.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> Keine Datei
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-10-13 18:02 - 2020-10-13 18:03 - 00110757 _____ C:\Users\Azad\Downloads\Addition.txt
2020-10-13 18:01 - 2020-10-13 18:04 - 00053533 _____ C:\Users\Azad\Downloads\FRST.txt
2020-10-13 18:01 - 2020-10-13 18:04 - 00000000 ____D C:\FRST
2020-10-13 18:00 - 2020-10-13 18:00 - 02169856 _____ (Farbar) C:\Users\Azad\Downloads\FRST64.exe
2020-10-13 17:52 - 2020-10-13 17:52 - 00072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irwuvrud.sys
2020-10-13 17:51 - 2020-10-13 17:51 - 00072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kvkgwdaj.sys
2020-10-13 16:17 - 2020-10-13 16:17 - 00072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iecwkmqd.sys
2020-10-13 16:16 - 2020-10-13 16:16 - 00072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rvtdidqw.sys
2020-10-13 13:30 - 2020-10-13 13:30 - 00072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tzaasctk.sys
2020-10-09 19:25 - 2020-10-09 19:25 - 00000000 ____D C:\Users\Azad\AppData\Local\AVGame
2020-10-05 16:10 - 2020-10-05 16:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\Agent Activation Runtime
2020-10-04 15:57 - 2020-10-04 15:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Mozilla
2020-10-04 12:59 - 2020-10-04 16:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2020-09-30 17:43 - 2020-09-30 17:43 - 00000000 ____D C:\Users\Azad\Documents\AnyTrans-Exportieren-20200930
2020-09-28 20:55 - 2020-09-28 20:55 - 00000000 ____D C:\WINDOWS\LastGood
2020-09-28 20:53 - 2020-10-13 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2020-09-28 20:52 - 2020-09-26 01:41 - 01769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 01769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 01370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 01370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 01054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 01054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 00917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 00917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 00455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 00349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 02097560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 01585048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 01506200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 01160600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 00815856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 00811248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 00674200 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 00670104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 00656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 00555928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 00540912 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 07705320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 06859152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 04174736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 02509200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 01733008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445655.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 01482984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445655.dll
2020-09-28 20:52 - 2020-09-26 01:35 - 05964496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-09-28 18:00 - 2020-09-28 18:12 - 00000000 ____D C:\Users\Azad\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2020-09-28 17:49 - 2020-09-28 17:49 - 00000768 _____ C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
2020-09-28 17:49 - 2020-09-28 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2020-09-28 17:44 - 2020-09-28 17:45 - 00000000 ____D C:\Users\Azad\AppData\Roaming\DAEMON Tools Lite
2020-09-28 17:44 - 2020-09-28 17:45 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2020-09-28 17:44 - 2020-09-28 17:44 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2020-09-28 16:37 - 2020-10-13 17:51 - 00000000 ____D C:\Program Files (x86)\RelevantKnowledge
2020-09-28 16:37 - 2020-04-10 01:02 - 01111408 ____N (TMRG, Inc.) C:\WINDOWS\system32\rlls64.dll
2020-09-28 16:37 - 2020-04-10 01:02 - 00754032 ____N (TMRG, Inc.) C:\WINDOWS\SysWOW64\rlls.dll
2020-09-25 11:17 - 2020-10-08 16:31 - 00000000 ____D C:\Users\Azad\Desktop\Logos
2020-09-23 14:09 - 2020-09-23 14:09 - 00000000 ____D C:\Users\Azad\AppData\Local\Epic Games
2020-09-17 18:23 - 2020-09-17 18:24 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2020-09-17 18:20 - 2020-09-15 00:13 - 00038816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2020-09-16 17:28 - 2020-09-16 17:28 - 00000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2020-09-16 17:27 - 2020-10-09 15:31 - 00000000 ____D C:\Users\Azad\Documents\Mount and Blade II Bannerlord
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-10-13 17:28 - 2020-08-11 21:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-13 17:19 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\system32\sru
2020-10-13 17:17 - 2019-10-22 17:54 - 00002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-13 17:17 - 2019-10-22 17:54 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-13 12:25 - 2018-08-27 18:00 - 00000000 ____D C:\ProgramData\NVIDIA
2020-10-13 12:24 - 2018-08-28 20:11 - 00000000 ____D C:\Users\Azad\AppData\Local\D3DSCache
2020-10-13 12:23 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\AppReadiness
2020-10-13 12:13 - 2020-09-04 11:26 - 00000000 ___RD C:\Users\Azad\iCloudDrive
2020-10-13 12:13 - 2020-08-11 21:58 - 00003700 _____ C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-13 12:13 - 2020-08-11 21:58 - 00003576 _____ C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-12 23:26 - 2019-11-07 19:41 - 00000000 ____D C:\Users\Azad\AppData\Local\Battle.net
2020-10-12 23:26 - 2018-08-28 20:01 - 00000000 ____D C:\Steam
2020-10-12 22:59 - 2020-09-04 13:14 - 00000000 ____D C:\Users\Azad\AppData\Roaming\vlc
2020-10-10 20:28 - 2019-11-10 18:08 - 00000000 ____D C:\Users\Azad\AppData\Roaming\Discord
2020-10-10 19:49 - 2019-08-27 17:25 - 00000000 ____D C:\Users\Azad\AppData\Roaming\TS3Client
2020-10-10 17:27 - 2019-11-10 18:08 - 00002232 _____ C:\Users\Azad\Desktop\Discord.lnk
2020-10-10 17:27 - 2019-11-10 18:08 - 00000000 ____D C:\Users\Azad\AppData\Local\Discord
2020-10-10 16:26 - 2020-03-17 17:47 - 00000000 ____D C:\Program Files (x86)\Battle.net
2020-10-10 12:31 - 2019-11-07 19:50 - 00000569 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 00002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 00002257 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-09 19:25 - 2018-08-28 21:21 - 00000000 ____D C:\Users\Azad\AppData\Local\UnrealEngine
2020-10-09 12:19 - 2020-08-14 13:58 - 00003944 _____ C:\WINDOWS\System32\Tasks\BlueStacksHelper
2020-10-07 11:09 - 2018-08-24 18:26 - 00000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-06 15:55 - 2020-08-27 15:44 - 00000000 ____D C:\Users\Azad\Documents\Soundaufnahmen
2020-10-04 18:57 - 2020-08-11 21:57 - 01722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-04 18:57 - 2019-12-07 16:51 - 00743686 _____ C:\WINDOWS\system32\perfh007.dat
2020-10-04 18:57 - 2019-12-07 16:51 - 00150108 _____ C:\WINDOWS\system32\perfc007.dat
2020-10-04 18:51 - 2018-08-24 18:29 - 00000276 _____ C:\WINDOWS\WindowsUpdate.log
2020-10-04 16:55 - 2020-08-11 21:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-04 16:55 - 2020-08-11 21:53 - 00008192 ___SH C:\DumpStack.log.tmp
2020-10-04 16:55 - 2020-07-07 23:38 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2020-10-04 16:55 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\ServiceState
2020-10-04 16:55 - 2018-08-29 14:00 - 00093632 _____ C:\WINDOWS\PFRO.log
2020-10-04 16:55 - 2018-08-27 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-04 16:54 - 2019-12-07 11:03 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-04 15:57 - 2018-08-27 14:08 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-09-30 17:44 - 2020-09-04 19:11 - 00000000 ____D C:\Users\Azad\Documents\Temp
2020-09-29 22:02 - 2020-03-20 18:18 - 00000000 ____D C:\Users\Azad\AppData\Roaming\Origin
2020-09-29 22:02 - 2020-03-20 18:18 - 00000000 ____D C:\ProgramData\Origin
2020-09-29 19:34 - 2020-03-20 18:18 - 00000000 ____D C:\Users\Azad\AppData\Local\Origin
2020-09-28 20:56 - 2020-08-11 21:53 - 00041839 _____ C:\WINDOWS\setupact.log
2020-09-28 17:49 - 2018-08-28 21:25 - 00225033 _____ C:\WINDOWS\DirectX.log
2020-09-27 19:48 - 2018-08-27 17:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2020-09-27 19:46 - 2018-08-27 17:49 - 129170736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-09-26 01:35 - 2020-07-10 08:54 - 06992184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-09-25 10:09 - 2019-02-04 22:21 - 00000000 ____D C:\ProgramData\Mozilla
2020-09-25 00:55 - 2020-07-10 08:54 - 00058630 _____ C:\WINDOWS\system32\nvinfo.pb
2020-09-24 22:26 - 2018-08-27 18:00 - 05510456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 02635752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 01759032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 00990520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 00195560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 00122344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 00083256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2020-09-24 14:33 - 2020-08-11 21:58 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2020-09-24 14:32 - 2019-01-29 14:20 - 00002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-23 16:41 - 2020-06-05 21:02 - 00000081 _____ C:\Users\Azad\AppData\Local\.bidstack.fault
2020-09-22 16:09 - 2019-12-28 21:05 - 00000000 ____D C:\Users\Azad\Desktop\Uni neu
2020-09-18 22:23 - 2018-08-27 13:28 - 00000000 ____D C:\Users\Azad\AppData\Local\PlaceholderTileLogoFolder
2020-09-18 12:22 - 2018-08-24 18:32 - 00000000 ____D C:\Users\Azad\AppData\Local\Packages
2020-09-17 18:24 - 2018-08-27 17:59 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2020-09-17 18:23 - 2018-08-27 18:01 - 00000000 ____D C:\Users\Azad\AppData\Local\NVIDIA
2020-09-17 18:23 - 2018-08-27 17:58 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2020-09-17 08:28 - 2019-12-07 11:14 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2020-09-16 08:44 - 2018-08-27 18:00 - 09302127 _____ C:\WINDOWS\system32\nvcoproc.bin
2020-09-15 00:13 - 2020-07-10 08:54 - 01682368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2020-09-15 00:13 - 2020-07-10 08:54 - 00222112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2020-09-14 17:22 - 2018-12-07 12:43 - 00000000 ____D C:\Users\Azad\Documents\Paradox Interactive
2020-09-14 17:21 - 2019-12-18 15:08 - 00000000 ____D C:\Users\Azad\AppData\Local\Paradox Interactive
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2020-06-05 21:02 - 2020-09-23 16:41 - 0000081 _____ () C:\Users\Azad\AppData\Local\.bidstack.fault
2018-09-24 22:53 - 2018-09-24 22:53 - 0000003 _____ () C:\Users\Azad\AppData\Local\updater.log
2018-09-24 22:53 - 2018-09-24 22:53 - 0000425 _____ () C:\Users\Azad\AppData\Local\UserProducts.xml
2019-01-26 14:17 - 2019-01-26 14:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2018-08-27 18:04 - 2018-08-27 18:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2020-09-04 12:00 - 2020-09-04 12:00 - 0004892 _____ () C:\ProgramData\lzmiudcz.flf
2020-09-04 12:00 - 2020-09-04 12:00 - 0000016 _____ () C:\ProgramData\mntemp
==================== Bamital & volsnap Check =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert
C:\Windows\system32\codeintegrity\Bootcat.cache FEHLT <==== ATTENTION!.
==================== Ende von log ============================
|
|
13.10.2020, 17:09
| #2 |
| | Misleading:Win32/Lodi Virus?Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:28-07-2015
durchgeführt von Azad (2020-10-13 18:08:24)
Gestartet von C:\Users\Azad\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4008508967-1143171168-3858184327-500 - Administrator - Disabled)
Azad (S-1-5-21-4008508967-1143171168-3858184327-1001 - Administrator - Enabled) => C:\Users\Azad
DefaultAccount (S-1-5-21-4008508967-1143171168-3858184327-503 - Limited - Disabled)
Gast (S-1-5-21-4008508967-1143171168-3858184327-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4008508967-1143171168-3858184327-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7 Days to Die (HKLM\...\Steam App 251570) (Version: - The Fun Pimps)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.433 - Adobe)
Among Us (HKLM\...\Steam App 945360) (Version: - Innersloth)
Anno 1404 (HKLM\...\Steam App 33250) (Version: - Blue Byte)
Anno 1404: Venice (HKLM\...\Steam App 33350) (Version: - Blue Byte)
Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version: - Ubisoft)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: - iMobie Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.4.5 - Electronic Arts, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.220.0.1109 - BlueStack Systems, Inc.)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.8.1.1 - Chip Digital GmbH)
Citrix Receiver 4.12 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.12.0.18020 - Citrix Systems, Inc.)
Crusader Kings III (HKLM\...\Steam App 1158310) (Version: - Paradox Development Studio)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Discord (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Drug Dealer Simulator (HKLM\...\Steam App 682990) (Version: - Byterunners Game Studio)
Epic Games Launcher (HKLM-x32\...\{04DDD9BF-6B7B-4858-9AA4-D3C868169D70}) (Version: 1.1.163.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Football Manager 2020 (HKLM\...\Steam App 1100600) (Version: - Sports Interactive)
Football Manager 2020 Touch (HKLM\...\Steam App 1100620) (Version: - Sports Interactive)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.75 - Google LLC)
Google Update Helper (x32 Version: 1.3.35.451 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Officejet 4630 series - Grundlegende Software für das Gerät (HKLM\...\{3566FFED-696A-4260-8F12-073426CAC951}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 8 Update 261 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.38 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.41 - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\OneDriveSetup.exe) (Version: 20.143.0716.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
Mount & Blade II: Bannerlord (HKLM\...\Steam App 261550) (Version: - TaleWorlds Entertainment)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 81.0.1 (x64 de) (HKLM\...\Mozilla Firefox 81.0.1 (x64 de)) (Version: 81.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Grafiktreiber 456.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.55 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Online Plug-in (x32 Version: 14.12.0.18020 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 6.1.10 (HKLM\...\{06BC3E95-3646-43EA-A78A-0E7D59776B2C}) (Version: 6.1.10 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.84.43868 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{2025DAA7-0653-4F18-B66F-900E6F2320EC}) (Version: 4.2.13 - dotPDN LLC)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
Prison Architect (HKLM\...\Steam App 233450) (Version: - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Self-Service Plug-in (x32 Version: 4.12.0.18013 - Citrix Systems, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version: 20.07.11 - Meltytech, LLC)
Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version: - Firaxis Games)
Spotify (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Spotify) (Version: 1.1.33.569.gced9e0f5 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 4630 series (HKLM\...\{3917CF9F-DF46-406E-B524-CA0F150C70D7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
TeamSpeak 3 Client (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\TeamSpeak 3 Client) (Version: 3.3.1 - TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.7.6 - TeamViewer)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 97.0 - Ubisoft)
Vampyr (HKLM\...\Steam App 427290) (Version: - DONTNOD Entertainment)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.60 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
Yu-Gi-Oh! Legacy of the Duelist (HKLM\...\Steam App 480650) (Version: - Other Ocean Interactive)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\localserver32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{0C6F11A4-7679-4786-9AC6-A7EFE6E9C6AC}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\localserver32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\localserver32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\localserver32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{DD41CDAD-A293-4701-A5D5-635C3E1E7BCE}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Azad\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
ATTENTION: Systemwiederherstellung ist deaktiviert
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2018-04-12 01:38 - 2018-04-12 01:36 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0016B09F-CFDA-4F5B-A70B-84A75599B89B} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {008539BF-83F9-4483-9E0A-EEEE6EAC0A08} - System32\Tasks\Microsoft\Windows\Shell\UpdateUserPictureTask
Task: {02BF6FDC-843B-49B1-9389-7D7FB346351F} - System32\Tasks\Agent Activation Runtime\S-1-5-21-4008508967-1143171168-3858184327-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [2020-08-11] ()
Task: {051DF697-AF10-4DB6-9B93-E1A4E35F00F7} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
Task: {077333D6-06BA-4EA4-BDF4-1CD1439558F2} - System32\Tasks\Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask
Task: {0BC914B5-0E38-406C-8075-D0C480C7D517} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\Windows\system32\MusNotification.exe [2020-09-11] (Microsoft Corporation)
Task: {0CBABB27-6DFC-4155-BAE7-AE919B92FEF2} - System32\Tasks\Microsoft\Windows\DirectX\DXGIAdapterCache => C:\Windows\system32\dxgiadaptercache.exe [2020-09-11] (Microsoft Corporation)
Task: {0CEC0B91-4AE9-4E8A-ACB2-3B4C811F442C} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation
Task: {0CFF5E86-1EE8-4870-86F4-721D83AA7D7A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {0E2DCCB3-7B11-40CF-B973-90F22732E317} - System32\Tasks\Microsoft\Windows\EDP\EDP Inaccessible Credentials Task
Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - System32\Tasks\Microsoft\Windows\Speech\HeadsetButtonPress => C:\Windows\system32\speech_onecore\common\SpeechRuntime.exe [2020-08-14] (Microsoft Corporation)
Task: {114EC267-55F2-45DA-9AB6-B98CA9DC0D01} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {117E2D01-1275-4560-90E9-A34BB4EE69A3} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {12DF3F8A-9612-48CA-AE38-2818FA70CA73} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2019-12-07] ()
Task: {185599E2-D932-45EF-B67E-D69371DC73D2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [2020-06-23] (NVIDIA Corporation)
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihpostreboot => C:\Windows\system32\sihclient.exe [2020-09-11] (Microsoft Corporation)
Task: {1E334E22-CBC0-4D9C-B830-F1CC1BD6DCFD} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2020-08-14] (Microsoft Corporation)
Task: {23A4A0DD-9FC8-4787-8881-6CAB69CD7E39} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask => C:\Windows\System32\RemoteFXvGPUDisablement.exe [2020-08-11] (Microsoft Corporation)
Task: {2A322FF7-000A-4F32-A044-C345E7054D06} - System32\Tasks\Microsoft\Windows\WwanSvc\OobeDiscovery
Task: {2AD5F8AE-8128-49DD-AB67-7D9052D0C609} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Retry => C:\Windows\system32\ProvTool.exe [2020-09-11] (Microsoft Corporation)
Task: {2BB692C1-F60F-479E-ADC2-1CAF9422A2AC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {2F63CF7F-0537-4E2A-9F8A-B763EFE907F5} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
Task: {304D2127-E6ED-4C82-B9B3-63B3B54A4D66} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Check And Scan
Task: {309BA321-F7C8-46A4-BA50-5FAC484229CB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan Static Task => C:\Windows\system32\usoclient.exe [2020-09-11] (Microsoft Corporation)
Task: {34ADEFE8-89DB-43BC-8C0B-14BB34D69F6D} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives
Task: {35525E8D-FD60-47BF-8D11-FA4F778C57C3} - System32\Tasks\Microsoft\Windows\Printing\EduPrintProv => C:\Windows\system32\eduprintprov.exe [2019-12-07] (Microsoft Corporation)
Task: {35C82E32-2E09-4618-ADAE-9FA9F3DFFBD4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work => C:\Windows\system32\usoclient.exe [2020-09-11] (Microsoft Corporation)
Task: {35D4C945-33D4-43B6-83D3-99034D411E25} - System32\Tasks\Microsoft\Windows\Workplace Join\Recovery-Check => C:\Windows\System32\dsregcmd.exe [2020-08-14] (Microsoft Corporation)
Task: {365A5066-5DC8-4850-BF58-8F77FAC58168} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\UsageDataFlushing
Task: {3789A597-BD62-4A2F-8F57-AE2D504E0E98} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {37C96CF1-2ADE-43E0-A178-772589FC6131} - System32\Tasks\Microsoft\Windows\Application Experience\PcaPatchDbTask => Rundll32.exe %windir%\system32\PcaSvc.dll,PcaPatchSdbTask
Task: {3983822E-6817-4140-A281-BAC9FF7ABF17} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\Windows\system32\ClipRenew.exe [2019-12-07] (Microsoft Corporation)
Task: {3B5C156D-7B8E-4374-8F09-6AE999304CFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-10-22] (Google LLC)
Task: {3EC56EC1-A035-4310-BF73-4C6E9BDE6086} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [2020-10-07] (Microsoft Corporation)
Task: {3F417CC7-FF24-4B0A-9552-07EBB64FFF14} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_433_Plugin.exe [2020-09-08] (Adobe)
Task: {3FC4BE91-4A96-48F5-8858-1628CB88EFB5} - System32\Tasks\Microsoft\Windows\Chkdsk\SyspartRepair => C:\Windows\system32\bcdboot.exe [2019-12-07] (Microsoft Corporation)
Task: {3FF22648-45C1-4760-812A-F2864F592182} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2020-06-23] (NVIDIA Corporation)
Task: {40367766-4252-4850-B197-5BEBA523AAFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {41F5FC9D-EE65-4CA4-A908-91B3587198E0} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2020-08-11] (Microsoft Corporation)
Task: {42D56451-9798-4233-A949-F5460B96071D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [2020-10-07] (Microsoft Corporation)
Task: {434B493B-9929-4ED1-9DE6-3A5C229FB7C2} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4008508967-1143171168-3858184327-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {44AF7ADA-1C0D-43B1-A063-9E7581F7730B} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry
Task: {45D066AB-B633-45C0-BDFD-3707FD8FEA07} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2020-09-06] (Adobe Inc.)
Task: {4671B5C1-A383-4428-A45A-8D348E4CB873} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\Windows\system32\MusNotification.exe [2020-09-11] (Microsoft Corporation)
Task: {46DDFBEA-7B80-499F-8D16-8FB7836BEBDC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2020-09-11] (Microsoft Corporation)
Task: {47AC3806-A459-40C1-8475-B9E4A60E6FE3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2020-09-08] (Adobe)
Task: {4A0DEFDA-A2B8-4736-88E1-A578E00D9704} - System32\Tasks\Microsoft\Windows\Input\PenSyncDataAvailable
Task: {4BCE6391-0B05-40B4-B642-910B37FB1CE6} - System32\Tasks\Microsoft\Windows\PushToInstall\Registration => Sc.exe start pushtoinstall registration
Task: {4BDB5047-01B7-48D5-AE7E-720EDA7D2049} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2020-08-14] (Microsoft Corporation)
Task: {4D595DA6-BC59-47AE-A527-EC01FCE2E615} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2020-08-14] (Microsoft Corporation)
Task: {4F2030CE-BA8E-4122-B9A8-29AA5858973E} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache
Task: {4F41B4A1-8822-4B02-90CD-202A0099FFAE} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2019-12-07] (Microsoft Corporation)
Task: {55B1C85E-5BEF-4EDB-ADD0-ECEAEF261E7C} - System32\Tasks\Microsoft\Windows\DirectX\DirectXDatabaseUpdater => C:\Windows\system32\directxdatabaseupdater.exe [2020-09-11] (Microsoft Corporation)
Task: {571A0A5E-B60E-4A25-BEFB-ABB3C6BB6B78} - System32\Tasks\Microsoft\Windows\Workplace Join\Device-Sync
Task: {577B3009-DD70-4E0F-99AB-DF61C03B08AE} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {58CCC4DA-C86D-4E3D-8FAF-A7B24D8F3950} - System32\Tasks\Microsoft\Windows\StateRepository\MaintenanceTasks => Rundll32.exe %windir%\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks
Task: {5B0ED9ED-6704-45F8-B8C1-93C5A3B5F4FF} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2020-09-11] (Microsoft Corporation)
Task: {5B885149-AF43-451C-A12F-0CD1E0A34023} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {5D5A6928-14BC-4739-B3AA-197AE90720D0} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {5E0DF2C3-3D26-4759-9E02-FB7F4DCD159B} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {5E351EE7-F0D4-4F41-A05C-907EB1A33CE8} - System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync
Task: {61B4D08B-1B23-4CC8-869E-CF0B7996EF5F} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {620BECB7-68C9-4067-99E5-E94551001E7F} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\Windows\system32\ClipRenew.exe [2019-12-07] (Microsoft Corporation)
Task: {66A3F618-0C70-4F70-9BBA-735CCDB43A09} - System32\Tasks\Microsoft\Windows\EDP\StorageCardEncryption Task
Task: {69D15B8E-729C-4C1C-A0E7-6DCA5E963E60} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2019-12-07] (Microsoft Corporation)
Task: {6AAEEF1D-9661-4720-B127-27C975871238} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {6B0A704B-5572-4E1C-8E6F-59826F46823A} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-08-09] (Microsoft Corporation)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\Windows\system32\MusNotification.exe [2020-09-11] (Microsoft Corporation)
Task: {701473A3-4C61-4063-AAC6-871E22A29FE7} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {70EA2999-165C-4933-9027-250FB8B772F8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Report policies => C:\Windows\system32\usoclient.exe [2020-09-11] (Microsoft Corporation)
Task: {73469C3A-0B60-4A11-AD8A-FC67A901B741} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2019-12-07] (Microsoft Corporation)
Task: {7617E03F-109E-435B-9B4C-0282CD5BE4A9} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload => C:\Windows\system32\dmclient.exe [2019-12-07] (Microsoft Corporation)
Task: {7739174D-35B8-4A0C-9C74-E69F340AF0DE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2020-06-23] (NVIDIA Corporation)
Task: {7A5AFDB2-56EC-4352-AB44-069E7BF253A8} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2019-12-07] (Microsoft Corporation)
Task: {7A7B60AA-BA42-409F-BC97-7BCFEFAD6308} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
Task: {7C4733D2-81D6-4CA3-B30C-E00B496B9857} - System32\Tasks\Microsoft\Windows\Input\TouchpadSyncDataAvailable
Task: {7F50782E-6D80-41E6-8569-B825B72AFC39} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2020-06-23] (NVIDIA Corporation)
Task: {7F51EDB9-9509-496A-AF41-8A240DF1D80E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2020-05-07] (NVIDIA Corporation)
Task: {80436C26-BC19-4930-9051-F06F0E0BA960} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2020-09-11] (Microsoft Corporation)
Task: {821A8699-93C8-4F50-9A17-1BA7E638849C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-10-22] (Google LLC)
Task: {87094343-6C1F-4855-A6B9-305BA74AB761} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh
Task: {8A43AE7B-C54A-405B-913A-945A0AF2CA8F} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {8B196E72-7137-486F-A193-88240C4FCAA0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work => C:\Windows\system32\usoclient.exe [2020-09-11] (Microsoft Corporation)
Task: {8CCAA4E5-04BF-4D88-B0AF-83C536CA5A8F} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask => C:\Windows\System32\RemoteFXvGPUDisablement.exe [2020-08-11] (Microsoft Corporation)
Task: {8D2FA733-8046-48A8-8BF1-CBF29E4DE193} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-08-09] (Microsoft Corporation)
Task: {8DB27523-093D-4B93-A00B-68F6317DFAE1} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {924A9B1B-5880-4CA5-AAFE-FAEEA3BED9CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [2020-10-07] (Microsoft Corporation)
Task: {9259B2D0-6220-4491-B6EE-F251DAABB13A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Universal Orchestrator Start => C:\Windows\system32\usoclient.exe [2020-09-11] (Microsoft Corporation)
Task: {92FFE795-C628-4324-AB97-06F804352DB6} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2019-12-07] (Microsoft Corporation)
Task: {9520602D-5D35-49BC-B397-5251EC6364E8} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
Task: {9B29B882-A95C-438B-BF91-E7C31B1D82D1} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
Task: {9CE208F8-6F28-4A34-A8B2-3E60ECF03D15} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work => C:\Windows\system32\usoclient.exe [2020-09-11] (Microsoft Corporation)
Task: {9D87DBE9-E563-4708-A9E9-1A6EE5951EC2} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {9ECD9F35-130A-4C0C-A551-9D3335B165D7} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {A08D6A77-C926-4E78-9ED0-09836E2769AE} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdates
Task: {A28E2F31-2C6D-426C-A2AC-2F9F6952D916} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {A2FADBDF-6855-42F7-BDFC-F0C510EDA9BC} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdatesAsUser
Task: {A2FFCE6E-7F06-494A-8C84-6EFCAEB075BB} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {A46E6974-4A55-49FF-8C11-F82FAA39B298} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [2020-06-23] (NVIDIA Corporation)
Task: {A499FA48-7057-4AC1-9702-44C6FD924058} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources
Task: {A60D9ECB-A6F4-4FE1-9BD7-B049487A67E7} - System32\Tasks\Microsoft\Windows\International\Synchronize Language Settings
Task: {A74EF9D1-6D6B-4566-8E25-782430F970E5} - System32\Tasks\Microsoft\Windows\PushToInstall\LoginCheck => Sc.exe start pushtoinstall login
Task: {A8136268-4BBA-44DA-87FA-173972FB8DBF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2020-05-07] (NVIDIA Corporation)
Task: {AB869A79-348E-4410-8435-6187D45E51DF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => C:\Windows\system32\MusNotification.exe [2020-09-11] (Microsoft Corporation)
Task: {AF093467-08D1-4C35-8BCE-A07FC602F119} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [2020-06-23] (NVIDIA Corporation)
Task: {AF73DAAA-53AE-4CC8-8671-BE29D886B057} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged
Task: {AF7A8CDF-8ECD-442F-B3AF-19BE0846C384} - System32\Tasks\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner
Task: {AFEE5D15-0E83-432F-9DB0-58A2702115E1} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2019-12-07] (Microsoft Corporation)
Task: {B3449510-0D1F-4242-8502-19118A8C696C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\Windows\system32\MusNotification.exe [2020-09-11] (Microsoft Corporation)
Task: {B49682F8-86F7-417F-A76A-9C577EC0F43F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [2020-10-07] (Microsoft Corporation)
Task: {B5108B49-C39A-43DE-AC49-06155873BAE9} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2019-12-07] (Microsoft Corporation)
Task: {B9E96119-515B-4D19-8357-D54B747395AD} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2020-08-14] (Microsoft Corporation)
Task: {BA366117-6A44-44F3-9BAA-09C4ADA110CC} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2019-12-07] (Microsoft Corporation)
Task: {C34E99FC-E9DA-45EE-AF9B-77AAD0B1B25F} - System32\Tasks\Microsoft\Windows\NlaSvc\WiFiTask => C:\Windows\System32\WiFiTask.exe [2020-08-14] (Microsoft Corporation)
Task: {C361A712-4DF9-45CA-8BB8-ADB249135309} - System32\Tasks\update-S-1-5-21-4008508967-1143171168-3858184327-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {C5501FF9-43F0-4BAA-999C-3AEF26ED78D2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Backup Scan => C:\Windows\system32\usoclient.exe [2020-09-11] (Microsoft Corporation)
Task: {C5D47392-881C-422A-9BF8-E4916B55CD22} - System32\Tasks\Microsoft\Windows\USB\Usb-Notifications
Task: {C660D735-E9F2-4190-9B4E-97ADF1AFFA16} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {C9E60819-F104-4173-9EDB-AC7D46858558} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [2020-06-23] (NVIDIA Corporation)
Task: {C9EC268B-1D36-4AF0-A1EB-2C1BC3B455D9} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2019-12-07] (Microsoft Corporation)
Task: {CAB76809-EDC0-40D2-A888-AD9BEDF4E88A} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => C:\Windows\System32\UNP\UpdateNotificationMgr.exe [2020-08-11] (Microsoft Corporation)
Task: {CADF1293-5495-426F-8E37-A30F69274AF4} - System32\Tasks\Microsoft\Windows\Input\LocalUserSyncDataAvailable
Task: {CB51202D-2D74-4FAD-8EFF-373E3DA69881} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [2020-10-08] (BlueStack Systems, Inc.)
Task: {CB673CE4-960F-462D-AAD7-CDA0CD9FE030} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateModelTask => C:\Windows\system32\usoclient.exe [2020-09-11] (Microsoft Corporation)
Task: {CD0446AF-D5F6-4616-85CE-058C20FCE9EC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {CFDF2E71-464C-46E6-A279-CBA738435455} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2020-09-11] (Microsoft Corporation)
Task: {D777B567-BB3B-4111-881C-0CB741022B0C} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {D8EAF912-9D8C-4691-AE2D-E6219ED89A63} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [2020-10-04] (Mozilla Foundation)
Task: {DA42085F-11E4-4EE1-A363-1898204812F5} - System32\Tasks\Microsoft\Windows\Input\MouseSyncDataAvailable
Task: {DC69E3BC-95E4-4F83-9B0F-8C79179C50A6} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\UsageDataReporting
Task: {DE2A5B04-55D9-4E4A-9870-CEAF98E41CBB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DE483CF3-E140-45F6-8828-B929857EABC6} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Task: {DF6A7742-913B-4025-B27A-CE65BB343A0D} - System32\Tasks\Microsoft\Windows\WwanSvc\NotificationTask => C:\Windows\System32\WiFiTask.exe [2020-08-14] (Microsoft Corporation)
Task: {E1833D1B-4BD0-4CA1-8061-6F80E3B54E3B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {E32B86AB-ABAA-45A7-9BE7-9BB2E6B7837D} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2019-12-07] (Microsoft Corporation)
Task: {E38739C8-A84F-4F9B-8913-DCA75BC35C79} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Cellular => C:\Windows\system32\ProvTool.exe [2020-09-11] (Microsoft Corporation)
Task: {E577C99D-E5DD-43E8-9E9F-2D291B431572} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
Task: {E88D9B2C-DDEA-47B2-9582-085153004DB5} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2019-12-07] (Microsoft Corporation)
Task: {E91D1CC3-09DF-45F0-8208-474AEE6B0A16} - System32\Tasks\Microsoft\Windows\Management\Provisioning\RunOnReboot => C:\Windows\system32\ProvTool.exe [2020-09-11] (Microsoft Corporation)
Task: {EA82AA60-4BB0-41D9-AA1A-D64D739F55DE} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {EC3EFE4E-A2E4-4C66-975C-CA2EFD0D42CD} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
Task: {EF4B8F07-FA4B-4CD0-84BC-4A758127E3DD} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {F0BE4F3E-F4F0-4B98-88EE-57290DDF6CB2} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
Task: {F278A444-BDB4-4CD1-A2F0-7A2284C32800} - System32\Tasks\Microsoft\Windows\Device Information\Device User => C:\Windows\system32\devicecensus.exe [2019-12-07] (Microsoft Corporation)
Task: {F472261A-A57A-465B-A695-5F2E75E37782} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2020-08-11] (Microsoft Corporation)
Task: {F67BF9CD-2696-4F2D-9D78-BB8C84A53C1E} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {F8FEDA28-6261-4385-844A-684E6C988577} - System32\Tasks\Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh
Task: {FDA30F1D-5CB3-4D2D-B8A6-62CA074736EC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2020-06-25] (NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4008508967-1143171168-3858184327-1001.job => 0x000A01003FC1F5003941F1478797EAF68B4716FE46007001000000003C000A0020000000FFFFFFFF000000000513040000248421000000000000000000000000000000000000370043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053006B0069006C006C0062007200610069006E0073005C0055007000640061007400650072005C0055007000640061007400650072002E00650078006500000015002D00720075006E006D006F00640065003D0063006800650063006B007500700064006100740065000000000015004400450053004B0054004F0050002D0056004F004D0053003600530037005C0041007A00610064000000290054006800690073002000770069006C006C0020006B00650065007000200079006F0075007200200073006F00660074007700610072006500200075007000200074006F00200064006100740065002E000000000008000313040000000000010030000000E2070900180000000000000016001A00A0050000F00000000000000001000000010000000000000000000000
Task: C:\WINDOWS\Tasks\update-sys.job => 0x000A01008B9ED81B88B7374E9B67469A135A820946007001000000003C000A0020000000FFFFFFFF000000000513040000048421000000000000000000000000000000000000370043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0053006B0069006C006C0062007200610069006E0073005C0055007000640061007400650072005C0055007000640061007400650072002E00650078006500000015002D00720075006E006D006F00640065003D0063006800650063006B007500700064006100740065000000000015004400450053004B0054004F0050002D0056004F004D0053003600530037005C0041007A00610064000000290054006800690073002000770069006C006C0020006B00650065007000200079006F0075007200200073006F00660074007700610072006500200075007000200074006F00200064006100740065002E000000000008000313040000000000010030000000E2070900180000000000000017001A00A0050000F00000000000000001000000010000000000000000000000
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2019-12-07 11:08 - 2019-12-07 11:08 - 00064760 _____ () C:\WINDOWS\system32\UMPDC.dll
2019-12-07 11:08 - 2019-12-07 11:08 - 00064760 _____ () c:\windows\system32\UMPDC.dll
2019-12-07 11:08 - 2019-12-07 11:08 - 00064760 _____ () C:\WINDOWS\SYSTEM32\UMPDC.dll
2020-09-11 15:30 - 2020-09-11 15:30 - 00707016 _____ () c:\windows\system32\TextShaping.dll
2019-12-07 11:08 - 2019-12-07 11:08 - 00064760 _____ () C:\WINDOWS\System32\UMPDC.dll
2020-07-10 20:07 - 2020-07-10 20:52 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2018-09-21 15:58 - 2020-05-07 20:03 - 01242096 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2019-12-07 11:08 - 2019-12-07 11:08 - 00039424 _____ () C:\Windows\System32\usocoreps.dll
2019-12-07 11:08 - 2019-12-07 11:08 - 00064760 _____ () C:\Windows\System32\UMPDC.dll
2020-08-14 10:52 - 2020-08-14 10:52 - 00577968 _____ () C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL
2020-08-11 22:47 - 2020-08-11 22:47 - 00644096 _____ () C:\Windows\System32\windowmanagementapi.dll
2020-09-11 15:30 - 2020-09-11 15:30 - 00707016 _____ () C:\WINDOWS\System32\TextShaping.dll
2018-08-27 18:00 - 2020-09-24 22:26 - 00234472 _____ () C:\Program Files\NVIDIA Corporation\Display\nvsmartmax64.dll
2020-08-11 22:47 - 2020-08-11 22:47 - 00644096 _____ () C:\Windows\System32\WindowManagementAPI.dll
2020-08-11 22:47 - 2020-08-11 22:47 - 00644096 _____ () C:\WINDOWS\SYSTEM32\WindowManagementAPI.dll
2020-10-09 12:23 - 2020-10-09 12:23 - 21304320 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\YourPhone.Views.dll
2020-10-09 12:23 - 2020-10-09 12:23 - 10041856 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.WinRT.dll
2020-04-11 23:38 - 2020-04-11 23:38 - 01000448 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2020-09-11 15:30 - 2020-09-11 15:30 - 00707016 _____ () C:\WINDOWS\SYSTEM32\TextShaping.dll
2020-10-09 12:23 - 2020-10-09 12:23 - 02478080 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\YourPhone.ScreenMirroring.dll
2020-10-09 12:23 - 2020-10-09 12:23 - 03871744 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\PhoneCommunicationAppService.dll
2020-10-09 12:23 - 2020-10-09 12:23 - 00606720 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\YourPhone.Devices.WinRT.dll
2020-10-09 12:23 - 2020-10-09 12:23 - 01645056 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\YourPhoneControls.dll
2020-10-09 12:23 - 2020-10-09 12:23 - 02617856 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\YourPhone.Messaging.WinRT.dll
2020-10-09 12:23 - 2020-10-09 12:23 - 00864256 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\YourPhone.Calling.WinRT.dll
2020-10-09 12:23 - 2020-10-09 12:23 - 00148992 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\YourPhone.SharedContent.WinRT.dll
2020-10-09 12:23 - 2020-10-09 12:23 - 01080320 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe\YourPhone.Notifications.dll
2020-09-11 15:30 - 2020-09-11 15:30 - 02259968 _____ () C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-10-04 12:59 - 2020-10-04 12:59 - 03851984 _____ () C:\Program Files\Mozilla Firefox\libGLESv2.dll
2020-10-04 12:59 - 2020-10-04 12:59 - 00044240 _____ () C:\Program Files\Mozilla Firefox\libEGL.dll
2018-09-21 15:58 - 2020-05-07 20:03 - 01242096 _____ () C:\Program Files\NVIDIA Corporation\nvcontainer\libprotobuf.dll
2018-09-21 15:58 - 2020-06-25 14:42 - 111339320 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-09-21 15:58 - 2020-06-25 14:42 - 05443896 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll
2018-09-21 15:58 - 2020-06-25 14:42 - 00138552 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll
2020-09-04 19:09 - 2020-09-04 11:16 - 00095544 _____ () C:\ProgramData\iMobieDNA\AppleDriver\zlib1.dll
2020-09-04 19:09 - 2020-09-04 11:16 - 01315640 _____ () C:\ProgramData\iMobieDNA\AppleDriver\libxml2.dll
2019-12-07 16:55 - 2019-12-07 16:55 - 01165824 _____ () C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.23741.0_x64__8wekyb3d8bbwe\e_sqlite3.dll
2020-10-02 14:36 - 2020-10-02 14:36 - 00116224 _____ () C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.23741.0_x64__8wekyb3d8bbwe\CortanaApp.WinRT.dll
2019-12-07 11:08 - 2019-12-07 11:08 - 00073216 _____ () C:\Windows\System32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-09-11 15:30 - 2020-09-11 15:30 - 00707016 _____ () C:\WINDOWS\system32\TextShaping.dll
2020-09-11 09:22 - 2020-09-11 09:22 - 00273408 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_12009.1001.1.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-07 17:40 - 2018-11-07 17:40 - 02538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_12009.1001.1.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 18:16 - 2019-01-31 18:17 - 01757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_12009.1001.1.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2020-10-07 13:35 - 2020-10-07 13:35 - 26429440 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20082.10421.0_x64__8wekyb3d8bbwe\Video.UI.exe
2020-09-23 09:50 - 2020-09-23 09:50 - 00289280 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20082.10421.0_x64__8wekyb3d8bbwe\SharedUI.dll
2020-09-23 09:50 - 2020-09-23 09:50 - 05708288 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20082.10421.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-04-12 18:24 - 2018-04-12 18:24 - 00902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20082.10421.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2020-09-23 09:50 - 2020-09-23 09:50 - 08994816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20082.10421.0_x64__8wekyb3d8bbwe\EntPlat.dll
2020-09-23 09:50 - 2020-09-23 09:50 - 00484352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2020-09-23 09:50 - 2020-09-23 09:50 - 81703424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-08-28 19:12 - 2018-08-28 19:25 - 02523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-10-03 11:36 - 2019-10-03 11:41 - 00011264 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-08-27 15:23 - 2019-08-27 15:31 - 03707904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2020-09-23 09:50 - 2020-09-23 09:50 - 10462720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2020-09-23 09:50 - 2020-09-23 09:50 - 02323456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2019-08-27 15:23 - 2019-08-27 15:39 - 01014784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2020-09-23 09:50 - 2020-09-23 09:50 - 00104448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\AppSettingsCppCX.dll
2020-07-17 23:44 - 2020-07-17 23:44 - 01400320 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2019-10-03 11:36 - 2019-10-03 11:41 - 00881664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\OnlineMediaComponent.dll
2020-09-23 09:50 - 2020-09-23 09:50 - 00124416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20090.1002.0_x64__8wekyb3d8bbwe\SKU.dll
2020-10-13 12:23 - 2020-10-13 12:23 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.46.22742.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2020-10-13 12:23 - 2020-10-13 12:23 - 24153600 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.46.22742.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2019-11-16 18:51 - 2019-11-16 18:51 - 01194496 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.46.22742.0_x64__8wekyb3d8bbwe\e_sqlite3.dll
2018-04-12 18:21 - 2018-04-12 18:21 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.46.22742.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2019-12-07 11:10 - 2019-12-07 16:54 - 00095744 _____ () C:\Windows\System32\VirtualMonitorManager.dll
2019-12-07 11:08 - 2019-12-07 11:08 - 00499200 _____ () C:\Windows\ShellExperiences\TileControl.dll
2020-08-14 10:52 - 2020-08-14 10:52 - 02135040 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2020-08-14 10:52 - 2020-08-14 10:52 - 00789816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
2020-09-11 15:30 - 2020-09-11 15:30 - 00440320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Search.Core.dll
2020-08-11 22:47 - 2020-08-11 22:47 - 00051712 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-08-27 18:01 - 2020-05-07 20:02 - 01025000 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2020-09-18 10:58 - 2020-09-18 10:58 - 00082232 _____ () C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\zlib1.dll
2020-09-18 10:58 - 2020-09-18 10:58 - 01038648 _____ () C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\libxml2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iecwkmqd.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\irwuvrud.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kvkgwdaj.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rvtdidqw.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tzaasctk.sys:changelist
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer trusted/restricted ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "com.blitz.app"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [Microsoft-Windows-DeviceManagement-OmaDmClient-TCP-Out] => (Allow) %SystemRoot%\system32\omadmclient.exe
FirewallRules: [Microsoft-Windows-DeviceManagement-deviceenroller-TCP-Out] => (Allow) %SystemRoot%\system32\deviceenroller.exe
FirewallRules: [Microsoft-Windows-DeviceManagement-CertificateInstall-TCP-Out] => (Allow) %SystemRoot%\system32\dmcertinst.exe
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{E3072E74-5B92-4DF4-AD01-9FD4286B27EB}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{FAA5821C-798C-45DF-BB0D-BA991A60CFCB}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [UDP Query User{B1D71255-ED3E-48D7-81B0-48B57871CC0D}D:\for honor\forhonor\forhonor.exe] => (Allow) D:\for honor\forhonor\forhonor.exe
FirewallRules: [TCP Query User{F0C37F3C-3C4B-4124-A46E-70372104492D}D:\for honor\forhonor\forhonor.exe] => (Allow) D:\for honor\forhonor\forhonor.exe
FirewallRules: [{E9B781FE-1C7C-4E83-9521-1658D5D04AA4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A3C70052-38FA-40C6-BAAB-BB4A03F0B887}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A0C51B4A-4263-46C3-84E1-8F93EA295AAA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0C9B7725-FC84-4FE9-8F9B-8ABA5BCB281D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8F768EE2-67E8-475B-BC49-42834B3F5660}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{11B44262-BA02-46F9-BC93-1CF36770FAFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{70AB6572-FEDB-49C7-B183-944887602EA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{74BA628A-E632-4EA7-999C-7C253524FEAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{95F66977-8669-483B-9253-44BF610C0D81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0AC86B64-1031-4C5A-97AC-497F9D2DFF5A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BD6065D2-3A62-43E5-B8CD-829D3308BC4C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8A1AA8B3-CFF2-4BBC-8D80-D2483C2E7128}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{29D1FACE-7179-4C5A-9100-3289BD92519B}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020\fm.exe
FirewallRules: [{12AD64FC-995E-42E3-96B0-0FC22436C30F}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020\fm.exe
FirewallRules: [{FD96E8AC-52DE-4198-8DC7-6C3427730B25}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020 Touch\fm.exe
FirewallRules: [{E4EC235D-D51C-4454-958A-E672AA3E99C0}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020 Touch\fm.exe
FirewallRules: [UDP Query User{7E1F7192-862E-43AD-826E-A160C325D7E7}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [TCP Query User{C0A566D5-6A44-4EAC-8169-92DA8043A626}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{DFA919BB-E113-4EFA-8798-4DBBEA2C3520}D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe
FirewallRules: [TCP Query User{7EACBA78-8887-4259-9E08-F208B5B5C9EE}D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe
FirewallRules: [{1524B956-6F31-4165-94EC-3C5C783CBE9A}] => (Allow) D:\SteamLibrary\steamapps\common\DrugDealerSimulator\DrugDealerSimulator.exe
FirewallRules: [{C3396665-4B72-4F40-B7FB-3A0FEE4AB525}] => (Allow) D:\SteamLibrary\steamapps\common\DrugDealerSimulator\DrugDealerSimulator.exe
FirewallRules: [UDP Query User{D1B86358-DA7C-4719-8311-F4C39D3305C3}C:\users\azad\appdata\local\blitz\current\blitz.exe] => (Allow) C:\users\azad\appdata\local\blitz\current\blitz.exe
FirewallRules: [TCP Query User{62C963D7-EB80-4815-882D-C01AFC1513C8}C:\users\azad\appdata\local\blitz\current\blitz.exe] => (Allow) C:\users\azad\appdata\local\blitz\current\blitz.exe
FirewallRules: [UDP Query User{E1471F5F-56F7-4E94-A5F8-92B8F2E5DE88}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe
FirewallRules: [TCP Query User{4783EF16-0D59-49A3-A227-C691AF16069C}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe
FirewallRules: [{CAD58348-76F4-4283-A4A4-7882BF9C03B1}] => (Allow) D:\Epic Games\Neuer Ordner\AssassinsCreedSyndicate\ACS.exe
FirewallRules: [UDP Query User{9D2DCAB1-70D1-4CFE-AB7C-1A19DEB862DE}D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe
FirewallRules: [TCP Query User{2ED5192A-DFEB-448B-BBAA-AEFDA1B741E6}D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe
FirewallRules: [UDP Query User{CB9F2C4F-B380-4FF9-8870-6D48A5E89C58}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{AC546CC2-BB03-436F-966C-0F26288B0253}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{8A9847F9-7948-41FA-9F9B-9E66E9CA534A}C:\users\azad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\azad\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D560649A-2FC8-4B12-A8BF-1DE9809C9C94}C:\users\azad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\azad\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{41937B1A-12C2-4F7A-9AF2-A37987CFF62A}D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [TCP Query User{608EF86F-44B4-487A-BECF-2FE72AF09617}D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe
FirewallRules: [{3B3104F6-18BB-43D0-8E32-D5B8E1C8D69C}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Addon.exe
FirewallRules: [{4A4F8EE7-B71C-42B3-99C3-9ABDD1396644}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Addon.exe
FirewallRules: [UDP Query User{1AE5F611-9AC0-4441-BCB0-66E299FE9712}D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe
FirewallRules: [TCP Query User{3494BB71-9C57-4D6E-8DB3-6E94ADE9F29A}D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe
FirewallRules: [{73518A6E-E7DC-4E04-AAAB-AB8C83A7CB26}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Anno4.exe
FirewallRules: [{76D3DCAB-1953-4E8F-9F75-705EE567C85C}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Anno4.exe
FirewallRules: [UDP Query User{4619F886-4F68-439B-89CB-70549001BB3F}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{1C544330-824B-479A-8301-BDF4E68A70E1}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{E91D4330-43AC-443D-8104-942650F02CA4}C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe
FirewallRules: [TCP Query User{14854362-9E08-415C-B17F-124D1FF5BD60}C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe
FirewallRules: [UDP Query User{2EEE78B2-9CC5-47E0-A316-A558F0E255E0}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{043D41E6-9BDB-4CE0-AEB1-E03EBD985747}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{24BF8B22-3873-4490-BCAC-1131F61D9EF8}C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe
FirewallRules: [TCP Query User{112C4554-EB13-4AA2-BC8D-FA36EC6AE79D}C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe
FirewallRules: [UDP Query User{72D51374-4AAB-425F-866F-CEEA691E95B6}C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{AAB2839F-B39B-4AF3-9994-F8EBA9280211}C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{4BAA3985-58CC-4FA0-A70C-A7AD4FC04151}C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{E349909E-08A4-4570-9208-2B12764BEFB1}C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{5D8CE50B-CF38-4FDB-9212-56C7A3CC7693}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{845207D8-BF51-4370-B581-EBFA27E73446}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BD301243-55A0-4BD5-BAB3-B1C231A8B6E0}D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe
FirewallRules: [UDP Query User{936B4D0F-5ED4-4944-99C3-52C2B0023277}D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe
FirewallRules: [{5E4146AF-6DAC-4576-ABDE-D495114952B0}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{E8081CB2-2D44-4E11-94BC-5888D334E2F1}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{59561CE0-74EB-4D84-9110-D585F99C315C}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{631D57AF-7A4B-4F54-9969-B4E63272832D}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{13F02D4B-B782-4C20-B687-CC6E2128FF10}D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{AC3C3A75-9F70-4549-9ABF-A2E900B41ACD}D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{EC724891-14B9-49D9-AF92-4EF620F46303}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{24405C97-4FD9-4C96-A98F-993B967787A6}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{E4D2B5A7-1998-4E62-A05C-B2FD68D0F0CD}D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{D0398117-60B2-4FED-978D-F58DDED4BEC9}D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{548BDBA8-9448-4AFE-BC41-79D8824A3F28}D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B87C86B4-D220-4DF3-98A6-82C54F8BE7BA}D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe
FirewallRules: [TCP Query User{192626B8-2619-4F0B-8E07-E9F1975BCE70}D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A772C778-9382-4879-8D41-D55092681BE3}D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [{54FD40FB-88DC-456E-BED4-7A66B380805C}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{ADD023D1-C94C-4FA0-8E02-14F2071FBA9A}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{1DCA88FE-5089-4C07-96D9-EA50EFF313CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8975E2FA-1AC8-4964-B751-55CB0CADA104}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{56BAF262-F694-4563-94DE-2A2624FE3D43}D:\rockstar games\gta5.exe] => (Allow) D:\rockstar games\gta5.exe
FirewallRules: [UDP Query User{A8A76A5E-747E-4ADA-87FB-A012629C126B}D:\rockstar games\gta5.exe] => (Allow) D:\rockstar games\gta5.exe
FirewallRules: [TCP Query User{180A4708-964B-4354-A79A-1D6071F19977}D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe
FirewallRules: [UDP Query User{216EB439-0D60-4446-9C8B-504A3E99AE7C}D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe
FirewallRules: [TCP Query User{5305BAF6-4AB7-4511-9B1E-947D36456E60}D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe
FirewallRules: [UDP Query User{6CBC0100-2800-444A-B4A5-F5C1A1D831FB}D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe
FirewallRules: [TCP Query User{17ED5974-0329-45B7-9920-5EAAAE3E6638}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe
FirewallRules: [UDP Query User{E94F6B09-02FD-43D9-922E-19B422AE0ED7}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe
FirewallRules: [TCP Query User{591FBF7B-AB78-49CB-98B5-A0631A25E2DA}D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe
FirewallRules: [UDP Query User{745A5971-A7B7-4768-864C-15584B77816E}D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe
FirewallRules: [TCP Query User{11DB3558-DA9A-4214-8218-53F990DF79BE}D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe
FirewallRules: [UDP Query User{72D0762D-952C-4BAB-94E5-5986C07594C2}D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe
FirewallRules: [TCP Query User{C0E614AE-2B6D-40E7-AB89-4594BB9236DF}D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe
FirewallRules: [UDP Query User{7D08E642-E568-4F1E-BBD1-A3B2061350C6}D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe
FirewallRules: [TCP Query User{2F01FEA2-83E8-4EA2-9C0B-8AC94A6607C5}D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe
FirewallRules: [UDP Query User{75F63616-E8EE-4D90-9839-4B4C8B0A9539}D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe
FirewallRules: [{31F4662C-755B-4992-A1D8-111344C8E5B2}] => (Allow) D:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{CDA08EF9-13E8-48B5-9A22-68095D4E6773}] => (Allow) D:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [TCP Query User{DD8F03F8-C175-40D6-A416-E6DA2E6BD596}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{990F8A45-D33A-4BE1-807A-EEDE261A7A00}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [TCP Query User{42E23857-B99F-4184-8BFA-CEE9CE9A8D53}D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe
FirewallRules: [UDP Query User{1018C756-7633-46AB-89FA-31029E600DB4}D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe
FirewallRules: [TCP Query User{BC1EBE38-51F9-4A21-971A-153061A90FAD}D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [UDP Query User{CA68B9C0-1823-4420-8444-9EEA660A2432}D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [TCP Query User{5F5A0686-9AC3-478E-9728-AA4D001EDED2}D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A2A2F895-9C88-4A82-96D8-33BBD7554404}D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe
FirewallRules: [{91DE0F9E-9792-4E0A-AFB0-B7CD4C46A25C}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{8977750F-E4EC-43D9-B914-E8EEFF94B01E}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{BDDD6E72-C2AE-47E7-B1BD-CE0D918AC440}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{789E0965-86B7-4B1B-B517-A21659F9273B}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{7458818C-0CBE-432F-8D07-AA25301AAD53}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{866BC94E-4AB3-4036-816F-1B76705CAB47}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{23104574-9369-4561-A577-3D43DEBD30CD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BAE5F8AB-C639-4E39-9326-A2087403B001}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{A945F6F7-BC7A-47D0-BB38-05DAB451D73C}D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe
FirewallRules: [UDP Query User{8FCB744B-FE42-4B48-849C-082E7DAA02CA}D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe
FirewallRules: [TCP Query User{3DBB9303-F2E0-41C5-9700-C54E79FA39BF}D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3F2A22B1-13BC-4B55-AAEB-F795F65B517B}D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe
FirewallRules: [TCP Query User{4C21BF61-B61F-43D0-A718-BA5D3CEFA867}D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe
FirewallRules: [UDP Query User{CB5D28B1-87EB-4E63-B307-46A4373069F2}D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe
FirewallRules: [{7AAC533B-1DEB-417B-967B-8AC598A149B7}] => (Allow) D:\SteamLibrary\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{ADD0CBDC-0770-4685-A53C-B06B2BDDBD33}] => (Allow) D:\SteamLibrary\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{DDCF984B-B9D8-4B53-99A6-782D0F4DD200}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe
FirewallRules: [{A32FA22F-B1F7-4158-A588-BE57238BDB9E}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe
FirewallRules: [TCP Query User{8F9A17C8-B16D-434C-A790-7F3ECD51475E}D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B31CAACD-F471-4805-B557-F815ECD03543}D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe
FirewallRules: [TCP Query User{58BBC1DE-CC8E-46BC-8396-10D9AEF3DE8A}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe
FirewallRules: [UDP Query User{230A6C45-0996-4A13-9DB9-71DE44263FEB}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe
FirewallRules: [TCP Query User{7DFF88B9-0AEF-4A4C-947E-5B2FB34B5E3F}D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe
FirewallRules: [UDP Query User{74FF227E-4A07-4C22-A3D1-E7CE7A4FDB3A}D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe
FirewallRules: [TCP Query User{02E9DB68-A6A6-440E-945A-D743F64AA891}D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe
FirewallRules: [UDP Query User{C4A1A90A-25BA-4050-99A7-21A5836BA3F0}D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe
FirewallRules: [TCP Query User{49F30CD4-FFF8-4ED8-B3F6-697A1AE0CD3E}D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe
FirewallRules: [UDP Query User{6B1FDCE3-0AC4-4B78-8213-6A44C73FC606}D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe
FirewallRules: [TCP Query User{C50702A8-1BDF-4FDA-A115-FD999335359D}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe
FirewallRules: [UDP Query User{9E55D608-5294-425F-BD44-56FBD7E08E5C}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe
FirewallRules: [{D2D50FA1-C746-4483-8577-D4274551D564}] => (Allow) C:\Users\Azad\AppData\Local\Temp\7zS1997\HPDiagnosticCoreUI.exe
FirewallRules: [{9B50D740-FF83-4416-ABB2-E209B1728D1D}] => (Allow) C:\Users\Azad\AppData\Local\Temp\7zS1997\HPDiagnosticCoreUI.exe
FirewallRules: [{E0936290-A35A-4887-9EE5-7F7C1386F4F6}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{6DDBFED2-2F1C-4E76-8210-B0185B8B9755}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{FA390014-E328-471B-9078-C633DBBF2E7E}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{8BF15F47-69B5-4C19-AE51-F26227CAFA33}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{44983211-6D5F-4EC5-8668-DBC14EE012D4}] => (Allow) LPort=5357
FirewallRules: [{2B5BA15D-1105-473F-A6FB-893948C872DC}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{2ABA6CFA-E3B3-40C2-BF6B-411E67FA6AF0}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe
FirewallRules: [UDP Query User{F41786ED-CE14-4C62-9D6D-8BBCE396AB7E}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe
FirewallRules: [TCP Query User{3CF1E806-1539-41DB-869E-8A5AF10B66B6}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe
FirewallRules: [UDP Query User{C9CC3648-BD1E-4B62-8C92-1C6A9DC5C974}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe
FirewallRules: [TCP Query User{6209A15F-FEC0-40E2-BA3E-1D99862F87B3}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe
FirewallRules: [UDP Query User{26721667-1382-4D40-AD79-3E883679159B}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe
FirewallRules: [TCP Query User{4B1E31A0-A8B6-4AB3-9BB5-79D4EC6783DD}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe
FirewallRules: [UDP Query User{9B31DBE1-5B96-4219-B597-3E24923B7517}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe
FirewallRules: [TCP Query User{959F1188-6483-435E-AEA3-674B8D9CC12B}D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe
FirewallRules: [UDP Query User{8329987B-B942-48BA-9BDF-B33B3316B6C9}D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe
FirewallRules: [TCP Query User{88A1DC88-78E4-4D8C-AB00-93A2769186C7}D:\league of legends\game\league of legends.exe] => (Allow) D:\league of legends\game\league of legends.exe
FirewallRules: [UDP Query User{94C59246-0A05-43BF-A944-67EB114AD9E1}D:\league of legends\game\league of legends.exe] => (Allow) D:\league of legends\game\league of legends.exe
FirewallRules: [{34A0B69B-E274-4B58-90AC-840AF9BF79C6}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Launcher\dowser.exe
FirewallRules: [{9C8DC6AD-1F4A-454B-9239-E47FC86D8B3F}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Launcher\dowser.exe
FirewallRules: [{F4AA6159-27E8-4090-A30C-7BC5B54CC41E}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe
FirewallRules: [{F0A1D03C-1A6A-404B-ABD6-E13FDC02A411}] => (Allow) D:\DaVinci Resolve\Resolve.exe
FirewallRules: [{92D0C4D0-A8C2-487C-B4DF-5123E3DB571D}] => (Allow) D:\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{79024853-EA4B-46E1-95DA-76A2BE34085A}] => (Allow) D:\DaVinci Resolve\DaVinciPanelDaemon.exe
FirewallRules: [{8D11590B-880E-4D0E-A48E-52780A5CE1CB}] => (Allow) D:\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{7A09F9E5-6783-45A2-B5C8-84FA81327042}] => (Allow) D:\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{A808380D-0C15-4E40-BD54-B60D6E472159}] => (Allow) D:\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{C872148B-3CD3-4896-A344-367A08CC65C3}] => (Allow) D:\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{CE1E1B50-FB0D-4582-BF5C-3E93AC450E15}] => (Allow) D:\DaVinci Resolve\OxygenPanelDaemon.exe
FirewallRules: [{CDC4D5F5-A6A7-4B8B-8CA5-915CC8714088}] => (Allow) D:\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{E807049B-F9A7-4436-88AD-D93F9E32DDEA}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{1BE5EE15-E87A-4528-8D21-141D2D1F1083}D:\davinci resolve\fuscript.exe] => (Allow) D:\davinci resolve\fuscript.exe
FirewallRules: [UDP Query User{F32153F2-841F-4B64-889A-068257C33EBC}D:\davinci resolve\fuscript.exe] => (Allow) D:\davinci resolve\fuscript.exe
FirewallRules: [{F22F4F3D-0D3A-4E2F-8F0A-725BEAE5A56A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DCF8F9FF-FF89-438E-9267-768FBB5A79B3}] => (Allow) LPort=2869
FirewallRules: [{1C02CEA6-E768-495F-B57E-EAECE1D920CE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2AFF37E5-E3DA-456D-B9B4-0F7302313023}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe
FirewallRules: [UDP Query User{7511FF55-3FE3-42E5-B410-8BB01190B1D0}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe
FirewallRules: [TCP Query User{6275E10B-A03E-4C4D-BF8E-60B2B3B83DA5}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe
FirewallRules: [UDP Query User{CFE5A993-8227-4481-8BFF-DB31E784CFF5}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe
FirewallRules: [{9C49F4C1-AAFE-4DC4-82E1-7A84B381F801}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{23565294-EEA5-4356-97B8-4DB0FB420E0D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AFE7E314-8907-4B06-A202-9F47E4C1FACC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E9E22E1C-439B-402E-A6D7-E23C0A4013BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{469A40C6-69A5-400A-AE3A-4C1234FD942D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
FirewallRules: [{ECD45047-89CB-4129-9D3F-661C0DBC775F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
FirewallRules: [{D7397F82-FC85-4C74-BC1A-8B8A04E9E217}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
FirewallRules: [{F10E9B5B-258C-4E3B-B8B3-8996B134135C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
FirewallRules: [{9713AC15-D308-4C14-B112-0D55611195A3}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe
FirewallRules: [{3FEF9E2F-9CDE-49B6-9772-3B1471305C69}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe
FirewallRules: [{DFC310F3-4869-4968-AB25-CE5A8952A68A}] => (Allow) D:\SteamLibrary\steamapps\common\Among Us\Among Us.exe
FirewallRules: [{E41E8C0B-CC15-4D0B-94B9-8417CE3D15B7}] => (Allow) D:\SteamLibrary\steamapps\common\Among Us\Among Us.exe
FirewallRules: [{046C9829-2088-4196-83DD-E92D73EC596B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{CF9F5ADF-A644-495F-A53F-ACA266A1C832}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{96D687FE-E8B8-41DB-8F0F-BA10BB3A5E58}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{9D12FD50-126A-4962-85CF-496FB209E822}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{7BA66EFD-79C5-4656-B87A-2DDCCAA2A3DF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{1F0BC634-333B-4970-937A-D717E294E072}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{5FFE9B22-9AD7-4738-85F1-6C244822B919}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{EAE152CC-DEF2-45AD-AC31-C1D6D8842ED4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [TCP Query User{1DCC4726-9C5D-44D2-A403-BBE3C1335580}D:\vlc\vlc.exe] => (Allow) D:\vlc\vlc.exe
FirewallRules: [UDP Query User{D132C856-2075-48EB-AC72-4A9169AEDF04}D:\vlc\vlc.exe] => (Allow) D:\vlc\vlc.exe
FirewallRules: [{78BA9C07-5089-437C-99D2-0F051658CC2F}] => (Allow) D:\SteamLibrary\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe
FirewallRules: [{C27EEC96-F732-4083-A859-CFF9743F86AC}] => (Allow) D:\SteamLibrary\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe
FirewallRules: [{A7C35714-1BCD-4407-8490-F5458139BE25}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe
FirewallRules: [{939CC2B7-F548-40E5-97AD-59717D0B2FD5}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe
FirewallRules: [{4C20FFA6-02BE-4970-8D9C-59745CE26726}] => (Allow) D:\Schlacht um Mittelerde 2\game.dat
FirewallRules: [{2E80E2AB-152E-4C19-B8E3-07F80565892B}] => (Allow) D:\Schlacht um Mittelerde 2\game.dat
FirewallRules: [{D17712DA-6AE5-4272-A7F1-421179904F1D}] => (Allow) D:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe
FirewallRules: [{C0E9AE5C-3540-4F91-A29B-6B67E8986ECF}] => (Allow) D:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe
FirewallRules: [{DE257AA8-D0D0-4C5E-9D01-7B5FB7D240B2}] => (Allow) D:\SteamLibrary\steamapps\common\Yu-Gi-Oh! Legacy of the Duelist\YuGiOh.exe
FirewallRules: [{12AEBB21-140E-4022-8FF4-35E5A6470C07}] => (Allow) D:\SteamLibrary\steamapps\common\Yu-Gi-Oh! Legacy of the Duelist\YuGiOh.exe
FirewallRules: [TCP Query User{29D3AE4A-F4BF-4544-8E67-47E5FD36C61A}C:\program files (x86)\relevantknowledge\rlvknlg.exe] => (Block) C:\program files (x86)\relevantknowledge\rlvknlg.exe
FirewallRules: [UDP Query User{6B5CA01F-5584-4335-A5DD-2D562070E1AF}C:\program files (x86)\relevantknowledge\rlvknlg.exe] => (Block) C:\program files (x86)\relevantknowledge\rlvknlg.exe
FirewallRules: [{6D1F0FD3-E284-4E19-B9EC-693D2EBEF027}] => (Allow) D:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe
FirewallRules: [{631B9242-B51B-480F-81ED-2FEB1CD4618D}] => (Allow) D:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe
FirewallRules: [{FC227464-D1B0-4B16-B53C-F4528911D926}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
FirewallRules: [{479B856A-B0BA-4DB9-B8C6-AD13A05CB1EA}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{483EB5A4-DE28-41CA-A694-FD00B0CEDBDA}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{0A9FFCF2-250F-4DEB-8789-049CF122EC6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/13/2020 05:51:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Name des fehlerhaften Moduls: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000757a
ID des fehlerhaften Prozesses: 0xed0
Startzeit der fehlerhaften Anwendung: 0xrlservice.exe0
Pfad der fehlerhaften Anwendung: rlservice.exe1
Pfad des fehlerhaften Moduls: rlservice.exe2
Berichtskennung: rlservice.exe3
Vollständiger Name des fehlerhaften Pakets: rlservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: rlservice.exe5
Error: (10/13/2020 12:16:27 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/12/2020 07:04:07 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/11/2020 09:40:27 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/10/2020 10:19:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/09/2020 12:19:16 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/08/2020 10:44:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Die Speicheroptimierung konnte erneut optimieren auf Volume (D:) nicht abschließen. Grund: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A)
Error: (10/08/2020 10:28:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/07/2020 11:09:07 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/06/2020 09:55:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Systemfehler:
=============
Error: (10/13/2020 05:51:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RelevantKnowledge" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/08/2020 10:31:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/08/2020 10:31:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (10/06/2020 04:34:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VOMS6S7)
Description: Microsoft.Windows.ContentDeliveryManager_10.0.19041.423_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca
Error: (10/06/2020 11:01:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9PKTQ5699M62-AppleInc.iCloud
Error: (10/04/2020 10:09:46 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {D4872B74-3AFC-47CD-B8A2-9E4F998539BC}
Error: (10/04/2020 04:55:16 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (10/04/2020 04:55:16 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (10/04/2020 04:54:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VOMS6S7)
Description: {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
Error: (10/04/2020 04:54:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VOMS6S7)
Description: {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
Microsoft Office:
=========================
Error: (10/13/2020 05:51:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rlservice.exe1.1.24.1205e8fa842rlservice.exe1.1.24.1205e8fa842c00000050000757aed001d69a5e5dc16b5eC:\Program Files (x86)\RelevantKnowledge\rlservice.exeC:\Program Files (x86)\RelevantKnowledge\rlservice.exec6ae7828-1c3d-4f89-9f72-53fc83d5660b
Error: (10/13/2020 12:16:27 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/12/2020 07:04:07 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/11/2020 09:40:27 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/10/2020 10:19:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/09/2020 12:19:16 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/08/2020 10:44:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: erneut optimierenVolume (D:)Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A)
Error: (10/08/2020 10:28:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/07/2020 11:09:07 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (10/06/2020 09:55:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
CodeIntegrity:
===================================
Date: 2020-10-12 23:25:13.5400000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:20:13.5400000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:15:13.5450000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:10:13.5450000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:05:13.5540000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:00:13.5520000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 22:55:13.5460000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 22:50:13.5520000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 22:45:13.5540000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 22:40:13.5380000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
Processor: Intel(R) Core(TM) i3-8350K CPU @ 4.00GHz
Percentage of memory in use: 52%
Total physical RAM: 8143.74 MB
Available physical RAM: 3865.93 MB
Total Virtual: 16079.74 MB
Available Virtual: 8378.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.19 GB) (Free:28.37 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.5 GB) (Free:501.6 GB) NTFS
Drive f: (LOTRBFME2) (CDROM) (Total:5.54 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== Ende von log ============================
|
|
13.10.2020, 18:19
| #3 | |
| /// TB-Ausbilder   | Misleading:Win32/Lodi Virus? Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen. Zitat:
 Diese Version bitte gleich löschen!Ich will gar nicht wissen, woher du diese alte Version her hast...  Unsere Anleitung hast du nicht dafür verwendet... also gleich nochmal, dieses Mal aber richtig: Bitte lade dir die passende Version von Farbar Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
|
|
13.10.2020, 19:23
| #4 |
| | Misleading:Win32/Lodi Virus? Hey, hab in meinen alten Threads noch die alten Links von filepony genutzt.. war wohl keine so gute Idee. Leider ist der PC auch echt mega am hängen... also da hab ich mir glaub ich was dickes eingefangen, teilweise ist die CPU bei 100% Belastung  Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2020
durchgeführt von Azad (Administrator) auf DESKTOP-VOMS6S7 (Gigabyte Technology Co., Ltd. Z370P D3) (13-10-2020 20:20:19)
Gestartet von C:\Users\Azad\Desktop
Geladene Profile: Azad
Platform: Windows 10 Pro Version 2004 19041.508 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\ProgramData\iMobieDNA\AppleDriver\AppleMobileDeviceProcess.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Chip Digital GmbH) [Datei ist nicht signiert] C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Electronic Arts, Inc. -> Electronic Arts) D:\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(iMobie Inc. -> iMobie Inc.) C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.23741.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12009.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Skillbrains) [Datei ist nicht signiert] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [638352 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [407440 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2720256 2020-10-10] (iMobie Inc. -> iMobie Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Steam] => C:\Steam\steam.exe [3416352 2020-10-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Discord] => C:\Users\Azad\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Spotify] => C:\Users\Azad\AppData\Roaming\Spotify\Spotify.exe [22824680 2020-05-22] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [com.blitz.app] => C:\Users\Azad\AppData\Local\Blitz\Update.exe [1921680 2020-04-07] (Swift Media Entertainment, Inc. -> Blitz Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2720256 2020-10-10] (iMobie Inc. -> iMobie Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [AnyTransToolHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe [580608 2020-10-10] (iMobie Inc. -> iMobie Inc.)
HKLM\...\Windows x64\Print Processors\Epson Inkjet: C:\Windows\System32\spool\prtprocs\x64\EP0NPP01.DLL [38912 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\Windows\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet 4630 series): C:\Windows\system32\HPDiscoPMC611.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.75\Installer\chrmstp.exe [2020-10-13] (Google LLC -> Google LLC)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02BF6FDC-843B-49B1-9389-7D7FB346351F} - System32\Tasks\Agent Activation Runtime\S-1-5-21-4008508967-1143171168-3858184327-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-08-11] (Microsoft Windows -> )
Task: {0CFF5E86-1EE8-4870-86F4-721D83AA7D7A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {185599E2-D932-45EF-B67E-D69371DC73D2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3B5C156D-7B8E-4374-8F09-6AE999304CFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-22] (Google Inc -> Google LLC)
Task: {3EC56EC1-A035-4310-BF73-4C6E9BDE6086} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3F417CC7-FF24-4B0A-9552-07EBB64FFF14} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-13] (Adobe Inc. -> Adobe)
Task: {3FE450AE-DBA1-4B4C-B564-C7284F85DB15} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {3FF22648-45C1-4760-812A-F2864F592182} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {40367766-4252-4850-B197-5BEBA523AAFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {42D56451-9798-4233-A949-F5460B96071D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {45D066AB-B633-45C0-BDFD-3707FD8FEA07} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {47AC3806-A459-40C1-8475-B9E4A60E6FE3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
Task: {5D5A6928-14BC-4739-B3AA-197AE90720D0} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {7739174D-35B8-4A0C-9C74-E69F340AF0DE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F50782E-6D80-41E6-8569-B825B72AFC39} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F51EDB9-9509-496A-AF41-8A240DF1D80E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {821A8699-93C8-4F50-9A17-1BA7E638849C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-22] (Google Inc -> Google LLC)
Task: {924A9B1B-5880-4CA5-AAFE-FAEEA3BED9CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A46E6974-4A55-49FF-8C11-F82FAA39B298} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A8136268-4BBA-44DA-87FA-173972FB8DBF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {AF093467-08D1-4C35-8BCE-A07FC602F119} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B49682F8-86F7-417F-A76A-9C577EC0F43F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C361A712-4DF9-45CA-8BB8-ADB249135309} - System32\Tasks\update-S-1-5-21-4008508967-1143171168-3858184327-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {C9E60819-F104-4173-9EDB-AC7D46858558} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8EAF912-9D8C-4691-AE2D-E6219ED89A63} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [664784 2020-10-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {DE2A5B04-55D9-4E4A-9870-CEAF98E41CBB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1833D1B-4BD0-4CA1-8061-6F80E3B54E3B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FDA30F1D-5CB3-4D2D-B8A6-62CA074736EC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4008508967-1143171168-3858184327-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d7c8a815-ac65-4c33-bc3f-70bb13fdd9e7}: [DhcpNameServer] 192.168.0.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Azad\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-13]
FireFox:
========
FF DefaultProfile: 6uu47y6w.default
FF ProfilePath: C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default [2020-10-13]
FF NewTab: Mozilla\Firefox\Profiles\6uu47y6w.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=CH180901FF&iDate=2020-09-09 04:09:01&bName=&bitmask=0600
FF Notifications: Mozilla\Firefox\Profiles\6uu47y6w.default -> hxxps://www.lieferando.de
FF Extension: (MyJDownloader Browser Erweiterung) - C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2020-10-03] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-09-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default [2020-10-12]
CHR Extension: (Präsentationen) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-22]
CHR Extension: (Docs) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-22]
CHR Extension: (Google Drive) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-22]
CHR Extension: (YouTube) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-22]
CHR Extension: (Tabellen) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-22]
CHR Extension: (Google Mail) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-28]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-06] (BattlEye Innovations e.K. -> )
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2018-10-25] (Chip Digital GmbH) [Datei ist nicht signiert] <==== ACHTUNG
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-02-28] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2519864 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3473216 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2020-07-10] (Even Balance, Inc. -> )
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [170352 2020-04-10] (TMRG, Inc. -> TMRG, Inc.) <==== ACHTUNG
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5097896 2020-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13109264 2020-06-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 VBoxSDS; D:\Virtual Box\VBoxSDS.exe [744968 2020-06-04] (Oracle Corporation -> Oracle Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare UniConverter (Desktop Deutsch)\Transfer\DriverInstall.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [254528 2018-11-26] (DT Soft Ltd -> DT Soft Ltd)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [237832 2020-06-04] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [247232 2020-06-04] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-10-13 20:20 - 2020-10-13 20:20 - 000024792 _____ C:\Users\Azad\Desktop\FRST.txt
2020-10-13 20:17 - 2020-10-13 20:17 - 002299392 _____ (Farbar) C:\Users\Azad\Desktop\FRST64.exe
2020-10-13 19:20 - 2020-10-13 19:20 - 000000000 ____D C:\Users\Azad\Documents\AnyTrans-Exportieren-20201013(1)
2020-10-13 19:17 - 2020-10-13 19:17 - 000000000 ____D C:\Users\Azad\Documents\AnyTrans-Exportieren-20201013
2020-10-13 19:16 - 2020-10-13 19:16 - 000001199 _____ C:\Users\Public\Desktop\AnyTrans.lnk
2020-10-13 19:16 - 2020-10-13 19:16 - 000001199 _____ C:\ProgramData\Desktop\AnyTrans.lnk
2020-10-13 18:58 - 2020-10-13 18:58 - 007839912 _____ (iMobie Inc.) C:\Users\Azad\Downloads\anytrans-ios-new-en-setup.exe
2020-10-13 18:53 - 2020-10-13 18:53 - 000000000 ____D C:\Users\Public\Thunder Network
2020-10-13 18:53 - 2020-10-13 18:53 - 000000000 ____D C:\ProgramData\Thunder Network
2020-10-13 18:52 - 2020-10-13 18:52 - 001353232 _____ (CHIP Digital GmbH) C:\Users\Azad\Downloads\anytrans-88-new-de-setup - CHIP-Installer.exe
2020-10-13 18:01 - 2020-10-13 20:20 - 000000000 ____D C:\FRST
2020-10-09 19:25 - 2020-10-09 19:25 - 000000000 ____D C:\Users\Azad\AppData\Local\AVGame
2020-10-05 16:10 - 2020-10-05 16:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2020-10-04 15:57 - 2020-10-04 15:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-10-04 12:59 - 2020-10-04 16:55 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-09-28 20:55 - 2020-09-28 20:55 - 000000000 ____D C:\WINDOWS\LastGood
2020-09-28 20:53 - 2020-10-13 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2020-09-28 20:52 - 2020-09-26 01:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 002097560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 001585048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 001506200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 001160600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000815856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000811248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000674200 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000670104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000555928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000540912 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 007705320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 006859152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 004174736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 002509200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 001733008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445655.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 001482984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445655.dll
2020-09-28 20:52 - 2020-09-26 01:35 - 005964496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-09-28 18:00 - 2020-09-28 18:12 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2020-09-28 17:49 - 2020-09-28 17:49 - 000000768 _____ C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
2020-09-28 17:49 - 2020-09-28 17:49 - 000000768 _____ C:\ProgramData\Desktop\Die Schlacht um Mittelerde™ II.lnk
2020-09-28 17:49 - 2020-09-28 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2020-09-28 17:44 - 2020-09-28 17:45 - 000000000 ____D C:\Users\Azad\AppData\Roaming\DAEMON Tools Lite
2020-09-28 17:44 - 2020-09-28 17:45 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2020-09-28 17:44 - 2020-09-28 17:44 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2020-09-28 16:37 - 2020-10-13 17:51 - 000000000 ____D C:\Program Files (x86)\RelevantKnowledge
2020-09-25 11:17 - 2020-10-08 16:31 - 000000000 ____D C:\Users\Azad\Desktop\Logos
2020-09-23 14:09 - 2020-09-23 14:09 - 000000000 ____D C:\Users\Azad\AppData\Local\Epic Games
2020-09-17 18:23 - 2020-09-17 18:24 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2020-09-17 18:20 - 2020-09-15 00:13 - 000038816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2020-09-16 17:28 - 2020-09-16 17:28 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2020-09-16 17:27 - 2020-10-09 15:31 - 000000000 ____D C:\Users\Azad\Documents\Mount and Blade II Bannerlord
2020-09-13 16:33 - 2020-09-13 16:33 - 000000000 ____D C:\Users\Azad\AppData\LocalLow\Innersloth
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-10-13 20:21 - 2020-08-11 21:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-13 20:21 - 2020-08-11 21:58 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-13 20:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2020-10-13 20:18 - 2018-08-27 18:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-10-13 20:16 - 2020-09-04 11:26 - 000000000 ___RD C:\Users\Azad\iCloudDrive
2020-10-13 20:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-13 20:16 - 2018-08-27 14:08 - 000000000 ____D C:\Users\Azad\AppData\LocalLow\Mozilla
2020-10-13 19:18 - 2020-08-11 21:57 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-13 19:18 - 2019-12-07 16:51 - 000743686 _____ C:\WINDOWS\system32\perfh007.dat
2020-10-13 19:18 - 2019-12-07 16:51 - 000150108 _____ C:\WINDOWS\system32\perfc007.dat
2020-10-13 19:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-10-13 19:11 - 2020-08-11 21:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-13 19:11 - 2020-08-11 21:53 - 000008192 ___SH C:\DumpStack.log.tmp
2020-10-13 19:11 - 2020-07-07 23:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-10-13 19:11 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-13 19:11 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-13 19:08 - 2020-08-11 21:58 - 000004640 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-10-13 19:08 - 2019-12-07 11:18 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-10-13 19:08 - 2019-12-07 11:18 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-13 19:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-10-13 19:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-10-13 19:03 - 2020-09-04 13:14 - 000000000 ____D C:\Users\Azad\AppData\Roaming\vlc
2020-10-13 18:58 - 2020-09-04 19:02 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Apple Computer
2020-10-13 18:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-13 18:58 - 2018-08-27 13:28 - 000000000 ____D C:\Users\Azad\AppData\Local\PlaceholderTileLogoFolder
2020-10-13 18:58 - 2018-08-24 18:32 - 000000000 ____D C:\Users\Azad\AppData\Local\Packages
2020-10-13 18:28 - 2020-08-14 13:51 - 000000000 ____D C:\Users\Azad\AppData\Local\Bluestacks
2020-10-13 18:27 - 2018-09-22 21:43 - 000000000 ____D C:\Program Files\Rockstar Games
2020-10-13 18:27 - 2018-09-22 21:43 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-10-13 18:13 - 2020-09-04 19:09 - 000000000 ____D C:\Users\Azad\AppData\Roaming\iMobie
2020-10-13 17:28 - 2020-08-11 21:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-13 17:17 - 2019-10-22 17:54 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-13 17:17 - 2019-10-22 17:54 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-13 17:17 - 2019-10-22 17:54 - 000002252 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-13 12:24 - 2018-08-28 20:11 - 000000000 ____D C:\Users\Azad\AppData\Local\D3DSCache
2020-10-12 23:26 - 2019-11-07 19:41 - 000000000 ____D C:\Users\Azad\AppData\Local\Battle.net
2020-10-12 23:26 - 2018-08-28 20:01 - 000000000 ____D C:\Steam
2020-10-10 20:28 - 2019-11-10 18:08 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Discord
2020-10-10 19:49 - 2019-08-27 17:25 - 000000000 ____D C:\Users\Azad\AppData\Roaming\TS3Client
2020-10-10 17:27 - 2019-11-10 18:08 - 000002232 _____ C:\Users\Azad\Desktop\Discord.lnk
2020-10-10 17:27 - 2019-11-10 18:08 - 000000000 ____D C:\Users\Azad\AppData\Local\Discord
2020-10-10 16:26 - 2020-03-17 17:47 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-10-10 12:31 - 2019-11-07 19:50 - 000000569 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2020-10-10 12:31 - 2019-11-07 19:50 - 000000569 _____ C:\ProgramData\Desktop\Hearthstone.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 000002257 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 000002257 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-10-09 19:25 - 2018-08-28 21:21 - 000000000 ____D C:\Users\Azad\AppData\Local\UnrealEngine
2020-10-07 11:09 - 2018-08-24 18:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-06 15:55 - 2020-08-27 15:44 - 000000000 ____D C:\Users\Azad\Documents\Soundaufnahmen
2020-10-04 16:55 - 2018-08-27 14:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-04 15:57 - 2018-08-27 14:08 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-09-30 17:44 - 2020-09-04 19:11 - 000000000 ____D C:\Users\Azad\Documents\Temp
2020-09-29 22:02 - 2020-03-20 18:18 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Origin
2020-09-29 22:02 - 2020-03-20 18:18 - 000000000 ____D C:\ProgramData\Origin
2020-09-29 19:34 - 2020-03-20 18:18 - 000000000 ____D C:\Users\Azad\AppData\Local\Origin
2020-09-27 22:23 - 2019-11-24 21:26 - 000000000 ____D C:\Users\Azad\AppData\Local\ElevatedDiagnostics
2020-09-27 19:48 - 2018-08-27 17:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-09-27 19:46 - 2018-08-27 17:49 - 129170736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-09-26 01:35 - 2020-07-10 08:54 - 006992184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-09-25 10:09 - 2019-02-04 22:21 - 000000000 ____D C:\ProgramData\Mozilla
2020-09-25 00:55 - 2020-07-10 08:54 - 000058630 _____ C:\WINDOWS\system32\nvinfo.pb
2020-09-24 22:26 - 2018-08-27 18:00 - 005510456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 002635752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 001759032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000990520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000195560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000122344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000083256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2020-09-24 14:33 - 2020-08-11 21:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-09-24 14:32 - 2019-01-29 14:20 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-23 16:41 - 2020-06-05 21:02 - 000000081 _____ C:\Users\Azad\AppData\Local\.bidstack.fault
2020-09-22 16:09 - 2019-12-28 21:05 - 000000000 ____D C:\Users\Azad\Desktop\Uni neu
2020-09-17 18:24 - 2018-08-27 17:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-09-17 18:23 - 2018-08-27 18:01 - 000000000 ____D C:\Users\Azad\AppData\Local\NVIDIA
2020-09-17 18:23 - 2018-08-27 17:58 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-09-17 08:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-09-16 08:44 - 2018-08-27 18:00 - 009302127 _____ C:\WINDOWS\system32\nvcoproc.bin
2020-09-15 00:13 - 2020-07-10 08:54 - 001682368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2020-09-15 00:13 - 2020-07-10 08:54 - 000222112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2020-09-14 17:22 - 2018-12-07 12:43 - 000000000 ____D C:\Users\Azad\Documents\Paradox Interactive
2020-09-14 17:21 - 2019-12-18 15:08 - 000000000 ____D C:\Users\Azad\AppData\Local\Paradox Interactive
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2020-06-05 21:02 - 2020-09-23 16:41 - 000000081 _____ () C:\Users\Azad\AppData\Local\.bidstack.fault
2018-09-24 22:53 - 2018-09-24 22:53 - 000000003 _____ () C:\Users\Azad\AppData\Local\updater.log
2018-09-24 22:53 - 2018-09-24 22:53 - 000000425 _____ () C:\Users\Azad\AppData\Local\UserProducts.xml
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
13.10.2020, 19:33
| #5 |
| | Misleading:Win32/Lodi Virus? Hier die Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-10-2020
durchgeführt von Azad (13-10-2020 20:21:09)
Gestartet von C:\Users\Azad\Desktop
Windows 10 Pro Version 2004 19041.508 (X64) (2020-08-11 19:58:54)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4008508967-1143171168-3858184327-500 - Administrator - Disabled)
Azad (S-1-5-21-4008508967-1143171168-3858184327-1001 - Administrator - Enabled) => C:\Users\Azad
DefaultAccount (S-1-5-21-4008508967-1143171168-3858184327-503 - Limited - Disabled)
Gast (S-1-5-21-4008508967-1143171168-3858184327-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4008508967-1143171168-3858184327-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version: - Ubisoft)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 8.7.0.0 - iMobie Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.4.5 - Electronic Arts, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.8.1.1 - Chip Digital GmbH) <==== ACHTUNG
Citrix Receiver 4.12 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.12.0.18020 - Citrix Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Discord (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{04DDD9BF-6B7B-4858-9AA4-D3C868169D70}) (Version: 1.1.163.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.75 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Officejet 4630 series - Grundlegende Software für das Gerät (HKLM\...\{3566FFED-696A-4260-8F12-073426CAC951}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 8 Update 261 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.38 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.41 - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\OneDriveSetup.exe) (Version: 20.143.0716.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 81.0.1 (x64 de) (HKLM\...\Mozilla Firefox 81.0.1 (x64 de)) (Version: 81.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Grafiktreiber 456.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.55 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Online Plug-in (HKLM-x32\...\{2E9881CA-E41C-45E5-8055-61A4CC1BF93F}) (Version: 14.12.0.18020 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 6.1.10 (HKLM\...\{06BC3E95-3646-43EA-A78A-0E7D59776B2C}) (Version: 6.1.10 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.84.43868 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{2025DAA7-0653-4F18-B66F-900E6F2320EC}) (Version: 4.2.13 - dotPDN LLC)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Self-Service Plug-in (HKLM-x32\...\{7A029AB7-8CC4-4FE8-904F-A090248C1BC7}) (Version: 4.12.0.18013 - Citrix Systems, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Shotcut (HKLM-x32\...\Shotcut) (Version: 20.07.11 - Meltytech, LLC)
Spotify (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Spotify) (Version: 1.1.33.569.gced9e0f5 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 4630 series (HKLM\...\{3917CF9F-DF46-406E-B524-CA0F150C70D7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
TeamSpeak 3 Client (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\TeamSpeak 3 Client) (Version: 3.3.1 - TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.7.6 - TeamViewer)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 97.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.60 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_120.1.741.0_x64__v10z8vjag6ke6 [2020-10-09] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa [2020-10-06] (Apple Inc.) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa [2020-10-13] (Apple Inc.) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-18] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-20] (Microsoft Studios) [MS Ad]
OttPlayer -> C:\Program Files\WindowsApps\36375artemxk.OttPlayer_3.0.9.0_x64__agwaveq3mr4ra [2019-10-05] (Ottplayer)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2019-12-02] (Realtek Semiconductor Corp)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{0C6F11A4-7679-4786-9AC6-A7EFE6E9C6AC} -> [iCloud Drive] => C:\Users\Azad\iCloudDrive [2020-09-04 11:26]
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{DD41CDAD-A293-4701-A5D5-635C3E1E7BCE} -> [iCloud-Fotos] => C:\Users\Azad\Pictures\iCloud Photos\Photos [2020-09-04 11:26]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-09-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-10-13 18:59 - 2017-09-04 05:52 - 000089600 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\iMobie\AnyTrans\zlib1.dll
2020-10-13 18:59 - 2019-03-25 03:59 - 001353216 _____ (Robert Simpson, et al.) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\iMobie\AnyTrans\System.Data.SQLite.dll
2018-09-24 22:53 - 2017-05-23 14:59 - 000494080 _____ (Skillbrains) [Datei ist nicht signiert] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-09-24 22:53 - 2017-05-23 14:59 - 000256000 _____ (Skillbrains) [Datei ist nicht signiert] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] D:\Origin\LIBEAY32.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] D:\Origin\ssleay32.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 001611264 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\platforms\qwindows.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 005487104 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Core.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 005841920 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Gui.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 001179136 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Network.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 000146432 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5WebSockets.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 005089792 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Widgets.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 000184832 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [233]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D090920-A74DCDF78DC&form=CONMHP&conlogo=CT3335043
SearchScopes: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D090920-N0700A74DCDF78DC&form=CONBDF&conlogo=CT3335043&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
Network Binding:
=============
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "com.blitz.app"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{E3072E74-5B92-4DF4-AD01-9FD4286B27EB}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [Datei ist nicht signiert]
FirewallRules: [{FAA5821C-798C-45DF-BB0D-BA991A60CFCB}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{B1D71255-ED3E-48D7-81B0-48B57871CC0D}D:\for honor\forhonor\forhonor.exe] => (Allow) D:\for honor\forhonor\forhonor.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [TCP Query User{F0C37F3C-3C4B-4124-A46E-70372104492D}D:\for honor\forhonor\forhonor.exe] => (Allow) D:\for honor\forhonor\forhonor.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [{E9B781FE-1C7C-4E83-9521-1658D5D04AA4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A3C70052-38FA-40C6-BAAB-BB4A03F0B887}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A0C51B4A-4263-46C3-84E1-8F93EA295AAA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{0C9B7725-FC84-4FE9-8F9B-8ABA5BCB281D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{8F768EE2-67E8-475B-BC49-42834B3F5660}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{11B44262-BA02-46F9-BC93-1CF36770FAFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{70AB6572-FEDB-49C7-B183-944887602EA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{74BA628A-E632-4EA7-999C-7C253524FEAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{95F66977-8669-483B-9253-44BF610C0D81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0AC86B64-1031-4C5A-97AC-497F9D2DFF5A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BD6065D2-3A62-43E5-B8CD-829D3308BC4C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8A1AA8B3-CFF2-4BBC-8D80-D2483C2E7128}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{29D1FACE-7179-4C5A-9100-3289BD92519B}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020\fm.exe (Sports Interactive) [Datei ist nicht signiert]
FirewallRules: [{12AD64FC-995E-42E3-96B0-0FC22436C30F}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020\fm.exe (Sports Interactive) [Datei ist nicht signiert]
FirewallRules: [{FD96E8AC-52DE-4198-8DC7-6C3427730B25}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020 Touch\fm.exe (Sports Interactive) [Datei ist nicht signiert]
FirewallRules: [{E4EC235D-D51C-4454-958A-E672AA3E99C0}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020 Touch\fm.exe (Sports Interactive) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{7E1F7192-862E-43AD-826E-A160C325D7E7}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{C0A566D5-6A44-4EAC-8169-92DA8043A626}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{DFA919BB-E113-4EFA-8798-4DBBEA2C3520}D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{7EACBA78-8887-4259-9E08-F208B5B5C9EE}D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{1524B956-6F31-4165-94EC-3C5C783CBE9A}] => (Allow) D:\SteamLibrary\steamapps\common\DrugDealerSimulator\DrugDealerSimulator.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{C3396665-4B72-4F40-B7FB-3A0FEE4AB525}] => (Allow) D:\SteamLibrary\steamapps\common\DrugDealerSimulator\DrugDealerSimulator.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{D1B86358-DA7C-4719-8311-F4C39D3305C3}C:\users\azad\appdata\local\blitz\current\blitz.exe] => (Allow) C:\users\azad\appdata\local\blitz\current\blitz.exe => Keine Datei
FirewallRules: [TCP Query User{62C963D7-EB80-4815-882D-C01AFC1513C8}C:\users\azad\appdata\local\blitz\current\blitz.exe] => (Allow) C:\users\azad\appdata\local\blitz\current\blitz.exe => Keine Datei
FirewallRules: [UDP Query User{E1471F5F-56F7-4E94-A5F8-92B8F2E5DE88}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [TCP Query User{4783EF16-0D59-49A3-A227-C691AF16069C}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [{CAD58348-76F4-4283-A4A4-7882BF9C03B1}] => (Allow) D:\Epic Games\Neuer Ordner\AssassinsCreedSyndicate\ACS.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [UDP Query User{9D2DCAB1-70D1-4CFE-AB7C-1A19DEB862DE}D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{2ED5192A-DFEB-448B-BBAA-AEFDA1B741E6}D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{CB9F2C4F-B380-4FF9-8870-6D48A5E89C58}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{AC546CC2-BB03-436F-966C-0F26288B0253}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{8A9847F9-7948-41FA-9F9B-9E66E9CA534A}C:\users\azad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\azad\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D560649A-2FC8-4B12-A8BF-1DE9809C9C94}C:\users\azad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\azad\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{41937B1A-12C2-4F7A-9AF2-A37987CFF62A}D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{608EF86F-44B4-487A-BECF-2FE72AF09617}D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe () [Datei ist nicht signiert]
FirewallRules: [{3B3104F6-18BB-43D0-8E32-D5B8E1C8D69C}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Addon.exe (Related Designs Software -> Related Designs)
FirewallRules: [{4A4F8EE7-B71C-42B3-99C3-9ABDD1396644}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Addon.exe (Related Designs Software -> Related Designs)
FirewallRules: [UDP Query User{1AE5F611-9AC0-4441-BCB0-66E299FE9712}D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{3494BB71-9C57-4D6E-8DB3-6E94ADE9F29A}D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe () [Datei ist nicht signiert]
FirewallRules: [{73518A6E-E7DC-4E04-AAAB-AB8C83A7CB26}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Anno4.exe (Related Designs Software -> Related Designs)
FirewallRules: [{76D3DCAB-1953-4E8F-9F75-705EE567C85C}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Anno4.exe (Related Designs Software -> Related Designs)
FirewallRules: [UDP Query User{4619F886-4F68-439B-89CB-70549001BB3F}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{1C544330-824B-479A-8301-BDF4E68A70E1}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{E91D4330-43AC-443D-8104-942650F02CA4}C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe => Keine Datei
FirewallRules: [TCP Query User{14854362-9E08-415C-B17F-124D1FF5BD60}C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe => Keine Datei
FirewallRules: [UDP Query User{2EEE78B2-9CC5-47E0-A316-A558F0E255E0}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{043D41E6-9BDB-4CE0-AEB1-E03EBD985747}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{24BF8B22-3873-4490-BCAC-1131F61D9EF8}C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe => Keine Datei
FirewallRules: [TCP Query User{112C4554-EB13-4AA2-BC8D-FA36EC6AE79D}C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe => Keine Datei
FirewallRules: [UDP Query User{72D51374-4AAB-425F-866F-CEEA691E95B6}C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe => Keine Datei
FirewallRules: [TCP Query User{AAB2839F-B39B-4AF3-9994-F8EBA9280211}C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe => Keine Datei
FirewallRules: [UDP Query User{4BAA3985-58CC-4FA0-A70C-A7AD4FC04151}C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{E349909E-08A4-4570-9208-2B12764BEFB1}C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{5D8CE50B-CF38-4FDB-9212-56C7A3CC7693}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{845207D8-BF51-4370-B581-EBFA27E73446}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{BD301243-55A0-4BD5-BAB3-B1C231A8B6E0}D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{936B4D0F-5ED4-4944-99C3-52C2B0023277}D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{5E4146AF-6DAC-4576-ABDE-D495114952B0}] => (Allow) C:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E8081CB2-2D44-4E11-94BC-5888D334E2F1}] => (Allow) C:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{59561CE0-74EB-4D84-9110-D585F99C315C}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{631D57AF-7A4B-4F54-9969-B4E63272832D}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [TCP Query User{13F02D4B-B782-4C20-B687-CC6E2128FF10}D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{AC3C3A75-9F70-4549-9ABF-A2E900B41ACD}D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{EC724891-14B9-49D9-AF92-4EF620F46303}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{24405C97-4FD9-4C96-A98F-993B967787A6}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{E4D2B5A7-1998-4E62-A05C-B2FD68D0F0CD}D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{D0398117-60B2-4FED-978D-F58DDED4BEC9}D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{548BDBA8-9448-4AFE-BC41-79D8824A3F28}D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{B87C86B4-D220-4DF3-98A6-82C54F8BE7BA}D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{192626B8-2619-4F0B-8E07-E9F1975BCE70}D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{A772C778-9382-4879-8D41-D55092681BE3}D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{54FD40FB-88DC-456E-BED4-7A66B380805C}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{ADD023D1-C94C-4FA0-8E02-14F2071FBA9A}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1DCA88FE-5089-4C07-96D9-EA50EFF313CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8975E2FA-1AC8-4964-B751-55CB0CADA104}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{56BAF262-F694-4563-94DE-2A2624FE3D43}D:\rockstar games\gta5.exe] => (Allow) D:\rockstar games\gta5.exe => Keine Datei
FirewallRules: [UDP Query User{A8A76A5E-747E-4ADA-87FB-A012629C126B}D:\rockstar games\gta5.exe] => (Allow) D:\rockstar games\gta5.exe => Keine Datei
FirewallRules: [TCP Query User{180A4708-964B-4354-A79A-1D6071F19977}D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{216EB439-0D60-4446-9C8B-504A3E99AE7C}D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{5305BAF6-4AB7-4511-9B1E-947D36456E60}D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{6CBC0100-2800-444A-B4A5-F5C1A1D831FB}D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{17ED5974-0329-45B7-9920-5EAAAE3E6638}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [UDP Query User{E94F6B09-02FD-43D9-922E-19B422AE0ED7}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [TCP Query User{591FBF7B-AB78-49CB-98B5-A0631A25E2DA}D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{745A5971-A7B7-4768-864C-15584B77816E}D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{11DB3558-DA9A-4214-8218-53F990DF79BE}D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{72D0762D-952C-4BAB-94E5-5986C07594C2}D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{C0E614AE-2B6D-40E7-AB89-4594BB9236DF}D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{7D08E642-E568-4F1E-BBD1-A3B2061350C6}D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{2F01FEA2-83E8-4EA2-9C0B-8AC94A6607C5}D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{75F63616-E8EE-4D90-9839-4B4C8B0A9539}D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{31F4662C-755B-4992-A1D8-111344C8E5B2}] => (Allow) D:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [Datei ist nicht signiert]
FirewallRules: [{CDA08EF9-13E8-48B5-9A22-68095D4E6773}] => (Allow) D:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{DD8F03F8-C175-40D6-A416-E6DA2E6BD596}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{990F8A45-D33A-4BE1-807A-EEDE261A7A00}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{42E23857-B99F-4184-8BFA-CEE9CE9A8D53}D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{1018C756-7633-46AB-89FA-31029E600DB4}D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{BC1EBE38-51F9-4A21-971A-153061A90FAD}D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{CA68B9C0-1823-4420-8444-9EEA660A2432}D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{5F5A0686-9AC3-478E-9728-AA4D001EDED2}D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{A2A2F895-9C88-4A82-96D8-33BBD7554404}D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{91DE0F9E-9792-4E0A-AFB0-B7CD4C46A25C}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect64.exe () [Datei ist nicht signiert]
FirewallRules: [{8977750F-E4EC-43D9-B914-E8EEFF94B01E}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect64.exe () [Datei ist nicht signiert]
FirewallRules: [{BDDD6E72-C2AE-47E7-B1BD-CE0D918AC440}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe () [Datei ist nicht signiert]
FirewallRules: [{789E0965-86B7-4B1B-B517-A21659F9273B}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe () [Datei ist nicht signiert]
FirewallRules: [{7458818C-0CBE-432F-8D07-AA25301AAD53}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{866BC94E-4AB3-4036-816F-1B76705CAB47}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23104574-9369-4561-A577-3D43DEBD30CD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BAE5F8AB-C639-4E39-9326-A2087403B001}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A945F6F7-BC7A-47D0-BB38-05DAB451D73C}D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{8FCB744B-FE42-4B48-849C-082E7DAA02CA}D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{3DBB9303-F2E0-41C5-9700-C54E79FA39BF}D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{3F2A22B1-13BC-4B55-AAEB-F795F65B517B}D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{4C21BF61-B61F-43D0-A718-BA5D3CEFA867}D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{CB5D28B1-87EB-4E63-B307-46A4373069F2}D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{7AAC533B-1DEB-417B-967B-8AC598A149B7}] => (Allow) D:\SteamLibrary\steamapps\common\Hearts of Iron IV\hoi4.exe => Keine Datei
FirewallRules: [{ADD0CBDC-0770-4685-A53C-B06B2BDDBD33}] => (Allow) D:\SteamLibrary\steamapps\common\Hearts of Iron IV\hoi4.exe => Keine Datei
FirewallRules: [{DDCF984B-B9D8-4B53-99A6-782D0F4DD200}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{A32FA22F-B1F7-4158-A588-BE57238BDB9E}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [TCP Query User{8F9A17C8-B16D-434C-A790-7F3ECD51475E}D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{B31CAACD-F471-4805-B557-F815ECD03543}D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{58BBC1DE-CC8E-46BC-8396-10D9AEF3DE8A}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe => Keine Datei
FirewallRules: [UDP Query User{230A6C45-0996-4A13-9DB9-71DE44263FEB}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{7DFF88B9-0AEF-4A4C-947E-5B2FB34B5E3F}D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{74FF227E-4A07-4C22-A3D1-E7CE7A4FDB3A}D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{02E9DB68-A6A6-440E-945A-D743F64AA891}D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{C4A1A90A-25BA-4050-99A7-21A5836BA3F0}D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{49F30CD4-FFF8-4ED8-B3F6-697A1AE0CD3E}D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{6B1FDCE3-0AC4-4B78-8213-6A44C73FC606}D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{C50702A8-1BDF-4FDA-A115-FD999335359D}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{9E55D608-5294-425F-BD44-56FBD7E08E5C}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{D2D50FA1-C746-4483-8577-D4274551D564}] => (Allow) C:\Users\Azad\AppData\Local\Temp\7zS1997\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{9B50D740-FF83-4416-ABB2-E209B1728D1D}] => (Allow) C:\Users\Azad\AppData\Local\Temp\7zS1997\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{E0936290-A35A-4887-9EE5-7F7C1386F4F6}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{6DDBFED2-2F1C-4E76-8210-B0185B8B9755}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{FA390014-E328-471B-9078-C633DBBF2E7E}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{8BF15F47-69B5-4C19-AE51-F26227CAFA33}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{44983211-6D5F-4EC5-8668-DBC14EE012D4}] => (Allow) LPort=5357
FirewallRules: [{2B5BA15D-1105-473F-A6FB-893948C872DC}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [TCP Query User{2ABA6CFA-E3B3-40C2-BF6B-411E67FA6AF0}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [UDP Query User{F41786ED-CE14-4C62-9D6D-8BBCE396AB7E}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [TCP Query User{3CF1E806-1539-41DB-869E-8A5AF10B66B6}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe => Keine Datei
FirewallRules: [UDP Query User{C9CC3648-BD1E-4B62-8C92-1C6A9DC5C974}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{6209A15F-FEC0-40E2-BA3E-1D99862F87B3}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{26721667-1382-4D40-AD79-3E883679159B}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{4B1E31A0-A8B6-4AB3-9BB5-79D4EC6783DD}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe => Keine Datei
FirewallRules: [UDP Query User{9B31DBE1-5B96-4219-B597-3E24923B7517}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{959F1188-6483-435E-AEA3-674B8D9CC12B}D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{8329987B-B942-48BA-9BDF-B33B3316B6C9}D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{88A1DC88-78E4-4D8C-AB00-93A2769186C7}D:\league of legends\game\league of legends.exe] => (Allow) D:\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{94C59246-0A05-43BF-A944-67EB114AD9E1}D:\league of legends\game\league of legends.exe] => (Allow) D:\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{34A0B69B-E274-4B58-90AC-840AF9BF79C6}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{9C8DC6AD-1F4A-454B-9239-E47FC86D8B3F}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{F4AA6159-27E8-4090-A30C-7BC5B54CC41E}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => Keine Datei
FirewallRules: [{F0A1D03C-1A6A-404B-ABD6-E13FDC02A411}] => (Allow) D:\DaVinci Resolve\Resolve.exe => Keine Datei
FirewallRules: [{92D0C4D0-A8C2-487C-B4DF-5123E3DB571D}] => (Allow) D:\DaVinci Resolve\bmdpaneld.exe => Keine Datei
FirewallRules: [{79024853-EA4B-46E1-95DA-76A2BE34085A}] => (Allow) D:\DaVinci Resolve\DaVinciPanelDaemon.exe => Keine Datei
FirewallRules: [{8D11590B-880E-4D0E-A48E-52780A5CE1CB}] => (Allow) D:\DaVinci Resolve\JLCooperPanelDaemon.exe => Keine Datei
FirewallRules: [{7A09F9E5-6783-45A2-B5C8-84FA81327042}] => (Allow) D:\DaVinci Resolve\EuphonixPanelDaemon.exe => Keine Datei
FirewallRules: [{A808380D-0C15-4E40-BD54-B60D6E472159}] => (Allow) D:\DaVinci Resolve\TangentPanelDaemon.exe => Keine Datei
FirewallRules: [{C872148B-3CD3-4896-A344-367A08CC65C3}] => (Allow) D:\DaVinci Resolve\ElementsPanelDaemon.exe => Keine Datei
FirewallRules: [{CE1E1B50-FB0D-4582-BF5C-3E93AC450E15}] => (Allow) D:\DaVinci Resolve\OxygenPanelDaemon.exe => Keine Datei
FirewallRules: [{CDC4D5F5-A6A7-4B8B-8CA5-915CC8714088}] => (Allow) D:\DaVinci Resolve\DPDecoder.exe => Keine Datei
FirewallRules: [{E807049B-F9A7-4436-88AD-D93F9E32DDEA}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => Keine Datei
FirewallRules: [TCP Query User{1BE5EE15-E87A-4528-8D21-141D2D1F1083}D:\davinci resolve\fuscript.exe] => (Allow) D:\davinci resolve\fuscript.exe => Keine Datei
FirewallRules: [UDP Query User{F32153F2-841F-4B64-889A-068257C33EBC}D:\davinci resolve\fuscript.exe] => (Allow) D:\davinci resolve\fuscript.exe => Keine Datei
FirewallRules: [{F22F4F3D-0D3A-4E2F-8F0A-725BEAE5A56A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DCF8F9FF-FF89-438E-9267-768FBB5A79B3}] => (Allow) LPort=2869
FirewallRules: [{1C02CEA6-E768-495F-B57E-EAECE1D920CE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2AFF37E5-E3DA-456D-B9B4-0F7302313023}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [UDP Query User{7511FF55-3FE3-42E5-B410-8BB01190B1D0}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [TCP Query User{6275E10B-A03E-4C4D-BF8E-60B2B3B83DA5}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [UDP Query User{CFE5A993-8227-4481-8BFF-DB31E784CFF5}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [{9C49F4C1-AAFE-4DC4-82E1-7A84B381F801}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23565294-EEA5-4356-97B8-4DB0FB420E0D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AFE7E314-8907-4B06-A202-9F47E4C1FACC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E9E22E1C-439B-402E-A6D7-E23C0A4013BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{469A40C6-69A5-400A-AE3A-4C1234FD942D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ECD45047-89CB-4129-9D3F-661C0DBC775F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D7397F82-FC85-4C74-BC1A-8B8A04E9E217}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F10E9B5B-258C-4E3B-B8B3-8996B134135C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9713AC15-D308-4C14-B112-0D55611195A3}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{3FEF9E2F-9CDE-49B6-9772-3B1471305C69}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{DFC310F3-4869-4968-AB25-CE5A8952A68A}] => (Allow) D:\SteamLibrary\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [{E41E8C0B-CC15-4D0B-94B9-8417CE3D15B7}] => (Allow) D:\SteamLibrary\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{1DCC4726-9C5D-44D2-A403-BBE3C1335580}D:\vlc\vlc.exe] => (Allow) D:\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D132C856-2075-48EB-AC72-4A9169AEDF04}D:\vlc\vlc.exe] => (Allow) D:\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{78BA9C07-5089-437C-99D2-0F051658CC2F}] => (Allow) D:\SteamLibrary\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe (Focus Home Interactive -> Focus Home Interactive)
FirewallRules: [{C27EEC96-F732-4083-A859-CFF9743F86AC}] => (Allow) D:\SteamLibrary\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe (Focus Home Interactive -> Focus Home Interactive)
FirewallRules: [{A7C35714-1BCD-4407-8490-F5458139BE25}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{939CC2B7-F548-40E5-97AD-59717D0B2FD5}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{4C20FFA6-02BE-4970-8D9C-59745CE26726}] => (Allow) D:\Schlacht um Mittelerde 2\game.dat (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{2E80E2AB-152E-4C19-B8E3-07F80565892B}] => (Allow) D:\Schlacht um Mittelerde 2\game.dat (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{D17712DA-6AE5-4272-A7F1-421179904F1D}] => (Allow) D:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{C0E9AE5C-3540-4F91-A29B-6B67E8986ECF}] => (Allow) D:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{DE257AA8-D0D0-4C5E-9D01-7B5FB7D240B2}] => (Allow) D:\SteamLibrary\steamapps\common\Yu-Gi-Oh! Legacy of the Duelist\YuGiOh.exe () [Datei ist nicht signiert]
FirewallRules: [{12AEBB21-140E-4022-8FF4-35E5A6470C07}] => (Allow) D:\SteamLibrary\steamapps\common\Yu-Gi-Oh! Legacy of the Duelist\YuGiOh.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{29D3AE4A-F4BF-4544-8E67-47E5FD36C61A}C:\program files (x86)\relevantknowledge\rlvknlg.exe] => (Block) C:\program files (x86)\relevantknowledge\rlvknlg.exe => Keine Datei
FirewallRules: [UDP Query User{6B5CA01F-5584-4335-A5DD-2D562070E1AF}C:\program files (x86)\relevantknowledge\rlvknlg.exe] => (Block) C:\program files (x86)\relevantknowledge\rlvknlg.exe => Keine Datei
FirewallRules: [{6D1F0FD3-E284-4E19-B9EC-693D2EBEF027}] => (Allow) D:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [Datei ist nicht signiert]
FirewallRules: [{631B9242-B51B-480F-81ED-2FEB1CD4618D}] => (Allow) D:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [Datei ist nicht signiert]
FirewallRules: [{479B856A-B0BA-4DB9-B8C6-AD13A05CB1EA}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe => Keine Datei
FirewallRules: [{483EB5A4-DE28-41CA-A694-FD00B0CEDBDA}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe => Keine Datei
FirewallRules: [{0A9FFCF2-250F-4DEB-8789-049CF122EC6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{278334CA-6B78-4A37-A33D-C38B0EAAEE98}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{ABD6A5AA-B963-472B-B24A-609ACB65313A}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{50E844BA-BE03-4C2C-AAA7-0736568A9C84}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{20695CD1-66CB-4D92-A5D3-EB431E03AC3F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C12D516D-F526-4C69-83AE-419DFE0230B2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CBDF9D1C-3657-41A7-918A-E840F22FECB1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8CA0F7ED-6BA8-45DD-9C13-71A25B413FB7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A3BF21C1-0079-4022-A4BF-18C513F52E56}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{519EB553-52CA-4455-B16C-FA1E2AB336CD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9F1B7025-D8C1-4D30-A94F-4E4577A51830}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{771EE277-4F5D-4CB6-9F47-872722398E73}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{A93E7D19-F23E-4FD8-86E7-70AD37F8C47B}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{0E5D29F1-E895-4039-83D5-9374D05ED0D7}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{89B29752-2DD5-43D0-9BC4-7B05F03CB7B8}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (10/13/2020 08:20:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm FRST64.exe Version 11.10.2020.0 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3100
Startzeit: 01d6a18d34b43f19
Beendigungszeit: 4294967295
Anwendungspfad: C:\Users\Azad\Downloads\FRST64.exe
Bericht-ID: 92e58ba0-3219-4a81-a64c-77dd071d467f
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Top level window is idle
Error: (10/13/2020 07:11:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AnyTransToolHelper.exe, Version: 1.2.0.0, Zeitstempel: 0x5f816088
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.488, Zeitstempel: 0x5b4a3325
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000023e49
ID des fehlerhaften Prozesses: 0x29e8
Startzeit der fehlerhaften Anwendung: 0x01d6a183f4d050a3
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: d6caf0cc-5616-4ade-a04f-0012f0ba4551
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/13/2020 07:11:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: AnyTransToolHelper.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
bei ToolsHelper.Tool.CommonTools.iTunesFolderPath(FolderType)
bei ToolsHelper.RegisterInfo.SoftwareInfo.GetSystemiTunesVersion()
bei ToolsHelper.RegisterInfo.SoftwareInfo.InitProgramInfo()
bei ToolsHelper.RegisterInfo.SoftwareInfo.getInstence()
bei AdvertisManager.App.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1_0(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei AdvertisManager.App.Main()
Error: (10/13/2020 07:11:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Name des fehlerhaften Moduls: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000757a
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0x01d6a183e6c3adb8
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Berichtskennung: 869ec204-b438-475b-a259-b62b12e3dde4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/13/2020 06:30:57 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-VOMS6S7)
Description: Produkt: iTunes -- Mindestens ein Benutzer auf diesem Computer hat iTunes aus dem Microsoft Store installiert. Alle Benutzer müssen iTunes deinstallieren, bevor diese Installation fortgesetzt werden kann.
Error: (10/13/2020 06:21:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Name des fehlerhaften Moduls: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000757a
ID des fehlerhaften Prozesses: 0xcc8
Startzeit der fehlerhaften Anwendung: 0x01d6a17ce146e62e
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Berichtskennung: ebcc4aad-58f5-4041-b4fb-808e477a6843
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/13/2020 06:09:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm FRST64.exe Version 28.7.2015.0 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11fc
Startzeit: 01d6a179f208c1e7
Beendigungszeit: 4294967295
Anwendungspfad: C:\Users\Azad\Downloads\FRST64.exe
Bericht-ID: fcda25a2-a930-4214-bf99-3dfe47d2c776
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Top level window is idle
Error: (10/13/2020 05:51:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Name des fehlerhaften Moduls: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000757a
ID des fehlerhaften Prozesses: 0xed0
Startzeit der fehlerhaften Anwendung: 0x01d69a5e5dc16b5e
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Berichtskennung: c6ae7828-1c3d-4f89-9f72-53fc83d5660b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (10/13/2020 07:11:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RelevantKnowledge" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/13/2020 07:11:35 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (10/13/2020 07:11:35 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (10/13/2020 07:10:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VOMS6S7)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/13/2020 07:10:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VOMS6S7)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/13/2020 07:10:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VOMS6S7)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/13/2020 07:10:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VOMS6S7)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/13/2020 07:10:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VOMS6S7)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Windows Defender:
===================================
Date: 2020-10-13 20:20:40.7830000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; service:_RelevantKnowledge; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Users\Azad\Desktop\FRST64.exe
Sicherheitsversion: AV: 1.325.698.0, AS: 1.325.698.0, NIS: 1.325.698.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 20:18:49.9380000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; service:_RelevantKnowledge; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Users\Azad\Downloads\FRST64.exe
Sicherheitsversion: AV: 1.325.698.0, AS: 1.325.698.0, NIS: 1.325.698.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 18:32:24.8260000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; service:_RelevantKnowledge; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Users\Azad\Downloads\FRST64.exe
Sicherheitsversion: AV: 1.325.698.0, AS: 1.325.698.0, NIS: 1.325.698.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 18:02:10.6600000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Users\Azad\Downloads\FRST64.exe
Sicherheitsversion: AV: 1.325.683.0, AS: 1.325.683.0, NIS: 1.325.683.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 17:55:28.8990000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {AA50B20B-DE2A-4F8D-9AA5-402FFA8CF44F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: DESKTOP-VOMS6S7\Azad
CodeIntegrity:
===================================
Date: 2020-10-12 23:25:13.5400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:20:13.5400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:15:13.5450000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:10:13.5450000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:05:13.5540000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:00:13.5520000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 22:55:13.5460000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 22:50:13.5520000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. F4 04/03/2018
Hauptplatine: Gigabyte Technology Co., Ltd. Z370P D3-CF
Prozessor: Intel(R) Core(TM) i3-8350K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 8143.74 MB
Verfügbarer physikalischer RAM: 3515.1 MB
Summe virtueller Speicher: 15055.74 MB
Verfügbarer virtueller Speicher: 7945.19 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.19 GB) (Free:26.92 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.5 GB) (Free:501.81 GB) NTFS
\\?\Volume{6302f23b-433f-4f8a-bb8e-e11062a5c296}\ (Wiederherstellung) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{edc8b298-85c3-411b-a79d-be6304fa5b79}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
13.10.2020, 19:49
| #6 |
| /// TB-Ausbilder | Misleading:Win32/Lodi Virus? Schritt 1 Die folgenden Programme sind veraltet, stören die Bereinigung oder es handelt sich um Werbesoftware bzw. unerwünschte Software (Adware, PUP) und müssen entfernt werden.
Schritt 2 Führe Malwarebytes' AntiMalware (MBAM) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 3 Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 4
Bitte poste mit deiner nächsten Antwort:
|
|
13.10.2020, 20:28
| #7 |
| | Misleading:Win32/Lodi Virus? Die 1-chip click Deinstallation hat ohne Probleme geklappt. Hier die Logs: ADW-Cleaner Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-13-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 11
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\Users\Azad\AppData\Local\Temp\DMR
***** [ Files ] *****
Deleted C:\END
Deleted C:\Users\Azad\Favorites\Booking.com.url
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{29D3AE4A-F4BF-4544-8E67-47E5FD36C61A}C:\program files (x86)\relevantknowledge\rlvknlg.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{6B5CA01F-5584-4335-A5DD-2D562070E1AF}C:\program files (x86)\relevantknowledge\rlvknlg.exe
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2547 octets] - [13/10/2020 21:19:47]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 13.10.20
Scan-Zeit: 21:15
Protokolldatei: 654c8fa0-0d88-11eb-b1dc-e0d55ea32f2e.json
-Softwaredaten-
Version: 4.2.1.89
Komponentenversion: 1.0.1061
Version des Aktualisierungspakets: 1.0.31298
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19041.508)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-VOMS6S7\Azad
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 329863
Erkannte Bedrohungen: 23
In die Quarantäne verschobene Bedrohungen: 23
Abgelaufene Zeit: 1 Min., 49 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 8
PUP.Optional.MarketScore, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RelevantKnowledge, In Quarantäne, 3574, 171225, , , , , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , ,
PUP.Optional.Conduit, HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, 1.0.31298, , ame, , ,
PUP.Optional.RelevantKnowledge, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\rlvknlg_RASAPI32, In Quarantäne, 1127, 184776, 1.0.31298, , ame, , ,
PUP.Optional.RelevantKnowledge, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\rlvknlg_RASMANCS, In Quarantäne, 1127, 184776, 1.0.31298, , ame, , ,
PUP.Optional.ChipDe, HKLM\SYSTEM\SETUP\FIRSTBOOT\SERVICES\chip1click, In Quarantäne, 9632, 567244, 1.0.31298, , ame, , ,
PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, In Quarantäne, 9632, 463412, 1.0.31298, , ame, , ,
Registrierungswert: 4
PUP.Optional.Conduit, HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, 139, 236865, 1.0.31298, , ame, , ,
PUP.Optional.Conduit, HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, In Quarantäne, 139, 236865, 1.0.31298, , ame, , ,
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{479B856A-B0BA-4DB9-B8C6-AD13A05CB1EA}, In Quarantäne, 1127, 257573, 1.0.31298, , ame, , ,
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{483EB5A4-DE28-41CA-A694-FD00B0CEDBDA}, In Quarantäne, 1127, 257573, 1.0.31298, , ame, , ,
Registrierungsdaten: 1
PUP.Optional.Conduit, HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Ersetzt, 139, 293058, 1.0.31298, , ame, , ,
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 2
PUP.Optional.MarketScore, C:\PROGRAM FILES (X86)\RELEVANTKNOWLEDGE, In Quarantäne, 3574, 171225, 1.0.31298, , ame, , ,
PUP.Optional.MarketScore, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\RELEVANTKNOWLEDGE, In Quarantäne, 3574, 171863, 1.0.31298, , ame, , ,
Datei: 8
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\nscf.dat, In Quarantäne, 3574, 171225, , , , , 4F9CB0BCC437632702310BF0A2CCB740, 81A1AA1AA5FC9EFB2C00DC02D0006643B17E31F395F6782155AE6AB583135833
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\readme.txt, In Quarantäne, 3574, 171225, , , , , 008D2F284D131F088A739F75A8D06E0A, 5EE58FE1BC6D06E45F375170DE5230445522AC653105F96FB4FD763D1EFFC4AC
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\rloci.bin, In Quarantäne, 3574, 171225, , , , , B7E1DD56AB14E2E98CEDE89FC7931D70, BE966C1F1E86C4E80711179D4A94059AA7CFF6442F404A4F4C4A6F86CA55549C
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\rlph.dll, In Quarantäne, 3574, 171225, , , , , 9FDDE0639C3C7CBD6BEA0CAB153EF946, 283AA9CCED3168BE62D1343EF4E2E1A20BCF5737D1031395153D659E19F970A3
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\rlservice.exe, In Quarantäne, 3574, 171225, , , , , 17FC9A65AF9387B131E1644BA73601AD, 5F23B2ADF6ED61F485827ABB25590AD6EBDFB2F6BADD64BECC4D641678FB70F6
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe, In Quarantäne, 3574, 171225, , , , , AEAA88B9B7A1A408B377FE1F998DEB49, 8C612ABE9EE482CEA324210AAAB1F86C9187FA80375C43D92C36B7F7D46D8F09
PUP.Optional.ChipDe, C:\USERS\AZAD\DOWNLOADS\ANYTRANS-88-NEW-DE-SETUP - CHIP-INSTALLER.EXE, In Quarantäne, 9632, 562568, 1.0.31298, , ame, , 3A571A575C780A1522E71FCF2AF3E67A, 2E8D0DD946C70D68DE56FA21A71A852DE5C1A6211CC19AA7CA47C72D6E709AFE
PUP.Optional.ChipDe, C:\USERS\AZAD\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{3BD9A53F-F9BC-44DF-B0FA-6DD88C79F92A}\CHIP INSTALLER.MSI, In Quarantäne, 9632, 557991, 1.0.31298, , ame, , DD85FF75F142CFA6B7DD7955DC5914F0, C26A8FF8AD1FC72873EB7C975214D9DD0CD5EE8AFD663E662136677ADB5579FE
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2020
durchgeführt von Azad (Administrator) auf DESKTOP-VOMS6S7 (Gigabyte Technology Co., Ltd. Z370P D3) (13-10-2020 21:25:05)
Gestartet von C:\Users\Azad\Desktop
Geladene Profile: Azad
Platform: Windows 10 Pro Version 2004 19041.508 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\ProgramData\iMobieDNA\AppleDriver\AppleMobileDeviceProcess.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Electronic Arts, Inc. -> Electronic Arts) D:\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(iMobie Inc. -> iMobie Inc.) C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.23741.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Skillbrains) [Datei ist nicht signiert] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [638352 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [407440 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2720256 2020-10-10] (iMobie Inc. -> iMobie Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Steam] => C:\Steam\steam.exe [3416352 2020-10-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Discord] => C:\Users\Azad\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Spotify] => C:\Users\Azad\AppData\Roaming\Spotify\Spotify.exe [22824680 2020-05-22] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [com.blitz.app] => C:\Users\Azad\AppData\Local\Blitz\Update.exe [1921680 2020-04-07] (Swift Media Entertainment, Inc. -> Blitz Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2720256 2020-10-10] (iMobie Inc. -> iMobie Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [AnyTransToolHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe [580608 2020-10-10] (iMobie Inc. -> iMobie Inc.)
HKLM\...\Windows x64\Print Processors\Epson Inkjet: C:\Windows\System32\spool\prtprocs\x64\EP0NPP01.DLL [38912 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\Windows\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet 4630 series): C:\Windows\system32\HPDiscoPMC611.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.75\Installer\chrmstp.exe [2020-10-13] (Google LLC -> Google LLC)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02BF6FDC-843B-49B1-9389-7D7FB346351F} - System32\Tasks\Agent Activation Runtime\S-1-5-21-4008508967-1143171168-3858184327-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-08-11] (Microsoft Windows -> )
Task: {0CFF5E86-1EE8-4870-86F4-721D83AA7D7A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {185599E2-D932-45EF-B67E-D69371DC73D2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3B5C156D-7B8E-4374-8F09-6AE999304CFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-22] (Google Inc -> Google LLC)
Task: {3F417CC7-FF24-4B0A-9552-07EBB64FFF14} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-13] (Adobe Inc. -> Adobe)
Task: {3FE450AE-DBA1-4B4C-B564-C7284F85DB15} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {3FF22648-45C1-4760-812A-F2864F592182} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {40367766-4252-4850-B197-5BEBA523AAFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {45D066AB-B633-45C0-BDFD-3707FD8FEA07} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {47AC3806-A459-40C1-8475-B9E4A60E6FE3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
Task: {5D5A6928-14BC-4739-B3AA-197AE90720D0} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {7739174D-35B8-4A0C-9C74-E69F340AF0DE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F50782E-6D80-41E6-8569-B825B72AFC39} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F51EDB9-9509-496A-AF41-8A240DF1D80E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {821A8699-93C8-4F50-9A17-1BA7E638849C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-22] (Google Inc -> Google LLC)
Task: {A46E6974-4A55-49FF-8C11-F82FAA39B298} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A8136268-4BBA-44DA-87FA-173972FB8DBF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {AF093467-08D1-4C35-8BCE-A07FC602F119} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C361A712-4DF9-45CA-8BB8-ADB249135309} - System32\Tasks\update-S-1-5-21-4008508967-1143171168-3858184327-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {C9E60819-F104-4173-9EDB-AC7D46858558} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8EAF912-9D8C-4691-AE2D-E6219ED89A63} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [664784 2020-10-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {DE2A5B04-55D9-4E4A-9870-CEAF98E41CBB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1833D1B-4BD0-4CA1-8061-6F80E3B54E3B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FDA30F1D-5CB3-4D2D-B8A6-62CA074736EC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4008508967-1143171168-3858184327-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d7c8a815-ac65-4c33-bc3f-70bb13fdd9e7}: [DhcpNameServer] 192.168.0.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Azad\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-13]
FireFox:
========
FF DefaultProfile: 6uu47y6w.default
FF ProfilePath: C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default [2020-10-13]
FF NewTab: Mozilla\Firefox\Profiles\6uu47y6w.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=CH180901FF&iDate=2020-09-09 04:09:01&bName=&bitmask=0600
FF Notifications: Mozilla\Firefox\Profiles\6uu47y6w.default -> hxxps://www.lieferando.de
FF Extension: (MyJDownloader Browser Erweiterung) - C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2020-10-03] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-09-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default [2020-10-12]
CHR Extension: (Präsentationen) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-22]
CHR Extension: (Docs) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-22]
CHR Extension: (Google Drive) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-22]
CHR Extension: (YouTube) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-22]
CHR Extension: (Tabellen) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-22]
CHR Extension: (Google Mail) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-28]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-06] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-02-28] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7185288 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2519864 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3473216 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2020-07-10] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5097896 2020-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13109264 2020-06-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 VBoxSDS; D:\Virtual Box\VBoxSDS.exe [744968 2020-06-04] (Oracle Corporation -> Oracle Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare UniConverter (Desktop Deutsch)\Transfer\DriverInstall.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [254528 2018-11-26] (DT Soft Ltd -> DT Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-10-13] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217592 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-10-13] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197280 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73880 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131232 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [237832 2020-06-04] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [247232 2020-06-04] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-10-13 21:25 - 2020-10-13 21:25 - 000024122 _____ C:\Users\Azad\Desktop\FRST.txt
2020-10-13 21:21 - 2020-10-13 21:21 - 000197280 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-10-13 21:21 - 2020-10-13 21:21 - 000131232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-10-13 21:21 - 2020-10-13 21:21 - 000073880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-10-13 21:19 - 2020-10-13 21:20 - 000000000 ____D C:\AdwCleaner
2020-10-13 21:19 - 2020-10-13 21:19 - 008447152 _____ (Malwarebytes) C:\Users\Azad\Downloads\adwcleaner_8.0.8.exe
2020-10-13 21:18 - 2020-10-13 21:18 - 000005650 _____ C:\Users\Azad\Desktop\mbam.txt
2020-10-13 21:14 - 2020-10-13 21:14 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-10-13 21:14 - 2020-10-13 21:14 - 000217592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-10-13 21:14 - 2020-10-13 21:14 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-10-13 21:14 - 2020-10-13 21:14 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-10-13 21:14 - 2020-10-13 21:14 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-10-13 21:14 - 2020-10-13 21:14 - 000000000 ____D C:\Users\Azad\AppData\Local\mbam
2020-10-13 21:13 - 2020-10-13 21:13 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-10-13 21:13 - 2020-10-13 21:13 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-10-13 21:13 - 2020-10-13 21:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-10-13 21:13 - 2020-10-13 21:13 - 000000000 ____D C:\Program Files\Malwarebytes
2020-10-13 21:12 - 2020-10-13 21:12 - 002041448 _____ (Malwarebytes) C:\Users\Azad\Desktop\MBSetup.exe
2020-10-13 20:30 - 2020-10-13 20:30 - 000000000 ____D C:\Users\Azad\Documents\AnyTrans-Exportieren-20201013(3)
2020-10-13 20:25 - 2020-10-13 20:25 - 000000000 ____D C:\Users\Azad\Documents\AnyTrans-Exportieren-20201013(2)
2020-10-13 20:17 - 2020-10-13 20:17 - 002299392 _____ (Farbar) C:\Users\Azad\Desktop\FRST64.exe
2020-10-13 19:20 - 2020-10-13 19:20 - 000000000 ____D C:\Users\Azad\Documents\AnyTrans-Exportieren-20201013(1)
2020-10-13 19:17 - 2020-10-13 19:17 - 000000000 ____D C:\Users\Azad\Documents\AnyTrans-Exportieren-20201013
2020-10-13 19:16 - 2020-10-13 19:16 - 000001199 _____ C:\Users\Public\Desktop\AnyTrans.lnk
2020-10-13 19:16 - 2020-10-13 19:16 - 000001199 _____ C:\ProgramData\Desktop\AnyTrans.lnk
2020-10-13 18:58 - 2020-10-13 18:58 - 007839912 _____ (iMobie Inc.) C:\Users\Azad\Downloads\anytrans-ios-new-en-setup.exe
2020-10-13 18:53 - 2020-10-13 18:53 - 000000000 ____D C:\Users\Public\Thunder Network
2020-10-13 18:53 - 2020-10-13 18:53 - 000000000 ____D C:\ProgramData\Thunder Network
2020-10-13 18:01 - 2020-10-13 21:25 - 000000000 ____D C:\FRST
2020-10-09 19:25 - 2020-10-09 19:25 - 000000000 ____D C:\Users\Azad\AppData\Local\AVGame
2020-10-05 16:10 - 2020-10-05 16:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2020-10-04 15:57 - 2020-10-04 15:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-10-04 12:59 - 2020-10-04 16:55 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-09-28 20:55 - 2020-09-28 20:55 - 000000000 ____D C:\WINDOWS\LastGood
2020-09-28 20:52 - 2020-09-26 01:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 002097560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 001585048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 001506200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 001160600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000815856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000811248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000674200 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000670104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000555928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000540912 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 007705320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 006859152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 004174736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 002509200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 001733008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445655.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 001482984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445655.dll
2020-09-28 20:52 - 2020-09-26 01:35 - 005964496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-09-28 18:00 - 2020-09-28 18:12 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2020-09-28 17:49 - 2020-09-28 17:49 - 000000768 _____ C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
2020-09-28 17:49 - 2020-09-28 17:49 - 000000768 _____ C:\ProgramData\Desktop\Die Schlacht um Mittelerde™ II.lnk
2020-09-28 17:49 - 2020-09-28 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2020-09-28 17:44 - 2020-09-28 17:45 - 000000000 ____D C:\Users\Azad\AppData\Roaming\DAEMON Tools Lite
2020-09-28 17:44 - 2020-09-28 17:45 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2020-09-28 17:44 - 2020-09-28 17:44 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2020-09-25 11:17 - 2020-10-08 16:31 - 000000000 ____D C:\Users\Azad\Desktop\Logos
2020-09-23 14:09 - 2020-09-23 14:09 - 000000000 ____D C:\Users\Azad\AppData\Local\Epic Games
2020-09-17 18:23 - 2020-09-17 18:24 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2020-09-17 18:20 - 2020-09-15 00:13 - 000038816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2020-09-16 17:28 - 2020-09-16 17:28 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2020-09-16 17:27 - 2020-10-09 15:31 - 000000000 ____D C:\Users\Azad\Documents\Mount and Blade II Bannerlord
2020-09-13 16:33 - 2020-09-13 16:33 - 000000000 ____D C:\Users\Azad\AppData\LocalLow\Innersloth
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-10-13 21:23 - 2020-08-11 21:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-13 21:23 - 2020-08-11 21:58 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-13 21:23 - 2018-08-27 18:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-10-13 21:21 - 2020-09-04 11:26 - 000000000 ___RD C:\Users\Azad\iCloudDrive
2020-10-13 21:21 - 2020-08-11 21:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-13 21:21 - 2020-07-07 23:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-10-13 21:21 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-13 21:21 - 2018-08-27 14:08 - 000000000 ____D C:\Users\Azad\AppData\LocalLow\Mozilla
2020-10-13 21:20 - 2020-08-11 21:53 - 000008192 ___SH C:\DumpStack.log.tmp
2020-10-13 21:20 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-13 21:18 - 2020-08-11 21:57 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-13 21:18 - 2019-12-07 16:51 - 000743686 _____ C:\WINDOWS\system32\perfh007.dat
2020-10-13 21:18 - 2019-12-07 16:51 - 000150108 _____ C:\WINDOWS\system32\perfc007.dat
2020-10-13 21:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2020-10-13 21:13 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-10-13 21:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-10-13 21:10 - 2019-11-07 19:41 - 000000000 ____D C:\Users\Azad\AppData\Local\Battle.net
2020-10-13 20:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-13 19:08 - 2020-08-11 21:58 - 000004640 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-10-13 19:08 - 2019-12-07 11:18 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-10-13 19:08 - 2019-12-07 11:18 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-13 19:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-10-13 19:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-10-13 19:03 - 2020-09-04 13:14 - 000000000 ____D C:\Users\Azad\AppData\Roaming\vlc
2020-10-13 18:58 - 2020-09-04 19:02 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Apple Computer
2020-10-13 18:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-13 18:58 - 2018-08-27 13:28 - 000000000 ____D C:\Users\Azad\AppData\Local\PlaceholderTileLogoFolder
2020-10-13 18:58 - 2018-08-24 18:32 - 000000000 ____D C:\Users\Azad\AppData\Local\Packages
2020-10-13 18:28 - 2020-08-14 13:51 - 000000000 ____D C:\Users\Azad\AppData\Local\Bluestacks
2020-10-13 18:27 - 2018-09-22 21:43 - 000000000 ____D C:\Program Files\Rockstar Games
2020-10-13 18:27 - 2018-09-22 21:43 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-10-13 18:13 - 2020-09-04 19:09 - 000000000 ____D C:\Users\Azad\AppData\Roaming\iMobie
2020-10-13 17:28 - 2020-08-11 21:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-13 17:17 - 2019-10-22 17:54 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-13 17:17 - 2019-10-22 17:54 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-13 17:17 - 2019-10-22 17:54 - 000002252 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-13 12:24 - 2018-08-28 20:11 - 000000000 ____D C:\Users\Azad\AppData\Local\D3DSCache
2020-10-12 23:26 - 2018-08-28 20:01 - 000000000 ____D C:\Steam
2020-10-10 20:28 - 2019-11-10 18:08 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Discord
2020-10-10 19:49 - 2019-08-27 17:25 - 000000000 ____D C:\Users\Azad\AppData\Roaming\TS3Client
2020-10-10 17:27 - 2019-11-10 18:08 - 000002232 _____ C:\Users\Azad\Desktop\Discord.lnk
2020-10-10 17:27 - 2019-11-10 18:08 - 000000000 ____D C:\Users\Azad\AppData\Local\Discord
2020-10-10 16:26 - 2020-03-17 17:47 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-10-10 12:31 - 2019-11-07 19:50 - 000000569 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2020-10-10 12:31 - 2019-11-07 19:50 - 000000569 _____ C:\ProgramData\Desktop\Hearthstone.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 000002257 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 000002257 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-10-09 19:25 - 2018-08-28 21:21 - 000000000 ____D C:\Users\Azad\AppData\Local\UnrealEngine
2020-10-07 11:09 - 2018-08-24 18:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-06 15:55 - 2020-08-27 15:44 - 000000000 ____D C:\Users\Azad\Documents\Soundaufnahmen
2020-10-04 16:55 - 2018-08-27 14:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-04 15:57 - 2018-08-27 14:08 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-09-30 17:44 - 2020-09-04 19:11 - 000000000 ____D C:\Users\Azad\Documents\Temp
2020-09-29 22:02 - 2020-03-20 18:18 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Origin
2020-09-29 22:02 - 2020-03-20 18:18 - 000000000 ____D C:\ProgramData\Origin
2020-09-29 19:34 - 2020-03-20 18:18 - 000000000 ____D C:\Users\Azad\AppData\Local\Origin
2020-09-27 22:23 - 2019-11-24 21:26 - 000000000 ____D C:\Users\Azad\AppData\Local\ElevatedDiagnostics
2020-09-27 19:48 - 2018-08-27 17:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-09-27 19:46 - 2018-08-27 17:49 - 129170736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-09-26 01:35 - 2020-07-10 08:54 - 006992184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-09-25 10:09 - 2019-02-04 22:21 - 000000000 ____D C:\ProgramData\Mozilla
2020-09-25 00:55 - 2020-07-10 08:54 - 000058630 _____ C:\WINDOWS\system32\nvinfo.pb
2020-09-24 22:26 - 2018-08-27 18:00 - 005510456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 002635752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 001759032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000990520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000195560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000122344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000083256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2020-09-24 14:33 - 2020-08-11 21:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-09-24 14:32 - 2019-01-29 14:20 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-23 16:41 - 2020-06-05 21:02 - 000000081 _____ C:\Users\Azad\AppData\Local\.bidstack.fault
2020-09-22 16:09 - 2019-12-28 21:05 - 000000000 ____D C:\Users\Azad\Desktop\Uni neu
2020-09-17 18:24 - 2018-08-27 17:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-09-17 18:23 - 2018-08-27 18:01 - 000000000 ____D C:\Users\Azad\AppData\Local\NVIDIA
2020-09-17 18:23 - 2018-08-27 17:58 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-09-17 08:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-09-16 08:44 - 2018-08-27 18:00 - 009302127 _____ C:\WINDOWS\system32\nvcoproc.bin
2020-09-15 00:13 - 2020-07-10 08:54 - 001682368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2020-09-15 00:13 - 2020-07-10 08:54 - 000222112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2020-09-14 17:22 - 2018-12-07 12:43 - 000000000 ____D C:\Users\Azad\Documents\Paradox Interactive
2020-09-14 17:21 - 2019-12-18 15:08 - 000000000 ____D C:\Users\Azad\AppData\Local\Paradox Interactive
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2020-06-05 21:02 - 2020-09-23 16:41 - 000000081 _____ () C:\Users\Azad\AppData\Local\.bidstack.fault
2018-09-24 22:53 - 2018-09-24 22:53 - 000000003 _____ () C:\Users\Azad\AppData\Local\updater.log
2018-09-24 22:53 - 2018-09-24 22:53 - 000000425 _____ () C:\Users\Azad\AppData\Local\UserProducts.xml
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
13.10.2020, 20:28
| #8 |
| | Misleading:Win32/Lodi Virus? Hier noch die Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-10-2020
durchgeführt von Azad (13-10-2020 21:25:54)
Gestartet von C:\Users\Azad\Desktop
Windows 10 Pro Version 2004 19041.508 (X64) (2020-08-11 19:58:54)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4008508967-1143171168-3858184327-500 - Administrator - Disabled)
Azad (S-1-5-21-4008508967-1143171168-3858184327-1001 - Administrator - Enabled) => C:\Users\Azad
DefaultAccount (S-1-5-21-4008508967-1143171168-3858184327-503 - Limited - Disabled)
Gast (S-1-5-21-4008508967-1143171168-3858184327-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4008508967-1143171168-3858184327-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version: - Ubisoft)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 8.7.0.0 - iMobie Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.4.5 - Electronic Arts, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Citrix Receiver 4.12 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.12.0.18020 - Citrix Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Discord (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{04DDD9BF-6B7B-4858-9AA4-D3C868169D70}) (Version: 1.1.163.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.75 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Officejet 4630 series - Grundlegende Software für das Gerät (HKLM\...\{3566FFED-696A-4260-8F12-073426CAC951}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 8 Update 261 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Malwarebytes version 4.2.1.89 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.1.89 - Malwarebytes)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.38 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.41 - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\OneDriveSetup.exe) (Version: 20.143.0716.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 81.0.1 (x64 de) (HKLM\...\Mozilla Firefox 81.0.1 (x64 de)) (Version: 81.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Grafiktreiber 456.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.55 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Online Plug-in (HKLM-x32\...\{2E9881CA-E41C-45E5-8055-61A4CC1BF93F}) (Version: 14.12.0.18020 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 6.1.10 (HKLM\...\{06BC3E95-3646-43EA-A78A-0E7D59776B2C}) (Version: 6.1.10 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.84.43868 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{2025DAA7-0653-4F18-B66F-900E6F2320EC}) (Version: 4.2.13 - dotPDN LLC)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Self-Service Plug-in (HKLM-x32\...\{7A029AB7-8CC4-4FE8-904F-A090248C1BC7}) (Version: 4.12.0.18013 - Citrix Systems, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Shotcut (HKLM-x32\...\Shotcut) (Version: 20.07.11 - Meltytech, LLC)
Spotify (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Spotify) (Version: 1.1.33.569.gced9e0f5 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 4630 series (HKLM\...\{3917CF9F-DF46-406E-B524-CA0F150C70D7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
TeamSpeak 3 Client (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\TeamSpeak 3 Client) (Version: 3.3.1 - TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.7.6 - TeamViewer)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 97.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.60 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_120.1.741.0_x64__v10z8vjag6ke6 [2020-10-09] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa [2020-10-06] (Apple Inc.) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa [2020-10-13] (Apple Inc.) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-18] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-20] (Microsoft Studios) [MS Ad]
OttPlayer -> C:\Program Files\WindowsApps\36375artemxk.OttPlayer_3.0.9.0_x64__agwaveq3mr4ra [2019-10-05] (Ottplayer)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2019-12-02] (Realtek Semiconductor Corp)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{0C6F11A4-7679-4786-9AC6-A7EFE6E9C6AC} -> [iCloud Drive] => C:\Users\Azad\iCloudDrive [2020-09-04 11:26]
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{DD41CDAD-A293-4701-A5D5-635C3E1E7BCE} -> [iCloud-Fotos] => C:\Users\Azad\Pictures\iCloud Photos\Photos [2020-09-04 11:26]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-09-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-10-13 18:59 - 2017-09-04 05:52 - 000089600 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\iMobie\AnyTrans\zlib1.dll
2020-10-13 18:59 - 2019-03-25 03:59 - 001353216 _____ (Robert Simpson, et al.) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\iMobie\AnyTrans\System.Data.SQLite.dll
2018-09-24 22:53 - 2017-05-23 14:59 - 000494080 _____ (Skillbrains) [Datei ist nicht signiert] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-09-24 22:53 - 2017-05-23 14:59 - 000256000 _____ (Skillbrains) [Datei ist nicht signiert] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] D:\Origin\LIBEAY32.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] D:\Origin\ssleay32.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 001611264 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\platforms\qwindows.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 005487104 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Core.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 005841920 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Gui.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 001179136 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Network.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 000146432 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5WebSockets.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 005089792 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Widgets.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 000184832 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [233]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
Network Binding:
=============
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "com.blitz.app"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{E3072E74-5B92-4DF4-AD01-9FD4286B27EB}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [Datei ist nicht signiert]
FirewallRules: [{FAA5821C-798C-45DF-BB0D-BA991A60CFCB}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{B1D71255-ED3E-48D7-81B0-48B57871CC0D}D:\for honor\forhonor\forhonor.exe] => (Allow) D:\for honor\forhonor\forhonor.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [TCP Query User{F0C37F3C-3C4B-4124-A46E-70372104492D}D:\for honor\forhonor\forhonor.exe] => (Allow) D:\for honor\forhonor\forhonor.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [{E9B781FE-1C7C-4E83-9521-1658D5D04AA4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A3C70052-38FA-40C6-BAAB-BB4A03F0B887}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A0C51B4A-4263-46C3-84E1-8F93EA295AAA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{0C9B7725-FC84-4FE9-8F9B-8ABA5BCB281D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{8F768EE2-67E8-475B-BC49-42834B3F5660}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{11B44262-BA02-46F9-BC93-1CF36770FAFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{70AB6572-FEDB-49C7-B183-944887602EA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{74BA628A-E632-4EA7-999C-7C253524FEAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{95F66977-8669-483B-9253-44BF610C0D81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0AC86B64-1031-4C5A-97AC-497F9D2DFF5A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BD6065D2-3A62-43E5-B8CD-829D3308BC4C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8A1AA8B3-CFF2-4BBC-8D80-D2483C2E7128}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{29D1FACE-7179-4C5A-9100-3289BD92519B}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020\fm.exe (Sports Interactive) [Datei ist nicht signiert]
FirewallRules: [{12AD64FC-995E-42E3-96B0-0FC22436C30F}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020\fm.exe (Sports Interactive) [Datei ist nicht signiert]
FirewallRules: [{FD96E8AC-52DE-4198-8DC7-6C3427730B25}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020 Touch\fm.exe (Sports Interactive) [Datei ist nicht signiert]
FirewallRules: [{E4EC235D-D51C-4454-958A-E672AA3E99C0}] => (Allow) D:\SteamLibrary\steamapps\common\Football Manager 2020 Touch\fm.exe (Sports Interactive) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{7E1F7192-862E-43AD-826E-A160C325D7E7}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{C0A566D5-6A44-4EAC-8169-92DA8043A626}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{DFA919BB-E113-4EFA-8798-4DBBEA2C3520}D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{7EACBA78-8887-4259-9E08-F208B5B5C9EE}D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{1524B956-6F31-4165-94EC-3C5C783CBE9A}] => (Allow) D:\SteamLibrary\steamapps\common\DrugDealerSimulator\DrugDealerSimulator.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{C3396665-4B72-4F40-B7FB-3A0FEE4AB525}] => (Allow) D:\SteamLibrary\steamapps\common\DrugDealerSimulator\DrugDealerSimulator.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{D1B86358-DA7C-4719-8311-F4C39D3305C3}C:\users\azad\appdata\local\blitz\current\blitz.exe] => (Allow) C:\users\azad\appdata\local\blitz\current\blitz.exe => Keine Datei
FirewallRules: [TCP Query User{62C963D7-EB80-4815-882D-C01AFC1513C8}C:\users\azad\appdata\local\blitz\current\blitz.exe] => (Allow) C:\users\azad\appdata\local\blitz\current\blitz.exe => Keine Datei
FirewallRules: [UDP Query User{E1471F5F-56F7-4E94-A5F8-92B8F2E5DE88}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [TCP Query User{4783EF16-0D59-49A3-A227-C691AF16069C}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [{CAD58348-76F4-4283-A4A4-7882BF9C03B1}] => (Allow) D:\Epic Games\Neuer Ordner\AssassinsCreedSyndicate\ACS.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [UDP Query User{9D2DCAB1-70D1-4CFE-AB7C-1A19DEB862DE}D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{2ED5192A-DFEB-448B-BBAA-AEFDA1B741E6}D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) D:\epic games\neuer ordner\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{CB9F2C4F-B380-4FF9-8870-6D48A5E89C58}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{AC546CC2-BB03-436F-966C-0F26288B0253}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{8A9847F9-7948-41FA-9F9B-9E66E9CA534A}C:\users\azad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\azad\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D560649A-2FC8-4B12-A8BF-1DE9809C9C94}C:\users\azad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\azad\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{41937B1A-12C2-4F7A-9AF2-A37987CFF62A}D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{608EF86F-44B4-487A-BECF-2FE72AF09617}D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\addonweb.exe () [Datei ist nicht signiert]
FirewallRules: [{3B3104F6-18BB-43D0-8E32-D5B8E1C8D69C}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Addon.exe (Related Designs Software -> Related Designs)
FirewallRules: [{4A4F8EE7-B71C-42B3-99C3-9ABDD1396644}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Addon.exe (Related Designs Software -> Related Designs)
FirewallRules: [UDP Query User{1AE5F611-9AC0-4441-BCB0-66E299FE9712}D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{3494BB71-9C57-4D6E-8DB3-6E94ADE9F29A}D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe] => (Allow) D:\steamlibrary\steamapps\common\anno 1404\tools\anno4web.exe () [Datei ist nicht signiert]
FirewallRules: [{73518A6E-E7DC-4E04-AAAB-AB8C83A7CB26}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Anno4.exe (Related Designs Software -> Related Designs)
FirewallRules: [{76D3DCAB-1953-4E8F-9F75-705EE567C85C}] => (Allow) D:\SteamLibrary\steamapps\common\Anno 1404\Anno4.exe (Related Designs Software -> Related Designs)
FirewallRules: [UDP Query User{4619F886-4F68-439B-89CB-70549001BB3F}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{1C544330-824B-479A-8301-BDF4E68A70E1}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{E91D4330-43AC-443D-8104-942650F02CA4}C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe => Keine Datei
FirewallRules: [TCP Query User{14854362-9E08-415C-B17F-124D1FF5BD60}C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold crusader.exe => Keine Datei
FirewallRules: [UDP Query User{2EEE78B2-9CC5-47E0-A316-A558F0E255E0}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{043D41E6-9BDB-4CE0-AEB1-E03EBD985747}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{24BF8B22-3873-4490-BCAC-1131F61D9EF8}C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe => Keine Datei
FirewallRules: [TCP Query User{112C4554-EB13-4AA2-BC8D-FA36EC6AE79D}C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe] => (Allow) C:\users\azad\desktop\stronghold extreme\stronghold_crusader_extreme.exe => Keine Datei
FirewallRules: [UDP Query User{72D51374-4AAB-425F-866F-CEEA691E95B6}C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe => Keine Datei
FirewallRules: [TCP Query User{AAB2839F-B39B-4AF3-9994-F8EBA9280211}C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\azad\appdata\roaming\gameranger\gameranger\gameranger.exe => Keine Datei
FirewallRules: [UDP Query User{4BAA3985-58CC-4FA0-A70C-A7AD4FC04151}C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{E349909E-08A4-4570-9208-2B12764BEFB1}C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\azad\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{5D8CE50B-CF38-4FDB-9212-56C7A3CC7693}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{845207D8-BF51-4370-B581-EBFA27E73446}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{BD301243-55A0-4BD5-BAB3-B1C231A8B6E0}D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{936B4D0F-5ED4-4944-99C3-52C2B0023277}D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{5E4146AF-6DAC-4576-ABDE-D495114952B0}] => (Allow) C:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E8081CB2-2D44-4E11-94BC-5888D334E2F1}] => (Allow) C:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{59561CE0-74EB-4D84-9110-D585F99C315C}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{631D57AF-7A4B-4F54-9969-B4E63272832D}] => (Allow) C:\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [TCP Query User{13F02D4B-B782-4C20-B687-CC6E2128FF10}D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{AC3C3A75-9F70-4549-9ABF-A2E900B41ACD}D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{EC724891-14B9-49D9-AF92-4EF620F46303}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{24405C97-4FD9-4C96-A98F-993B967787A6}D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\epic games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{E4D2B5A7-1998-4E62-A05C-B2FD68D0F0CD}D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{D0398117-60B2-4FED-978D-F58DDED4BEC9}D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\neuer ordner\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{548BDBA8-9448-4AFE-BC41-79D8824A3F28}D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{B87C86B4-D220-4DF3-98A6-82C54F8BE7BA}D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{192626B8-2619-4F0B-8E07-E9F1975BCE70}D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{A772C778-9382-4879-8D41-D55092681BE3}D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{54FD40FB-88DC-456E-BED4-7A66B380805C}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{ADD023D1-C94C-4FA0-8E02-14F2071FBA9A}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1DCA88FE-5089-4C07-96D9-EA50EFF313CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8975E2FA-1AC8-4964-B751-55CB0CADA104}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{56BAF262-F694-4563-94DE-2A2624FE3D43}D:\rockstar games\gta5.exe] => (Allow) D:\rockstar games\gta5.exe => Keine Datei
FirewallRules: [UDP Query User{A8A76A5E-747E-4ADA-87FB-A012629C126B}D:\rockstar games\gta5.exe] => (Allow) D:\rockstar games\gta5.exe => Keine Datei
FirewallRules: [TCP Query User{180A4708-964B-4354-A79A-1D6071F19977}D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{216EB439-0D60-4446-9C8B-504A3E99AE7C}D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{5305BAF6-4AB7-4511-9B1E-947D36456E60}D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{6CBC0100-2800-444A-B4A5-F5C1A1D831FB}D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{17ED5974-0329-45B7-9920-5EAAAE3E6638}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [UDP Query User{E94F6B09-02FD-43D9-922E-19B422AE0ED7}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [TCP Query User{591FBF7B-AB78-49CB-98B5-A0631A25E2DA}D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{745A5971-A7B7-4768-864C-15584B77816E}D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{11DB3558-DA9A-4214-8218-53F990DF79BE}D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{72D0762D-952C-4BAB-94E5-5986C07594C2}D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{C0E614AE-2B6D-40E7-AB89-4594BB9236DF}D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{7D08E642-E568-4F1E-BBD1-A3B2061350C6}D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{2F01FEA2-83E8-4EA2-9C0B-8AC94A6607C5}D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{75F63616-E8EE-4D90-9839-4B4C8B0A9539}D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{31F4662C-755B-4992-A1D8-111344C8E5B2}] => (Allow) D:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [Datei ist nicht signiert]
FirewallRules: [{CDA08EF9-13E8-48B5-9A22-68095D4E6773}] => (Allow) D:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{DD8F03F8-C175-40D6-A416-E6DA2E6BD596}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{990F8A45-D33A-4BE1-807A-EEDE261A7A00}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{42E23857-B99F-4184-8BFA-CEE9CE9A8D53}D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{1018C756-7633-46AB-89FA-31029E600DB4}D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{BC1EBE38-51F9-4A21-971A-153061A90FAD}D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{CA68B9C0-1823-4420-8444-9EEA660A2432}D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{5F5A0686-9AC3-478E-9728-AA4D001EDED2}D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{A2A2F895-9C88-4A82-96D8-33BBD7554404}D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{91DE0F9E-9792-4E0A-AFB0-B7CD4C46A25C}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect64.exe () [Datei ist nicht signiert]
FirewallRules: [{8977750F-E4EC-43D9-B914-E8EEFF94B01E}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect64.exe () [Datei ist nicht signiert]
FirewallRules: [{BDDD6E72-C2AE-47E7-B1BD-CE0D918AC440}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe () [Datei ist nicht signiert]
FirewallRules: [{789E0965-86B7-4B1B-B517-A21659F9273B}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe () [Datei ist nicht signiert]
FirewallRules: [{7458818C-0CBE-432F-8D07-AA25301AAD53}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{866BC94E-4AB3-4036-816F-1B76705CAB47}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23104574-9369-4561-A577-3D43DEBD30CD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BAE5F8AB-C639-4E39-9326-A2087403B001}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A945F6F7-BC7A-47D0-BB38-05DAB451D73C}D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{8FCB744B-FE42-4B48-849C-082E7DAA02CA}D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{3DBB9303-F2E0-41C5-9700-C54E79FA39BF}D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{3F2A22B1-13BC-4B55-AAEB-F795F65B517B}D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{4C21BF61-B61F-43D0-A718-BA5D3CEFA867}D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{CB5D28B1-87EB-4E63-B307-46A4373069F2}D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{7AAC533B-1DEB-417B-967B-8AC598A149B7}] => (Allow) D:\SteamLibrary\steamapps\common\Hearts of Iron IV\hoi4.exe => Keine Datei
FirewallRules: [{ADD0CBDC-0770-4685-A53C-B06B2BDDBD33}] => (Allow) D:\SteamLibrary\steamapps\common\Hearts of Iron IV\hoi4.exe => Keine Datei
FirewallRules: [{DDCF984B-B9D8-4B53-99A6-782D0F4DD200}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{A32FA22F-B1F7-4158-A588-BE57238BDB9E}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [TCP Query User{8F9A17C8-B16D-434C-A790-7F3ECD51475E}D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{B31CAACD-F471-4805-B557-F815ECD03543}D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{58BBC1DE-CC8E-46BC-8396-10D9AEF3DE8A}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe => Keine Datei
FirewallRules: [UDP Query User{230A6C45-0996-4A13-9DB9-71DE44263FEB}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{7DFF88B9-0AEF-4A4C-947E-5B2FB34B5E3F}D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{74FF227E-4A07-4C22-A3D1-E7CE7A4FDB3A}D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.179\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{02E9DB68-A6A6-440E-945A-D743F64AA891}D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{C4A1A90A-25BA-4050-99A7-21A5836BA3F0}D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.180\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{49F30CD4-FFF8-4ED8-B3F6-697A1AE0CD3E}D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{6B1FDCE3-0AC4-4B78-8213-6A44C73FC606}D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.181\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{C50702A8-1BDF-4FDA-A115-FD999335359D}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{9E55D608-5294-425F-BD44-56FBD7E08E5C}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe => Keine Datei
FirewallRules: [{D2D50FA1-C746-4483-8577-D4274551D564}] => (Allow) C:\Users\Azad\AppData\Local\Temp\7zS1997\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{9B50D740-FF83-4416-ABB2-E209B1728D1D}] => (Allow) C:\Users\Azad\AppData\Local\Temp\7zS1997\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{E0936290-A35A-4887-9EE5-7F7C1386F4F6}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{6DDBFED2-2F1C-4E76-8210-B0185B8B9755}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{FA390014-E328-471B-9078-C633DBBF2E7E}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{8BF15F47-69B5-4C19-AE51-F26227CAFA33}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{44983211-6D5F-4EC5-8668-DBC14EE012D4}] => (Allow) LPort=5357
FirewallRules: [{2B5BA15D-1105-473F-A6FB-893948C872DC}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [TCP Query User{2ABA6CFA-E3B3-40C2-BF6B-411E67FA6AF0}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [UDP Query User{F41786ED-CE14-4C62-9D6D-8BBCE396AB7E}D:\teamspeak 3\ts3client_win64.exe] => (Allow) D:\teamspeak 3\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [TCP Query User{3CF1E806-1539-41DB-869E-8A5AF10B66B6}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe => Keine Datei
FirewallRules: [UDP Query User{C9CC3648-BD1E-4B62-8C92-1C6A9DC5C974}D:\java 64-bit\bin\javaw.exe] => (Allow) D:\java 64-bit\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{6209A15F-FEC0-40E2-BA3E-1D99862F87B3}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{26721667-1382-4D40-AD79-3E883679159B}D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.183\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{4B1E31A0-A8B6-4AB3-9BB5-79D4EC6783DD}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe => Keine Datei
FirewallRules: [UDP Query User{9B31DBE1-5B96-4219-B597-3E24923B7517}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{959F1188-6483-435E-AEA3-674B8D9CC12B}D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe => Keine Datei
FirewallRules: [UDP Query User{8329987B-B942-48BA-9BDF-B33B3316B6C9}D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe => Keine Datei
FirewallRules: [TCP Query User{88A1DC88-78E4-4D8C-AB00-93A2769186C7}D:\league of legends\game\league of legends.exe] => (Allow) D:\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{94C59246-0A05-43BF-A944-67EB114AD9E1}D:\league of legends\game\league of legends.exe] => (Allow) D:\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{34A0B69B-E274-4B58-90AC-840AF9BF79C6}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{9C8DC6AD-1F4A-454B-9239-E47FC86D8B3F}] => (Allow) D:\SteamLibrary\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{F4AA6159-27E8-4090-A30C-7BC5B54CC41E}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => Keine Datei
FirewallRules: [{F0A1D03C-1A6A-404B-ABD6-E13FDC02A411}] => (Allow) D:\DaVinci Resolve\Resolve.exe => Keine Datei
FirewallRules: [{92D0C4D0-A8C2-487C-B4DF-5123E3DB571D}] => (Allow) D:\DaVinci Resolve\bmdpaneld.exe => Keine Datei
FirewallRules: [{79024853-EA4B-46E1-95DA-76A2BE34085A}] => (Allow) D:\DaVinci Resolve\DaVinciPanelDaemon.exe => Keine Datei
FirewallRules: [{8D11590B-880E-4D0E-A48E-52780A5CE1CB}] => (Allow) D:\DaVinci Resolve\JLCooperPanelDaemon.exe => Keine Datei
FirewallRules: [{7A09F9E5-6783-45A2-B5C8-84FA81327042}] => (Allow) D:\DaVinci Resolve\EuphonixPanelDaemon.exe => Keine Datei
FirewallRules: [{A808380D-0C15-4E40-BD54-B60D6E472159}] => (Allow) D:\DaVinci Resolve\TangentPanelDaemon.exe => Keine Datei
FirewallRules: [{C872148B-3CD3-4896-A344-367A08CC65C3}] => (Allow) D:\DaVinci Resolve\ElementsPanelDaemon.exe => Keine Datei
FirewallRules: [{CE1E1B50-FB0D-4582-BF5C-3E93AC450E15}] => (Allow) D:\DaVinci Resolve\OxygenPanelDaemon.exe => Keine Datei
FirewallRules: [{CDC4D5F5-A6A7-4B8B-8CA5-915CC8714088}] => (Allow) D:\DaVinci Resolve\DPDecoder.exe => Keine Datei
FirewallRules: [{E807049B-F9A7-4436-88AD-D93F9E32DDEA}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => Keine Datei
FirewallRules: [TCP Query User{1BE5EE15-E87A-4528-8D21-141D2D1F1083}D:\davinci resolve\fuscript.exe] => (Allow) D:\davinci resolve\fuscript.exe => Keine Datei
FirewallRules: [UDP Query User{F32153F2-841F-4B64-889A-068257C33EBC}D:\davinci resolve\fuscript.exe] => (Allow) D:\davinci resolve\fuscript.exe => Keine Datei
FirewallRules: [{F22F4F3D-0D3A-4E2F-8F0A-725BEAE5A56A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DCF8F9FF-FF89-438E-9267-768FBB5A79B3}] => (Allow) LPort=2869
FirewallRules: [{1C02CEA6-E768-495F-B57E-EAECE1D920CE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2AFF37E5-E3DA-456D-B9B4-0F7302313023}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [UDP Query User{7511FF55-3FE3-42E5-B410-8BB01190B1D0}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [TCP Query User{6275E10B-A03E-4C4D-BF8E-60B2B3B83DA5}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [UDP Query User{CFE5A993-8227-4481-8BFF-DB31E784CFF5}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [{9C49F4C1-AAFE-4DC4-82E1-7A84B381F801}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23565294-EEA5-4356-97B8-4DB0FB420E0D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AFE7E314-8907-4B06-A202-9F47E4C1FACC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E9E22E1C-439B-402E-A6D7-E23C0A4013BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{469A40C6-69A5-400A-AE3A-4C1234FD942D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ECD45047-89CB-4129-9D3F-661C0DBC775F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D7397F82-FC85-4C74-BC1A-8B8A04E9E217}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F10E9B5B-258C-4E3B-B8B3-8996B134135C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9713AC15-D308-4C14-B112-0D55611195A3}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{3FEF9E2F-9CDE-49B6-9772-3B1471305C69}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{DFC310F3-4869-4968-AB25-CE5A8952A68A}] => (Allow) D:\SteamLibrary\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [{E41E8C0B-CC15-4D0B-94B9-8417CE3D15B7}] => (Allow) D:\SteamLibrary\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{1DCC4726-9C5D-44D2-A403-BBE3C1335580}D:\vlc\vlc.exe] => (Allow) D:\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D132C856-2075-48EB-AC72-4A9169AEDF04}D:\vlc\vlc.exe] => (Allow) D:\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{78BA9C07-5089-437C-99D2-0F051658CC2F}] => (Allow) D:\SteamLibrary\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe (Focus Home Interactive -> Focus Home Interactive)
FirewallRules: [{C27EEC96-F732-4083-A859-CFF9743F86AC}] => (Allow) D:\SteamLibrary\steamapps\common\Vampyr\AVGame\Binaries\Win64\AVGame-Win64-Shipping.exe (Focus Home Interactive -> Focus Home Interactive)
FirewallRules: [{A7C35714-1BCD-4407-8490-F5458139BE25}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{939CC2B7-F548-40E5-97AD-59717D0B2FD5}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{4C20FFA6-02BE-4970-8D9C-59745CE26726}] => (Allow) D:\Schlacht um Mittelerde 2\game.dat (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{2E80E2AB-152E-4C19-B8E3-07F80565892B}] => (Allow) D:\Schlacht um Mittelerde 2\game.dat (Electronic Arts -> Electronic Arts Inc.)
FirewallRules: [{D17712DA-6AE5-4272-A7F1-421179904F1D}] => (Allow) D:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{C0E9AE5C-3540-4F91-A29B-6B67E8986ECF}] => (Allow) D:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{DE257AA8-D0D0-4C5E-9D01-7B5FB7D240B2}] => (Allow) D:\SteamLibrary\steamapps\common\Yu-Gi-Oh! Legacy of the Duelist\YuGiOh.exe () [Datei ist nicht signiert]
FirewallRules: [{12AEBB21-140E-4022-8FF4-35E5A6470C07}] => (Allow) D:\SteamLibrary\steamapps\common\Yu-Gi-Oh! Legacy of the Duelist\YuGiOh.exe () [Datei ist nicht signiert]
FirewallRules: [{6D1F0FD3-E284-4E19-B9EC-693D2EBEF027}] => (Allow) D:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [Datei ist nicht signiert]
FirewallRules: [{631B9242-B51B-480F-81ED-2FEB1CD4618D}] => (Allow) D:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [Datei ist nicht signiert]
FirewallRules: [{0A9FFCF2-250F-4DEB-8789-049CF122EC6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{278334CA-6B78-4A37-A33D-C38B0EAAEE98}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{ABD6A5AA-B963-472B-B24A-609ACB65313A}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{50E844BA-BE03-4C2C-AAA7-0736568A9C84}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{20695CD1-66CB-4D92-A5D3-EB431E03AC3F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C12D516D-F526-4C69-83AE-419DFE0230B2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CBDF9D1C-3657-41A7-918A-E840F22FECB1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8CA0F7ED-6BA8-45DD-9C13-71A25B413FB7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A3BF21C1-0079-4022-A4BF-18C513F52E56}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{519EB553-52CA-4455-B16C-FA1E2AB336CD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9F1B7025-D8C1-4D30-A94F-4E4577A51830}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{771EE277-4F5D-4CB6-9F47-872722398E73}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{A93E7D19-F23E-4FD8-86E7-70AD37F8C47B}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{0E5D29F1-E895-4039-83D5-9374D05ED0D7}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{89B29752-2DD5-43D0-9BC4-7B05F03CB7B8}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
==================== Wiederherstellungspunkte =========================
13-10-2020 21:09:53 chip 1-click download service wurde entfernt.
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (10/13/2020 09:14:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MBAMService.exe, Version: 3.2.0.920, Zeitstempel: 0x5f4fe669
Name des fehlerhaften Moduls: UpdateControllerImpl.dll, Version: 3.2.0.539, Zeitstempel: 0x5f47fa14
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000047f03
ID des fehlerhaften Prozesses: 0x39ec
Startzeit der fehlerhaften Anwendung: 0x01d6a194ffa1aa07
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Pfad des fehlerhaften Moduls: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll
Berichtskennung: fe2707c4-43f6-457b-9020-45b1e4262922
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/13/2020 09:11:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Name des fehlerhaften Moduls: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000757a
ID des fehlerhaften Prozesses: 0xed8
Startzeit der fehlerhaften Anwendung: 0x01d6a1949a85c208
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Berichtskennung: a1d501af-7bac-4976-ba11-0a3c1c5813bc
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/13/2020 09:10:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (10/13/2020 09:10:32 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (10/13/2020 08:20:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm FRST64.exe Version 11.10.2020.0 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3100
Startzeit: 01d6a18d34b43f19
Beendigungszeit: 4294967295
Anwendungspfad: C:\Users\Azad\Downloads\FRST64.exe
Bericht-ID: 92e58ba0-3219-4a81-a64c-77dd071d467f
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Top level window is idle
Error: (10/13/2020 07:11:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AnyTransToolHelper.exe, Version: 1.2.0.0, Zeitstempel: 0x5f816088
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.488, Zeitstempel: 0x5b4a3325
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000023e49
ID des fehlerhaften Prozesses: 0x29e8
Startzeit der fehlerhaften Anwendung: 0x01d6a183f4d050a3
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: d6caf0cc-5616-4ade-a04f-0012f0ba4551
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/13/2020 07:11:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: AnyTransToolHelper.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
bei ToolsHelper.Tool.CommonTools.iTunesFolderPath(FolderType)
bei ToolsHelper.RegisterInfo.SoftwareInfo.GetSystemiTunesVersion()
bei ToolsHelper.RegisterInfo.SoftwareInfo.InitProgramInfo()
bei ToolsHelper.RegisterInfo.SoftwareInfo.getInstence()
bei AdvertisManager.App.OnStartup(System.Windows.StartupEventArgs)
bei System.Windows.Application.<.ctor>b__1_0(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Windows.Threading.DispatcherOperation.Invoke()
bei System.Windows.Threading.Dispatcher.ProcessQueue()
bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunDispatcher(System.Object)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei AdvertisManager.App.Main()
Error: (10/13/2020 07:11:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Name des fehlerhaften Moduls: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000757a
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0x01d6a183e6c3adb8
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Berichtskennung: 869ec204-b438-475b-a259-b62b12e3dde4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Display Container LS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/13/2020 09:14:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/13/2020 09:11:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RelevantKnowledge" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Windows Defender:
===================================
Date: 2020-10-13 20:20:40.7830000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; service:_RelevantKnowledge; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Users\Azad\Desktop\FRST64.exe
Sicherheitsversion: AV: 1.325.698.0, AS: 1.325.698.0, NIS: 1.325.698.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 20:18:49.9380000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; service:_RelevantKnowledge; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Users\Azad\Downloads\FRST64.exe
Sicherheitsversion: AV: 1.325.698.0, AS: 1.325.698.0, NIS: 1.325.698.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 18:32:24.8260000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; service:_RelevantKnowledge; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Users\Azad\Downloads\FRST64.exe
Sicherheitsversion: AV: 1.325.698.0, AS: 1.325.698.0, NIS: 1.325.698.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 18:02:10.6600000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Users\Azad\Downloads\FRST64.exe
Sicherheitsversion: AV: 1.325.683.0, AS: 1.325.683.0, NIS: 1.325.683.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 17:55:28.8990000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {AA50B20B-DE2A-4F8D-9AA5-402FFA8CF44F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: DESKTOP-VOMS6S7\Azad
CodeIntegrity:
===================================
Date: 2020-10-12 23:25:13.5400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:20:13.5400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:15:13.5450000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:10:13.5450000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:05:13.5540000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:00:13.5520000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 22:55:13.5460000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 22:50:13.5520000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. F4 04/03/2018
Hauptplatine: Gigabyte Technology Co., Ltd. Z370P D3-CF
Prozessor: Intel(R) Core(TM) i3-8350K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 8143.74 MB
Verfügbarer physikalischer RAM: 4026.88 MB
Summe virtueller Speicher: 15055.74 MB
Verfügbarer virtueller Speicher: 8910.13 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.19 GB) (Free:16.89 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.5 GB) (Free:501.81 GB) NTFS
\\?\Volume{6302f23b-433f-4f8a-bb8e-e11062a5c296}\ (Wiederherstellung) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{edc8b298-85c3-411b-a79d-be6304fa5b79}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
14.10.2020, 14:52
| #9 |
| /// TB-Ausbilder | Misleading:Win32/Lodi Virus? Schritt 1
Schritt 2 Führe RogueKiller Anti-Malware gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 3
Bitte poste mit deiner nächsten Antwort:
|
|
14.10.2020, 17:08
| #10 |
| | Misleading:Win32/Lodi Virus?Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-10-2020
durchgeführt von Azad (14-10-2020 17:51:34) Run:1
Gestartet von C:\Users\Azad\Desktop
Geladene Profile: Azad
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
FF NewTab: Mozilla\Firefox\Profiles\6uu47y6w.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=CH180901FF&iDate=2020-09-09 04:09:01&bName=&bitmask=0600
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare UniConverter (Desktop Deutsch)\Transfer\DriverInstall.exe" [X]
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
Hosts:
RemoveProxy:
SystemRestore: On
EmptyTemp:
*****************
"Firefox newtab" => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\WsDrvInst => erfolgreich entfernt
WsDrvInst => Dienst erfolgreich entfernt
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende 1 CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende 1 CMD: =========
========= netsh advfirewall reset =========
OK.
========= Ende 1 CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= Ende 1 CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
0 out of 0 jobs canceled.
========= Ende 1 CMD: =========
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
========= Ende 1 RemoveProxy: =========
SystemRestore: On => abgeschlossen
=========== EmptyTemp: ==========
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 292673120 B
Java, Flash, Steam htmlcache => 348525189 B
Windows/system/drivers => 1252969 B
Edge => 6689364 B
Chrome => 27792653 B
Firefox => 1387281709 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 9172 B
LocalService => 28852 B
NetworkService => 159050 B
Azad => 79440315 B
RecycleBin => 136580 B
EmptyTemp: => 2 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende 1 Fixlog 17:52:54 ====
Code:
ATTFilter RogueKiller Anti-Malware V14.7.3.0 (x64) [Sep 15 2020] (Free) von Adlice Software Mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Betriebssystem : Windows 10 (10.0.19041) 64 bits Gestartet in : Normaler Modus Benutzer : Azad [Administrator] Gestartet von : C:\Users\Azad\Desktop\RogueKiller_portable64.exe Signaturen : 20201013_092959, Treiber : Geladen Modus : Standard-Scan, Scannen -- Datum : 2020/10/14 17:56:28 (Dauer : 00:04:58) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Prozesse ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Prozessmodule ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Dienste ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Software [PUP.Gen1 (Potenziell bösartig)] (X64) HKEY_USERS\.DEFAULT\Software\OCS -- N/A -> Gefunden [PUP.Gen1 (Potenziell bösartig)] (X64) HKEY_USERS\S-1-5-21-4008508967-1143171168-3858184327-1001\Software\OCS -- N/A -> Gefunden [PUP.Gen1 (Potenziell bösartig)] (X64) HKEY_USERS\S-1-5-18\Software\OCS -- N/A -> Gefunden ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts-Datei ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Dateien ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Adw.Xunlei (Bösartig)] (folder) Thunder Network -- C:\ProgramData\Thunder Network -> Gefunden ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Webbrowser ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> Firefox Config [PUM.SearchEngine (Potenziell bösartig)] browser.search.defaultenginename (C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default\prefs.js) -- Bing Default Search -> Gefunden [PUM.SearchEngine (Potenziell bösartig)] browser.search.selectedEngine (C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default\prefs.js) -- Bing Default Search -> Gefunden ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Anti-Rootkit : 0 (Driver: Geladen) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2020
durchgeführt von Azad (Administrator) auf DESKTOP-VOMS6S7 (Gigabyte Technology Co., Ltd. Z370P D3) (14-10-2020 18:03:50)
Gestartet von C:\Users\Azad\Desktop
Geladene Profile: Azad
Platform: Windows 10 Pro Version 2004 19041.508 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Electronic Arts, Inc. -> Electronic Arts) D:\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(iMobie Inc. -> iMobie Inc.) C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.23741.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12010.1001.2.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Skillbrains) [Datei ist nicht signiert] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [638352 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [407440 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2720256 2020-10-10] (iMobie Inc. -> iMobie Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Steam] => C:\Steam\steam.exe [3416352 2020-10-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Discord] => C:\Users\Azad\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [Spotify] => C:\Users\Azad\AppData\Roaming\Spotify\Spotify.exe [22824680 2020-05-22] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [com.blitz.app] => C:\Users\Azad\AppData\Local\Blitz\Update.exe [1921680 2020-04-07] (Swift Media Entertainment, Inc. -> Blitz Inc.)
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Run: [AnyTransToolHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe [580608 2020-10-10] (iMobie Inc. -> iMobie Inc.)
HKLM\...\Windows x64\Print Processors\Epson Inkjet: C:\Windows\System32\spool\prtprocs\x64\EP0NPP01.DLL [38912 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\Windows\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet 4630 series): C:\Windows\system32\HPDiscoPMC611.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.75\Installer\chrmstp.exe [2020-10-13] (Google LLC -> Google LLC)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02BF6FDC-843B-49B1-9389-7D7FB346351F} - System32\Tasks\Agent Activation Runtime\S-1-5-21-4008508967-1143171168-3858184327-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-08-11] (Microsoft Windows -> )
Task: {0CFF5E86-1EE8-4870-86F4-721D83AA7D7A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {185599E2-D932-45EF-B67E-D69371DC73D2} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3B5C156D-7B8E-4374-8F09-6AE999304CFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-22] (Google Inc -> Google LLC)
Task: {3F417CC7-FF24-4B0A-9552-07EBB64FFF14} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-13] (Adobe Inc. -> Adobe)
Task: {3FE450AE-DBA1-4B4C-B564-C7284F85DB15} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {3FF22648-45C1-4760-812A-F2864F592182} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {40367766-4252-4850-B197-5BEBA523AAFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {45D066AB-B633-45C0-BDFD-3707FD8FEA07} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {47AC3806-A459-40C1-8475-B9E4A60E6FE3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
Task: {5D5A6928-14BC-4739-B3AA-197AE90720D0} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {7739174D-35B8-4A0C-9C74-E69F340AF0DE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F50782E-6D80-41E6-8569-B825B72AFC39} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F51EDB9-9509-496A-AF41-8A240DF1D80E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {821A8699-93C8-4F50-9A17-1BA7E638849C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-22] (Google Inc -> Google LLC)
Task: {A46E6974-4A55-49FF-8C11-F82FAA39B298} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A8136268-4BBA-44DA-87FA-173972FB8DBF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {AF093467-08D1-4C35-8BCE-A07FC602F119} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C361A712-4DF9-45CA-8BB8-ADB249135309} - System32\Tasks\update-S-1-5-21-4008508967-1143171168-3858184327-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {C9E60819-F104-4173-9EDB-AC7D46858558} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DE2A5B04-55D9-4E4A-9870-CEAF98E41CBB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1833D1B-4BD0-4CA1-8061-6F80E3B54E3B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F0118622-9A7D-4267-A97D-A80E1739C039} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-10-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {FDA30F1D-5CB3-4D2D-B8A6-62CA074736EC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4008508967-1143171168-3858184327-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d7c8a815-ac65-4c33-bc3f-70bb13fdd9e7}: [DhcpNameServer] 192.168.0.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Azad\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-13]
FireFox:
========
FF DefaultProfile: 6uu47y6w.default
FF ProfilePath: C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default [2020-10-14]
FF Notifications: Mozilla\Firefox\Profiles\6uu47y6w.default -> hxxps://www.lieferando.de; hxxps://www.stuttgarter-nachrichten.de
FF Extension: (MyJDownloader Browser Erweiterung) - C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2020-10-03] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Azad\AppData\Roaming\Mozilla\Firefox\Profiles\6uu47y6w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-09-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default [2020-10-14]
CHR Extension: (Präsentationen) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-22]
CHR Extension: (Docs) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-22]
CHR Extension: (Google Drive) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-22]
CHR Extension: (YouTube) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-22]
CHR Extension: (Tabellen) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-22]
CHR Extension: (Google Mail) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Azad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-28]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
"TrueSight" => Dienst konnte nicht entsperrt werden. <==== ACHTUNG
HKLM\SYSTEM\ControlSet001\Services\TrueSight => \??\C:\Windows\System32\drivers\truesight.sys <==== ACHTUNG (Rootkit!/Gesperrter Dienst)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-06] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-02-28] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7185288 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2519864 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3473216 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2020-07-10] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5097896 2020-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13109264 2020-06-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 VBoxSDS; D:\Virtual Box\VBoxSDS.exe [744968 2020-06-04] (Oracle Corporation -> Oracle Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [254528 2018-11-26] (DT Soft Ltd -> DT Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-10-13] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217592 2020-10-14] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-10-13] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197280 2020-10-14] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73880 2020-10-14] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-10-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131232 2020-10-14] (Malwarebytes Inc -> Malwarebytes)
R1 MpKslDrv; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{184CF78A-E606-4BFF-BAD3-3A27BE79520D}\MpKslDrv.sys [47328 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [237832 2020-06-04] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [247232 2020-06-04] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-10-14 18:03 - 2020-10-14 18:04 - 000024152 _____ C:\Users\Azad\Desktop\FRST.txt
2020-10-14 18:02 - 2020-10-14 18:02 - 000003952 _____ C:\Users\Azad\Desktop\RogKiller.txt
2020-10-14 17:55 - 2020-10-14 17:55 - 030745656 _____ C:\Users\Azad\Desktop\RogueKiller_portable64.exe
2020-10-14 17:55 - 2020-10-14 17:55 - 000000000 ____D C:\ProgramData\RogueKiller
2020-10-14 17:54 - 2020-10-14 17:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-10-14 17:53 - 2020-10-14 17:53 - 000217592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-10-14 17:53 - 2020-10-14 17:53 - 000197280 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-10-14 17:53 - 2020-10-14 17:53 - 000131232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-10-14 17:53 - 2020-10-14 17:53 - 000073880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-10-14 17:51 - 2020-10-14 17:52 - 000003325 _____ C:\Users\Azad\Desktop\Fixlog.txt
2020-10-14 17:51 - 2020-10-14 17:51 - 000000000 ____D C:\Users\Azad\Desktop\FRST-OlderVersion
2020-10-14 12:11 - 2020-10-14 17:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-13 21:19 - 2020-10-13 21:20 - 000000000 ____D C:\AdwCleaner
2020-10-13 21:19 - 2020-10-13 21:19 - 008447152 _____ (Malwarebytes) C:\Users\Azad\Downloads\adwcleaner_8.0.8.exe
2020-10-13 21:14 - 2020-10-13 21:14 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-10-13 21:14 - 2020-10-13 21:14 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-10-13 21:14 - 2020-10-13 21:14 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-10-13 21:14 - 2020-10-13 21:14 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-10-13 21:14 - 2020-10-13 21:14 - 000000000 ____D C:\Users\Azad\AppData\Local\mbam
2020-10-13 21:13 - 2020-10-13 21:13 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-10-13 21:13 - 2020-10-13 21:13 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-10-13 21:13 - 2020-10-13 21:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-10-13 21:13 - 2020-10-13 21:13 - 000000000 ____D C:\Program Files\Malwarebytes
2020-10-13 21:12 - 2020-10-13 21:12 - 002041448 _____ (Malwarebytes) C:\Users\Azad\Desktop\MBSetup.exe
2020-10-13 20:17 - 2020-10-14 17:51 - 002299904 _____ (Farbar) C:\Users\Azad\Desktop\FRST64.exe
2020-10-13 19:16 - 2020-10-13 19:16 - 000001199 _____ C:\Users\Public\Desktop\AnyTrans.lnk
2020-10-13 19:16 - 2020-10-13 19:16 - 000001199 _____ C:\ProgramData\Desktop\AnyTrans.lnk
2020-10-13 18:58 - 2020-10-13 18:58 - 007839912 _____ (iMobie Inc.) C:\Users\Azad\Downloads\anytrans-ios-new-en-setup.exe
2020-10-13 18:53 - 2020-10-13 18:53 - 000000000 ____D C:\Users\Public\Thunder Network
2020-10-13 18:53 - 2020-10-13 18:53 - 000000000 ____D C:\ProgramData\Thunder Network
2020-10-13 18:01 - 2020-10-14 18:04 - 000000000 ____D C:\FRST
2020-10-09 19:25 - 2020-10-09 19:25 - 000000000 ____D C:\Users\Azad\AppData\Local\AVGame
2020-10-05 16:10 - 2020-10-05 16:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2020-09-28 20:52 - 2020-09-26 01:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-09-28 20:52 - 2020-09-26 01:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-09-28 20:52 - 2020-09-26 01:41 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 002097560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 001585048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 001506200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 001160600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000815856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000811248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000674200 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000670104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000656792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000555928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-09-28 20:52 - 2020-09-26 01:40 - 000540912 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 007705320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 006859152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 004174736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 002509200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 001733008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445655.dll
2020-09-28 20:52 - 2020-09-26 01:39 - 001482984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445655.dll
2020-09-28 20:52 - 2020-09-26 01:35 - 005964496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-09-28 18:00 - 2020-09-28 18:12 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2020-09-28 17:49 - 2020-09-28 17:49 - 000000768 _____ C:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
2020-09-28 17:49 - 2020-09-28 17:49 - 000000768 _____ C:\ProgramData\Desktop\Die Schlacht um Mittelerde™ II.lnk
2020-09-28 17:49 - 2020-09-28 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2020-09-28 17:44 - 2020-09-28 17:45 - 000000000 ____D C:\Users\Azad\AppData\Roaming\DAEMON Tools Lite
2020-09-28 17:44 - 2020-09-28 17:45 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2020-09-28 17:44 - 2020-09-28 17:44 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2020-09-25 11:17 - 2020-10-08 16:31 - 000000000 ____D C:\Users\Azad\Desktop\Logos
2020-09-23 14:09 - 2020-09-23 14:09 - 000000000 ____D C:\Users\Azad\AppData\Local\Epic Games
2020-09-17 18:20 - 2020-09-15 00:13 - 000038816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2020-09-16 17:28 - 2020-09-16 17:28 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2020-09-16 17:27 - 2020-10-09 15:31 - 000000000 ____D C:\Users\Azad\Documents\Mount and Blade II Bannerlord
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-10-14 18:00 - 2020-08-11 21:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-14 18:00 - 2020-08-11 21:58 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-14 18:00 - 2020-08-11 21:57 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-14 18:00 - 2019-12-07 16:51 - 000743686 _____ C:\WINDOWS\system32\perfh007.dat
2020-10-14 18:00 - 2019-12-07 16:51 - 000150108 _____ C:\WINDOWS\system32\perfc007.dat
2020-10-14 18:00 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2020-10-14 17:55 - 2018-08-27 18:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-10-14 17:54 - 2020-09-04 11:26 - 000000000 ___RD C:\Users\Azad\iCloudDrive
2020-10-14 17:54 - 2018-08-27 14:08 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-10-14 17:54 - 2018-08-27 14:08 - 000000000 ____D C:\Users\Azad\AppData\LocalLow\Mozilla
2020-10-14 17:54 - 2018-08-27 14:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-14 17:53 - 2020-08-11 21:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-14 17:53 - 2020-08-11 21:53 - 000008192 ___SH C:\DumpStack.log.tmp
2020-10-14 17:53 - 2020-07-07 23:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-10-14 17:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-10-14 17:53 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-14 17:53 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-14 17:52 - 2020-09-10 19:32 - 000000000 ____D C:\Users\Azad\AppData\LocalLow\Temp
2020-10-14 17:50 - 2020-03-17 17:47 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-10-14 17:50 - 2019-11-07 19:41 - 000000000 ____D C:\Users\Azad\AppData\Local\Battle.net
2020-10-14 14:04 - 2020-08-11 21:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-14 13:13 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-14 13:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-14 13:13 - 2018-08-28 20:11 - 000000000 ____D C:\Users\Azad\AppData\Local\D3DSCache
2020-10-14 00:34 - 2019-08-27 17:25 - 000000000 ____D C:\Users\Azad\AppData\Roaming\TS3Client
2020-10-13 21:13 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-10-13 19:08 - 2020-08-11 21:58 - 000004640 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-10-13 19:08 - 2019-12-07 11:18 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-10-13 19:08 - 2019-12-07 11:18 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-13 19:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-10-13 19:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-10-13 19:03 - 2020-09-04 13:14 - 000000000 ____D C:\Users\Azad\AppData\Roaming\vlc
2020-10-13 18:58 - 2020-09-04 19:02 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Apple Computer
2020-10-13 18:58 - 2018-08-27 13:28 - 000000000 ____D C:\Users\Azad\AppData\Local\PlaceholderTileLogoFolder
2020-10-13 18:58 - 2018-08-24 18:32 - 000000000 ____D C:\Users\Azad\AppData\Local\Packages
2020-10-13 18:28 - 2020-08-14 13:51 - 000000000 ____D C:\Users\Azad\AppData\Local\Bluestacks
2020-10-13 18:27 - 2018-09-22 21:43 - 000000000 ____D C:\Program Files\Rockstar Games
2020-10-13 18:27 - 2018-09-22 21:43 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-10-13 18:13 - 2020-09-04 19:09 - 000000000 ____D C:\Users\Azad\AppData\Roaming\iMobie
2020-10-13 17:17 - 2019-10-22 17:54 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-13 17:17 - 2019-10-22 17:54 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-13 17:17 - 2019-10-22 17:54 - 000002252 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-12 23:26 - 2018-08-28 20:01 - 000000000 ____D C:\Steam
2020-10-10 20:28 - 2019-11-10 18:08 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Discord
2020-10-10 17:27 - 2019-11-10 18:08 - 000002232 _____ C:\Users\Azad\Desktop\Discord.lnk
2020-10-10 17:27 - 2019-11-10 18:08 - 000000000 ____D C:\Users\Azad\AppData\Local\Discord
2020-10-10 12:31 - 2019-11-07 19:50 - 000000569 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2020-10-10 12:31 - 2019-11-07 19:50 - 000000569 _____ C:\ProgramData\Desktop\Hearthstone.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 000002257 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-10 10:17 - 2020-08-09 10:21 - 000002257 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-10-09 19:25 - 2018-08-28 21:21 - 000000000 ____D C:\Users\Azad\AppData\Local\UnrealEngine
2020-10-07 11:09 - 2018-08-24 18:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-06 15:55 - 2020-08-27 15:44 - 000000000 ____D C:\Users\Azad\Documents\Soundaufnahmen
2020-09-30 17:44 - 2020-09-04 19:11 - 000000000 ____D C:\Users\Azad\Documents\Temp
2020-09-29 22:02 - 2020-03-20 18:18 - 000000000 ____D C:\Users\Azad\AppData\Roaming\Origin
2020-09-29 22:02 - 2020-03-20 18:18 - 000000000 ____D C:\ProgramData\Origin
2020-09-29 19:34 - 2020-03-20 18:18 - 000000000 ____D C:\Users\Azad\AppData\Local\Origin
2020-09-27 22:23 - 2019-11-24 21:26 - 000000000 ____D C:\Users\Azad\AppData\Local\ElevatedDiagnostics
2020-09-27 19:48 - 2018-08-27 17:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-09-27 19:46 - 2018-08-27 17:49 - 129170736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-09-26 01:35 - 2020-07-10 08:54 - 006992184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-09-25 10:09 - 2019-02-04 22:21 - 000000000 ____D C:\ProgramData\Mozilla
2020-09-25 00:55 - 2020-07-10 08:54 - 000058630 _____ C:\WINDOWS\system32\nvinfo.pb
2020-09-24 22:26 - 2018-08-27 18:00 - 005510456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 002635752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 001759032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000990520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000195560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000122344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2020-09-24 22:26 - 2018-08-27 18:00 - 000083256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2020-09-24 14:33 - 2020-08-11 21:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-09-24 14:32 - 2019-01-29 14:20 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-23 16:41 - 2020-06-05 21:02 - 000000081 _____ C:\Users\Azad\AppData\Local\.bidstack.fault
2020-09-22 16:09 - 2019-12-28 21:05 - 000000000 ____D C:\Users\Azad\Desktop\Uni neu
2020-09-17 18:24 - 2018-08-27 17:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-09-17 18:23 - 2018-08-27 18:01 - 000000000 ____D C:\Users\Azad\AppData\Local\NVIDIA
2020-09-17 18:23 - 2018-08-27 17:58 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-09-17 08:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-09-16 08:44 - 2018-08-27 18:00 - 009302127 _____ C:\WINDOWS\system32\nvcoproc.bin
2020-09-15 00:13 - 2020-07-10 08:54 - 001682368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2020-09-15 00:13 - 2020-07-10 08:54 - 000222112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2020-09-14 17:22 - 2018-12-07 12:43 - 000000000 ____D C:\Users\Azad\Documents\Paradox Interactive
2020-09-14 17:21 - 2019-12-18 15:08 - 000000000 ____D C:\Users\Azad\AppData\Local\Paradox Interactive
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2020-06-05 21:02 - 2020-09-23 16:41 - 000000081 _____ () C:\Users\Azad\AppData\Local\.bidstack.fault
2018-09-24 22:53 - 2018-09-24 22:53 - 000000003 _____ () C:\Users\Azad\AppData\Local\updater.log
2018-09-24 22:53 - 2018-09-24 22:53 - 000000425 _____ () C:\Users\Azad\AppData\Local\UserProducts.xml
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Hier noch die Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-10-2020
durchgeführt von Azad (14-10-2020 18:04:34)
Gestartet von C:\Users\Azad\Desktop
Windows 10 Pro Version 2004 19041.508 (X64) (2020-08-11 19:58:54)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4008508967-1143171168-3858184327-500 - Administrator - Disabled)
Azad (S-1-5-21-4008508967-1143171168-3858184327-1001 - Administrator - Enabled) => C:\Users\Azad
DefaultAccount (S-1-5-21-4008508967-1143171168-3858184327-503 - Limited - Disabled)
Gast (S-1-5-21-4008508967-1143171168-3858184327-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4008508967-1143171168-3858184327-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version: - Ubisoft)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 8.7.0.0 - iMobie Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.4.5 - Electronic Arts, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Citrix Receiver 4.12 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.12.0.18020 - Citrix Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Discord (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{04DDD9BF-6B7B-4858-9AA4-D3C868169D70}) (Version: 1.1.163.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.75 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Officejet 4630 series - Grundlegende Software für das Gerät (HKLM\...\{3566FFED-696A-4260-8F12-073426CAC951}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Java 8 Update 261 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Malwarebytes version 4.2.1.89 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.1.89 - Malwarebytes)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.38 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.41 - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\OneDriveSetup.exe) (Version: 20.143.0716.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 81.0.2 (x64 de) (HKLM\...\Mozilla Firefox 81.0.2 (x64 de)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Grafiktreiber 456.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.55 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Online Plug-in (HKLM-x32\...\{2E9881CA-E41C-45E5-8055-61A4CC1BF93F}) (Version: 14.12.0.18020 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 6.1.10 (HKLM\...\{06BC3E95-3646-43EA-A78A-0E7D59776B2C}) (Version: 6.1.10 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.84.43868 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{2025DAA7-0653-4F18-B66F-900E6F2320EC}) (Version: 4.2.13 - dotPDN LLC)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Self-Service Plug-in (HKLM-x32\...\{7A029AB7-8CC4-4FE8-904F-A090248C1BC7}) (Version: 4.12.0.18013 - Citrix Systems, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Shotcut (HKLM-x32\...\Shotcut) (Version: 20.07.11 - Meltytech, LLC)
Spotify (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\Spotify) (Version: 1.1.33.569.gced9e0f5 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 4630 series (HKLM\...\{3917CF9F-DF46-406E-B524-CA0F150C70D7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
TeamSpeak 3 Client (HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\TeamSpeak 3 Client) (Version: 3.3.1 - TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.7.6 - TeamViewer)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 97.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.60 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_120.1.741.0_x64__v10z8vjag6ke6 [2020-10-09] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa [2020-10-06] (Apple Inc.) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12109.3.52015.0_x64__nzyj5cx40ttqa [2020-10-13] (Apple Inc.) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-18] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-20] (Microsoft Studios) [MS Ad]
OttPlayer -> C:\Program Files\WindowsApps\36375artemxk.OttPlayer_3.0.9.0_x64__agwaveq3mr4ra [2019-10-05] (Ottplayer)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2019-12-02] (Realtek Semiconductor Corp)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{0C6F11A4-7679-4786-9AC6-A7EFE6E9C6AC} -> [iCloud Drive] => C:\Users\Azad\iCloudDrive [2020-09-04 11:26]
CustomCLSID: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001_Classes\CLSID\{DD41CDAD-A293-4701-A5D5-635C3E1E7BCE} -> [iCloud-Fotos] => C:\Users\Azad\Pictures\iCloud Photos\Photos [2020-09-04 11:26]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-09-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-10-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-10-13 18:59 - 2017-09-04 05:52 - 000089600 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\iMobie\AnyTrans\zlib1.dll
2020-10-13 18:59 - 2019-03-25 03:59 - 001353216 _____ (Robert Simpson, et al.) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\iMobie\AnyTrans\System.Data.SQLite.dll
2018-09-24 22:53 - 2017-05-23 14:59 - 000494080 _____ (Skillbrains) [Datei ist nicht signiert] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-09-24 22:53 - 2017-05-23 14:59 - 000256000 _____ (Skillbrains) [Datei ist nicht signiert] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] D:\Origin\LIBEAY32.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] D:\Origin\ssleay32.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 001611264 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\platforms\qwindows.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 005487104 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Core.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 005841920 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Gui.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 001179136 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Network.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 000146432 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5WebSockets.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 005089792 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Widgets.dll
2020-09-23 09:43 - 2020-08-18 18:17 - 000184832 _____ (The Qt Company Ltd) [Datei ist nicht signiert] D:\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [233]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-07-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2018-04-12 01:38 - 2020-10-14 17:51 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
Network Binding:
=============
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4008508967-1143171168-3858184327-1001\...\StartupApproved\Run: => "com.blitz.app"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{A5921B0D-740B-4D98-A66C-AF31FB482128}C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [UDP Query User{03503901-444D-4A62-AEA7-339A4C823B32}C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{9BA0C391-5B70-4BE0-8B08-1BE9B1D201F9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A61A76BC-D7BF-4B01-B26E-A0C7BD000F8D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{62227FC5-D322-4846-9B19-89CAB5BF96C8}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [UDP Query User{D1BE6E5A-D388-4A91-BE3B-0AE67B3CCAE5}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
==================== Wiederherstellungspunkte =========================
13-10-2020 21:09:53 chip 1-click download service wurde entfernt.
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (10/14/2020 05:53:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (10/14/2020 05:53:06 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (10/14/2020 12:14:10 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (10/13/2020 09:14:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MBAMService.exe, Version: 3.2.0.920, Zeitstempel: 0x5f4fe669
Name des fehlerhaften Moduls: UpdateControllerImpl.dll, Version: 3.2.0.539, Zeitstempel: 0x5f47fa14
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000047f03
ID des fehlerhaften Prozesses: 0x39ec
Startzeit der fehlerhaften Anwendung: 0x01d6a194ffa1aa07
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Pfad des fehlerhaften Moduls: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll
Berichtskennung: fe2707c4-43f6-457b-9020-45b1e4262922
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/13/2020 09:11:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Name des fehlerhaften Moduls: rlservice.exe, Version: 1.1.24.120, Zeitstempel: 0x5e8fa842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000757a
ID des fehlerhaften Prozesses: 0xed8
Startzeit der fehlerhaften Anwendung: 0x01d6a1949a85c208
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Berichtskennung: a1d501af-7bac-4976-ba11-0a3c1c5813bc
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/13/2020 09:10:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (10/13/2020 09:10:32 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (10/13/2020 08:20:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm FRST64.exe Version 11.10.2020.0 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3100
Startzeit: 01d6a18d34b43f19
Beendigungszeit: 4294967295
Anwendungspfad: C:\Users\Azad\Downloads\FRST64.exe
Bericht-ID: 92e58ba0-3219-4a81-a64c-77dd071d467f
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Top level window is idle
Systemfehler:
=============
Error: (10/14/2020 12:11:34 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{995C996E-D918-4A8C-A302-45719A6F4EA7}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/13/2020 09:20:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Display Container LS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/13/2020 09:14:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Windows Defender:
===================================
Date: 2020-10-13 20:20:40.7830000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; service:_RelevantKnowledge; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Users\Azad\Desktop\FRST64.exe
Sicherheitsversion: AV: 1.325.698.0, AS: 1.325.698.0, NIS: 1.325.698.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 20:18:49.9380000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; service:_RelevantKnowledge; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Users\Azad\Downloads\FRST64.exe
Sicherheitsversion: AV: 1.325.698.0, AS: 1.325.698.0, NIS: 1.325.698.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 18:32:24.8260000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; service:_RelevantKnowledge; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Users\Azad\Downloads\FRST64.exe
Sicherheitsversion: AV: 1.325.698.0, AS: 1.325.698.0, NIS: 1.325.698.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 18:02:10.6600000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe; file:_C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; file:_C:\Windows\System32\rlls64.dll; file:_C:\WINDOWS\sysWOW64\rlls.dll; process:_pid:11324,ProcessStart:132470622375268807; process:_pid:17984,ProcessStart:132470725587859585; process:_pid:28132,ProcessStart:132470724829475980; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Users\Azad\Downloads\FRST64.exe
Sicherheitsversion: AV: 1.325.683.0, AS: 1.325.683.0, NIS: 1.325.683.0
Modulversion: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-13 17:55:28.8990000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {AA50B20B-DE2A-4F8D-9AA5-402FFA8CF44F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: DESKTOP-VOMS6S7\Azad
CodeIntegrity:
===================================
Date: 2020-10-12 23:25:13.5400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:20:13.5400000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:15:13.5450000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:10:13.5450000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:05:13.5540000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 23:00:13.5520000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 22:55:13.5460000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-10-12 22:50:13.5520000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. F4 04/03/2018
Hauptplatine: Gigabyte Technology Co., Ltd. Z370P D3-CF
Prozessor: Intel(R) Core(TM) i3-8350K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 48%
Installierter physikalischer RAM: 8143.74 MB
Verfügbarer physikalischer RAM: 4216.3 MB
Summe virtueller Speicher: 14799.74 MB
Verfügbarer virtueller Speicher: 8850.67 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.19 GB) (Free:35.07 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.5 GB) (Free:501.81 GB) NTFS
\\?\Volume{6302f23b-433f-4f8a-bb8e-e11062a5c296}\ (Wiederherstellung) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{edc8b298-85c3-411b-a79d-be6304fa5b79}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
14.10.2020, 19:24
| #11 |
| /// TB-Ausbilder | Misleading:Win32/Lodi Virus? Schritt 1
Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt: Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...  Vielleicht möchtest du das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
14.10.2020, 20:07
| #12 |
| | Misleading:Win32/Lodi Virus? Top, ist alles durch dankeschön  vielen lieben Dank, was war das denn jetzt genau? Nur interessenshalber |
|
15.10.2020, 13:42
| #13 | |
| /// TB-Ausbilder | Misleading:Win32/Lodi Virus?Zitat:
Ich bin froh, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
|
| Themen zu Misleading:Win32/Lodi Virus? |
| .dll, administrator, dateien, defender, explorer, firefox, geforce, google, microsoft, mozilla, nvidia, ordner, prozesse, realtek, router, scan, software, svchost.exe, system, viren, virus, virus?, windows, winlogon.exe, wma |
Lesestoff:
Linear-Darstellung
