|
Log-Analyse und Auswertung: Murofet Weekly: Trojanerbefall wird durch Telekom per Brief mitgeteilt.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.12.2020, 13:42 | #1 |
| Murofet Weekly: Trojanerbefall wird durch Telekom per Brief mitgeteilt. Hallo, Ich habe gestern einen Brief des Telekom Abuse-Teams bekommen: Sehr geehrte Damen und Herren,Nach Rückruf gab es die Info, dass es sich um den Virus Murofetweekly handeln soll. Handlungsanweisung der Telekom: Virenscan. Nachdem ich Kaspersky Rescue Disc laufen lassen habe konnten bereits zwei Datein entfernt werden: Murofetweekly wurde hier jedoch nicht aufgeführt. Sicherheitshalber wende ich mich deshalb hier ans Forum. Hier nun die Log-Datein: FRST und Addition Hier FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020 durchgeführt von ng4600 (Administrator) auf NIK (MSI MS-7A70) (06-12-2020 13:26:32) Gestartet von F:\Downloads Geladene Profile: ng4600 Platform: Windows 10 Pro Version 1909 18363.1198 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: Chrome Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) D:\Program Files\Adobe Premiere Elements 12\Elements 12 Organizer\PhotoshopElementsFileAgent.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <23> (ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\DPC Latency Tuner\DPCLT_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Mystic Light\Mystic Light.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Mystic Light\MysticLight_Service.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279328 2018-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-08-28] (Heidi Computers Ltd -> The Eraser Project) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-08-18] (Intel(R) USB eXtensible Host Controller Drivers -> Intel Corporation) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [413832 2017-11-01] (Geek Software GmbH -> Geek Software GmbH) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Program Files\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG) HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26037944 2018-10-02] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835768 2018-09-07] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) HKLM-x32\...\Run: [Mystic Light] => C:\Program Files (x86)\MSI\Mystic Light\Mystic Light.exe [3098808 2018-04-16] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1028280 2017-11-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) HKLM-x32\...\Run: [X_Boost] => C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe [4260000 2018-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22256824 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.) HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX430 series: c:\windows\system32\CNCALB1.DLL [302592 2011-09-21] (CANON INC.) [Datei ist nicht signiert] HKLM\...\Print\Monitors\Canon BJ Language Monitor MX430 series: c:\windows\system32\CNMLMB1.DLL [385024 2012-03-14] (CANON INC.) [Datei ist nicht signiert] HKLM\...\Print\Monitors\Canon BJ Language Monitor MX430 series XPS: c:\windows\system32\CNMXLMB1.DLL [385024 2012-03-14] (CANON INC.) [Datei ist nicht signiert] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-12] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> GroupPolicy: Beschränkung ? <==== ACHTUNG Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0202EE7B-FD3A-4271-A0E2-D427782AFD8E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {08760628-7EB9-4D8D-8EA9-B4C2A271C29C} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {093D9E70-7AAF-49F6-B8E7-53390FE904D6} - System32\Tasks\Overwolf Updater Task => C:\Users\ng4600\Desktop\Overwolf\OverwolfUpdater.exe Task: {0E052179-F2B7-4277-9B3E-56A3A310EDF8} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {165FD7CB-C11A-437E-8B21-3F066139DE11} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.) Task: {16C0C390-E0CA-419A-A33C-1C105669D5A9} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {21BD26F5-4324-45EE-B96B-441306D0D64A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {26AC9D5E-CC8A-4AF3-8892-65EA3AF3C9E2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [696016 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {287961FA-6E93-4C5F-AF3C-A20C677FAA83} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {2A8C9C0B-188E-4E55-A079-B6652906B4F4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2D4365E0-E6EF-4109-8585-EE856D464F91} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2EE75A90-2D5A-4836-A782-B3B5F2901443} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855760 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3CBE54E4-1F39-4696-A621-AB9AE82EF4A7} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2015-11-20] (Intel(R) Software -> Intel Corporation) Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {498A0C04-B213-4919-9AD6-C51454264800} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2047704 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {4B337E8E-C2CB-4EBD-862C-300558052263} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {4F68498E-DD81-40AE-B28F-ACE801CB0B04} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {4F7DEEC8-6862-440F-9081-C50BD9BF4610} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-11-02] (Google Inc -> Google Inc.) Task: {536BCDEE-ED49-464D-82B2-99CA15E408A0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd) Task: {54DA8524-74B0-4833-B709-3E87A2FE941A} - System32\Tasks\AdobeAAMUpdater-1.0-NIK-ng4600 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {57AAE158-CE2F-407C-947F-8A7722AA15F3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {5C0EB475-EB9F-4CCA-BB74-FA5CCDBC0F97} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {6495CB34-B691-46CC-9E04-CA9A579D14DA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6892CB43-F42E-4A6F-8EEF-1E813C8AEA14} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {6F7B1115-97D7-4F58-9E2D-DC0F61DE2E21} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855760 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {7260B1D5-62BD-4C4A-9A3D-D916C313F272} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {7AFB5895-9AC9-488F-B460-E0674A59707F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {7B53A63A-147D-44EA-ACE9-D820EDEB8B61} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7DF7A4B5-B911-4217-8BF0-4C7F2FC99079} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {89CACF21-BFD2-4390-8916-800B0C3309CC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {945B1232-43B5-4A28-BC53-E8B7D164691F} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [30106496 2020-10-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {A461D626-8234-478F-B326-D4D711A31A30} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2649200 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B6C675F8-DFFB-4BB3-99FF-E928A65E6A41} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BA083B46-8832-4E63-AAC5-CE6BB92F6207} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [230632 2020-11-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {BA64757D-DAFA-4FCF-9DC0-C7BE824AE21A} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C03E00C0-C7B1-4B6F-99B9-47371BC3AD59} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {C417B178-C2D4-4922-9F9F-624246662035} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D0F6F0BC-EA05-4573-922A-800E14B2916A} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [3976896 2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) Task: {D14AD154-65F8-4E0D-B180-C39DDE4CA3F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-11-02] (Google Inc -> Google Inc.) Task: {D1F31A88-FE34-471D-BF76-3095B11CC956} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18233016 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd) Task: {D4DE4705-E301-409E-842F-607BACF44987} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {D73BCA5C-EACC-4D95-B18A-72D1FC81FF12} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D7A97D5F-35A6-4B6C-9232-110E1FB98A9C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {DB1553D0-A079-4EC3-939E-73748A988FFC} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG Task: {E501ABD6-B1F6-4214-A141-198A4BB55509} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {E6244920-1CEB-4B70-8C89-A576E6972089} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EC5668B0-B014-4079-B1FE-69640B404E65} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {F1ECCED0-58F3-4DA2-B4FA-2586A0A8EB7C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F3B144E1-EA9F-4F5B-AC94-A14C4E2D9D9D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {F71F2B4F-94C5-40A4-AF17-FB8E2C961B1E} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{1A54A8C4-C376-4C5C-95F2-F7673A859C29}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{7b64753f-6178-488f-9b68-87733fe2962c}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{8dd977cf-0e39-4175-9e98-df5db7925f83}: [DhcpNameServer] 192.168.178.1 Edge: ====== DownloadDir: C:\Users\ng4600\Downloads Edge Profile: C:\Users\ng4600\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-25] Edge DownloadDir: F:\Downloads FireFox: ======== FF DefaultProfile: wzmjl5v0.default FF ProfilePath: C:\Users\ng4600\AppData\Roaming\Mozilla\Firefox\Profiles\wzmjl5v0.default [2019-06-23] FF ProfilePath: C:\Users\ng4600\AppData\Roaming\Mozilla\Firefox\Profiles\fzuyopdz.default-release [2020-12-06] FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: Adobe Reader -> D:\Program Files\Adobe Acrobat\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1393509143-4016895142-1010486369-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default [2020-12-06] CHR DownloadDir: F:\Downloads CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/apps-notify/drive_96_1x.png CHR Extension: (Präsentationen) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02] CHR Extension: (Google Drive) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghbiahbpaijignceidepookljebhfak [2019-12-11] CHR Extension: (Docs) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02] CHR Extension: (Google Drive) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26] CHR Extension: (YouTube) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-02] CHR Extension: (Elevate for Strava) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhiaggccakkgdfcadnklkbljcgicpckn [2020-07-02] CHR Extension: (Adobe Acrobat) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-17] CHR Extension: (Tabellen) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02] CHR Extension: (iCloud-Lesezeichen) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-11-28] CHR Extension: (Google Docs Offline) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-20] CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-20] CHR Extension: (LastPass: Free Password Manager) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-11-24] CHR Extension: (Reddit Enhancement Suite) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2020-10-03] CHR Extension: (Chrome-Erweiterung für Google Notizen) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2020-12-03] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-01] CHR Extension: (Google Mail) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22] CHR Extension: (Chrome Media Router) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-18] CHR Profile: C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-11-25] CHR Profile: C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-25] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-11-06] (Adobe Systems) [Datei ist nicht signiert] R2 AdobeActiveFileMonitor12.0; D:\Program Files\Adobe Premiere Elements 12\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1205960 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573960 2020-10-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384544 2020-10-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [246424 2020-11-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161376 2020-08-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8352184 2019-02-01] (BattlEye Innovations e.K. -> ) S3 FACEITService; E:\FACEIT AC\FACEITService.exe [20252512 2019-10-11] (FACE IT LIMITED -> ) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.) S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343608 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255032 2018-08-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507448 2018-07-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2742968 2018-08-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 MSI_DPCLTSERVICE; C:\Program Files (x86)\MSI\DPC Latency Tuner\DPCLT_Service.exe [2166968 2018-09-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [113336 2017-12-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2190520 2018-09-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 MSI_MYSTICLIGHTSERVICE; C:\Program Files (x86)\MSI\Mystic Light\MysticLight_Service.exe [2048696 2017-11-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [183992 2018-08-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 Origin Client Service; E:\Origin\OriginClientService.exe [2329392 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [3203888 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [413832 2017-11-01] (Geek Software GmbH -> Geek Software GmbH) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6153048 2020-11-12] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-02-28] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [207424 2020-11-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199752 2020-05-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-11] (Microsoft Corporation) [Datei ist nicht signiert] S3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc) [Datei ist nicht signiert] S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows (R) Win 7 DDK provider) S3 ipadtst2; C:\Program Files (x86)\MSI\Super Charger\ipadtst2_64.sys [16336 2016-07-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.) R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [32360 2011-09-14] (Realtek Semiconductor Corp -> NT Kernel Resources) S3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_DPC; C:\Program Files (x86)\MSI\DPC Latency Tuner\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\Mystic Light\Lib\NTIOLib_X64.sys [14288 2017-05-24] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation -> Corel Corporation) R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation) U3 idsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2020-12-06 12:28 - 2020-12-06 12:28 - 000271524 _____ C:\WINDOWS\SysWOW64\tmp 2020-12-03 20:40 - 2020-12-03 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2020-12-03 08:55 - 2020-12-06 12:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2020-11-24 10:38 - 2020-11-24 10:38 - 000106952 _____ C:\Users\ng4600\Documents\Beihilfeantrag_internet_a (4).pdf 2020-11-12 17:58 - 2020-11-12 17:58 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin 2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2020-11-12 17:57 - 2020-11-12 17:57 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2020-11-12 17:57 - 2020-11-12 17:57 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll 2020-11-12 17:57 - 2020-11-12 17:57 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2020-12-06 13:26 - 2020-10-07 05:56 - 000000000 ____D C:\FRST 2020-12-06 13:20 - 2019-07-30 18:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-12-06 13:20 - 2019-07-09 18:11 - 000000000 ____D C:\ProgramData\NVIDIA 2020-12-06 13:20 - 2019-04-16 20:54 - 000000000 ____D C:\Users\ng4600\AppData\Roaming\WTablet 2020-12-06 13:20 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-12-06 12:28 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2020-12-06 12:27 - 2017-11-03 15:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-12-06 12:22 - 2020-05-15 11:31 - 000000448 __RSH C:\ProgramData\ntuser.pol 2020-12-06 12:14 - 2019-07-30 18:54 - 001887728 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-12-06 12:14 - 2019-03-19 13:16 - 000785964 _____ C:\WINDOWS\system32\perfh007.dat 2020-12-06 12:14 - 2019-03-19 13:16 - 000167980 _____ C:\WINDOWS\system32\perfc007.dat 2020-12-06 12:14 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF 2020-12-06 12:09 - 2019-07-30 18:53 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{BCC0463F-66B3-4DDF-9D87-C1E9BAE32052} 2020-12-06 12:09 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-12-06 12:09 - 2017-12-20 11:46 - 000000000 ____D C:\Users\ng4600\AppData\Local\Adobe 2020-12-06 12:09 - 2017-11-03 15:09 - 000001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2020-12-06 12:09 - 2017-11-03 15:09 - 000000000 ____D C:\Users\ng4600\AppData\LocalLow\Mozilla 2020-12-05 17:09 - 2018-05-16 10:49 - 000000000 ____D C:\Users\ng4600\AppData\Roaming\WhatsApp 2020-12-05 16:59 - 2020-06-15 07:14 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2020-12-05 16:58 - 2019-07-30 18:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-12-05 11:09 - 2019-02-04 19:08 - 000000000 ____D C:\Users\ng4600\AppData\Local\WhatsApp 2020-12-05 11:09 - 2018-05-03 22:37 - 000000000 ____D C:\Users\ng4600\AppData\Local\SquirrelTemp 2020-12-04 17:53 - 2019-07-30 18:53 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2020-12-04 17:53 - 2019-07-30 18:53 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2020-12-04 16:56 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-12-04 16:53 - 2018-06-12 12:09 - 000000000 ____D C:\ProgramData\Riot Games 2020-12-04 16:53 - 2017-11-02 19:00 - 000000000 ____D C:\Users\ng4600\AppData\Local\Spotify 2020-12-04 16:53 - 2017-11-02 18:59 - 000000000 ____D C:\Users\ng4600\AppData\Roaming\Spotify 2020-12-03 20:40 - 2017-11-02 23:19 - 000000000 ____D C:\ProgramData\Package Cache 2020-11-30 21:06 - 2017-11-14 10:02 - 000000000 ____D C:\Users\ng4600\AppData\Local\ElevatedDiagnostics 2020-11-30 18:28 - 2020-06-15 07:14 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2020-11-30 18:28 - 2020-06-15 07:14 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2020-11-27 13:56 - 2020-09-04 07:13 - 000003690 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update 2020-11-25 20:35 - 2019-07-30 18:53 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2020-11-25 20:34 - 2018-11-14 20:34 - 000001722 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-11-24 10:37 - 2018-01-17 10:21 - 001045718 _____ C:\Users\ng4600\Documents\DBV_Erstattungsantrag_Nachbau_V3_ohneSummen.pdf 2020-11-22 11:38 - 2020-10-01 16:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2020-11-16 13:07 - 2017-11-04 20:17 - 000207424 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2020-11-13 07:54 - 2017-11-04 20:39 - 000000000 __RHD C:\Users\Public\AccountPictures 2020-11-13 07:54 - 2017-11-04 20:39 - 000000000 ___RD C:\Users\ng4600\3D Objects 2020-11-13 07:54 - 2017-11-02 23:31 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-11-13 07:52 - 2019-07-30 18:44 - 003381688 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-11-12 21:39 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\TextInput 2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources 2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup 2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe 2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz 2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-11-12 18:03 - 2017-11-02 18:10 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-11-12 18:00 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-11-12 18:00 - 2017-11-02 18:09 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-11-12 17:57 - 2019-07-30 18:45 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2020-11-12 11:00 - 2020-10-01 16:06 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll 2020-11-12 10:59 - 2020-10-01 16:06 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll 2020-11-10 21:09 - 2019-07-30 18:53 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2019-10-28 21:32 - 2019-10-28 21:32 - 000000218 _____ () C:\Users\ng4600\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== und hier Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06-12-2020 durchgeführt von ng4600 (06-12-2020 13:28:13) Gestartet von F:\Downloads Windows 10 Pro Version 1909 18363.1198 (X64) (2019-07-30 17:53:53) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1393509143-4016895142-1010486369-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1393509143-4016895142-1010486369-503 - Limited - Disabled) Gast (S-1-5-21-1393509143-4016895142-1010486369-501 - Limited - Disabled) ng4600 (S-1-5-21-1393509143-4016895142-1010486369-1000 - Administrator - Enabled) => C:\Users\ng4600 WDAGUtilityAccount (S-1-5-21-1393509143-4016895142-1010486369-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop Lightroom 4.2 64-bit (HKLM\...\{B71CCF77-38A2-4805-9759-A6F7D2C52F3A}) (Version: 4.2.1 - Adobe) Adobe Premiere Elements 12 (HKLM\...\{4016464A-0C3E-4070-8293-5D7F0D8EAE3A}) (Version: 12.0 - Adobe Systems Incorporated) Hidden Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.0 - Adobe Systems Incorporated) Apple Application Support (32-Bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2011.2057 - Avira Operations GmbH & Co. KG) Hidden Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.36.1.29260 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.41.13618 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;) Avira Software Updater (HKLM-x32\...\{073825B9-FF06-4690-8CE4-3C0B72036122}) (Version: 2.0.6.37231 - Avira Operations GmbH & Co. KG) Hidden Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.7.0.11017 - Avira Operations GmbH & Co. KG) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.64 - Piriform) CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.6 - Ursa Minor Ltd) CPUID CPU-Z MSI 1.78 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.78 - CPUID, Inc.) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 416.94 - NVIDIA Corporation) Hidden dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.4.3 - CEWE Stiftung u Co. KGaA) Elements 12 Organizer (HKLM-x32\...\{9D80A7B7-DC01-485D-AE93-710D559B5C56}) (Version: 12.0 - Ihr Firmenname) Hidden Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project) FIFA 18 (HKLM-x32\...\{213CC10A-B8CB-4EBA-B277-6B08B7C22A65}) (Version: 1.0.57.57320 - Electronic Arts) Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D) Golden Cheetah v3.4 (64bit) (HKLM-x32\...\Golden Cheetah) (Version: v3.4 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC) Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden HearthArena Companion (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Overwolf_eldaohcjmecjpkpdhhoiolhhaeapcldppbdgbnbc) (Version: 1.5.0.2 - Overwolf app) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.) Inkscape 0.92.3 (HKLM-x32\...\Inkscape) (Version: 0.92.3 - Inkscape Project) Intel Extreme Tuning Utility (HKLM-x32\...\{79E98F35-0524-446C-8EF5-4E863C4D87E2}) (Version: 6.2.0.24 - Intel Corporation) Hidden Intel Extreme Tuning Utility (HKLM-x32\...\{7afa48c7-9901-40fa-8f9b-f0707e2bc5b6}) (Version: 6.2.0.24 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1068 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden IrfanView 4.50 (64-bit) (HKLM\...\IrfanView64) (Version: 4.50 - Irfan Skiljan) League of Legends (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc) Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.55 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - ) Microsoft OneDrive (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) MiniTool Partition Wizard Free 10.2.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 67.0.4 (x64 de) (HKLM\...\Mozilla Firefox 67.0.4 (x64 de)) (Version: 67.0.4 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla) Mozilla Thunderbird 78.5.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 78.5.1 (x86 de)) (Version: 78.5.1 - Mozilla) MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.0.78 - MSI) MSI DPC Latency Tuner (HKLM-x32\...\{1AAC56F3-3F60-47DB-BE6B-088F36ADFDC5}_is1) (Version: 1.0.0.36 - MSI) MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.15 - MSI) MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.44 - MSI) MSI Mystic Light (HKLM-x32\...\{B798CF0A-F060-4054-9095-52B067C723C6}}_is1) (Version: 1.0.0.46 - MSI) MSI Smart Tool (HKLM-x32\...\{DDCCA038-DAB1-4D09-B85C-848020AA75D6}}_is1) (Version: 1.0.0.36 - MSI) MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.26 - MSI) MSI X Boost (HKLM-x32\...\{515143BB-7A11-4D85-B941-D520AAAA099C}_is1) (Version: 1.0.0.46 - MSI) MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp) NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.11 - MSI) NVIDIA 3D Vision Controller-Treiber 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA Grafiktreiber 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.4 (HKLM-x32\...\{5E9128B1-0AB8-40F5-9F71-69089C490855}) (Version: 4.14.9788 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 10.5.41.27263 - Electronic Arts, Inc.) Paradox Launcher v2 (HKLM\...\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 - Paradox Interactive) PDF24 Creator 8.2.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.7 - Tracker Software Products Ltd) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) PRE12 STI 64Installer (HKLM-x32\...\{06934A7E-D27F-4C5C-9D93-9715E274D736}) (Version: 12.0 - Adobe Systems Incorporated) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8531 - Realtek Semiconductor Corp.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Spotify) (Version: 1.1.47.684.g136419d9 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.0 - TeamSpeak Systems GmbH) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation) VALORANT (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Riot Game valorant.live) (Version: - Riot Games, Inc) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes) VSDC Free Video Editor Version 6.1.1.899 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.1.1.899 - Flash-Integro LLC) Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.33-3 - Wacom Technology Corp.) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment) WhatsApp (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\WhatsApp) (Version: 2.2047.13 - WhatsApp) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Zwift version 1.0.39 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.0.39 - Zwift, LLC) Packages: ========= Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-03-08] (Canon Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-05] (HP Inc.) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-19] (Apple Inc.) [Startup Task] Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-17] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) [MS Ad] Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.11020.5479.0_x64__8wekyb3d8bbwe [2020-11-19] (Microsoft Corporation) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert] ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG) ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Keine Datei ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-02] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll HKLM\...\Drivers32: [msacm.voxacm160] => c:\windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [Datei ist nicht signiert] HKLM\...\Drivers32: [msacm.scg726] => c:\windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [Datei ist nicht signiert] HKLM\...\Drivers32: [msacm.alf2cd] => c:\windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [Datei ist nicht signiert] HKLM\...\Drivers32: [msacm.ac3acm] => c:\windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [Datei ist nicht signiert] HKLM\...\Drivers32: [msacm.lame] => c:\windows\system32\lame.ax [245760 2005-08-01] () [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.dvsd] => c:\windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.mpg4] => c:\windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.mp42] => c:\windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.mp43] => c:\windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.xvid] => c:\windows\system32\xvidvfw.dll [139264 2004-07-03] () [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.DIVX] => c:\windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.VP60] => c:\windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.VP61] => c:\windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.VP62] => c:\windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Datei ist nicht signiert] HKLM\...\Drivers32: [vidc.LAGS] => c:\windows\system32\lagarith.dll [216064 2011-12-07] () [Datei ist nicht signiert] HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\ng4600\Desktop\Progamme\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak ShortcutWithArgument: C:\Users\ng4600\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak ShortcutWithArgument: C:\Users\ng4600\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2018-10-06 13:14 - 2005-07-18 12:43 - 000160256 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Live Update\unrar.dll 2017-11-22 11:50 - 2011-09-21 05:00 - 000302592 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNCALB1.DLL 2017-11-04 21:47 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMLMB1.DLL 2017-11-22 11:28 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMXLMB1.DLL 2018-04-06 19:29 - 2018-04-06 19:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll 2018-04-06 19:29 - 2018-04-06 19:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\ssleay32.dll 2018-10-06 13:18 - 2016-10-03 12:43 - 000399872 _____ (TODO: <公司名稱>) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Mystic Light\Lib\SDKDLL.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ========== ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2018-04-12 00:38 - 2009-06-10 22:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\program files (x86)\intel\intel(r) management engine components\icls\;c:\program files\intel\intel(r) management engine components\icls\;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\program files (x86)\common files\adobe\agl;c:\windows\system32\openssh\;c:\program files (x86)\intel\intel(r) management engine components\dal;c:\program files\intel\intel(r) management engine components\dal;c:\program files (x86)\intel\intel(r) management engine components\ipt;c:\program files\intel\intel(r) management engine components\ipt;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ng4600\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\_IGP5152.JPG DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei) ist aktiviert. Network Binding: ============= Ethernet: WinpkFilter LightWeight Filter -> nt_ndisrd (enabled) ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKLM\...\StartupApproved\Run32: => "X_Boost" HKLM\...\StartupApproved\Run32: => "Live Update" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "ApplePhotoStreams" HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "FACEIT" HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "World of Tanks" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [TCP Query User{A916DB42-7D1E-4CD1-8AA7-E2D0272B2D05}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{D3CB079B-6EA8-492F-8C74-CE67714A7704}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [TCP Query User{06437C4C-7A00-474A-9D9D-284B50A23509}C:\users\ng4600\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ng4600\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{F1C5E837-5DDD-4A0B-A638-2EDF95C543D0}C:\users\ng4600\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ng4600\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{F9991B82-345E-4275-AC93-090C9F089DFB}C:\users\ng4600\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ng4600\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{C4E06962-9AF8-4F90-8FF3-D7BF9DE6D59B}C:\users\ng4600\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ng4600\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{88337948-16FB-441A-AA37-B197A3841089}E:\steam\steam.exe] => (Allow) E:\steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [UDP Query User{3B09CFD5-E985-4992-9DE4-198F3A2463F9}E:\steam\steam.exe] => (Allow) E:\steam\steam.exe (Valve -> Valve Corporation) FirewallRules: [{01EE29EC-E6FB-4170-B38B-D123EDA70DCC}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{2FBE130D-3735-4F92-8489-6D312ADFA5A0}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{4AF39ACE-B602-46BC-9A1D-B1E15332322C}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{570F2649-6388-4CFF-AA8D-3D1717781458}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [TCP Query User{570BF443-C57B-4DA7-A5BA-66763D117FEE}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{F8E46936-E5E4-4D52-8104-48984F57AF96}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [{CA80F2EF-7AAD-4176-8DF9-E328FF5E027F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{35F3ECAB-6682-4FC6-9EF5-25B660BFA31D}] => (Allow) E:\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> ) FirewallRules: [{58915293-07F7-4AFE-93A6-307385C5EE6A}] => (Allow) E:\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> ) FirewallRules: [{00A9A9F0-2407-45F2-AC2B-F738E08F7B85}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{E2F79F90-D638-43F3-BBA5-8CFF91687A1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{11CE5104-BD2B-451F-B7A7-247D9183C72A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{873D82E0-7014-4FD2-92DC-CEE5FC295885}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{97611751-1DF1-4701-A304-2C72F6284334}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{32EE8670-0601-425C-A01C-2A400BD3605D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D7C18109-F3BD-41C9-8B5D-2D46DEDB25FC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A7A068E4-88E2-48A7-98D3-BC3694A62F07}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7B5D38F9-C267-4D82-A809-0208BD922C86}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{564F9171-3EAB-47B4-9122-618501A3B802}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6B062A25-61CB-44CE-B00E-1513BF3E7D86}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3A614CAD-F74C-49DC-AD35-EFD69A2F03BD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2114BC39-DF9C-4E19-A5D9-E3C97F0A6D66}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{43190F47-8AB2-4EE7-8A7F-541715407434}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{7CF0E774-079E-47BD-8992-A876FFF24D2C}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{162EFEB8-E965-48E4-9E67-6B3363A029F1}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:111.56 GB) (Free:24.53 GB) (22%) ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: Audiocontroller für Multimedia Description: Audiocontroller für Multimedia Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname Nik.local already in use; will try Nik-2.local instead Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Nik.local. Addr 192.168.178.21 Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.178.21:5353 16 Nik.local. AAAA 2003:00EF:0F12:EA00:C452:7C51:08A1:F524 Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Nik.local. AAAA FE80:0000:0000:0000:C452:7C51:08A1:F524 Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.178.21:5353 16 Nik.local. AAAA 2003:00EF:0F12:EA00:C452:7C51:08A1:F524 Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Nik.local. Addr 192.168.178.21 Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.178.21:5353 16 Nik.local. AAAA 2003:00EF:0F12:EA00:C452:7C51:08A1:F524 Error: (12/06/2020 12:20:49 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7500,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Systemfehler: ============= Error: (12/06/2020 01:22:15 PM) (Source: DCOM) (EventID: 10010) (User: NIK) Description: Der Server "Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/06/2020 01:20:32 PM) (Source: volmgr) (EventID: 45) (User: ) Description: Das System konnte den Treiber für das Speicherabbild nicht laden. Error: (12/06/2020 01:20:30 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error: (12/06/2020 01:20:30 PM) (Source: volmgr) (EventID: 45) (User: ) Description: Das System konnte den Treiber für das Speicherabbild nicht laden. Error: (12/06/2020 12:27:43 PM) (Source: volmgr) (EventID: 45) (User: ) Description: Das System konnte den Treiber für das Speicherabbild nicht laden. Error: (12/06/2020 12:27:40 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error: (12/06/2020 12:27:40 PM) (Source: volmgr) (EventID: 45) (User: ) Description: Das System konnte den Treiber für das Speicherabbild nicht laden. Error: (12/06/2020 12:07:53 PM) (Source: DCOM) (EventID: 10010) (User: NIK) Description: Der Server "Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. CodeIntegrity: =================================== Date: 2020-10-01 13:15:01.692 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-09-11 01:14:38.604 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-08-09 13:24:58.500 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-08-09 11:22:00.817 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-07-14 16:08:49.406 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-07-10 15:35:41.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-05-30 09:26:44.608 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-18 18:11:37.439 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== BIOS: American Megatrends Inc. A.30 04/06/2017 Hauptplatine: MSI B250M PRO-VDH (MS-7A70) Prozessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz Prozentuale Nutzung des RAM: 27% Installierter physikalischer RAM: 16349.02 MB Verfügbarer physikalischer RAM: 11865.38 MB Summe virtueller Speicher: 32733.02 MB Verfügbarer virtueller Speicher: 26206.41 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:111.56 GB) (Free:24.53 GB) NTFS Drive d: (Programme) (Fixed) (Total:499.9 GB) (Free:477.21 GB) NTFS Drive e: (Games) (Fixed) (Total:207.11 GB) (Free:98.2 GB) NTFS Drive f: (Volume) (Fixed) (Total:224.5 GB) (Free:194.97 GB) NTFS Drive s: (System-reserviert) (Fixed) (Total:0.23 GB) (Free:0.19 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 754DEFCD) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42) ========================================================== Disk: 1 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 292892D8) Partition 1: (Active) - (Size=232 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.6 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ======================= Beste Grüße und vielen Danke im Voraus. |
06.12.2020, 16:27 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Murofet Weekly: Trojanerbefall wird durch Telekom per Brief mitgeteilt. Störende, veraltete oder unnötige Programme deinstallieren
__________________Bitte über Programme und Features (appwiz.cpl) deinstallieren: 7-Zip 9.20 (x64 edition) alles von Avira CCleaner OpenOffice 4.1.4 PDF-Viewer
__________________ |
09.12.2020, 20:53 | #3 |
/// TB-Ausbilder | Murofet Weekly: Trojanerbefall wird durch Telekom per Brief mitgeteilt. Fehlende Rückmeldung
__________________Dieses Thema wurde aus unseren Abos gelöscht. Somit bekommen wir keine Benachrichtigung über neue Antworten. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und ein eigenes Thema erstellen! |
Themen zu Murofet Weekly: Trojanerbefall wird durch Telekom per Brief mitgeteilt. |
.dll, administrator, adobe, antivirus, avg, avira, bonjour, canon, defender, desktop, firewall, google, helper, internet, internet explorer, kaspersky, mozilla, nvidia, prozesse, realtek, security, sigcheck, udp, usb, virus, windows, windows xp |