Hallo Zusammen,

Leider habe ich mir einen hartnäckigen Browser-Hijacker eingefangen.
Bei einer Google Suche in Chrome werden zuerst unseriöse Ergebnisse von Zapmeta und Izito angezeigt.
Außerdem hat sich eine namenlose Browsererweiterung eingeschlichen, die sich nicht ohne weiteres deinstallieren lässt. Darüber hinaus wird der Browser scheinbar von einer mir unbekannten Organisation verwaltet.
Nach einer Neuinstallation von Chrome und dem Löschen des Google-Verzeichnisses im App-Data-Ordner ist erstmal für einen Tag Ruhe. Danach installiert sich die Erweiterung aber wieder von selbst und alles geht von Vorne los.

Malwarebytes hat 14 Einträge mit dem Namen PUP.Optional.DownloadProtect gefunden.

FRST und Malwarebytes-Logs anbei.

Da ich mit meinem Latein am Ende bin, wäre ich für jede Hilfe enorm dankbar.

Beste Grüße

Hier nochmal der Inhalt der Logs:

FRST


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
durchgeführt von nicob (Administrator) auf DESKTOP-8GVFC0U (LENOVO 81SX) (29-01-2021 11:12:06)
Gestartet von C:\Users\nicob\Downloads
Geladene Profile: nicob
Platform: Windows 10 Pro Version 1909 18363.1316 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <34>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\Display.NvContainer\NVDisplay.Container.exe <2>
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1076728 2020-03-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Overbridge Engine] => C:\Program Files\Elektron Overbridge\Overbridge Engine.exe [4349928 2020-04-07] (Elektron Music Machines MAV AB -> Elektron Music Machines MAV AB)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-10-09] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [KORG USB-MIDI Driver] => C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper.exe [394176 2020-01-29] (KORG INC. -> KORG Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-10-12] (Adobe Inc. -> )
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [100580600 2020-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [Discord] => C:\Users\nicob\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680712 2021-01-12] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [launchOnStartup] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13971528 2020-05-15] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [Reference 4 Systemwide.exe] => C:\Program Files\Sonarworks\Reference 4\Systemwide\Reference 4 Systemwide.exe [20951552 2020-10-28] (Sonarworks) [Datei ist nicht signiert]
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [com.squirrel.splice.Splice] => C:\Users\nicob\AppData\Local\splice\app-3.6.41\Splice.exe
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\MountPoints2: {0acaf2a2-95ca-11ea-a8c4-4c1d9634830b} - "D:\AutoRun.exe" 
HKLM\...\Windows x64\Print Processors\RXEG9pps: C:\Windows\System32\spool\prtprocs\x64\RXEG9pps.dll [34816 2015-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh Co., Ltd.)
HKLM\...\Print\Monitors\RICOH SP 150_150w Language Monitor: C:\Windows\system32\RXEG9lm.dll [27648 2016-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh Co., Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-24] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mackie USB Driver Control Panel Autostart.lnk [2020-04-14]
ShortcutTarget: Mackie USB Driver Control Panel Autostart.lnk -> C:\Program Files\LOUD Technologies Inc\Mackie USB Driver\W10_x64\Mackie_CplApp.exe (Thesycon Software Solutions GmbH & Co. KG -> )
Startup: C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2021-01-23]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {05CB983A-9ABE-4A8E-963C-A3A1F049A03F} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {152B7D44-503A-4295-A018-A0B4CDE5E506} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-24] (Google LLC -> Google LLC)
Task: {1DBE581A-C52E-4B03-BEDA-C5D7CC6E1078} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1F9CBE25-D972-48FB-8524-E47E92568E0D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {250AEB50-4F60-4BB4-9103-76EB6981756A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-03-09] (Lenovo -> )
Task: {290EE04B-8631-4E2E-AC9E-667AAAFEAC81} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C8E5446-137B-4899-A8AC-EB70D0123FBF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {37D6DE04-3BB9-4C2E-A653-568845E92828} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-03-09] (Lenovo -> )
Task: {442B9A07-52EB-4379-B5E2-2054FE92E406} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49243D69-BEB0-405A-A4B2-7C8D0283A2B3} - System32\Tasks\MUP IPsec-Richtlinien-Agent Windows => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> "C:\ProgramData\Package Cache\{7C673057-33C6-45C2-812A-DBB8CB757790}\{380A5DDB-23C6-4508-81F8-418D88A6387E}" <==== ACHTUNG
Task: {57C55928-2180-4130-9FDF-5F01F2D4C6E4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {58A6AC90-F2BB-4829-A623-8E0359D82EEA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5A23B923-2953-4A9A-82DB-C400440C6571} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {6268243E-19CB-487D-968C-32953606E125} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3787991472-4217386366-3756147439-1001 => C:\Users\nicob\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87848 2021-01-22] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {730DD0EE-5845-4146-B4DB-85ED6B0EBAC3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {750F7CFA-D447-487A-B868-FF0381DCAE40} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {941D7EBA-F228-459B-9163-80584F90ACA6} - System32\Tasks\Smartlocker-FiltertreiberAnwendungsverwaltungApp-Vorbereitung => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> C:\Windows\Installer\{872171F9-DE4C-422D-BE59-73C815A75236}\{D4138314-F77E-4682-8FE5-6C038841BE90} <==== ACHTUNG
Task: {A7494FDC-1FE7-4F34-8CA0-8A596ABC1F0D} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {A8D945B5-A6EA-402C-82A2-EBE66E774190} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {AFAE9974-DD1C-4719-BE05-81E7CEAB7700} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1A24E54-72A9-427F-9036-7FF33F6D54AE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4C0007A-599D-4AD9-B1BC-FDF18041AE8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {BEA79284-8B8C-43A0-A968-CFBB19D25A2D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE9634B9-BC02-403E-9A42-C10AA11F44C5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E1EB621B-13F3-41DC-8C3C-816F054D0343} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {E91DF9F5-1AF0-48C0-949A-B92BA04436B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-24] (Google LLC -> Google LLC)
Task: {F58A5316-C646-4957-874F-D6781BE81502} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{07803f80-76fc-418f-9c34-2e2fa1e54fcc}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Profile: C:\Users\nicob\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-29]
Edge Extension: ( ) - C:\Users\nicob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aamoijegognlajljlincdfbomblmfbkb [2021-01-28]
Edge Extension: (Citavi Picker) - C:\Users\nicob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-01-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]

FireFox:
========
FF DefaultProfile: 3aynihbu.default
FF ProfilePath: C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\3aynihbu.default [2020-09-29]
FF ProfilePath: C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release [2021-01-28]
FF user.js: detected! => C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\user.js [2020-09-29]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [Keine Datei]
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-10-09] (Adobe Inc. -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-10-09] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default [2021-01-29]
CHR Extension: (Präsentationen) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-24]
CHR Extension: (Just Black) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2021-01-24]
CHR Extension: (Docs) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-24]
CHR Extension: (Google Drive) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-24]
CHR Extension: (YouTube) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-24]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-28]
CHR Extension: ( ) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljdbahledfnfbginaagcddpcfdpdhjg [2021-01-28]
CHR Extension: (Tabellen) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-24]
CHR Extension: (Unpaywall) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2021-01-24]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Citavi Picker) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2021-01-24]
CHR Extension: (Google Mail) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-25]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-10-09] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2020-10-20] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8902024 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
S2 DolbyDAXAPI; C:\Windows\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-08-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EQU8_18; C:\ProgramData\EQU8\Dual Universe prod\bin\anticheat.x64.equ8.exe [5542592 2020-11-13] (Int3 Software AB -> Int3 Software AB)
S2 FMAPOService; C:\Windows\System32\FMService64.exe [359808 2019-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1748552 2020-05-15] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-27] (GOG Sp. z o.o. -> GOG.com)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-26] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-01-26] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2020-10-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S4 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [Datei ist nicht signiert]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-01-29] (Malwarebytes Corporation -> Malwarebytes)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [43440 2020-01-29] (KORG INC. -> KORG INC.)
S3 loudusbaudio; C:\Windows\System32\drivers\loudusbaudio.sys [374824 2019-10-10] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 loudusbaudioks; C:\Windows\System32\drivers\loudusbaudioks.sys [53800 2019-10-10] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220600 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-29] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142440 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 sonarworks_VirtualDevice; C:\Windows\System32\drivers\sonarworks.sys [442416 2020-10-23] (SIA Sonarworks -> Sonarworks)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [812208 2020-10-23] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 UniSafe; C:\Windows\system32\drivers\UniSafe.sys [581912 2020-10-23] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [74048 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2719256 2020-11-21] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 EQU8_HELPER_18; \??\C:\Windows\system32\DRIVERS\EQU8_HELPER_18.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-01-29 11:12 - 2021-01-29 11:12 - 000028327 _____ C:\Users\nicob\Downloads\FRST.txt
2021-01-29 11:11 - 2021-01-29 11:12 - 000000000 ____D C:\FRST
2021-01-29 11:11 - 2021-01-29 11:11 - 002297856 _____ (Farbar) C:\Users\nicob\Downloads\FRST64 (3).exe
2021-01-29 11:09 - 2021-01-29 11:09 - 002297856 _____ (Farbar) C:\Users\nicob\Downloads\FRST64 (2).exe
2021-01-29 10:57 - 2021-01-29 10:57 - 002297856 _____ (Farbar) C:\Users\nicob\Downloads\FRST64 (1).exe
2021-01-29 10:57 - 2021-01-29 10:57 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-29 10:57 - 2021-01-29 10:57 - 000220600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-29 10:57 - 2021-01-29 10:57 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-01-29 10:57 - 2021-01-29 10:57 - 000142440 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-01-29 10:57 - 2021-01-29 10:57 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-01-29 10:57 - 2021-01-29 10:57 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-29 10:57 - 2021-01-29 10:57 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-29 10:57 - 2021-01-29 10:57 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-29 10:57 - 2021-01-29 10:56 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-29 10:57 - 2021-01-29 10:56 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-01-29 10:56 - 2021-01-29 10:56 - 002086424 _____ (Malwarebytes) C:\Users\nicob\Downloads\MBSetup.exe
2021-01-29 10:56 - 2021-01-29 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-29 10:56 - 2021-01-29 10:56 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-29 10:55 - 2021-01-29 10:55 - 002297856 _____ (Farbar) C:\Users\nicob\Downloads\FRST64.exe
2021-01-29 10:45 - 2021-01-29 10:45 - 008457584 _____ (Malwarebytes) C:\Users\nicob\Downloads\adwcleaner_8.0.9.1.exe
2021-01-28 15:06 - 2021-01-28 15:06 - 000187987 _____ C:\Users\nicob\Desktop\Immatrikulationsbescheinigung_2170400_WS2020.pdf
2021-01-28 14:26 - 2021-01-28 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-28 14:19 - 2021-01-28 14:19 - 000055901 _____ C:\Users\nicob\Desktop\fhp_2021-01-28_14191613449147788340159481.pdf
2021-01-28 14:13 - 2021-01-28 14:13 - 000112532 _____ C:\Users\nicob\Desktop\BARMER_Mitgliedsbescheinigung_V348701228.pdf
2021-01-28 14:01 - 2021-01-28 14:01 - 001175341 _____ C:\Users\nicob\Desktop\Personalfragebogen.pdf
2021-01-27 13:35 - 2021-01-27 13:36 - 000766521 _____ C:\Users\nicob\Desktop\MasterArbeit.pdf
2021-01-26 19:31 - 2021-01-26 19:31 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Sublime Text 3
2021-01-26 19:31 - 2021-01-26 19:31 - 000000000 ____D C:\Users\nicob\AppData\Local\Sublime Text 3
2021-01-26 19:30 - 2021-01-26 19:30 - 000000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2021-01-26 19:30 - 2021-01-26 19:30 - 000000000 ____D C:\Program Files\Sublime Text 3
2021-01-26 19:19 - 2021-01-26 19:30 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2021-01-26 19:19 - 2021-01-26 19:20 - 000000000 ____D C:\Users\nicob\.atom
2021-01-26 19:19 - 2021-01-26 19:19 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Atom
2021-01-26 19:18 - 2021-01-26 19:30 - 000000000 ____D C:\Users\nicob\AppData\Local\atom
2021-01-26 19:10 - 2021-01-26 19:10 - 000000000 ____D C:\Users\nicob\eclipse-workspace
2021-01-26 13:59 - 2021-01-26 14:00 - 000000000 ____D C:\Users\nicob\.webclipse
2021-01-26 12:58 - 2021-01-26 12:58 - 000000000 ____D C:\Users\nicob\.tooling
2021-01-26 12:57 - 2021-01-26 12:57 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2021-01-26 12:55 - 2021-01-26 19:18 - 000000000 ___RD C:\Users\nicob\Desktop\Coding
2021-01-26 12:53 - 2021-01-26 12:53 - 000000000 ____D C:\Users\nicob\eclipse
2021-01-26 12:52 - 2021-01-26 19:11 - 000000000 ____D C:\Users\nicob\.p2
2021-01-26 12:52 - 2021-01-26 12:58 - 000000000 ____D C:\Users\nicob\.eclipse
2021-01-26 12:51 - 2021-01-26 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-01-26 12:51 - 2021-01-26 12:51 - 000000000 ____D C:\Program Files\Common Files\Oracle
2021-01-25 12:14 - 2021-01-26 12:06 - 000000000 ____D C:\Users\nicob\Desktop\Pimp my Van
2021-01-24 17:36 - 2021-01-24 17:36 - 000000000 ____D C:\Users\nicob\AppData\Local\Maine
2021-01-24 16:49 - 2021-01-28 11:30 - 000003618 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-24 16:49 - 2021-01-28 11:30 - 000003394 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-24 16:49 - 2021-01-24 17:29 - 000000000 ____D C:\Users\nicob\AppData\Local\Google
2021-01-24 16:49 - 2021-01-24 16:49 - 000002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-24 16:49 - 2021-01-24 16:49 - 000002274 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-24 16:49 - 2021-01-24 16:49 - 000002274 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-24 16:49 - 2021-01-24 16:49 - 000000000 ____D C:\Program Files\Google
2021-01-24 16:32 - 2021-01-24 16:33 - 000000000 ____D C:\AdwCleaner
2021-01-23 10:13 - 2021-01-23 10:13 - 000000000 ____D C:\Program Files (x86)\LifeInTheWoodsRenaissanceLauncher
2021-01-23 10:12 - 2021-01-23 10:12 - 000000000 ____D C:\Users\nicob\AppData\LocalLow\Oracle
2021-01-22 23:48 - 2021-01-26 18:24 - 000000000 ____D C:\Program Files\Java
2021-01-22 23:48 - 2021-01-26 12:51 - 000069264 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2021-01-22 23:48 - 2021-01-26 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-01-22 23:45 - 2021-01-22 23:45 - 000000000 ____D C:\Users\nicob\Documents\curseforge
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Sun
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\Users\nicob\AppData\LocalLow\Sun
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\Users\nicob\.oracle_jre_usage
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\ProgramData\Oracle
2021-01-22 21:29 - 2021-01-22 21:29 - 000000000 ____D C:\Users\nicob\AppData\Local\mbam
2021-01-22 21:08 - 2021-01-22 23:50 - 000000000 ____D C:\Users\nicob\AppData\Roaming\.minecraft
2021-01-20 11:29 - 2021-01-20 11:29 - 000004440 _____ C:\Windows\system32\Tasks\Smartlocker-FiltertreiberAnwendungsverwaltungApp-Vorbereitung
2021-01-19 23:04 - 2021-01-19 23:04 - 000000000 ____D C:\Users\nicob\Documents\STAR WARS Battlefront II
2021-01-19 23:04 - 2021-01-19 23:04 - 000000000 ____D C:\Users\nicob\AppData\Local\STAR WARS Battlefront II
2021-01-18 22:44 - 2021-01-18 22:44 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-18 22:44 - 2021-01-18 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS Battlefront II
2021-01-18 14:51 - 2021-01-18 14:51 - 000000000 ____D C:\Windows\LastGood.Tmp
2021-01-18 14:49 - 2021-01-04 15:49 - 001855192 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 001855192 _____ C:\Windows\system32\vulkaninfo.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-18 14:49 - 2021-01-04 15:49 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001454488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001193880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001094880 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001094880 _____ C:\Windows\system32\vulkan-1.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 001512856 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 001165720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000690072 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-01-18 14:49 - 2021-01-04 15:46 - 000680856 _____ C:\Windows\system32\nvofapi64.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000673688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000610712 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000559000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000548248 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 008262552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 007393176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 004612504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 002731928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 002104216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 001589144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 000813976 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 000657816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 000447384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-01-18 14:49 - 2021-01-04 15:44 - 000850840 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-01-18 14:49 - 2021-01-04 15:43 - 006071032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-01-18 14:49 - 2020-12-31 15:01 - 000084159 _____ C:\Windows\system32\nvinfo.pb
2021-01-17 11:33 - 2021-01-18 13:47 - 000020198 _____ C:\Users\nicob\Desktop\Diagramm.xlsx
2021-01-16 13:22 - 2021-01-16 13:22 - 000000000 ____D C:\Users\Public\Documents\Blackmagic Design
2021-01-16 13:22 - 2021-01-16 13:22 - 000000000 ____D C:\Users\nicob\Documents\Blackmagic Design
2021-01-16 13:21 - 2021-01-16 13:21 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Blackmagic Design
2021-01-16 13:16 - 2021-01-16 13:16 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-01-16 13:16 - 2021-01-16 13:16 - 000000000 ____D C:\ProgramData\Blackmagic Design
2021-01-16 13:15 - 2021-01-16 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-01-16 13:15 - 2021-01-16 13:17 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design
2021-01-16 13:15 - 2021-01-16 13:15 - 000000000 ____D C:\Program Files\Blackmagic Design
2021-01-16 13:11 - 2021-01-16 14:35 - 000000000 ___RD C:\Users\nicob\Desktop\Video
2021-01-16 12:25 - 2021-01-16 12:25 - 000012773 _____ C:\ProgramData\sokqucqi.nri
2021-01-16 12:25 - 2021-01-16 12:25 - 000000000 ____D C:\Users\nicob\AppData\Local\VideoEditor
2021-01-16 12:25 - 2021-01-16 12:25 - 000000000 ____D C:\Users\nicob\AppData\Local\CrashRpt
2021-01-16 11:42 - 2021-01-16 11:42 - 000000000 ____D C:\Users\nicob\Documents\Audacity
2021-01-16 11:19 - 2021-01-19 20:23 - 000000000 ____D C:\Users\nicob\AppData\Roaming\audacity
2021-01-16 11:19 - 2021-01-16 11:19 - 000004390 _____ C:\Windows\system32\Tasks\MUP IPsec-Richtlinien-Agent Windows
2021-01-16 11:19 - 2021-01-16 11:19 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-01-16 11:19 - 2021-01-16 11:19 - 000000000 ____D C:\Users\nicob\AppData\Roaming\npm
2021-01-16 11:19 - 2021-01-16 11:19 - 000000000 ____D C:\Users\nicob\AppData\Local\Audacity
2021-01-16 11:19 - 2021-01-16 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-01-16 11:19 - 2021-01-16 11:19 - 000000000 ____D C:\Program Files (x86)\nodejs
2021-01-16 11:19 - 2021-01-16 11:19 - 000000000 ____D C:\Program Files (x86)\Audacity
2021-01-16 10:02 - 2021-01-16 10:02 - 000001026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2021.lnk
2021-01-16 09:58 - 2021-01-16 09:58 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2021-01-15 09:07 - 2021-01-15 09:07 - 000576512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-15 09:07 - 2021-01-15 09:07 - 000568320 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-15 09:07 - 2021-01-15 09:07 - 000502784 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-01-15 09:07 - 2021-01-15 09:07 - 000500224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-15 09:07 - 2021-01-15 09:07 - 000455680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-15 09:07 - 2021-01-15 09:07 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-15 09:07 - 2021-01-15 09:07 - 000151040 _____ C:\Windows\system32\uwfcsp.dll
2021-01-15 09:07 - 2021-01-15 09:07 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-15 09:07 - 2021-01-15 09:07 - 000094720 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-15 09:07 - 2021-01-15 09:07 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-15 09:07 - 2021-01-15 09:07 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-15 09:07 - 2021-01-15 09:07 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-15 09:07 - 2021-01-15 09:07 - 000053248 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 002590720 _____ C:\Windows\system32\dwmscene.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 001841152 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 001101312 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000696832 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-15 09:06 - 2021-01-15 09:06 - 000555008 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000549888 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-15 09:06 - 2021-01-15 09:06 - 000331264 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000294912 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-15 09:06 - 2021-01-15 09:06 - 000266752 _____ C:\Windows\system32\HeatCore.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000208384 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000186368 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-15 09:06 - 2021-01-15 09:06 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-15 09:06 - 2021-01-15 09:06 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth18.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth17.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth16.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth15.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2021-01-15 09:05 - 2021-01-15 09:05 - 000540672 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-15 09:05 - 2021-01-15 09:05 - 000453632 _____ C:\Windows\system32\ssdm.dll
2021-01-15 09:05 - 2021-01-15 09:05 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-15 09:05 - 2021-01-15 09:05 - 000164864 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-15 09:05 - 2021-01-15 09:05 - 000061440 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-05 15:39 - 2021-01-05 15:41 - 000000000 ____D C:\ProgramData\Acon Digital
2021-01-05 15:39 - 2021-01-05 15:39 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Acon Digital
2021-01-05 15:39 - 2021-01-05 15:39 - 000000000 ____D C:\Program Files\Acon Digital

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-01-29 10:59 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-29 10:57 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-01-29 10:47 - 2020-04-10 23:41 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-29 10:46 - 2020-04-12 11:38 - 000000000 ____D C:\ProgramData\PACE
2021-01-29 10:35 - 2020-04-10 23:41 - 001724292 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-29 10:35 - 2019-03-19 13:16 - 000746852 _____ C:\Windows\system32\perfh007.dat
2021-01-29 10:35 - 2019-03-19 13:16 - 000151124 _____ C:\Windows\system32\perfc007.dat
2021-01-29 10:35 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2021-01-29 10:33 - 2020-11-11 14:51 - 000000000 ____D C:\Users\nicob\Documents\Citavi 6
2021-01-29 10:29 - 2020-04-12 10:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-29 10:29 - 2020-04-11 01:28 - 000000000 ___RD C:\Users\nicob\Creative Cloud Files
2021-01-29 10:29 - 2020-04-11 00:13 - 000000134 _____ C:\Windows\system32\regtest.txt
2021-01-29 10:29 - 2020-04-10 23:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-29 10:29 - 2020-04-10 23:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-29 00:19 - 2020-04-10 23:36 - 000000000 ____D C:\Users\nicob
2021-01-28 22:09 - 2020-04-11 00:15 - 000000000 ____D C:\Users\nicob\AppData\Roaming\discord
2021-01-28 22:09 - 2020-04-10 23:53 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-28 20:19 - 2019-03-19 05:37 - 000786432 _____ C:\Windows\system32\config\BBI
2021-01-28 14:26 - 2020-10-11 14:12 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-01-28 14:26 - 2020-10-11 14:06 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-28 11:48 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2021-01-28 11:30 - 2020-04-11 00:30 - 000001152 __RSH C:\ProgramData\ntuser.pol
2021-01-27 11:15 - 2020-04-10 23:47 - 000000000 ____D C:\Users\nicob\AppData\Local\LenovoServiceBridge
2021-01-27 00:09 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-26 21:46 - 2020-04-11 00:17 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Origin
2021-01-26 21:46 - 2020-04-11 00:17 - 000000000 ____D C:\ProgramData\Origin
2021-01-26 21:32 - 2020-04-12 10:18 - 000000000 ____D C:\Users\nicob\AppData\Roaming\TeamViewer
2021-01-26 20:43 - 2020-08-23 17:18 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-26 20:43 - 2020-04-11 00:19 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-26 20:43 - 2020-04-11 00:17 - 000000000 ____D C:\Users\nicob\AppData\Local\Origin
2021-01-26 19:50 - 2020-04-18 17:35 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Elektron Transfer
2021-01-26 19:38 - 2020-04-10 23:48 - 000000000 ___RD C:\Users\nicob\Desktop\Rechnungen
2021-01-26 19:19 - 2020-04-11 00:15 - 000000000 ____D C:\Users\nicob\AppData\Local\SquirrelTemp
2021-01-26 19:14 - 2020-04-11 01:30 - 000000000 ___RD C:\Users\nicob\Desktop\Bildbearbeitung
2021-01-26 19:00 - 2020-11-02 12:40 - 000000000 ____D C:\Program Files\OpenVPN
2021-01-24 17:31 - 2020-11-11 14:51 - 000000000 ____D C:\ProgramData\Swiss Academic Software
2021-01-24 17:31 - 2020-11-11 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 6
2021-01-24 17:31 - 2020-05-29 14:57 - 000000000 ____D C:\Users\nicob\AppData\Local\Downloaded Installations
2021-01-24 16:49 - 2020-04-10 23:40 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-24 16:20 - 2020-04-10 23:37 - 000000000 ____D C:\Users\nicob\AppData\Local\Packages
2021-01-24 16:11 - 2020-05-15 10:26 - 000000000 ____D C:\temp
2021-01-24 16:11 - 2020-04-21 09:45 - 000000000 ____D C:\Users\nicob\AppData\Local\CrashDumps
2021-01-24 16:11 - 2020-04-11 00:32 - 000000000 ____D C:\Windows\Panther
2021-01-24 15:54 - 2020-04-11 09:30 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-24 12:50 - 2020-04-11 01:26 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-01-23 23:25 - 2020-11-24 22:35 - 000559134 _____ C:\Users\nicob\Documents\PS-Verlaufsprotokoll.txt
2021-01-23 23:03 - 2020-10-05 18:54 - 000000000 ___RD C:\Users\nicob\Desktop\Musik
2021-01-22 23:43 - 2020-04-11 00:13 - 000000000 ____D C:\Users\nicob\AppData\Local\D3DSCache
2021-01-22 23:31 - 2020-04-10 23:50 - 000000000 ___RD C:\Users\nicob\Desktop\Games
2021-01-22 20:06 - 2020-08-23 10:10 - 000000000 ____D C:\Users\nicob\AppData\Local\Frontier_Developments
2021-01-22 17:03 - 2020-12-06 14:10 - 000000000 ____D C:\Users\nicob\Desktop\Quellen
2021-01-22 09:24 - 2020-04-11 09:44 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-01-20 22:55 - 2020-04-12 20:08 - 000000000 ____D C:\Users\nicob\AppData\Local\ElevatedDiagnostics
2021-01-20 09:36 - 2020-04-10 23:39 - 000000000 ____D C:\Users\nicob\AppData\Local\PlaceholderTileLogoFolder
2021-01-18 23:23 - 2020-05-07 00:05 - 000000000 ____D C:\Program Files\Epic Games
2021-01-18 17:19 - 2020-04-11 00:38 - 000000000 ____D C:\Users\nicob\AppData\Local\NVIDIA
2021-01-18 10:08 - 2020-10-01 18:46 - 000000000 ___RD C:\Users\nicob\Desktop\Archiv
2021-01-16 11:29 - 2020-06-26 08:31 - 000003688 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-16 11:29 - 2020-06-26 08:31 - 000003464 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-16 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2021-01-16 11:19 - 2020-04-11 00:08 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-16 11:17 - 2020-04-11 00:34 - 000000000 ____D C:\Program Files\VST Plugins
2021-01-16 10:02 - 2020-04-11 01:24 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-01-16 09:45 - 2020-04-10 23:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-16 09:45 - 2020-04-10 23:37 - 000000000 ___RD C:\Users\nicob\3D Objects
2021-01-16 09:44 - 2020-04-10 23:32 - 000446400 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-16 09:44 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2021-01-16 09:44 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\LiveKernelReports
2021-01-15 22:30 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-15 22:30 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-15 22:30 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\F12
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SystemResources
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\setup
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\oobe
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\migwiz
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Dism
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Com
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellComponents
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\Provisioning
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\IME
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\bcastdvr
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-15 09:12 - 2020-04-11 23:36 - 000000000 ____D C:\Windows\system32\MRT
2021-01-15 09:12 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2021-01-15 09:10 - 2020-04-11 23:36 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-01-15 09:05 - 2020-04-10 23:35 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-14 16:32 - 2020-10-06 14:29 - 000002278 ____H C:\Users\nicob\Documents\Default.rdp
2021-01-14 15:54 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-01-12 10:11 - 2020-04-11 01:24 - 000000000 ____D C:\Program Files\Adobe
2021-01-09 12:35 - 2020-06-26 08:31 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-08 11:25 - 2020-04-11 00:27 - 000000000 ____D C:\ProgramData\Adobe
2021-01-04 15:43 - 2020-04-10 23:39 - 007115280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2020-09-26 08:41 - 2020-09-26 08:41 - 000008106 _____ () C:\Program Files\Common Files\InstallationLogFile.log
2020-09-26 08:41 - 2020-09-26 08:41 - 000008637 _____ () C:\Program Files\Common Files\unins000.dat
2020-09-26 08:41 - 2020-09-26 08:39 - 002540184 _____ () C:\Program Files\Common Files\unins000.exe
2020-09-26 08:41 - 2020-09-26 08:41 - 000022837 _____ () C:\Program Files\Common Files\unins000.msg
2020-07-12 07:44 - 2020-07-12 07:46 - 000000016 _____ () C:\Users\nicob\AppData\Roaming\msregsvv.dll
2020-04-11 00:47 - 2020-04-17 17:44 - 000508758 _____ () C:\Users\nicob\AppData\Roaming\overbridge_install_log.txt
2020-04-11 01:24 - 2020-04-11 01:24 - 000000410 _____ () C:\Users\nicob\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
         

--- --- ---

[/CODE]

FRST Addition

Code: Alles auswählenAufklappen

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-01-2021
durchgeführt von nicob (29-01-2021 11:13:37)
Gestartet von C:\Users\nicob\Downloads
Windows 10 Pro Version 1909 18363.1316 (X64) (2020-04-10 22:34:09)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3787991472-4217386366-3756147439-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3787991472-4217386366-3756147439-503 - Limited - Disabled)
Gast (S-1-5-21-3787991472-4217386366-3756147439-501 - Limited - Disabled)
nicob (S-1-5-21-3787991472-4217386366-3756147439-1001 - Administrator - Enabled) => C:\Users\nicob
WDAGUtilityAccount (S-1-5-21-3787991472-4217386366-3756147439-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AAS - Lounge Lizard Session 4 (HKLM-x32\...\Lounge Lizard Session 4) (Version:  - Applied Acoustics Systems)
AAS - Strum Session 2 (HKLM-x32\...\Strum Session 2) (Version:  - Applied Acoustics Systems)
AAS - Ultra Analog Session 2 (HKLM-x32\...\Ultra Analog Session 2) (Version:  - Applied Acoustics Systems)
Ableton Live 10 Standard (HKLM\...\{5DFB3F43-0CB5-4C3D-AF4E-A02DFA66186E}) (Version: 10.0.0.0 - Ableton)
Acon Digital DeVerberate (64 bit) 2.0.7 (HKLM\...\{458357DE-C14B-4FDE-B614-7862427596C4}_is1) (Version: 2.0.7 - Acon AS)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_0_1) (Version: 11.0.1 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
AmpliTube 4 version 4.10.0 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.10.0 - IK Multimedia)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
BABY Audio - I Heart NY version 1.1.0 (HKLM\...\BABY Audio - I Heart NY_is1) (Version: 1.1.0 - )
Balancer 1.0.3 (HKLM\...\{469C9553-FB7D-46A9-8A9E-AFE3D21EEFC4}_is1) (Version: 1.0.3 - focusrite)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.66.0 - Bethesda Softworks)
Blackmagic RAW Common Components (HKLM\...\{60461BA6-AFA0-4D54-AFE1-54EC717AA7D9}) (Version: 1.8.2 - Blackmagic Design)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bx_subfilter 1.5.1 (HKLM\...\bx_subfilter_is1) (Version: 1.5.1 - Plugin Alliance)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.9.03049 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{960848DA-AFA2-4067-8260-C866B7411DA4}) (Version: 4.9.03049 - Cisco Systems, Inc.) Hidden
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.8.0.0 - Swiss Academic Software)
CollaB3 version 1.0.0 (HKLM\...\CollaB3_is1) (Version: 1.0.0 - )
DaVinci Resolve (HKLM\...\{47B30418-F683-4F19-BEF9-BA5E490154BF}) (Version: 16.2.8005 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
DC1A3 version 3.2.0.0 (HKLM\...\DC1A3_is1) (Version: 3.2.0.0 - )
Denise Noize Retro version 1.0.0 (HKLM\...\Denise Noize Retro_is1) (Version: 1.0.0 - )
Denise Punisher version 1.0.0 (HKLM\...\Denise Punisher_is1) (Version: 1.0.0 - )
discoDSP OB-Xd 1.5 (HKLM\...\OBXD_is1) (Version: 1.5 - discoDSP)
Discord (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Elektron Overbridge 2.0.37.3 (HKLM\...\{E957ACC7-6E9E-4CB0-B8ED-D71D941D77A5}) (Version: 2.0.37.3 - Elektron Music Machines MAV AB)
Elektron Transfer 1.2.2.9 (HKLM\...\{D2A949AD-B13D-4455-9E63-98F826AD15E8}) (Version: 1.2.2.9 - Elektron Music Machines MAV AB)
E-License Manager (HKLM\...\{6C169D27-4A5B-41AB-815B-3B5CADD10D6F}) (Version: 1.4.0.0 - Magix) Hidden
E-License Manager (HKLM-x32\...\E-License Manager) (Version: 1.4.0.0 - Best Service)
elysia niveau filter 1.12 (HKLM\...\elysia niveau filter_is1) (Version: 1.12 - Plugin Alliance)
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Exponential Audio:: Excalibur version 4.0.2 (HKLM\...\{9BABADBE-DC2D-4EB2-A9A8-AF7E1EB57724}_is1) (Version: 4.0.2 - Exponential Audio LLC)
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
Fairlight Studio Utility (HKLM\...\{6C7FC3A1-DA64-4ACE-8F05-301CBECD5BE9}) (Version: 1.2.0.0 - Blackmagic Design)
Firefly version 1.0.1 (HKLM\...\Firefly_is1) (Version: 1.0.1 - )
Focus version 1.0.1 (HKLM\...\Focus_is1) (Version: 1.0.1 - )
Frontier (64bit) (HKLM\...\{AE40D361-16A0-48EB-98ED-317F6402A498}) (Version: 1.0.0.0 - D16 Group Audio Software)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Halls Of Fame 3 (HKLM\...\{F7F63B6D-1A00-4191-9BEC-A8A56D6F581E}) (Version: 3.1.5 - Best Service) Hidden
Halls Of Fame 3 (HKLM-x32\...\Halls Of Fame 3) (Version: 3.1.5 - Best Service)
HY-SEQ16x3v2_free version 1.1.3 (HKLM\...\HY-SEQ16x3v2_free_is1) (Version: 1.1.3 - )
IK Multimedia Authorization Manager version 1.0.26 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.26 - IK Multimedia)
Impulse Record Convology XT (HKLM-x32\...\Impulse Record Convology XT) (Version: 1.18 - Impulse Record)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{9B7D5CA0-5521-458D-88D9-AF7D9A06E753}) (Version: 11.1.072 - Intel Corporation)
IVGI2 version 2.2.0.0 (HKLM\...\IVGI2_is1) (Version: 2.2.0.0 - )
iZotope Trash 2 (HKLM-x32\...\iZotope Trash 2) (Version: 2.05d.322 - iZotope, Inc.)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java(TM) SE Development Kit 15.0.2 (64-bit) (HKLM\...\{2041CF7D-1F63-5C58-9F35-C445251E39C9}) (Version: 15.0.2.0 - Oracle Corporation)
kikzilla 1.0.1 (HKLM-x32\...\kikzilla) (Version: 1.0.1 - intelligent sounds & music)
KORG M1 Le (HKLM\...\{2D2D5665-7009-4F75-A0EA-C73F57700E36}) (Version: 1.1.0 - KORG Inc.)
KORG minilogue xd Sound Librarian (HKLM-x32\...\{3B6B7B81-23CB-4BDF-914B-B02C6D37A5F5}) (Version: 1.0.5 - KORG Inc.)
KORG USB-MIDI Driver Tools for Windows 10 (HKLM-x32\...\{C7B06DB0-64A6-436E-B473-0E0EECC5E174}) (Version: 1.15.3502 - Korg Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.1.7 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0095 - Lenovo)
Mackie USB Driver v4.67.0 (HKLM-x32\...\Software_LOUD Technologies Inc._loudusbaudio_Setup) (Version: 4.67.0 - LOUD Technologies Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
MH Thump version 2.0.2 (HKLM\...\MH Thump_is1) (Version: 2.0.2 - Metric Halo)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13628.20274 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.65 - )
Microsoft OneDrive (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Teams) (Version: 1.3.00.26064 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM-x32\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation)
MJUCjr version 1.2.0.0 (HKLM\...\MJUCjr_is1) (Version: 1.2.0.0 - )
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.6.0.513 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.12.1.129 - Native Instruments)
Native Instruments Traktor DJ 2 (HKLM-x32\...\Native Instruments Traktor DJ 2) (Version: 2.4.1.478 - Native Instruments)
Neutron 3 Elements (HKLM-x32\...\Neutron 3 Elements) (Version: 3.1.1 - iZotope, Inc.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Oracle version 1.0.2 (HKLM\...\Oracle_is1) (Version: 1.0.2 - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.91.46291 - Electronic Arts, Inc.)
Overtone version 1.0.1 (HKLM\...\Overtone_is1) (Version: 1.0.1 - )
Ozone 9 Elements (HKLM\...\Ozone 9 Elements) (Version: 9.1.0 - iZotope, Inc.)
PACE License Support Win64 (HKLM\...\{CDDC4CA3-FBF0-46c3-8EB1-B001EA7FDA55}) (Version: 5.2.1.3096 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{CDDC4CA3-FBF0-46c3-8EB1-B001EA7FDA55}) (Version: 5.2.1.3096 - PACE Anti-Piracy, Inc.)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
Percolate version 1.0.1 (HKLM\...\Percolate_is1) (Version: 1.0.1 - )
Phoscyon 1.9.5 (64bit) (HKLM\...\{D32B89DD-B8E6-4443-9BB2-97290BA4B8A8}) (Version: 1.9.5.0 - D16 Group Audio Software)
PlanetSide 2 (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Product Portal (HKLM-x32\...\Product Portal) (Version:  - iZotope, Inc.)
Pulsar Smasher (HKLM-x32\...\9F5698D7-A1EA-4593-BB9A-E59A7437023E_is1) (Version: 1.0.3 - Pulsar Audio)
PunchBox (64bit) (HKLM\...\{1450ADD8-4144-45AE-96EC-98970124D3A4}) (Version: 1.0.6.0 - D16 Group Audio Software)
Radio version 1.1.5 (HKLM\...\Radio_is1) (Version: 1.1.5 - )
REDlauncher (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Reference 4 AAX plugin for ProTools 10 (HKLM-x32\...\{4046F39E-98E9-4DFA-B3AC-F83288B5BC93}) (Version: 4.4.6.20 - Sonarworks)
Reference 4 AAX plugin for ProTools 11/12 (HKLM\...\{0DA8484E-B284-4944-AE41-C3EED4884CC8}) (Version: 4.4.6.20 - Sonarworks)
Reference 4 RTAS plugin (HKLM-x32\...\{C5ADB05C-F758-4C70-998F-900C693CB29E}) (Version: 4.4.5.51 - Sonarworks)
Reference 4 VST plugin (32-bit) (HKLM-x32\...\{251D830E-D913-45AB-ADA7-19751C649EE3}) (Version: 4.4.6.20 - Sonarworks)
Reference 4 VST plugin (64-bit) (HKLM\...\{5F524C89-B8AE-49DB-9828-D5233294CCDD}) (Version: 4.4.6.20 - Sonarworks)
rekordbox 6.0.3 64bit (HKLM\...\Pioneer rekordbox 6.0.3) (Version: 6.0.3.0003 - AlphaTheta)
RICOH SP 150 (HKLM-x32\...\{236068F9-94B6-45CD-A6BE-3BF03170AAB8}) (Version: 1.045.00 - Ricoh Co., Ltd.) Hidden
RICOH SP 150 (HKLM-x32\...\InstallShield_{236068F9-94B6-45CD-A6BE-3BF03170AAB8}) (Version: 1.045.00 - Ricoh Co., Ltd.)
RX 7 Elements (HKLM-x32\...\RX 7 Audio Editor) (Version: 7.01 - iZotope, Inc.)
Sonarworks Reference 4 Systemwide (HKLM\...\{8760905F-8968-46EF-ADF3-7CFF91CE9952}) (Version: 4.4.6.20 - Sonarworks)
Spitfire Audio (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.2.12 - Spitfire Audio Holdings Ltd)
SPL Free Ranger 1.14.1 (HKLM\...\SPL Free Ranger_is1) (Version: 1.14.1 - Plugin Alliance)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
STL Ignite - Emissary Plug-In Bundle (HKLM\...\STL Ignite - Emissary Plug-In Bundle_is1) (Version: 2.0.2 - )
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SyS Audioresearch notomizer (HKLM-x32\...\Notomizer_v1.1) (Version:  - )
SyS Audioresearch Ton-Geraet I (HKLM-x32\...\Ton-Geraet I) (Version:  - )
TAL-Chorus-LX (64bit) (HKLM\...\{AD82F5D9-5FF3-497E-94E1-752DBB38E5D4}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Filter-2 (64bit) (HKLM\...\{248546B8-D8A9-44AD-B60C-0B599D8E5265}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-NoiseMaker (64bit) (HKLM\...\{75E692A0-5118-4BE0-98CE-649A21B7C76A}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Reverb-4 (64bit) (HKLM\...\{91FB3C47-132B-402A-AC35-E9B5588AC257}) (Version: 1.3.7 - TAL - Togu Audio Line)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.13.6 - TeamViewer)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version:  - Electronic Arts, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 112.3 - Ubisoft)
UVI Portal 1.2.4 (HKLM-x32\...\UVI Portal_is1) (Version: 1.2.4 - UVI)
UVI Workstation x64 3.0.11 (HKLM\...\UVI Workstation x64_is1) (Version: 3.0.11 - UVI)
ValhallaFreqEcho version 1.0.5 (HKLM-x32\...\{86164718-6457-42DE-8DB6-EA05F7045F2C}_is1) (Version: 1.0.5 - Valhalla DSP, LLC)
ValhallaSupermassive version 1.0.0 (HKLM-x32\...\{32E5DA92-251F-41D5-93E1-450C00D0B159}_is1) (Version: 1.0.0 - Valhalla DSP, LLC)
Venom version 1.0.0 (HKLM\...\Venom_is1) (Version: 1.0.0 - W.A. Production)
VG-CARBON 1.0.1 (HKLM\...\98ba8073-3012-43fc-a569-31a2d3c9fd80_is1) (Version: 1.0.1 - UJAM)
vmpc version 1.1 (HKLM\...\vmpc_is1) (Version: 1.1 - )
Vocal Splitter version 2.0.1 (HKLM\...\Vocal Splitter_is1) (Version: 2.0.1 - )
Voltage Modular (HKLM\...\Voltage Modular) (Version: 1.3.16 - Cherry Audio)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
Waves Central (HKLM\...\{ab507e17-892b-5203-838d-d58d8d09c50f}) (Version: 11.0.58 - Waves Audio Ltd)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Zoom (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\ZoomUMX) (Version: 5.4.1 (58698.1027) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-10-09] (Adobe Systems Incorporated)
Dolby Atmos for Gaming -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosforGaming_3.20500.501.0_x64__rz1tebttyb220 [2020-06-23] (Dolby Laboratories)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.50.7.0_x86__kgqvnymyfvs32 [2020-12-16] (king.com)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-02] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4251.0_x64__8wekyb3d8bbwe [2021-01-27] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-20] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-06-23] (Realtek Semiconductor Corp)
Sea of Thieves -> C:\Program Files\WindowsApps\Microsoft.SeaofThieves_2.97.2612.2_x64__8wekyb3d8bbwe [2020-12-12] (ms-resource:PublisherDisplayName)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EBA3EC031F98} -> [Creative Cloud Files] => C:\Users\nicob\Creative Cloud Files [2020-04-11 01:28]
CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\nicob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\nicob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-29] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Drivers32: [midi1] => C:\Windows\system32\KORGUM64.DRV [327088 2020-01-29] (KORG INC. -> KORG INC.)
HKLM\...\Drivers32: [midi1] => C:\Windows\SysWOW64\KORGUM64.DRV [314800 2020-01-29] (KORG INC. -> KORG INC.)

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2021-01-28 11:30 - 2021-01-28 11:30 - 000010752 _____ () [Datei ist nicht signiert] C:\Program Files\Google\Chrome\Application\VERSION.dll
2020-06-14 13:31 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows\System32:tdsrset_i.gfc [5846]
AlternateDataStreams: C:\ProgramData\PACE:894E73564E31FA2E [217]
AlternateDataStreams: C:\Users\nicob\Anwendungsdaten:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\nicob\Anwendungsdaten:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\nicob\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\nicob\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.DLL [2021-01-11] (Swiss Academic Software -> Swiss Academic Software)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll => Keine Datei
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.DLL [2021-01-11] (Swiss Academic Software -> Swiss Academic Software)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\sharepoint.com -> hxxps://iwfhpotsdam-files.sharepoint.com

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\nodejs\
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "launchOnStartup"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "Reference 4 Systemwide.exe"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "OPENVPN-GUI"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{375E6326-1802-433B-B2CC-BDF0DEE7575C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BEA11CFE-856D-4F5F-8F31-DC48F0C1E6D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DE2DD3A2-9318-46F7-89F1-325D4A2D094E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{C7BCC2C7-3BD5-44C5-A906-3D4E9C08F9F4}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{14D439E9-FCEC-4E4C-A005-E014FBD2B2E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{18628B06-F7C8-452F-AED6-C40A28C2F822}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7F540045-E07F-4C5B-8EA0-C85811B0F417}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F7663F26-174F-41D9-9A19-F032E6B9FAAE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{185568B6-DAB9-483E-B97B-7E850BDF6356}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FDFF07C1-3AE6-449B-AB48-74B23AC27821}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{903BE9CE-24B1-4DC0-9916-163B8F683E33}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AE366AE0-2BE1-49F9-AFF5-E1119E86C9B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5C3BEB01-C0ED-4206-A266-DBA2E7E91AB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F8F4CDB9-0F6D-4861-9718-25AE2BDEC2F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{649D1678-F204-4798-9A62-EA7B465E8B28}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DF51D13D-398B-4D97-BEA1-8AE3AF303EB4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{C89A62BE-D334-44F0-BC14-1573848D0417}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [UDP Query User{8B8DF4D7-9972-4425-85AD-00B9274D7D07}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [TCP Query User{66F1D9A6-BD4D-468A-87FB-B6E3E56A7B99}C:\program files (x86)\uvi portal\uvi portal.exe] => (Allow) C:\program files (x86)\uvi portal\uvi portal.exe (UVI) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{271D73A5-D290-4A14-A19E-779C669CA5DC}C:\program files (x86)\uvi portal\uvi portal.exe] => (Allow) C:\program files (x86)\uvi portal\uvi portal.exe (UVI) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{5F6A13AA-E272-4290-AB4B-AAF1CEA41CF5}C:\program files (x86)\gog galaxy\games\stellaris\stellaris.exe] => (Allow) C:\program files (x86)\gog galaxy\games\stellaris\stellaris.exe => Keine Datei
FirewallRules: [UDP Query User{A3C3E99C-CF9C-4BF2-B41D-41E2A1E075EC}C:\program files (x86)\gog galaxy\games\stellaris\stellaris.exe] => (Allow) C:\program files (x86)\gog galaxy\games\stellaris\stellaris.exe => Keine Datei
FirewallRules: [TCP Query User{9B59077E-114E-4762-86E4-672242DA0910}C:\program files\ableton\program\ableton live 10 standard.exe] => (Allow) C:\program files\ableton\program\ableton live 10 standard.exe (Ableton AG -> Ableton)
FirewallRules: [UDP Query User{7E076901-5BDF-4B1F-9440-B3B4BED7190C}C:\program files\ableton\program\ableton live 10 standard.exe] => (Allow) C:\program files\ableton\program\ableton live 10 standard.exe (Ableton AG -> Ableton)
FirewallRules: [{1DE8CA7F-7A5E-4371-9276-730C8533D7E6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{85B60D96-0057-452A-B94A-95AEABDFA4F7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{19022910-2EDC-4D9B-B9CC-1479B619C4B7}C:\users\nicob\appdata\local\programs\kast-app\kast.exe] => (Allow) C:\users\nicob\appdata\local\programs\kast-app\kast.exe => Keine Datei
FirewallRules: [UDP Query User{7EFAD485-F253-458B-B4C8-BC42B4A3E3A0}C:\users\nicob\appdata\local\programs\kast-app\kast.exe] => (Allow) C:\users\nicob\appdata\local\programs\kast-app\kast.exe => Keine Datei
FirewallRules: [TCP Query User{6AD61E40-1ED8-4D9C-A6EA-C7A54FDC50E1}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => Keine Datei
FirewallRules: [UDP Query User{7AFBC587-A076-4097-9DC1-4028D2383A88}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => Keine Datei
FirewallRules: [TCP Query User{2DED4C37-B2E4-4DCF-9879-82238493536B}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [UDP Query User{FE8D45D0-8E8C-4199-91AC-8E2767AF8087}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [TCP Query User{0FFBF1D9-7571-4747-8691-F5E0E739EC74}C:\program files (x86)\gog galaxy\games\stellaris\stellaris.exe] => (Allow) C:\program files (x86)\gog galaxy\games\stellaris\stellaris.exe => Keine Datei
FirewallRules: [UDP Query User{183979E3-9467-4FE5-A4B8-FD62D75A22E8}C:\program files (x86)\gog galaxy\games\stellaris\stellaris.exe] => (Allow) C:\program files (x86)\gog galaxy\games\stellaris\stellaris.exe => Keine Datei
FirewallRules: [{ECD0FE4E-0C15-48EA-8CA7-8E7454A60116}] => (Allow) C:\Users\nicob\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6248A71E-F1FC-4EBF-9DC4-B966BFDDEE23}] => (Allow) C:\Users\nicob\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{43A5E0DA-AF0E-4AD9-89BD-DDEE3029B01F}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.0.3\rekordbox.exe (AlphaTheta Corporation -> AlphaTheta Corporation)
FirewallRules: [{FD2E8760-33F9-4D29-9327-E782FBC1A137}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.0.3\psvnfsd.exe (AlphaTheta Corporation -> AlphaTheta Corporation.)
FirewallRules: [{146D817E-7728-4C26-99A4-BBD725BA0851}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.0.3\psvlinksysmgr.exe (AlphaTheta Corporation -> AlphaTheta Corporation.)
FirewallRules: [{54EF9C6E-4CC5-48B4-A741-9C57BD343353}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.0.3\edb_streamd.exe (AlphaTheta Corporation -> )
FirewallRules: [{D119AF30-AF03-4E98-A0DC-9933FDBDBDF7}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.0.3\ls-unity-rekordbox-win-64bit.exe (AlphaTheta Corporation -> )
FirewallRules: [{DEA1ED9E-EC3E-4721-B718-A52419816D79}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.0.3\rbHttpServer.exe (AlphaTheta Corporation -> )
FirewallRules: [{5CAB4A2D-F334-4D50-8685-8F7FE622EF70}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.0.3\rekordboxAgent-win32-x64\rekordboxAgent.exe (AlphaTheta Corporation -> AlphaTheta Corporation)
FirewallRules: [TCP Query User{A230A1C7-899D-4BE1-A554-90B489FA1C4C}C:\program files (x86)\steam\steamapps\common\lord of the rings online\x64\lotroclient64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\x64\lotroclient64.exe => Keine Datei
FirewallRules: [UDP Query User{CF8FFF23-B42A-485D-826A-E255AE483935}C:\program files (x86)\steam\steamapps\common\lord of the rings online\x64\lotroclient64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\x64\lotroclient64.exe => Keine Datei
FirewallRules: [{FD220562-F0F3-40BB-B573-B6194AB19D74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => Keine Datei
FirewallRules: [{25AB1FAB-80C1-4F5E-A861-59F465EACF4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => Keine Datei
FirewallRules: [{8B892BB6-1696-48B1-94C6-C5608F545F96}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{49CD846B-5578-4098-A39B-8DA094398BAC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7C8FC71F-90CE-457E-9CCB-DB6D08367991}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7B9E43F5-2E91-4BFD-9B6D-8BF0E6364C7D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{42F14ECB-CF84-47E6-9841-3BBFCA3BBE7E}C:\users\nicob\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\nicob\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{70D4C825-C0B6-44C3-9CC4-30D119575DC6}C:\users\nicob\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\nicob\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{B06C6068-FB28-4EA3-86CF-FB48B54B5246}C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe => Keine Datei
FirewallRules: [UDP Query User{01C6095C-A90B-4A9E-8A49-9B1B5C1912F9}C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe => Keine Datei
FirewallRules: [TCP Query User{87736885-DCA1-4A59-BFFC-D601B49177DD}C:\program files (x86)\ubisoft\ubisoft game launcher\games\hyper scape\hyperscape.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\hyper scape\hyperscape.exe => Keine Datei
FirewallRules: [UDP Query User{C2A27DA9-D67B-4F3D-B1DF-E43774E2C5D8}C:\program files (x86)\ubisoft\ubisoft game launcher\games\hyper scape\hyperscape.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\hyper scape\hyperscape.exe => Keine Datei
FirewallRules: [TCP Query User{261B8972-A30C-4224-AEB7-B20C3F12378C}C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe] => (Allow) C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe => Keine Datei
FirewallRules: [UDP Query User{BAC7BCBB-A11B-459E-A39C-CA34444AAF8D}C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe] => (Allow) C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe => Keine Datei
FirewallRules: [TCP Query User{C364EE03-AADF-4796-92DB-FE3896AECC54}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe => Keine Datei
FirewallRules: [UDP Query User{C7C025CE-7034-48EE-B920-65C889534B5E}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe => Keine Datei
FirewallRules: [{9B20649A-CC28-4646-A592-EC73A8141A74}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{E8CCDD0E-1B70-45F3-AF7D-44DD11FA01F5}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{8A3BDD28-F1C7-4F45-8B22-8F70CFC9E434}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{B89114E2-5639-4455-8A93-C96ED3B54CAF}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [TCP Query User{59B85660-DC60-4762-A7F0-3FB0491F72E7}C:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) C:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{56ADDCDA-1808-4E87-8DE1-C88949D1886E}C:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) C:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{A885225B-CD8E-4947-A98E-CB9460651CF2}C:\program files (x86)\bethesda.net launcher\games\fallout76\fallout76.exe] => (Allow) C:\program files (x86)\bethesda.net launcher\games\fallout76\fallout76.exe => Keine Datei
FirewallRules: [UDP Query User{1DE2E05E-34FB-4533-9553-A2557E9C0936}C:\program files (x86)\bethesda.net launcher\games\fallout76\fallout76.exe] => (Allow) C:\program files (x86)\bethesda.net launcher\games\fallout76\fallout76.exe => Keine Datei
FirewallRules: [TCP Query User{67A7D474-3A69-424B-9D18-C03D6878F3A9}C:\users\nicob\downloads\anydesk.exe] => (Allow) C:\users\nicob\downloads\anydesk.exe => Keine Datei
FirewallRules: [UDP Query User{868402CD-1B41-41D4-A631-FBDC0D2DE001}C:\users\nicob\downloads\anydesk.exe] => (Allow) C:\users\nicob\downloads\anydesk.exe => Keine Datei
FirewallRules: [{E0293898-39E8-4E38-83B1-4D9A71C7E3A6}] => (Allow) C:\Program Files (x86)\GREYHOUND\Client\Greyhound.exe => Keine Datei
FirewallRules: [{FC32E4E2-F8AB-4E5A-8773-D5CA0950B4D1}] => (Allow) C:\Program Files (x86)\GREYHOUND\Client\Greyhound.exe => Keine Datei
FirewallRules: [{6E453BB6-0193-4307-A9AF-7B86F832F8FE}] => (Allow) C:\Program Files (x86)\GREYHOUND\Client\GreyhoundFileSync.exe => Keine Datei
FirewallRules: [{7D7DC640-6A17-4C7A-971F-4FDB7387DA0A}] => (Allow) C:\Program Files (x86)\GREYHOUND\Client\GreyhoundFileSync.exe => Keine Datei
FirewallRules: [{8CC33345-A0EA-42AB-9C0C-BD3320E14711}] => (Allow) C:\Program Files (x86)\GREYHOUND\Client\GreyhoundTransporter.exe => Keine Datei
FirewallRules: [{DC4CD668-6819-4212-AC27-EAA649B4410F}] => (Allow) C:\Program Files (x86)\GREYHOUND\Client\GreyhoundTransporter.exe => Keine Datei
FirewallRules: [{25FC80C2-A93A-446E-91DF-3EFB02AC6F13}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => Keine Datei
FirewallRules: [{03DE6ECC-430B-4323-A915-9FC955B8840D}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => Keine Datei
FirewallRules: [{443A415A-5F47-41CB-B517-25499295A19D}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => Keine Datei
FirewallRules: [{41A0F467-754B-44A2-8C45-5A05126A9D77}] => (Allow) C:\Program Files\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => Keine Datei
FirewallRules: [{8D18511B-0AA3-4167-854D-CCB0E7C0F780}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F6A25EF4-A265-4BE7-AB02-0902E9859C44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{94C36BAD-063E-404D-801A-E96C972F12DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C0DC383C-5124-4E19-B8D5-831C84180D21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{61B3AE69-0FCC-4142-9CF5-EE0AE6CA33CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => Keine Datei
FirewallRules: [{1383C7B1-C1F8-4025-97F4-C01165E155CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => Keine Datei
FirewallRules: [TCP Query User{EB6228F7-D6CA-4B3B-8D17-746CBDBD8094}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe (Respawn Entertainment, LLC -> Respawn Entertainment)
FirewallRules: [UDP Query User{2A7E28E1-7E28-46E3-A248-5FA1B01FD770}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe (Respawn Entertainment, LLC -> Respawn Entertainment)
FirewallRules: [{A6ACB9C6-5824-4354-BFB5-EBDA444B53BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{0474A0A8-C9E8-46A1-84E2-23BFB0E5A923}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [TCP Query User{B75624AB-2C6B-4093-805B-9D3F8AC97024}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{C52B9F83-4B4F-44EB-93E1-E47CD80A381A}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{E50CB186-2683-48C4-AE1A-A49763F9862F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe (Frontier Developments Plc -> Frontier Developments)
FirewallRules: [{D49F971F-0365-4A9E-8C25-E26A605031C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe (Frontier Developments Plc -> Frontier Developments)
FirewallRules: [{0FC14A84-5D72-42EB-BA17-CDD9C8AF97A2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9AB77E54-F44A-4061-A8D4-DDDAF31A77BE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{17F6C377-6C78-4A56-93E1-4AEA3186063A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{EA52A2F8-AEE6-4C5B-A262-DCC359A3AD11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1FE46969-AC10-433C-8403-F91FA64FBD5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F761B5C8-848E-4DE4-A4B5-E1DD0724A5AC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{69025F27-97B1-4648-9914-3038612C0175}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{3E5C65CF-6E6C-4148-9325-B33CBC62963F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{991F0F03-018B-4098-9EDD-B9B19120B4D4}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{6B995DBD-1314-487E-9020-961A6C8DD02C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{9DCB787F-6E82-4042-8383-264703EBBB12}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{C7E6FE7C-CF1D-494A-9AC4-FF3EBEB1F17B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => Keine Datei
FirewallRules: [{7479703C-33F0-4C2B-A228-3EF9612E803A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => Keine Datei
FirewallRules: [{1DCCB4D9-4B24-428D-8664-A3B494C3937A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{7DE362D8-89F7-4E06-8BC0-F7208F67B549}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => Keine Datei
FirewallRules: [TCP Query User{2D447BA9-06B4-4F72-8499-958F76A6DF08}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{15FB5B6B-A860-4B85-AE1B-22AE6C42CB6B}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{E89A963D-6490-4F50-8470-C59C4A826B40}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{AD66D45A-2059-4813-8A5A-4139821BF4FA}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{68239E43-95B9-4326-88CA-A29BAEAC4B1C}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{0794AD78-8BBC-4E5A-A224-D4BA7961F086}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [TCP Query User{C88586DC-D338-4947-A5BA-15AAAA8F5FA7}C:\users\nicob\documents\curseforge\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Block) C:\users\nicob\documents\curseforge\minecraft\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{502E9DA2-F3EB-4119-B037-600A0589275D}C:\users\nicob\documents\curseforge\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Block) C:\users\nicob\documents\curseforge\minecraft\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{4283197D-436D-45CE-96C2-A3CB8D25A63F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grounded\Grounded.exe (Obsidian Entertainment, Inc. -> Epic Games, Inc.)
FirewallRules: [{DCA37D60-91E7-4270-A0C6-BD9F46D177DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grounded\Grounded.exe (Obsidian Entertainment, Inc. -> Epic Games, Inc.)
FirewallRules: [{F0208771-CEE1-492B-932E-1827FE76566F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Wiederherstellungspunkte =========================

22-01-2021 21:08:30 Installed Minecraft Launcher
26-01-2021 12:51:06 Installed Java(TM) SE Development Kit 15.0.2 (64-bit)

==================== Fehlerhafte Geräte im Gerätemanager ============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (01/29/2021 10:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-8GVFC0U.local already in use; will try DESKTOP-8GVFC0U-2.local instead

Error: (01/29/2021 10:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 DESKTOP-8GVFC0U.local. Addr 192.168.178.23

Error: (01/29/2021 10:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.23:5353   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:05A9:1A52:F399:6A07

Error: (01/29/2021 10:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 DESKTOP-8GVFC0U.local. AAAA FE80:0000:0000:0000:C4ED:AE9C:22E3:4F37

Error: (01/29/2021 10:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.23:5353   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:05A9:1A52:F399:6A07

Error: (01/29/2021 10:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:99C9:99D4:99BB:403A

Error: (01/29/2021 10:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.23:5353   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:05A9:1A52:F399:6A07

Error: (01/29/2021 10:30:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:C4ED:AE9C:22E3:4F37


Systemfehler:
=============
Error: (01/29/2021 10:46:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NIHardwareService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/29/2021 10:46:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Genuine Software Integrity Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/29/2021 10:46:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Genuine Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/29/2021 10:46:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "PACE License Services" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2021 10:46:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AdobeUpdateService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/29/2021 10:46:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2021 10:46:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/29/2021 10:46:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.


Windows Defender:
===================================
Date: 2021-01-28 16:58:51.009
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {8DC05A32-71A5-4133-AF75-CF031044F379}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-27 14:32:20.224
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {E7D6333B-6F0C-48DA-8D01-DBD66898C897}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-26 12:19:26.534
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {F217B4B7-1879-4D42-81F3-5CE704E96E9B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-24 22:48:43.570
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {3F6AE31A-B060-464F-80F8-45A120995300}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-21 20:35:41.809
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {00B3CBEA-2DD2-4C3F-BC6B-2E8EA82DECA6}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

CodeIntegrity:
===================================

Date: 2021-01-29 11:12:00.239
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2021-01-29 11:12:00.237
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2021-01-29 11:12:00.235
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2021-01-29 11:12:00.233
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2021-01-29 11:12:00.216
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2021-01-29 11:12:00.214
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2021-01-29 11:11:59.889
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2021-01-29 11:11:59.887
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

==================== Speicherinformationen =========================== 

BIOS: LENOVO BHCN39WW 06/23/2020
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 36%
Installierter physikalischer RAM: 16303.24 MB
Verfügbarer physikalischer RAM: 10326.52 MB
Summe virtueller Speicher: 18735.24 MB
Verfügbarer virtueller Speicher: 11187.44 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:953.24 GB) (Free:491.65 GB) NTFS

\\?\Volume{6f244b36-6b8f-4242-a2b6-8c22800c7990}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{946f9023-b43b-4e8a-92a8-9e753af490c2}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: D9FA2484)

Partition: GPT.

==================== Ende von Addition.txt =======================
         

Malwarebytes-Log

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Datum des Schutzereignisses: 29.01.21
Uhrzeit des Schutzereignisses: 11:29
Protokolldatei: e9b5f3d8-621c-11eb-a241-f875a4243d4f.json

-Softwaredaten-
Version: 4.3.0.98
Komponentenversion: 1.0.1157
Version des Aktualisierungspakets: 1.0.36389
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 18362.1316)
CPU: x64
Dateisystem: NTFS
Benutzer: System

-Einzelheiten zu blockierten Websites-
Bösartige Website: 1
, C:\Program Files (x86)\nodejs\node.exe, Blockiert, -1, -1, 0.0.0, , 

-Website-Daten-
Kategorie: Trojaner
Domäne: de.mynodejs.net
IP-Adresse: 172.67.202.103
Port: 80
Typ: Ausgehend
Datei: C:\Program Files (x86)\nodejs\node.exe



(end)
         

Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.



Ich analysiere gerade dein System und melde mich in Kürze mit weiteren Anweisungen.

Grund für deine Infektion sind deine schlechten Downloadquellen!

WARNUNG VOR AUDACITY.DE !!!
Du hast dich bei der Installation der Software audacity mit Malware infiziert.
Bitte anschauen:
Warnung vor audacity.de - eine gemeine Falle !!!

Schritt 1
Google Chrome ist mit Malware infiziert und muss komplett entfernen werden.

• Deinstalliere über Start > Einstellungen > Apps bzw. Start > Systemsteuerung > Programme deinstallieren die folgenden Programme:
  • Google Chrome
• Setze bei der Deinstallation auch einen Haken vor Auch die Browserdaten löschen.
• Starte den Rechner im Anschluss neu auf.
• Gib eine kurze Rückmeldung, ob die Deinstallation erfolgreich war.
• Google Chrome erst nach Schritt 2 wieder installieren (falls benötigt).

Schritt 2

• Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
• Kopiere den gesamten Inhalt der folgenden Code-Box:
  
  Code: Alles auswählenAufklappen

  ATTFilter

  Start::
  CloseProcesses:
  Task: {49243D69-BEB0-405A-A4B2-7C8D0283A2B3} - System32\Tasks\MUP IPsec-Richtlinien-Agent Windows => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> "C:\ProgramData\Package Cache\{7C673057-33C6-45C2-812A-DBB8CB757790}\{380A5DDB-23C6-4508-81F8-418D88A6387E}" <==== ACHTUNG
  Task: {941D7EBA-F228-459B-9163-80584F90ACA6} - System32\Tasks\Smartlocker-FiltertreiberAnwendungsverwaltungApp-Vorbereitung => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> C:\Windows\Installer\{872171F9-DE4C-422D-BE59-73C815A75236}\{D4138314-F77E-4682-8FE5-6C038841BE90} <==== ACHTUNG
  C:\Users\AllUserName\AppData\Local\Google\Chrome
  DeleteKey: HKLM\SOFTWARE\Google\Chrome
  DeleteKey: HKLM\SOFTWARE\WOW6432Node\Google\Chrome
  DeleteKey: HKCU\SOFTWARE\Google\Chrome
  C:\ProgramData\ntuser.pol
  C:\WINDOWS\system32\GroupPolicy\Machine
  C:\WINDOWS\system32\GroupPolicy\GPT.ini
  C:\WINDOWS\SysWOW64\GroupPolicy\Machine
  C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini
  DeleteKey: HKLM\SOFTWARE\Policies\Google
  DeleteKey: HKLM\SOFTWARE\Policies\Mozilla
  DeleteKey: HKLM\SOFTWARE\Policies\Microsoft\Edge
  DeleteKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
  C:\Program Files (x86)\nodejs
  DeleteKey: HKLM\SOFTWARE\Node.js
  DeleteKey: HKLM\SOFTWARE\WOW6432Node\Node.js
  DeleteKey: HKLM\SOFTWARE\Classes\Installer\Products\4D45993E1218CF443A3DFD6652D48B19
  DeleteKey: HKLM\SOFTWARE\Classes\Installer\Products\27AC50E0DD8DF2342ACC8800434A5877
  DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D45993E1218CF443A3DFD6652D48B19
  DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\27AC50E0DD8DF2342ACC8800434A5877
  DeleteKey: HKU\.DEFAULT\Software\Node.js
  DeleteKey: HKCU\SOFTWARE\Node.js
  DeleteKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E39954D4-8121-44FC-A3D3-DF66254DB891}
  DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{77754e9b-264b-4d8d-b981-e4135c1ecb0c}
  DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{793c9b44-3d6b-4f57-b5d7-4ff80adcf9a2}
  DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{793c9b44-3d6b-4f57-b5d7-4ff80adcf9a2}
  S4 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
  S4 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
  S3 EQU8_HELPER_18; \??\C:\Windows\system32\DRIVERS\EQU8_HELPER_18.sys [X]
  C:\Users\AllUserName\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aamoijegognlajljlincdfbomblmfbkb
  FF user.js: detected! => C:\Users\AlluserName\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\user.js [2020-09-29]
  C:\Users\AlluserName\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\prefs.js
  StartBatch:
  FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}.xpi" RD /S /Q "%%a" )
  FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\c????????????????????????????????rx" RD /S /Q "%%a" )
  FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\x????????????????????????????????ml" RD /S /Q "%%a" )
  FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}" RD /S /Q "%%a" )
  FOR /D %%a IN ("%ProgramData%\Package Cache\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}" RD /S /Q "%%a" )
  EndBatch: 
  CMD: ipconfig /flushdns
  CMD: netsh winsock reset
  CMD: netsh advfirewall reset
  CMD: netsh advfirewall set allprofiles state ON
  CMD: Bitsadmin /Reset /Allusers
  powershell: Set-MpPreference -PUAProtection Enabled
  Hosts:
  RemoveProxy:
  SystemRestore: On 
  EmptyTemp:
  End::
           

• Starte nun FRST und klicke direkt den Reparieren Button.
  Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
• Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
• Gegebenenfalls muss dein Rechner neu gestartet werden.
• Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 3

• Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in das Suchfeld:
  
  Code: Alles auswählenAufklappen

  ATTFilter

  SearchAll: dljdbahledfnfbginaagcddpcfdpdhjg;aamoijegognlajljlincdfbomblmfbkb
           

• Klicke auf den Button Datei-Suche.
• FRST beginnt mit dem Suchlauf. Das kann einige Zeit dauern, bitte gedulde dich!
• Am Ende wird eine Textdatei Search.txt erstellt.
• Poste mir deren Inhalt mit deiner nächsten Antwort.

Schritt 4

• Starte FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
• FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
• Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort:

• eine Rückmeldung bezüglich der Deinstallationen
• die Logdatei des FRST-Fix (fixlog.txt)
• die Logdatei des FRST-Suchlaufs (Search.txt)
• die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

Hallo Matthias,

vielen Dank für deine schnelle Rückmeldung und die detaillierte Anleitung.
Chrome inklusive Browserdaten wurde deinstalliert.
Danach habe ich alle Schritte aus deiner Antwort abgearbeitet.
Die geforderten Logs findest du anbei.

Fixlog

Code: Alles auswählenAufklappen

ATTFilter

Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-01-2021
durchgeführt von nicob (29-01-2021 12:38:27) Run:1
Gestartet von C:\Users\nicob\Downloads
Geladene Profile: nicob
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
Task: {49243D69-BEB0-405A-A4B2-7C8D0283A2B3} - System32\Tasks\MUP IPsec-Richtlinien-Agent Windows => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> "C:\ProgramData\Package Cache\{7C673057-33C6-45C2-812A-DBB8CB757790}\{380A5DDB-23C6-4508-81F8-418D88A6387E}" <==== ACHTUNG
Task: {941D7EBA-F228-459B-9163-80584F90ACA6} - System32\Tasks\Smartlocker-FiltertreiberAnwendungsverwaltungApp-Vorbereitung => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> C:\Windows\Installer\{872171F9-DE4C-422D-BE59-73C815A75236}\{D4138314-F77E-4682-8FE5-6C038841BE90} <==== ACHTUNG
C:\Users\Default\AppData\Local\Google\Chrome
C:\Users\nicob\AppData\Local\Google\Chrome
DeleteKey: HKLM\SOFTWARE\Google\Chrome
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Google\Chrome
DeleteKey: HKCU\SOFTWARE\Google\Chrome
C:\ProgramData\ntuser.pol
C:\WINDOWS\system32\GroupPolicy\Machine
C:\WINDOWS\system32\GroupPolicy\GPT.ini
C:\WINDOWS\SysWOW64\GroupPolicy\Machine
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini
DeleteKey: HKLM\SOFTWARE\Policies\Google
DeleteKey: HKLM\SOFTWARE\Policies\Mozilla
DeleteKey: HKLM\SOFTWARE\Policies\Microsoft\Edge
DeleteKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
C:\Program Files (x86)\nodejs
DeleteKey: HKLM\SOFTWARE\Node.js
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Node.js
DeleteKey: HKLM\SOFTWARE\Classes\Installer\Products\4D45993E1218CF443A3DFD6652D48B19
DeleteKey: HKLM\SOFTWARE\Classes\Installer\Products\27AC50E0DD8DF2342ACC8800434A5877
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D45993E1218CF443A3DFD6652D48B19
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\27AC50E0DD8DF2342ACC8800434A5877
DeleteKey: HKU\.DEFAULT\Software\Node.js
DeleteKey: HKCU\SOFTWARE\Node.js
DeleteKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E39954D4-8121-44FC-A3D3-DF66254DB891}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{77754e9b-264b-4d8d-b981-e4135c1ecb0c}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{793c9b44-3d6b-4f57-b5d7-4ff80adcf9a2}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{793c9b44-3d6b-4f57-b5d7-4ff80adcf9a2}
S4 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S4 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 EQU8_HELPER_18; \??\C:\Windows\system32\DRIVERS\EQU8_HELPER_18.sys [X]
C:\Users\Default\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aamoijegognlajljlincdfbomblmfbkb
C:\Users\nicob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aamoijegognlajljlincdfbomblmfbkb
FF user.js: detected! => C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\user.js [2020-09-29]
FF user.js: detected! => C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\user.js [2020-09-29]
C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\prefs.js
C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\prefs.js
StartBatch:
FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}.xpi" RD /S /Q "%%a" )
FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\c????????????????????????????????rx" RD /S /Q "%%a" )
FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\x????????????????????????????????ml" RD /S /Q "%%a" )
FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}" RD /S /Q "%%a" )
FOR /D %%a IN ("%ProgramData%\Package Cache\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}" RD /S /Q "%%a" )
EndBatch: 
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
powershell: Set-MpPreference -PUAProtection Enabled
Hosts:
RemoveProxy:
SystemRestore: On 
EmptyTemp:

*****************

Prozesse erfolgreich geschlossen.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{49243D69-BEB0-405A-A4B2-7C8D0283A2B3}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49243D69-BEB0-405A-A4B2-7C8D0283A2B3}" => erfolgreich entfernt
C:\Windows\System32\Tasks\MUP IPsec-Richtlinien-Agent Windows => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MUP IPsec-Richtlinien-Agent Windows" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{941D7EBA-F228-459B-9163-80584F90ACA6}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{941D7EBA-F228-459B-9163-80584F90ACA6}" => erfolgreich entfernt
C:\Windows\System32\Tasks\Smartlocker-FiltertreiberAnwendungsverwaltungApp-Vorbereitung => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smartlocker-FiltertreiberAnwendungsverwaltungApp-Vorbereitung" => erfolgreich entfernt
"C:\Users\Default\AppData\Local\Google\Chrome" => nicht gefunden
"C:\Users\nicob\AppData\Local\Google\Chrome" => nicht gefunden
"HKLM\SOFTWARE\Google\Chrome" => erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Google\Chrome => erfolgreich entfernt
"HKCU\SOFTWARE\Google\Chrome" => erfolgreich entfernt
C:\ProgramData\ntuser.pol => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
"C:\WINDOWS\SysWOW64\GroupPolicy\Machine" => nicht gefunden
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Google => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Mozilla => nicht gefunden
HKLM\SOFTWARE\Policies\Microsoft\Edge => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => erfolgreich entfernt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js => erfolgreich verschoben
C:\Program Files (x86)\nodejs => erfolgreich verschoben
HKLM\SOFTWARE\Node.js => nicht gefunden
HKLM\SOFTWARE\WOW6432Node\Node.js => erfolgreich entfernt
HKLM\SOFTWARE\Classes\Installer\Products\4D45993E1218CF443A3DFD6652D48B19 => nicht gefunden
HKLM\SOFTWARE\Classes\Installer\Products\27AC50E0DD8DF2342ACC8800434A5877 => erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D45993E1218CF443A3DFD6652D48B19 => nicht gefunden
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\27AC50E0DD8DF2342ACC8800434A5877 => erfolgreich entfernt
HKU\.DEFAULT\Software\Node.js => nicht gefunden
HKCU\SOFTWARE\Node.js => erfolgreich entfernt
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E39954D4-8121-44FC-A3D3-DF66254DB891} => nicht gefunden
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{77754e9b-264b-4d8d-b981-e4135c1ecb0c} => erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{793c9b44-3d6b-4f57-b5d7-4ff80adcf9a2} => erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{793c9b44-3d6b-4f57-b5d7-4ff80adcf9a2} => nicht gefunden
HKLM\System\CurrentControlSet\Services\edgeupdate => erfolgreich entfernt
edgeupdate => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\edgeupdatem => erfolgreich entfernt
edgeupdatem => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\EQU8_HELPER_18 => erfolgreich entfernt
EQU8_HELPER_18 => Dienst erfolgreich entfernt
"C:\Users\Default\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aamoijegognlajljlincdfbomblmfbkb" => nicht gefunden
C:\Users\nicob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aamoijegognlajljlincdfbomblmfbkb => erfolgreich verschoben
"C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\user.js" => nicht gefunden
C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\user.js => erfolgreich verschoben
"C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\prefs.js" => nicht gefunden
C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release\prefs.js => erfolgreich verschoben

========= Batch: =========

========= Ende von Batch: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


========= netsh advfirewall reset =========

OK.


========= Ende von CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.


========= Ende von CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{9AAAAB07-E219-4B40-A9E7-FDED49621EB1} canceled.
1 out of 1 jobs canceled.

========= Ende von CMD: =========


========= Set-MpPreference -PUAProtection Enabled =========


========= Ende von Powershell: =========

C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt


========= Ende von RemoveProxy: =========

SystemRestore: On => abgeschlossen

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58378135 B
Java, Flash, Steam htmlcache => 481014224 B
Windows/system/drivers => 23444139 B
Edge => 33306 B
Firefox => 196827 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9554 B
nicob => 442866908 B

RecycleBin => 10484633 B
EmptyTemp: => 979.1 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 12:38:59 ====
         

Search

Code: Alles auswählenAufklappen

ATTFilter

====== Ende von Suche ======
         

FRST


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
durchgeführt von nicob (Administrator) auf DESKTOP-8GVFC0U (LENOVO 81SX) (29-01-2021 12:51:59)
Gestartet von C:\Users\nicob\Downloads
Geladene Profile: nicob
Platform: Windows 10 Pro Version 1909 18363.1316 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser nicht gefunden!
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Dolby Laboratories, Inc. -> ) C:\Program Files\Common Files\Dolby\DAX3\RADARHOST\DSRHost.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Elektron Music Machines MAV AB -> Elektron Music Machines MAV AB) C:\Program Files\Elektron Overbridge\Overbridge Engine.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(KORG INC. -> KORG Inc.) C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\nicob\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1310_none_16f941c72a2d5db6\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Thesycon Software Solutions GmbH & Co. KG -> ) C:\Program Files\LOUD Technologies Inc\Mackie USB Driver\W10_x64\Mackie_CplApp.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1076728 2020-03-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Overbridge Engine] => C:\Program Files\Elektron Overbridge\Overbridge Engine.exe [4349928 2020-04-07] (Elektron Music Machines MAV AB -> Elektron Music Machines MAV AB)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-10-09] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [KORG USB-MIDI Driver] => C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper.exe [394176 2020-01-29] (KORG INC. -> KORG Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-10-12] (Adobe Inc. -> )
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [100580600 2020-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [Discord] => C:\Users\nicob\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680712 2021-01-12] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [launchOnStartup] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13971528 2020-05-15] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [Reference 4 Systemwide.exe] => C:\Program Files\Sonarworks\Reference 4\Systemwide\Reference 4 Systemwide.exe [20951552 2020-10-28] (Sonarworks) [Datei ist nicht signiert]
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [com.squirrel.splice.Splice] => C:\Users\nicob\AppData\Local\splice\app-3.6.41\Splice.exe
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\MountPoints2: {0acaf2a2-95ca-11ea-a8c4-4c1d9634830b} - "D:\AutoRun.exe" 
HKLM\...\Windows x64\Print Processors\RXEG9pps: C:\Windows\System32\spool\prtprocs\x64\RXEG9pps.dll [34816 2015-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh Co., Ltd.)
HKLM\...\Print\Monitors\RICOH SP 150_150w Language Monitor: C:\Windows\system32\RXEG9lm.dll [27648 2016-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh Co., Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mackie USB Driver Control Panel Autostart.lnk [2020-04-14]
ShortcutTarget: Mackie USB Driver Control Panel Autostart.lnk -> C:\Program Files\LOUD Technologies Inc\Mackie USB Driver\W10_x64\Mackie_CplApp.exe (Thesycon Software Solutions GmbH & Co. KG -> )
Startup: C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2021-01-23]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {05CB983A-9ABE-4A8E-963C-A3A1F049A03F} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1DBE581A-C52E-4B03-BEDA-C5D7CC6E1078} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1F9CBE25-D972-48FB-8524-E47E92568E0D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {250AEB50-4F60-4BB4-9103-76EB6981756A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-03-09] (Lenovo -> )
Task: {290EE04B-8631-4E2E-AC9E-667AAAFEAC81} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C8E5446-137B-4899-A8AC-EB70D0123FBF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {37D6DE04-3BB9-4C2E-A653-568845E92828} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758984 2020-03-09] (Lenovo -> )
Task: {442B9A07-52EB-4379-B5E2-2054FE92E406} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {57C55928-2180-4130-9FDF-5F01F2D4C6E4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {58A6AC90-F2BB-4829-A623-8E0359D82EEA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5A23B923-2953-4A9A-82DB-C400440C6571} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {6268243E-19CB-487D-968C-32953606E125} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3787991472-4217386366-3756147439-1001 => C:\Users\nicob\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87848 2021-01-22] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {730DD0EE-5845-4146-B4DB-85ED6B0EBAC3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {750F7CFA-D447-487A-B868-FF0381DCAE40} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {A7494FDC-1FE7-4F34-8CA0-8A596ABC1F0D} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {A8D945B5-A6EA-402C-82A2-EBE66E774190} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {AFAE9974-DD1C-4719-BE05-81E7CEAB7700} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1A24E54-72A9-427F-9036-7FF33F6D54AE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4C0007A-599D-4AD9-B1BC-FDF18041AE8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {BEA79284-8B8C-43A0-A968-CFBB19D25A2D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE9634B9-BC02-403E-9A42-C10AA11F44C5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E1EB621B-13F3-41DC-8C3C-816F054D0343} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {F58A5316-C646-4957-874F-D6781BE81502} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{07803f80-76fc-418f-9c34-2e2fa1e54fcc}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Profile: C:\Users\nicob\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-29]
Edge Extension: (Citavi Picker) - C:\Users\nicob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-01-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]

FireFox:
========
FF DefaultProfile: 3aynihbu.default
FF ProfilePath: C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\3aynihbu.default [2021-01-29]
FF ProfilePath: C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release [2021-01-29]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [Keine Datei]
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-10-09] (Adobe Inc. -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-10-09] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-10-09] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2020-10-20] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8902024 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-08-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EQU8_18; C:\ProgramData\EQU8\Dual Universe prod\bin\anticheat.x64.equ8.exe [5542592 2020-11-13] (Int3 Software AB -> Int3 Software AB)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [359808 2019-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1748552 2020-05-15] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-27] (GOG Sp. z o.o. -> GOG.com)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-26] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-01-26] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2020-10-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [Datei ist nicht signiert]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-01-29] (Malwarebytes Corporation -> Malwarebytes)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [43440 2020-01-29] (KORG INC. -> KORG INC.)
S3 loudusbaudio; C:\Windows\System32\drivers\loudusbaudio.sys [374824 2019-10-10] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 loudusbaudioks; C:\Windows\System32\drivers\loudusbaudioks.sys [53800 2019-10-10] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220600 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-29] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142440 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 sonarworks_VirtualDevice; C:\Windows\System32\drivers\sonarworks.sys [442416 2020-10-23] (SIA Sonarworks -> Sonarworks)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [812208 2020-10-23] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 UniSafe; C:\Windows\system32\drivers\UniSafe.sys [581912 2020-10-23] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [74048 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2719256 2020-11-21] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-01-29 12:51 - 2021-01-29 12:52 - 000028029 _____ C:\Users\nicob\Downloads\FRST.txt
2021-01-29 12:51 - 2021-01-29 12:51 - 000000030 _____ C:\Users\nicob\Downloads\Search.txt
2021-01-29 12:39 - 2021-01-29 12:39 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-01-29 12:39 - 2021-01-29 12:39 - 000142440 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-01-29 12:39 - 2021-01-29 12:39 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-01-29 12:39 - 2021-01-29 12:39 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-01-29 12:38 - 2021-01-29 12:38 - 000012002 _____ C:\Users\nicob\Downloads\Fixlog.txt
2021-01-29 12:30 - 2021-01-29 12:30 - 000000000 ____D C:\Users\nicob\Desktop\Neuer Ordner
2021-01-29 11:11 - 2021-01-29 12:52 - 000000000 ____D C:\FRST
2021-01-29 10:57 - 2021-01-29 10:57 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-29 10:57 - 2021-01-29 10:57 - 000220600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-29 10:57 - 2021-01-29 10:57 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-29 10:57 - 2021-01-29 10:56 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-29 10:57 - 2021-01-29 10:56 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-01-29 10:56 - 2021-01-29 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-29 10:56 - 2021-01-29 10:56 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-29 10:55 - 2021-01-29 10:55 - 002297856 _____ (Farbar) C:\Users\nicob\Downloads\FRST64.exe
2021-01-29 10:45 - 2021-01-29 10:45 - 008457584 _____ (Malwarebytes) C:\Users\nicob\Downloads\adwcleaner_8.0.9.1.exe
2021-01-28 15:06 - 2021-01-28 15:06 - 000187987 _____ C:\Users\nicob\Desktop\Immatrikulationsbescheinigung_2170400_WS2020.pdf
2021-01-28 14:26 - 2021-01-28 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-28 14:19 - 2021-01-28 14:19 - 000055901 _____ C:\Users\nicob\Desktop\fhp_2021-01-28_14191613449147788340159481.pdf
2021-01-28 14:13 - 2021-01-28 14:13 - 000112532 _____ C:\Users\nicob\Desktop\BARMER_Mitgliedsbescheinigung_V348701228.pdf
2021-01-28 14:01 - 2021-01-28 14:01 - 001175341 _____ C:\Users\nicob\Desktop\Personalfragebogen.pdf
2021-01-27 13:35 - 2021-01-27 13:36 - 000766521 _____ C:\Users\nicob\Desktop\MasterArbeit.pdf
2021-01-26 19:31 - 2021-01-26 19:31 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Sublime Text 3
2021-01-26 19:31 - 2021-01-26 19:31 - 000000000 ____D C:\Users\nicob\AppData\Local\Sublime Text 3
2021-01-26 19:30 - 2021-01-26 19:30 - 000000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2021-01-26 19:30 - 2021-01-26 19:30 - 000000000 ____D C:\Program Files\Sublime Text 3
2021-01-26 19:19 - 2021-01-26 19:30 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2021-01-26 19:19 - 2021-01-26 19:20 - 000000000 ____D C:\Users\nicob\.atom
2021-01-26 19:19 - 2021-01-26 19:19 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Atom
2021-01-26 19:18 - 2021-01-26 19:30 - 000000000 ____D C:\Users\nicob\AppData\Local\atom
2021-01-26 19:10 - 2021-01-26 19:10 - 000000000 ____D C:\Users\nicob\eclipse-workspace
2021-01-26 13:59 - 2021-01-26 14:00 - 000000000 ____D C:\Users\nicob\.webclipse
2021-01-26 12:58 - 2021-01-26 12:58 - 000000000 ____D C:\Users\nicob\.tooling
2021-01-26 12:57 - 2021-01-26 12:57 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2021-01-26 12:55 - 2021-01-26 19:18 - 000000000 ___RD C:\Users\nicob\Desktop\Coding
2021-01-26 12:53 - 2021-01-26 12:53 - 000000000 ____D C:\Users\nicob\eclipse
2021-01-26 12:52 - 2021-01-26 19:11 - 000000000 ____D C:\Users\nicob\.p2
2021-01-26 12:52 - 2021-01-26 12:58 - 000000000 ____D C:\Users\nicob\.eclipse
2021-01-26 12:51 - 2021-01-26 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-01-26 12:51 - 2021-01-26 12:51 - 000000000 ____D C:\Program Files\Common Files\Oracle
2021-01-25 12:14 - 2021-01-26 12:06 - 000000000 ____D C:\Users\nicob\Desktop\Pimp my Van
2021-01-24 17:36 - 2021-01-24 17:36 - 000000000 ____D C:\Users\nicob\AppData\Local\Maine
2021-01-24 16:49 - 2021-01-29 12:35 - 000000000 ____D C:\Users\nicob\AppData\Local\Google
2021-01-24 16:32 - 2021-01-24 16:33 - 000000000 ____D C:\AdwCleaner
2021-01-23 10:13 - 2021-01-23 10:13 - 000000000 ____D C:\Program Files (x86)\LifeInTheWoodsRenaissanceLauncher
2021-01-23 10:12 - 2021-01-23 10:12 - 000000000 ____D C:\Users\nicob\AppData\LocalLow\Oracle
2021-01-22 23:48 - 2021-01-26 18:24 - 000000000 ____D C:\Program Files\Java
2021-01-22 23:48 - 2021-01-26 12:51 - 000069264 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2021-01-22 23:48 - 2021-01-26 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-01-22 23:45 - 2021-01-22 23:45 - 000000000 ____D C:\Users\nicob\Documents\curseforge
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Sun
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\Users\nicob\AppData\LocalLow\Sun
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\Users\nicob\.oracle_jre_usage
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\ProgramData\Oracle
2021-01-22 21:29 - 2021-01-22 21:29 - 000000000 ____D C:\Users\nicob\AppData\Local\mbam
2021-01-22 21:08 - 2021-01-22 23:50 - 000000000 ____D C:\Users\nicob\AppData\Roaming\.minecraft
2021-01-19 23:04 - 2021-01-19 23:04 - 000000000 ____D C:\Users\nicob\Documents\STAR WARS Battlefront II
2021-01-19 23:04 - 2021-01-19 23:04 - 000000000 ____D C:\Users\nicob\AppData\Local\STAR WARS Battlefront II
2021-01-18 22:44 - 2021-01-18 22:44 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-18 22:44 - 2021-01-18 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS Battlefront II
2021-01-18 14:51 - 2021-01-18 14:51 - 000000000 ____D C:\Windows\LastGood.Tmp
2021-01-18 14:49 - 2021-01-04 15:49 - 001855192 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 001855192 _____ C:\Windows\system32\vulkaninfo.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-18 14:49 - 2021-01-04 15:49 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001454488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001193880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001094880 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001094880 _____ C:\Windows\system32\vulkan-1.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 001512856 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 001165720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000690072 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-01-18 14:49 - 2021-01-04 15:46 - 000680856 _____ C:\Windows\system32\nvofapi64.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000673688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000610712 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000559000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000548248 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 008262552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 007393176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 004612504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 002731928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 002104216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 001589144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 000813976 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 000657816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 000447384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-01-18 14:49 - 2021-01-04 15:44 - 000850840 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-01-18 14:49 - 2021-01-04 15:43 - 006071032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-01-18 14:49 - 2020-12-31 15:01 - 000084159 _____ C:\Windows\system32\nvinfo.pb
2021-01-17 11:33 - 2021-01-18 13:47 - 000020198 _____ C:\Users\nicob\Desktop\Diagramm.xlsx
2021-01-16 13:22 - 2021-01-16 13:22 - 000000000 ____D C:\Users\Public\Documents\Blackmagic Design
2021-01-16 13:22 - 2021-01-16 13:22 - 000000000 ____D C:\Users\nicob\Documents\Blackmagic Design
2021-01-16 13:21 - 2021-01-16 13:21 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Blackmagic Design
2021-01-16 13:16 - 2021-01-16 13:16 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-01-16 13:16 - 2021-01-16 13:16 - 000000000 ____D C:\ProgramData\Blackmagic Design
2021-01-16 13:15 - 2021-01-16 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-01-16 13:15 - 2021-01-16 13:17 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design
2021-01-16 13:15 - 2021-01-16 13:15 - 000000000 ____D C:\Program Files\Blackmagic Design
2021-01-16 13:11 - 2021-01-16 14:35 - 000000000 ___RD C:\Users\nicob\Desktop\Video
2021-01-16 12:25 - 2021-01-16 12:25 - 000012773 _____ C:\ProgramData\sokqucqi.nri
2021-01-16 12:25 - 2021-01-16 12:25 - 000000000 ____D C:\Users\nicob\AppData\Local\VideoEditor
2021-01-16 12:25 - 2021-01-16 12:25 - 000000000 ____D C:\Users\nicob\AppData\Local\CrashRpt
2021-01-16 11:42 - 2021-01-16 11:42 - 000000000 ____D C:\Users\nicob\Documents\Audacity
2021-01-16 11:19 - 2021-01-19 20:23 - 000000000 ____D C:\Users\nicob\AppData\Roaming\audacity
2021-01-16 11:19 - 2021-01-16 11:19 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-01-16 11:19 - 2021-01-16 11:19 - 000000000 ____D C:\Users\nicob\AppData\Roaming\npm
2021-01-16 11:19 - 2021-01-16 11:19 - 000000000 ____D C:\Users\nicob\AppData\Local\Audacity
2021-01-16 11:19 - 2021-01-16 11:19 - 000000000 ____D C:\Program Files (x86)\Audacity
2021-01-16 10:02 - 2021-01-16 10:02 - 000001026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2021.lnk
2021-01-16 09:58 - 2021-01-16 09:58 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2021-01-15 09:07 - 2021-01-15 09:07 - 000576512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-15 09:07 - 2021-01-15 09:07 - 000568320 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-15 09:07 - 2021-01-15 09:07 - 000502784 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-01-15 09:07 - 2021-01-15 09:07 - 000500224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-15 09:07 - 2021-01-15 09:07 - 000455680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-15 09:07 - 2021-01-15 09:07 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-15 09:07 - 2021-01-15 09:07 - 000151040 _____ C:\Windows\system32\uwfcsp.dll
2021-01-15 09:07 - 2021-01-15 09:07 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-15 09:07 - 2021-01-15 09:07 - 000094720 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-15 09:07 - 2021-01-15 09:07 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-15 09:07 - 2021-01-15 09:07 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-15 09:07 - 2021-01-15 09:07 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-15 09:07 - 2021-01-15 09:07 - 000053248 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 002590720 _____ C:\Windows\system32\dwmscene.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 001841152 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 001101312 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000696832 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-15 09:06 - 2021-01-15 09:06 - 000555008 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000549888 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-15 09:06 - 2021-01-15 09:06 - 000331264 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000294912 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-15 09:06 - 2021-01-15 09:06 - 000266752 _____ C:\Windows\system32\HeatCore.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000208384 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000186368 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-15 09:06 - 2021-01-15 09:06 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-15 09:06 - 2021-01-15 09:06 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth18.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth17.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth16.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth15.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2021-01-15 09:05 - 2021-01-15 09:05 - 000540672 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-15 09:05 - 2021-01-15 09:05 - 000453632 _____ C:\Windows\system32\ssdm.dll
2021-01-15 09:05 - 2021-01-15 09:05 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-15 09:05 - 2021-01-15 09:05 - 000164864 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-15 09:05 - 2021-01-15 09:05 - 000061440 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-05 15:39 - 2021-01-05 15:41 - 000000000 ____D C:\ProgramData\Acon Digital
2021-01-05 15:39 - 2021-01-05 15:39 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Acon Digital
2021-01-05 15:39 - 2021-01-05 15:39 - 000000000 ____D C:\Program Files\Acon Digital

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-01-29 12:46 - 2020-04-10 23:41 - 001724292 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-29 12:46 - 2019-03-19 13:16 - 000746852 _____ C:\Windows\system32\perfh007.dat
2021-01-29 12:46 - 2019-03-19 13:16 - 000151124 _____ C:\Windows\system32\perfc007.dat
2021-01-29 12:46 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2021-01-29 12:41 - 2020-04-10 23:41 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-29 12:40 - 2020-04-11 01:28 - 000000000 ___RD C:\Users\nicob\Creative Cloud Files
2021-01-29 12:39 - 2020-04-12 11:38 - 000000000 ____D C:\ProgramData\PACE
2021-01-29 12:39 - 2020-04-12 10:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-29 12:39 - 2020-04-11 00:13 - 000000134 _____ C:\Windows\system32\regtest.txt
2021-01-29 12:39 - 2020-04-10 23:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-29 12:39 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-29 12:39 - 2019-03-19 05:37 - 000786432 _____ C:\Windows\system32\config\BBI
2021-01-29 12:38 - 2020-04-11 00:08 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-29 12:38 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-01-29 12:38 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2021-01-29 12:35 - 2020-04-10 23:40 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-29 11:53 - 2020-11-11 14:51 - 000000000 ____D C:\Users\nicob\Documents\Citavi 6
2021-01-29 10:57 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-01-29 10:29 - 2020-04-10 23:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-29 00:19 - 2020-04-10 23:36 - 000000000 ____D C:\Users\nicob
2021-01-28 22:09 - 2020-04-11 00:15 - 000000000 ____D C:\Users\nicob\AppData\Roaming\discord
2021-01-28 22:09 - 2020-04-10 23:53 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-28 14:26 - 2020-10-11 14:12 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-01-28 14:26 - 2020-10-11 14:06 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-28 11:48 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2021-01-27 11:15 - 2020-04-10 23:47 - 000000000 ____D C:\Users\nicob\AppData\Local\LenovoServiceBridge
2021-01-27 00:09 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-26 21:46 - 2020-04-11 00:17 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Origin
2021-01-26 21:46 - 2020-04-11 00:17 - 000000000 ____D C:\ProgramData\Origin
2021-01-26 21:32 - 2020-04-12 10:18 - 000000000 ____D C:\Users\nicob\AppData\Roaming\TeamViewer
2021-01-26 20:43 - 2020-08-23 17:18 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-26 20:43 - 2020-04-11 00:19 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-26 20:43 - 2020-04-11 00:17 - 000000000 ____D C:\Users\nicob\AppData\Local\Origin
2021-01-26 19:50 - 2020-04-18 17:35 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Elektron Transfer
2021-01-26 19:38 - 2020-04-10 23:48 - 000000000 ___RD C:\Users\nicob\Desktop\Rechnungen
2021-01-26 19:19 - 2020-04-11 00:15 - 000000000 ____D C:\Users\nicob\AppData\Local\SquirrelTemp
2021-01-26 19:14 - 2020-04-11 01:30 - 000000000 ___RD C:\Users\nicob\Desktop\Bildbearbeitung
2021-01-26 19:00 - 2020-11-02 12:40 - 000000000 ____D C:\Program Files\OpenVPN
2021-01-24 17:31 - 2020-11-11 14:51 - 000000000 ____D C:\ProgramData\Swiss Academic Software
2021-01-24 17:31 - 2020-11-11 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 6
2021-01-24 17:31 - 2020-05-29 14:57 - 000000000 ____D C:\Users\nicob\AppData\Local\Downloaded Installations
2021-01-24 16:20 - 2020-04-10 23:37 - 000000000 ____D C:\Users\nicob\AppData\Local\Packages
2021-01-24 16:11 - 2020-05-15 10:26 - 000000000 ____D C:\temp
2021-01-24 16:11 - 2020-04-21 09:45 - 000000000 ____D C:\Users\nicob\AppData\Local\CrashDumps
2021-01-24 16:11 - 2020-04-11 00:32 - 000000000 ____D C:\Windows\Panther
2021-01-24 15:54 - 2020-04-11 09:30 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-24 12:50 - 2020-04-11 01:26 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-01-23 23:25 - 2020-11-24 22:35 - 000559134 _____ C:\Users\nicob\Documents\PS-Verlaufsprotokoll.txt
2021-01-23 23:03 - 2020-10-05 18:54 - 000000000 ___RD C:\Users\nicob\Desktop\Musik
2021-01-22 23:43 - 2020-04-11 00:13 - 000000000 ____D C:\Users\nicob\AppData\Local\D3DSCache
2021-01-22 23:31 - 2020-04-10 23:50 - 000000000 ___RD C:\Users\nicob\Desktop\Games
2021-01-22 20:06 - 2020-08-23 10:10 - 000000000 ____D C:\Users\nicob\AppData\Local\Frontier_Developments
2021-01-22 17:03 - 2020-12-06 14:10 - 000000000 ____D C:\Users\nicob\Desktop\Quellen
2021-01-22 09:24 - 2020-04-11 09:44 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-01-20 22:55 - 2020-04-12 20:08 - 000000000 ____D C:\Users\nicob\AppData\Local\ElevatedDiagnostics
2021-01-20 09:36 - 2020-04-10 23:39 - 000000000 ____D C:\Users\nicob\AppData\Local\PlaceholderTileLogoFolder
2021-01-18 23:23 - 2020-05-07 00:05 - 000000000 ____D C:\Program Files\Epic Games
2021-01-18 17:19 - 2020-04-11 00:38 - 000000000 ____D C:\Users\nicob\AppData\Local\NVIDIA
2021-01-18 10:08 - 2020-10-01 18:46 - 000000000 ___RD C:\Users\nicob\Desktop\Archiv
2021-01-16 11:29 - 2020-06-26 08:31 - 000003688 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-16 11:29 - 2020-06-26 08:31 - 000003464 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-16 11:17 - 2020-04-11 00:34 - 000000000 ____D C:\Program Files\VST Plugins
2021-01-16 10:02 - 2020-04-11 01:24 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-01-16 09:45 - 2020-04-10 23:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-16 09:45 - 2020-04-10 23:37 - 000000000 ___RD C:\Users\nicob\3D Objects
2021-01-16 09:44 - 2020-04-10 23:32 - 000446400 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-16 09:44 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2021-01-16 09:44 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\LiveKernelReports
2021-01-15 22:30 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-15 22:30 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-15 22:30 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\F12
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SystemResources
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\setup
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\oobe
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\migwiz
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Dism
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Com
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellComponents
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\Provisioning
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\IME
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\bcastdvr
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-15 09:12 - 2020-04-11 23:36 - 000000000 ____D C:\Windows\system32\MRT
2021-01-15 09:12 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2021-01-15 09:10 - 2020-04-11 23:36 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-01-15 09:05 - 2020-04-10 23:35 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-14 16:32 - 2020-10-06 14:29 - 000002278 ____H C:\Users\nicob\Documents\Default.rdp
2021-01-14 15:54 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-01-12 10:11 - 2020-04-11 01:24 - 000000000 ____D C:\Program Files\Adobe
2021-01-09 12:35 - 2020-06-26 08:31 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-08 11:25 - 2020-04-11 00:27 - 000000000 ____D C:\ProgramData\Adobe
2021-01-04 15:43 - 2020-04-10 23:39 - 007115280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2020-09-26 08:41 - 2020-09-26 08:41 - 000008106 _____ () C:\Program Files\Common Files\InstallationLogFile.log
2020-09-26 08:41 - 2020-09-26 08:41 - 000008637 _____ () C:\Program Files\Common Files\unins000.dat
2020-09-26 08:41 - 2020-09-26 08:39 - 002540184 _____ () C:\Program Files\Common Files\unins000.exe
2020-09-26 08:41 - 2020-09-26 08:41 - 000022837 _____ () C:\Program Files\Common Files\unins000.msg
2020-07-12 07:44 - 2020-07-12 07:46 - 000000016 _____ () C:\Users\nicob\AppData\Roaming\msregsvv.dll
2020-04-11 00:47 - 2020-04-17 17:44 - 000508758 _____ () C:\Users\nicob\AppData\Roaming\overbridge_install_log.txt
2020-04-11 01:24 - 2020-04-11 01:24 - 000000410 _____ () C:\Users\nicob\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
         

--- --- ---

[/CODE]

FRST Addition

Code: Alles auswählenAufklappen

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-01-2021
durchgeführt von nicob (29-01-2021 12:53:24)
Gestartet von C:\Users\nicob\Downloads
Windows 10 Pro Version 1909 18363.1316 (X64) (2020-04-10 22:34:09)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3787991472-4217386366-3756147439-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3787991472-4217386366-3756147439-503 - Limited - Disabled)
Gast (S-1-5-21-3787991472-4217386366-3756147439-501 - Limited - Disabled)
nicob (S-1-5-21-3787991472-4217386366-3756147439-1001 - Administrator - Enabled) => C:\Users\nicob
WDAGUtilityAccount (S-1-5-21-3787991472-4217386366-3756147439-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AAS - Lounge Lizard Session 4 (HKLM-x32\...\Lounge Lizard Session 4) (Version:  - Applied Acoustics Systems)
AAS - Strum Session 2 (HKLM-x32\...\Strum Session 2) (Version:  - Applied Acoustics Systems)
AAS - Ultra Analog Session 2 (HKLM-x32\...\Ultra Analog Session 2) (Version:  - Applied Acoustics Systems)
Ableton Live 10 Standard (HKLM\...\{5DFB3F43-0CB5-4C3D-AF4E-A02DFA66186E}) (Version: 10.0.0.0 - Ableton)
Acon Digital DeVerberate (64 bit) 2.0.7 (HKLM\...\{458357DE-C14B-4FDE-B614-7862427596C4}_is1) (Version: 2.0.7 - Acon AS)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_0_1) (Version: 11.0.1 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
AmpliTube 4 version 4.10.0 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.10.0 - IK Multimedia)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
BABY Audio - I Heart NY version 1.1.0 (HKLM\...\BABY Audio - I Heart NY_is1) (Version: 1.1.0 - )
Balancer 1.0.3 (HKLM\...\{469C9553-FB7D-46A9-8A9E-AFE3D21EEFC4}_is1) (Version: 1.0.3 - focusrite)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.66.0 - Bethesda Softworks)
Blackmagic RAW Common Components (HKLM\...\{60461BA6-AFA0-4D54-AFE1-54EC717AA7D9}) (Version: 1.8.2 - Blackmagic Design)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bx_subfilter 1.5.1 (HKLM\...\bx_subfilter_is1) (Version: 1.5.1 - Plugin Alliance)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.9.03049 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{960848DA-AFA2-4067-8260-C866B7411DA4}) (Version: 4.9.03049 - Cisco Systems, Inc.) Hidden
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.8.0.0 - Swiss Academic Software)
CollaB3 version 1.0.0 (HKLM\...\CollaB3_is1) (Version: 1.0.0 - )
DaVinci Resolve (HKLM\...\{47B30418-F683-4F19-BEF9-BA5E490154BF}) (Version: 16.2.8005 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
DC1A3 version 3.2.0.0 (HKLM\...\DC1A3_is1) (Version: 3.2.0.0 - )
Denise Noize Retro version 1.0.0 (HKLM\...\Denise Noize Retro_is1) (Version: 1.0.0 - )
Denise Punisher version 1.0.0 (HKLM\...\Denise Punisher_is1) (Version: 1.0.0 - )
discoDSP OB-Xd 1.5 (HKLM\...\OBXD_is1) (Version: 1.5 - discoDSP)
Discord (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Elektron Overbridge 2.0.37.3 (HKLM\...\{E957ACC7-6E9E-4CB0-B8ED-D71D941D77A5}) (Version: 2.0.37.3 - Elektron Music Machines MAV AB)
Elektron Transfer 1.2.2.9 (HKLM\...\{D2A949AD-B13D-4455-9E63-98F826AD15E8}) (Version: 1.2.2.9 - Elektron Music Machines MAV AB)
E-License Manager (HKLM\...\{6C169D27-4A5B-41AB-815B-3B5CADD10D6F}) (Version: 1.4.0.0 - Magix) Hidden
E-License Manager (HKLM-x32\...\E-License Manager) (Version: 1.4.0.0 - Best Service)
elysia niveau filter 1.12 (HKLM\...\elysia niveau filter_is1) (Version: 1.12 - Plugin Alliance)
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Exponential Audio:: Excalibur version 4.0.2 (HKLM\...\{9BABADBE-DC2D-4EB2-A9A8-AF7E1EB57724}_is1) (Version: 4.0.2 - Exponential Audio LLC)
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
Fairlight Studio Utility (HKLM\...\{6C7FC3A1-DA64-4ACE-8F05-301CBECD5BE9}) (Version: 1.2.0.0 - Blackmagic Design)
Firefly version 1.0.1 (HKLM\...\Firefly_is1) (Version: 1.0.1 - )
Focus version 1.0.1 (HKLM\...\Focus_is1) (Version: 1.0.1 - )
Frontier (64bit) (HKLM\...\{AE40D361-16A0-48EB-98ED-317F6402A498}) (Version: 1.0.0.0 - D16 Group Audio Software)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Halls Of Fame 3 (HKLM\...\{F7F63B6D-1A00-4191-9BEC-A8A56D6F581E}) (Version: 3.1.5 - Best Service) Hidden
Halls Of Fame 3 (HKLM-x32\...\Halls Of Fame 3) (Version: 3.1.5 - Best Service)
HY-SEQ16x3v2_free version 1.1.3 (HKLM\...\HY-SEQ16x3v2_free_is1) (Version: 1.1.3 - )
IK Multimedia Authorization Manager version 1.0.26 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.26 - IK Multimedia)
Impulse Record Convology XT (HKLM-x32\...\Impulse Record Convology XT) (Version: 1.18 - Impulse Record)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{9B7D5CA0-5521-458D-88D9-AF7D9A06E753}) (Version: 11.1.072 - Intel Corporation)
IVGI2 version 2.2.0.0 (HKLM\...\IVGI2_is1) (Version: 2.2.0.0 - )
iZotope Trash 2 (HKLM-x32\...\iZotope Trash 2) (Version: 2.05d.322 - iZotope, Inc.)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java(TM) SE Development Kit 15.0.2 (64-bit) (HKLM\...\{2041CF7D-1F63-5C58-9F35-C445251E39C9}) (Version: 15.0.2.0 - Oracle Corporation)
kikzilla 1.0.1 (HKLM-x32\...\kikzilla) (Version: 1.0.1 - intelligent sounds & music)
KORG M1 Le (HKLM\...\{2D2D5665-7009-4F75-A0EA-C73F57700E36}) (Version: 1.1.0 - KORG Inc.)
KORG minilogue xd Sound Librarian (HKLM-x32\...\{3B6B7B81-23CB-4BDF-914B-B02C6D37A5F5}) (Version: 1.0.5 - KORG Inc.)
KORG USB-MIDI Driver Tools for Windows 10 (HKLM-x32\...\{C7B06DB0-64A6-436E-B473-0E0EECC5E174}) (Version: 1.15.3502 - Korg Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.1.7 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0095 - Lenovo)
Mackie USB Driver v4.67.0 (HKLM-x32\...\Software_LOUD Technologies Inc._loudusbaudio_Setup) (Version: 4.67.0 - LOUD Technologies Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
MH Thump version 2.0.2 (HKLM\...\MH Thump_is1) (Version: 2.0.2 - Metric Halo)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13628.20274 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.65 - )
Microsoft OneDrive (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Teams) (Version: 1.3.00.26064 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM-x32\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation)
MJUCjr version 1.2.0.0 (HKLM\...\MJUCjr_is1) (Version: 1.2.0.0 - )
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.6.0.513 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.12.1.129 - Native Instruments)
Native Instruments Traktor DJ 2 (HKLM-x32\...\Native Instruments Traktor DJ 2) (Version: 2.4.1.478 - Native Instruments)
Neutron 3 Elements (HKLM-x32\...\Neutron 3 Elements) (Version: 3.1.1 - iZotope, Inc.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Oracle version 1.0.2 (HKLM\...\Oracle_is1) (Version: 1.0.2 - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.91.46291 - Electronic Arts, Inc.)
Overtone version 1.0.1 (HKLM\...\Overtone_is1) (Version: 1.0.1 - )
Ozone 9 Elements (HKLM\...\Ozone 9 Elements) (Version: 9.1.0 - iZotope, Inc.)
PACE License Support Win64 (HKLM\...\{CDDC4CA3-FBF0-46c3-8EB1-B001EA7FDA55}) (Version: 5.2.1.3096 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{CDDC4CA3-FBF0-46c3-8EB1-B001EA7FDA55}) (Version: 5.2.1.3096 - PACE Anti-Piracy, Inc.)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
Percolate version 1.0.1 (HKLM\...\Percolate_is1) (Version: 1.0.1 - )
Phoscyon 1.9.5 (64bit) (HKLM\...\{D32B89DD-B8E6-4443-9BB2-97290BA4B8A8}) (Version: 1.9.5.0 - D16 Group Audio Software)
PlanetSide 2 (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Product Portal (HKLM-x32\...\Product Portal) (Version:  - iZotope, Inc.)
Pulsar Smasher (HKLM-x32\...\9F5698D7-A1EA-4593-BB9A-E59A7437023E_is1) (Version: 1.0.3 - Pulsar Audio)
PunchBox (64bit) (HKLM\...\{1450ADD8-4144-45AE-96EC-98970124D3A4}) (Version: 1.0.6.0 - D16 Group Audio Software)
Radio version 1.1.5 (HKLM\...\Radio_is1) (Version: 1.1.5 - )
REDlauncher (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Reference 4 AAX plugin for ProTools 10 (HKLM-x32\...\{4046F39E-98E9-4DFA-B3AC-F83288B5BC93}) (Version: 4.4.6.20 - Sonarworks)
Reference 4 AAX plugin for ProTools 11/12 (HKLM\...\{0DA8484E-B284-4944-AE41-C3EED4884CC8}) (Version: 4.4.6.20 - Sonarworks)
Reference 4 RTAS plugin (HKLM-x32\...\{C5ADB05C-F758-4C70-998F-900C693CB29E}) (Version: 4.4.5.51 - Sonarworks)
Reference 4 VST plugin (32-bit) (HKLM-x32\...\{251D830E-D913-45AB-ADA7-19751C649EE3}) (Version: 4.4.6.20 - Sonarworks)
Reference 4 VST plugin (64-bit) (HKLM\...\{5F524C89-B8AE-49DB-9828-D5233294CCDD}) (Version: 4.4.6.20 - Sonarworks)
rekordbox 6.0.3 64bit (HKLM\...\Pioneer rekordbox 6.0.3) (Version: 6.0.3.0003 - AlphaTheta)
RICOH SP 150 (HKLM-x32\...\{236068F9-94B6-45CD-A6BE-3BF03170AAB8}) (Version: 1.045.00 - Ricoh Co., Ltd.) Hidden
RICOH SP 150 (HKLM-x32\...\InstallShield_{236068F9-94B6-45CD-A6BE-3BF03170AAB8}) (Version: 1.045.00 - Ricoh Co., Ltd.)
RX 7 Elements (HKLM-x32\...\RX 7 Audio Editor) (Version: 7.01 - iZotope, Inc.)
Sonarworks Reference 4 Systemwide (HKLM\...\{8760905F-8968-46EF-ADF3-7CFF91CE9952}) (Version: 4.4.6.20 - Sonarworks)
Spitfire Audio (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.2.12 - Spitfire Audio Holdings Ltd)
SPL Free Ranger 1.14.1 (HKLM\...\SPL Free Ranger_is1) (Version: 1.14.1 - Plugin Alliance)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
STL Ignite - Emissary Plug-In Bundle (HKLM\...\STL Ignite - Emissary Plug-In Bundle_is1) (Version: 2.0.2 - )
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SyS Audioresearch notomizer (HKLM-x32\...\Notomizer_v1.1) (Version:  - )
SyS Audioresearch Ton-Geraet I (HKLM-x32\...\Ton-Geraet I) (Version:  - )
TAL-Chorus-LX (64bit) (HKLM\...\{AD82F5D9-5FF3-497E-94E1-752DBB38E5D4}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Filter-2 (64bit) (HKLM\...\{248546B8-D8A9-44AD-B60C-0B599D8E5265}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-NoiseMaker (64bit) (HKLM\...\{75E692A0-5118-4BE0-98CE-649A21B7C76A}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Reverb-4 (64bit) (HKLM\...\{91FB3C47-132B-402A-AC35-E9B5588AC257}) (Version: 1.3.7 - TAL - Togu Audio Line)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.13.6 - TeamViewer)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version:  - Electronic Arts, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 112.3 - Ubisoft)
UVI Portal 1.2.4 (HKLM-x32\...\UVI Portal_is1) (Version: 1.2.4 - UVI)
UVI Workstation x64 3.0.11 (HKLM\...\UVI Workstation x64_is1) (Version: 3.0.11 - UVI)
ValhallaFreqEcho version 1.0.5 (HKLM-x32\...\{86164718-6457-42DE-8DB6-EA05F7045F2C}_is1) (Version: 1.0.5 - Valhalla DSP, LLC)
ValhallaSupermassive version 1.0.0 (HKLM-x32\...\{32E5DA92-251F-41D5-93E1-450C00D0B159}_is1) (Version: 1.0.0 - Valhalla DSP, LLC)
Venom version 1.0.0 (HKLM\...\Venom_is1) (Version: 1.0.0 - W.A. Production)
VG-CARBON 1.0.1 (HKLM\...\98ba8073-3012-43fc-a569-31a2d3c9fd80_is1) (Version: 1.0.1 - UJAM)
vmpc version 1.1 (HKLM\...\vmpc_is1) (Version: 1.1 - )
Vocal Splitter version 2.0.1 (HKLM\...\Vocal Splitter_is1) (Version: 2.0.1 - )
Voltage Modular (HKLM\...\Voltage Modular) (Version: 1.3.16 - Cherry Audio)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
Waves Central (HKLM\...\{ab507e17-892b-5203-838d-d58d8d09c50f}) (Version: 11.0.58 - Waves Audio Ltd)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Zoom (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\ZoomUMX) (Version: 5.4.1 (58698.1027) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-10-09] (Adobe Systems Incorporated)
Dolby Atmos for Gaming -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosforGaming_3.20500.501.0_x64__rz1tebttyb220 [2020-06-23] (Dolby Laboratories)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.50.7.0_x86__kgqvnymyfvs32 [2020-12-16] (king.com)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-02] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4251.0_x64__8wekyb3d8bbwe [2021-01-27] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-20] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-06-23] (Realtek Semiconductor Corp)
Sea of Thieves -> C:\Program Files\WindowsApps\Microsoft.SeaofThieves_2.97.2612.2_x64__8wekyb3d8bbwe [2020-12-12] (ms-resource:PublisherDisplayName)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EBA3EC031F98} -> [Creative Cloud Files] => C:\Users\nicob\Creative Cloud Files [2020-04-11 01:28]
CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\nicob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\nicob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-29] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Drivers32: [midi1] => C:\Windows\system32\KORGUM64.DRV [327088 2020-01-29] (KORG INC. -> KORG INC.)
HKLM\...\Drivers32: [midi1] => C:\Windows\SysWOW64\KORGUM64.DRV [314800 2020-01-29] (KORG INC. -> KORG INC.)

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2021-01-16 11:29 - 2021-01-28 11:30 - 000010752 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Microsoft\Edge\Application\VERSION.dll
2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 ____N (easyhook.codeplex.com) [Datei ist nicht signiert] C:\Program Files\Common Files\Dolby\DAX3\RADARHOST\EasyHook64.dll
2020-06-14 13:31 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll
2020-04-11 00:19 - 2021-01-26 20:42 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-04-11 00:19 - 2021-01-26 20:42 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\ssleay32.dll
2020-04-11 00:19 - 2021-01-26 20:42 - 001611264 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-01-26 20:43 - 2021-01-26 20:42 - 005487104 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-01-26 20:43 - 2021-01-26 20:42 - 005841920 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-01-26 20:43 - 2021-01-26 20:42 - 001179136 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-01-26 20:43 - 2021-01-26 20:42 - 000146432 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-01-26 20:43 - 2021-01-26 20:42 - 005089792 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-01-26 20:43 - 2021-01-26 20:42 - 000184832 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows\System32:tdsrset_i.gfc [5846]
AlternateDataStreams: C:\ProgramData\PACE:894E73564E31FA2E [217]
AlternateDataStreams: C:\Users\nicob\Anwendungsdaten:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\nicob\Anwendungsdaten:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\nicob\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\nicob\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.DLL [2021-01-11] (Swiss Academic Software -> Swiss Academic Software)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll => Keine Datei
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.DLL [2021-01-11] (Swiss Academic Software -> Swiss Academic Software)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\sharepoint.com -> hxxps://iwfhpotsdam-files.sharepoint.com

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2019-03-19 05:49 - 2021-01-29 12:38 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\nodejs\
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "launchOnStartup"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "Reference 4 Systemwide.exe"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "OPENVPN-GUI"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{EFCDD1BD-FD2B-47C3-A9B3-90600986D9C5}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{618674DD-18C2-494B-A0B7-F93BF49E0C19}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )

==================== Wiederherstellungspunkte =========================

22-01-2021 21:08:30 Installed Minecraft Launcher
26-01-2021 12:51:06 Installed Java(TM) SE Development Kit 15.0.2 (64-bit)

==================== Fehlerhafte Geräte im Gerätemanager ============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (01/29/2021 12:39:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 7.3.F.4.3.E.2.2.C.9.E.A.D.E.4.C.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-8GVFC0U-2.local.

Error: (01/29/2021 12:39:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.23:5353   23 7.3.F.4.3.E.2.2.C.9.E.A.D.E.4.C.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-8GVFC0U.local.

Error: (01/29/2021 12:39:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 23.178.168.192.in-addr.arpa. PTR DESKTOP-8GVFC0U-2.local.

Error: (01/29/2021 12:39:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.23:5353   23 23.178.168.192.in-addr.arpa. PTR DESKTOP-8GVFC0U.local.

Error: (01/29/2021 12:39:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-8GVFC0U.local already in use; will try DESKTOP-8GVFC0U-2.local instead

Error: (01/29/2021 12:39:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 DESKTOP-8GVFC0U.local. Addr 192.168.178.23

Error: (01/29/2021 12:39:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.23:5353   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:C4ED:AE9C:22E3:4F37

Error: (01/29/2021 12:39:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 DESKTOP-8GVFC0U.local. AAAA FE80:0000:0000:0000:C4ED:AE9C:22E3:4F37


Systemfehler:
=============
Error: (01/29/2021 12:39:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\system32\IntelIHVRouter08.dll

Error: (01/29/2021 12:39:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\system32\IntelIHVRouter08.dll

Error: (01/29/2021 12:39:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender Antivirus-Netzwerkinspektionsdienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (01/29/2021 12:39:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\system32\IntelIHVRouter08.dll

Error: (01/29/2021 12:38:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "System Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/29/2021 12:38:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2021 12:38:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2021 12:38:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Dynamic Tuning service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.


Windows Defender:
===================================
Date: 2021-01-28 16:58:51.009
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {8DC05A32-71A5-4133-AF75-CF031044F379}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-27 14:32:20.224
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {E7D6333B-6F0C-48DA-8D01-DBD66898C897}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-26 12:19:26.534
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {F217B4B7-1879-4D42-81F3-5CE704E96E9B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-24 22:48:43.570
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {3F6AE31A-B060-464F-80F8-45A120995300}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-21 20:35:41.809
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {00B3CBEA-2DD2-4C3F-BC6B-2E8EA82DECA6}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-29 12:39:14.891
Description: 
Fehler des Windows Defender Antivirus-Echtzeitschutz-Features.
Feature: Netzwerkinspektionssystem
Fehlercode: 0x8007041d
Fehlerbeschreibung: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. 
Ursache: Dem System fehlen erforderliche Updates zum Ausführen des Netzwerkinspektionssystems. Installieren Sie die erforderlichen Updates, und starten Sie das Gerät neu.

CodeIntegrity:
===================================

Date: 2021-01-29 12:53:34.202
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 12:53:34.201
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 12:53:34.136
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 12:53:34.135
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 12:48:42.679
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 12:48:42.678
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 12:48:42.323
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 12:48:42.322
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Speicherinformationen =========================== 

BIOS: LENOVO BHCN39WW 06/23/2020
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 16303.24 MB
Verfügbarer physikalischer RAM: 10479.73 MB
Summe virtueller Speicher: 18735.24 MB
Verfügbarer virtueller Speicher: 11063.53 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:953.24 GB) (Free:493.43 GB) NTFS

\\?\Volume{6f244b36-6b8f-4242-a2b6-8c22800c7990}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{946f9023-b43b-4e8a-92a8-9e753af490c2}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: D9FA2484)

Partition: GPT.

==================== Ende von Addition.txt =======================
         

Mehr ist in der Logdatei Search.txt nicht drinnen?
Gut gemacht!
So machen wir jetzt auch weiter.





Schritt 1

• Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
• Kopiere den gesamten Inhalt der folgenden Code-Box:
  
  Code: Alles auswählenAufklappen

  ATTFilter

  Start::
  HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [GalaxyClient] => [X]
  HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [AdobeBridge] => [X]
  Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
  AlternateDataStreams: C:\Windows\System32:tdsrset_i.gfc [5846]
  AlternateDataStreams: C:\ProgramData\PACE:894E73564E31FA2E [217]
  AlternateDataStreams: C:\Users\nicob\Anwendungsdaten:6699d3ee8dd9cf775caae782c8f44f03 [394]
  AlternateDataStreams: C:\Users\nicob\Anwendungsdaten:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
  AlternateDataStreams: C:\Users\nicob\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
  AlternateDataStreams: C:\Users\nicob\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
  StartBatch:
  FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}.xpi" RD /S /Q "%%a" )
  FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\c????????????????????????????????rx" RD /S /Q "%%a" )
  FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\x????????????????????????????????ml" RD /S /Q "%%a" )
  FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}" RD /S /Q "%%a" )
  FOR /D %%a IN ("%ProgramData%\Package Cache\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}" RD /S /Q "%%a" )
  EndBatch: 
  EmptyTemp:
  End::
           

• Starte nun FRST und klicke direkt den Reparieren Button.
  Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
• Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
• Gegebenenfalls muss dein Rechner neu gestartet werden.
• Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Führe Malwarebytes' AntiMalware (MBAM) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Schritt 3
Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Bitte poste mit deiner nächsten Antwort:

• die Logdatei des FRST-Fix (fixlog.txt)
• die Logdatei von MBAM
• die Logdatei von AdwCleaner

Das war tatsächlich der gesamt6e Inhalt der Search-Datei.
Hier sind die neuen Log-Dateien:

Fixlog

Code: Alles auswählenAufklappen

ATTFilter

Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-01-2021
durchgeführt von nicob (29-01-2021 14:37:57) Run:2
Gestartet von C:\Users\nicob\Downloads
Geladene Profile: nicob
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [AdobeBridge] => [X]
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
AlternateDataStreams: C:\Windows\System32:tdsrset_i.gfc [5846]
AlternateDataStreams: C:\ProgramData\PACE:894E73564E31FA2E [217]
AlternateDataStreams: C:\Users\nicob\Anwendungsdaten:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\nicob\Anwendungsdaten:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\nicob\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\nicob\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
StartBatch:
FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}.xpi" RD /S /Q "%%a" )
FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\c????????????????????????????????rx" RD /S /Q "%%a" )
FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\x????????????????????????????????ml" RD /S /Q "%%a" )
FOR /D %%a IN ("%WINDIR%\Installer\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}" RD /S /Q "%%a" )
FOR /D %%a IN ("%ProgramData%\Package Cache\{????????-????-????-????-????????????}") DO ( IF EXIST "%%a\{????????-????-????-????-????????????}" RD /S /Q "%%a" )
EndBatch: 
EmptyTemp:

*****************

"HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => erfolgreich entfernt
"HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => erfolgreich entfernt
C:\ProgramData\NTUSER.pol => erfolgreich verschoben
C:\Windows\System32 => ":tdsrset_i.gfc" ADS erfolgreich entfernt
C:\ProgramData\PACE => ":894E73564E31FA2E" ADS erfolgreich entfernt
C:\Users\nicob\Anwendungsdaten => ":6699d3ee8dd9cf775caae782c8f44f03" ADS erfolgreich entfernt
C:\Users\nicob\Anwendungsdaten => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS erfolgreich entfernt
"C:\Users\nicob\AppData\Roaming" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS nicht gefunden.
"C:\Users\nicob\AppData\Roaming" => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS nicht gefunden.

========= Batch: =========

========= Ende von Batch: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13874567 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 218479 B
Edge => 0 B
Chrome => 29881094 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7614 B
NetworkService => 7614 B
nicob => 3219923 B

RecycleBin => 1600 B
EmptyTemp: => 54.8 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 14:38:37 ====
         

Malewarebytes-Log

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 29.01.21
Scan-Zeit: 14:43
Protokolldatei: f36532b6-6237-11eb-b38b-f875a4243d4f.json

-Softwaredaten-
Version: 4.3.0.98
Komponentenversion: 1.0.1157
Version des Aktualisierungspakets: 1.0.36397
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 18362.1316)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-8GVFC0U\nicob

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 344655
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 2 Min., 50 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
         

ADWCleaner-Log

Code: Alles auswählenAufklappen

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build:    01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-29-2021
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  5
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.LenovoServiceBridge   Folder   C:\Users\nicob\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Deleted       Preinstalled.LenovoServiceBridge   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Deleted       Preinstalled.LenovoUpdate   Folder   C:\Program Files (x86)\LENOVO\SYSTEM UPDATE
Deleted       Preinstalled.LenovoUpdate   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08}
Deleted       Preinstalled.LenovoUpdate   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2084 octets] - [24/01/2021 16:32:46]
AdwCleaner[C00].txt - [1780 octets] - [24/01/2021 16:33:23]
AdwCleaner[S01].txt - [2097 octets] - [24/01/2021 16:40:24]
AdwCleaner[C01].txt - [1715 octets] - [24/01/2021 16:40:36]
AdwCleaner[S02].txt - [2201 octets] - [24/01/2021 16:48:18]
AdwCleaner[S03].txt - [2371 octets] - [29/01/2021 10:46:34]
AdwCleaner[C03].txt - [2087 octets] - [29/01/2021 10:46:48]
AdwCleaner[S04].txt - [2384 octets] - [29/01/2021 14:47:19]
AdwCleaner[S05].txt - [2445 octets] - [29/01/2021 15:13:50]
AdwCleaner[S06].txt - [2506 octets] - [29/01/2021 15:14:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C06].txt ##########
         

Sehr gut!
Wir haben es bald geschafft.
Tipps, etc. gibts dann am Ende.






Schritt 1
Führe Emsisoft Emergency Kit (EEK) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.






Schritt 2

• Starte FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
• FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
• Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort:

• die Logdatei von EEK
• die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)

Das klingt super.
Hier die neuen Logs:

EEK-Log

Code: Alles auswählenAufklappen

ATTFilter

Emsisoft Emergency Kit – Version 2021.1
Letztes Update: 29.01.2021 17:16:09
Eigene DESKTOP-8GVFC0U\nicob
 DESKTOP-8GVFC0U
 Windows 10x64 

Scan-Einstellungen:

Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Spuren, Dateien

PUPs-Erkennung: An
Archive scannen: Aus
E-Mail-Archive scannen: Aus
ADS-Scan: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	29.01.2021 17:16:13

Gescannt:	82076
Gefunden	0

Scan-Ende:	29.01.2021 17:16:53
Scan-Zeit:	0:00:40
         

FRST


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
durchgeführt von nicob (Administrator) auf DESKTOP-8GVFC0U (LENOVO 81SX) (29-01-2021 17:17:59)
Gestartet von C:\Users\nicob\Downloads
Geladene Profile: nicob
Platform: Windows 10 Pro Version 1909 18363.1316 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <3>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\Display.NvContainer\NVDisplay.Container.exe <2>
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1076728 2020-03-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Overbridge Engine] => C:\Program Files\Elektron Overbridge\Overbridge Engine.exe [4349928 2020-04-07] (Elektron Music Machines MAV AB -> Elektron Music Machines MAV AB)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-10-09] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [KORG USB-MIDI Driver] => C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper.exe [394176 2020-01-29] (KORG INC. -> KORG Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-10-12] (Adobe Inc. -> )
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [100580600 2020-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [Discord] => C:\Users\nicob\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680712 2021-01-12] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [launchOnStartup] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13971528 2020-05-15] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [Reference 4 Systemwide.exe] => C:\Program Files\Sonarworks\Reference 4\Systemwide\Reference 4 Systemwide.exe [20951552 2020-10-28] (Sonarworks) [Datei ist nicht signiert]
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Run: [com.squirrel.splice.Splice] => C:\Users\nicob\AppData\Local\splice\app-3.6.41\Splice.exe
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\MountPoints2: {0acaf2a2-95ca-11ea-a8c4-4c1d9634830b} - "D:\AutoRun.exe" 
HKLM\...\Windows x64\Print Processors\RXEG9pps: C:\Windows\System32\spool\prtprocs\x64\RXEG9pps.dll [34816 2015-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh Co., Ltd.)
HKLM\...\Print\Monitors\RICOH SP 150_150w Language Monitor: C:\Windows\system32\RXEG9lm.dll [27648 2016-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh Co., Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-29] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mackie USB Driver Control Panel Autostart.lnk [2020-04-14]
ShortcutTarget: Mackie USB Driver Control Panel Autostart.lnk -> C:\Program Files\LOUD Technologies Inc\Mackie USB Driver\W10_x64\Mackie_CplApp.exe (Thesycon Software Solutions GmbH & Co. KG -> )
Startup: C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2021-01-23]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {05CB983A-9ABE-4A8E-963C-A3A1F049A03F} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {06ABBC08-565B-44A4-87B5-B69F7E288216} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-29] (Google LLC -> Google LLC)
Task: {0CD983D0-0C7C-4AFD-9C8E-3226B03665A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-29] (Google LLC -> Google LLC)
Task: {1DBE581A-C52E-4B03-BEDA-C5D7CC6E1078} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1F9CBE25-D972-48FB-8524-E47E92568E0D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {250AEB50-4F60-4BB4-9103-76EB6981756A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {290EE04B-8631-4E2E-AC9E-667AAAFEAC81} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C8E5446-137B-4899-A8AC-EB70D0123FBF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {37D6DE04-3BB9-4C2E-A653-568845E92828} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {442B9A07-52EB-4379-B5E2-2054FE92E406} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {57C55928-2180-4130-9FDF-5F01F2D4C6E4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {58A6AC90-F2BB-4829-A623-8E0359D82EEA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5A23B923-2953-4A9A-82DB-C400440C6571} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {6268243E-19CB-487D-968C-32953606E125} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3787991472-4217386366-3756147439-1001 => C:\Users\nicob\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
Task: {730DD0EE-5845-4146-B4DB-85ED6B0EBAC3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {750F7CFA-D447-487A-B868-FF0381DCAE40} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {A7494FDC-1FE7-4F34-8CA0-8A596ABC1F0D} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {A8D945B5-A6EA-402C-82A2-EBE66E774190} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {AFAE9974-DD1C-4719-BE05-81E7CEAB7700} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1A24E54-72A9-427F-9036-7FF33F6D54AE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4C0007A-599D-4AD9-B1BC-FDF18041AE8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {BEA79284-8B8C-43A0-A968-CFBB19D25A2D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE9634B9-BC02-403E-9A42-C10AA11F44C5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E1EB621B-13F3-41DC-8C3C-816F054D0343} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {F58A5316-C646-4957-874F-D6781BE81502} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{07803f80-76fc-418f-9c34-2e2fa1e54fcc}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Profile: C:\Users\nicob\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-29]
Edge Extension: (Citavi Picker) - C:\Users\nicob\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-01-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]

FireFox:
========
FF DefaultProfile: 3aynihbu.default
FF ProfilePath: C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\3aynihbu.default [2021-01-29]
FF ProfilePath: C:\Users\nicob\AppData\Roaming\Mozilla\Firefox\Profiles\qye9aok8.default-release [2021-01-29]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [Keine Datei]
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-10-09] (Adobe Inc. -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-10-09] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [Datei ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default [2021-01-29]
CHR Extension: (Präsentationen) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-29]
CHR Extension: (Just Black) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2021-01-29]
CHR Extension: (Docs) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-29]
CHR Extension: (Google Drive) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-29]
CHR Extension: (YouTube) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-29]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Tabellen) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-29]
CHR Extension: (Unpaywall) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2021-01-29]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Citavi Picker) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2021-01-29]
CHR Extension: (Google Mail) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\nicob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-10-09] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2020-10-20] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8902024 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
S2 DolbyDAXAPI; C:\Windows\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-08-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 FMAPOService; C:\Windows\System32\FMService64.exe [359808 2019-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1748552 2020-05-15] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-27] (GOG Sp. z o.o. -> GOG.com)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-26] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-01-26] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2020-10-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation
S3 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [Datei ist nicht signiert]
S4 epp; C:\EEK\bin64\epp.sys [155112 2020-10-27] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-01-29] (Malwarebytes Corporation -> Malwarebytes)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [43440 2020-01-29] (KORG INC. -> KORG INC.)
S3 loudusbaudio; C:\Windows\System32\drivers\loudusbaudio.sys [374824 2019-10-10] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 loudusbaudioks; C:\Windows\System32\drivers\loudusbaudioks.sys [53800 2019-10-10] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220600 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-29] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142440 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 sonarworks_VirtualDevice; C:\Windows\System32\drivers\sonarworks.sys [442416 2020-10-23] (SIA Sonarworks -> Sonarworks)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [812208 2020-10-23] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 UniSafe; C:\Windows\system32\drivers\UniSafe.sys [581912 2020-10-23] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [74048 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2719256 2020-11-21] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-01-29 17:17 - 2021-01-29 17:18 - 000026530 _____ C:\Users\nicob\Downloads\FRST.txt
2021-01-29 17:17 - 2021-01-29 17:17 - 000000970 _____ C:\Users\nicob\Desktop\scan_210129-171613.txt
2021-01-29 17:17 - 2021-01-29 17:17 - 000000000 ____D C:\Users\nicob\Downloads\3
2021-01-29 17:15 - 2021-01-29 17:17 - 000000000 ____D C:\EEK
2021-01-29 17:15 - 2021-01-29 17:15 - 000000000 ____D C:\ProgramData\Emsisoft
2021-01-29 17:13 - 2021-01-29 17:14 - 316637160 _____ C:\Users\nicob\Downloads\EmsisoftEmergencyKit.exe
2021-01-29 16:19 - 2021-01-29 16:19 - 000000000 ____D C:\Users\nicob\AppData\LocalLow\IGDump
2021-01-29 14:46 - 2021-01-29 14:46 - 008457584 _____ (Malwarebytes) C:\Users\nicob\Downloads\adwcleaner_8.0.9.1 (1).exe
2021-01-29 14:42 - 2021-01-29 14:42 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-29 14:42 - 2021-01-29 14:42 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-01-29 14:42 - 2021-01-29 14:42 - 000142440 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-01-29 14:42 - 2021-01-29 14:42 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-01-29 14:42 - 2021-01-29 14:41 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-01-29 14:37 - 2021-01-29 14:37 - 000000000 ____D C:\Users\nicob\Downloads\2
2021-01-29 13:06 - 2021-01-29 13:06 - 000003630 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-29 13:06 - 2021-01-29 13:06 - 000003506 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-29 13:06 - 2021-01-29 13:06 - 000002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-29 13:06 - 2021-01-29 13:06 - 000002274 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-29 13:06 - 2021-01-29 13:06 - 000002274 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-29 13:06 - 2021-01-29 13:06 - 000000000 ____D C:\Program Files\Google
2021-01-29 12:30 - 2021-01-29 12:30 - 000000000 ____D C:\Users\nicob\Downloads\Neuer Ordner
2021-01-29 11:11 - 2021-01-29 17:18 - 000000000 ____D C:\FRST
2021-01-29 10:57 - 2021-01-29 14:42 - 000220600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-29 10:57 - 2021-01-29 14:42 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-29 10:57 - 2021-01-29 14:41 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-29 10:56 - 2021-01-29 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-29 10:56 - 2021-01-29 10:56 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-29 10:55 - 2021-01-29 10:55 - 002297856 _____ (Farbar) C:\Users\nicob\Downloads\FRST64.exe
2021-01-29 10:45 - 2021-01-29 10:45 - 008457584 _____ (Malwarebytes) C:\Users\nicob\Downloads\adwcleaner_8.0.9.1.exe
2021-01-28 15:06 - 2021-01-28 15:06 - 000187987 _____ C:\Users\nicob\Desktop\Immatrikulationsbescheinigung_2170400_WS2020.pdf
2021-01-28 14:26 - 2021-01-28 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-28 14:19 - 2021-01-28 14:19 - 000055901 _____ C:\Users\nicob\Desktop\fhp_2021-01-28_14191613449147788340159481.pdf
2021-01-28 14:13 - 2021-01-28 14:13 - 000112532 _____ C:\Users\nicob\Desktop\BARMER_Mitgliedsbescheinigung_V348701228.pdf
2021-01-28 14:01 - 2021-01-28 14:01 - 001175341 _____ C:\Users\nicob\Desktop\Personalfragebogen.pdf
2021-01-27 13:35 - 2021-01-27 13:36 - 000766521 _____ C:\Users\nicob\Desktop\MasterArbeit.pdf
2021-01-26 19:31 - 2021-01-26 19:31 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Sublime Text 3
2021-01-26 19:31 - 2021-01-26 19:31 - 000000000 ____D C:\Users\nicob\AppData\Local\Sublime Text 3
2021-01-26 19:30 - 2021-01-26 19:30 - 000000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2021-01-26 19:30 - 2021-01-26 19:30 - 000000000 ____D C:\Program Files\Sublime Text 3
2021-01-26 19:19 - 2021-01-26 19:30 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2021-01-26 19:19 - 2021-01-26 19:20 - 000000000 ____D C:\Users\nicob\.atom
2021-01-26 19:19 - 2021-01-26 19:19 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Atom
2021-01-26 19:18 - 2021-01-26 19:30 - 000000000 ____D C:\Users\nicob\AppData\Local\atom
2021-01-26 19:10 - 2021-01-26 19:10 - 000000000 ____D C:\Users\nicob\eclipse-workspace
2021-01-26 13:59 - 2021-01-26 14:00 - 000000000 ____D C:\Users\nicob\.webclipse
2021-01-26 12:58 - 2021-01-26 12:58 - 000000000 ____D C:\Users\nicob\.tooling
2021-01-26 12:57 - 2021-01-26 12:57 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2021-01-26 12:55 - 2021-01-26 19:18 - 000000000 ___RD C:\Users\nicob\Desktop\Coding
2021-01-26 12:53 - 2021-01-26 12:53 - 000000000 ____D C:\Users\nicob\eclipse
2021-01-26 12:52 - 2021-01-26 19:11 - 000000000 ____D C:\Users\nicob\.p2
2021-01-26 12:52 - 2021-01-26 12:58 - 000000000 ____D C:\Users\nicob\.eclipse
2021-01-26 12:51 - 2021-01-26 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-01-26 12:51 - 2021-01-26 12:51 - 000000000 ____D C:\Program Files\Common Files\Oracle
2021-01-25 12:14 - 2021-01-26 12:06 - 000000000 ____D C:\Users\nicob\Desktop\Pimp my Van
2021-01-24 17:36 - 2021-01-24 17:36 - 000000000 ____D C:\Users\nicob\AppData\Local\Maine
2021-01-24 16:49 - 2021-01-29 13:06 - 000000000 ____D C:\Users\nicob\AppData\Local\Google
2021-01-24 16:32 - 2021-01-24 16:33 - 000000000 ____D C:\AdwCleaner
2021-01-23 10:13 - 2021-01-23 10:13 - 000000000 ____D C:\Program Files (x86)\LifeInTheWoodsRenaissanceLauncher
2021-01-23 10:12 - 2021-01-23 10:12 - 000000000 ____D C:\Users\nicob\AppData\LocalLow\Oracle
2021-01-22 23:48 - 2021-01-26 18:24 - 000000000 ____D C:\Program Files\Java
2021-01-22 23:48 - 2021-01-26 12:51 - 000069264 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2021-01-22 23:48 - 2021-01-26 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-01-22 23:45 - 2021-01-22 23:45 - 000000000 ____D C:\Users\nicob\Documents\curseforge
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Sun
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\Users\nicob\AppData\LocalLow\Sun
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\Users\nicob\.oracle_jre_usage
2021-01-22 22:56 - 2021-01-22 22:56 - 000000000 ____D C:\ProgramData\Oracle
2021-01-22 21:29 - 2021-01-22 21:29 - 000000000 ____D C:\Users\nicob\AppData\Local\mbam
2021-01-22 21:08 - 2021-01-22 23:50 - 000000000 ____D C:\Users\nicob\AppData\Roaming\.minecraft
2021-01-19 23:04 - 2021-01-19 23:04 - 000000000 ____D C:\Users\nicob\Documents\STAR WARS Battlefront II
2021-01-19 23:04 - 2021-01-19 23:04 - 000000000 ____D C:\Users\nicob\AppData\Local\STAR WARS Battlefront II
2021-01-18 22:44 - 2021-01-18 22:44 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-01-18 22:44 - 2021-01-18 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS Battlefront II
2021-01-18 14:51 - 2021-01-18 14:51 - 000000000 ____D C:\Windows\LastGood.Tmp
2021-01-18 14:49 - 2021-01-04 15:49 - 001855192 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 001855192 _____ C:\Windows\system32\vulkaninfo.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-01-18 14:49 - 2021-01-04 15:49 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-18 14:49 - 2021-01-04 15:49 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001454488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001193880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001094880 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-01-18 14:49 - 2021-01-04 15:48 - 001094880 _____ C:\Windows\system32\vulkan-1.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 001512856 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 001165720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000690072 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-01-18 14:49 - 2021-01-04 15:46 - 000680856 _____ C:\Windows\system32\nvofapi64.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000673688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000610712 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000559000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-01-18 14:49 - 2021-01-04 15:46 - 000548248 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 008262552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 007393176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 004612504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 002731928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 002104216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 001589144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 000813976 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 000657816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-01-18 14:49 - 2021-01-04 15:45 - 000447384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-01-18 14:49 - 2021-01-04 15:44 - 000850840 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-01-18 14:49 - 2021-01-04 15:43 - 006071032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-01-18 14:49 - 2020-12-31 15:01 - 000084159 _____ C:\Windows\system32\nvinfo.pb
2021-01-17 11:33 - 2021-01-18 13:47 - 000020198 _____ C:\Users\nicob\Desktop\Diagramm.xlsx
2021-01-16 13:22 - 2021-01-16 13:22 - 000000000 ____D C:\Users\Public\Documents\Blackmagic Design
2021-01-16 13:22 - 2021-01-16 13:22 - 000000000 ____D C:\Users\nicob\Documents\Blackmagic Design
2021-01-16 13:21 - 2021-01-16 13:21 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Blackmagic Design
2021-01-16 13:16 - 2021-01-16 13:16 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-01-16 13:16 - 2021-01-16 13:16 - 000000000 ____D C:\ProgramData\Blackmagic Design
2021-01-16 13:15 - 2021-01-16 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-01-16 13:15 - 2021-01-16 13:17 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design
2021-01-16 13:15 - 2021-01-16 13:15 - 000000000 ____D C:\Program Files\Blackmagic Design
2021-01-16 13:11 - 2021-01-16 14:35 - 000000000 ___RD C:\Users\nicob\Desktop\Video
2021-01-16 12:25 - 2021-01-16 12:25 - 000012773 _____ C:\ProgramData\sokqucqi.nri
2021-01-16 12:25 - 2021-01-16 12:25 - 000000000 ____D C:\Users\nicob\AppData\Local\VideoEditor
2021-01-16 12:25 - 2021-01-16 12:25 - 000000000 ____D C:\Users\nicob\AppData\Local\CrashRpt
2021-01-16 11:42 - 2021-01-16 11:42 - 000000000 ____D C:\Users\nicob\Documents\Audacity
2021-01-16 11:19 - 2021-01-19 20:23 - 000000000 ____D C:\Users\nicob\AppData\Roaming\audacity
2021-01-16 11:19 - 2021-01-16 11:19 - 000000000 ____D C:\Users\nicob\AppData\Roaming\npm
2021-01-16 11:19 - 2021-01-16 11:19 - 000000000 ____D C:\Users\nicob\AppData\Local\Audacity
2021-01-16 10:02 - 2021-01-16 10:02 - 000001026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2021.lnk
2021-01-16 09:58 - 2021-01-16 09:58 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2021-01-15 09:07 - 2021-01-15 09:07 - 000576512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-15 09:07 - 2021-01-15 09:07 - 000568320 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-15 09:07 - 2021-01-15 09:07 - 000502784 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-01-15 09:07 - 2021-01-15 09:07 - 000500224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-15 09:07 - 2021-01-15 09:07 - 000455680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-15 09:07 - 2021-01-15 09:07 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-15 09:07 - 2021-01-15 09:07 - 000151040 _____ C:\Windows\system32\uwfcsp.dll
2021-01-15 09:07 - 2021-01-15 09:07 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-15 09:07 - 2021-01-15 09:07 - 000094720 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-15 09:07 - 2021-01-15 09:07 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-15 09:07 - 2021-01-15 09:07 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-15 09:07 - 2021-01-15 09:07 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-15 09:07 - 2021-01-15 09:07 - 000053248 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 002590720 _____ C:\Windows\system32\dwmscene.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 001841152 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 001101312 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000696832 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-15 09:06 - 2021-01-15 09:06 - 000555008 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000549888 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-15 09:06 - 2021-01-15 09:06 - 000331264 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000294912 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-15 09:06 - 2021-01-15 09:06 - 000266752 _____ C:\Windows\system32\HeatCore.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000208384 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000186368 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-15 09:06 - 2021-01-15 09:06 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-15 09:06 - 2021-01-15 09:06 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-15 09:06 - 2021-01-15 09:06 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth18.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth17.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth16.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth15.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2021-01-15 09:06 - 2021-01-15 09:06 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2021-01-15 09:05 - 2021-01-15 09:05 - 000540672 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-15 09:05 - 2021-01-15 09:05 - 000453632 _____ C:\Windows\system32\ssdm.dll
2021-01-15 09:05 - 2021-01-15 09:05 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-15 09:05 - 2021-01-15 09:05 - 000164864 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-15 09:05 - 2021-01-15 09:05 - 000061440 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-05 15:39 - 2021-01-05 15:41 - 000000000 ____D C:\ProgramData\Acon Digital
2021-01-05 15:39 - 2021-01-05 15:39 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Acon Digital
2021-01-05 15:39 - 2021-01-05 15:39 - 000000000 ____D C:\Program Files\Acon Digital

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-01-29 16:50 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-29 15:23 - 2020-11-11 14:51 - 000000000 ____D C:\Users\nicob\Documents\Citavi 6
2021-01-29 15:16 - 2020-04-10 23:41 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-29 15:15 - 2020-04-12 11:38 - 000000000 ____D C:\ProgramData\PACE
2021-01-29 15:15 - 2020-04-10 23:56 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-01-29 14:45 - 2020-04-10 23:41 - 001724292 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-29 14:45 - 2019-03-19 13:16 - 000746852 _____ C:\Windows\system32\perfh007.dat
2021-01-29 14:45 - 2019-03-19 13:16 - 000151124 _____ C:\Windows\system32\perfc007.dat
2021-01-29 14:45 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2021-01-29 14:42 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-01-29 14:40 - 2020-04-11 01:28 - 000000000 ___RD C:\Users\nicob\Creative Cloud Files
2021-01-29 14:39 - 2020-04-12 10:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-29 14:39 - 2020-04-11 00:13 - 000000134 _____ C:\Windows\system32\regtest.txt
2021-01-29 14:39 - 2020-04-10 23:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-29 14:39 - 2019-03-19 05:37 - 000786432 _____ C:\Windows\system32\config\BBI
2021-01-29 14:08 - 2020-04-10 23:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-29 13:15 - 2020-04-21 09:45 - 000000000 ____D C:\Users\nicob\AppData\Local\CrashDumps
2021-01-29 13:06 - 2020-04-10 23:40 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-29 12:55 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2021-01-29 12:38 - 2020-04-11 00:08 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-29 12:38 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-01-29 12:38 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2021-01-29 00:19 - 2020-04-10 23:36 - 000000000 ____D C:\Users\nicob
2021-01-28 22:09 - 2020-04-11 00:15 - 000000000 ____D C:\Users\nicob\AppData\Roaming\discord
2021-01-28 22:09 - 2020-04-10 23:53 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-28 14:26 - 2020-10-11 14:12 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-01-28 14:26 - 2020-10-11 14:12 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-01-28 14:26 - 2020-10-11 14:06 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-27 11:15 - 2020-04-10 23:47 - 000000000 ____D C:\Users\nicob\AppData\Local\LenovoServiceBridge
2021-01-27 00:09 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-26 21:46 - 2020-04-11 00:17 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Origin
2021-01-26 21:46 - 2020-04-11 00:17 - 000000000 ____D C:\ProgramData\Origin
2021-01-26 21:32 - 2020-04-12 10:18 - 000000000 ____D C:\Users\nicob\AppData\Roaming\TeamViewer
2021-01-26 20:43 - 2020-08-23 17:18 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-01-26 20:43 - 2020-04-11 00:19 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-26 20:43 - 2020-04-11 00:17 - 000000000 ____D C:\Users\nicob\AppData\Local\Origin
2021-01-26 19:50 - 2020-04-18 17:35 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Elektron Transfer
2021-01-26 19:38 - 2020-04-10 23:48 - 000000000 ___RD C:\Users\nicob\Desktop\Rechnungen
2021-01-26 19:19 - 2020-04-11 00:15 - 000000000 ____D C:\Users\nicob\AppData\Local\SquirrelTemp
2021-01-26 19:14 - 2020-04-11 01:30 - 000000000 ___RD C:\Users\nicob\Desktop\Bildbearbeitung
2021-01-26 19:00 - 2020-11-02 12:40 - 000000000 ____D C:\Program Files\OpenVPN
2021-01-24 17:31 - 2020-11-11 14:51 - 000000000 ____D C:\ProgramData\Swiss Academic Software
2021-01-24 17:31 - 2020-11-11 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 6
2021-01-24 17:31 - 2020-05-29 14:57 - 000000000 ____D C:\Users\nicob\AppData\Local\Downloaded Installations
2021-01-24 16:20 - 2020-04-10 23:37 - 000000000 ____D C:\Users\nicob\AppData\Local\Packages
2021-01-24 16:11 - 2020-05-15 10:26 - 000000000 ____D C:\temp
2021-01-24 16:11 - 2020-04-11 00:32 - 000000000 ____D C:\Windows\Panther
2021-01-24 15:54 - 2020-04-11 09:30 - 000000000 ____D C:\Users\nicob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-24 12:50 - 2020-04-11 01:26 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-01-23 23:25 - 2020-11-24 22:35 - 000559134 _____ C:\Users\nicob\Documents\PS-Verlaufsprotokoll.txt
2021-01-23 23:03 - 2020-10-05 18:54 - 000000000 ___RD C:\Users\nicob\Desktop\Musik
2021-01-22 23:43 - 2020-04-11 00:13 - 000000000 ____D C:\Users\nicob\AppData\Local\D3DSCache
2021-01-22 23:31 - 2020-04-10 23:50 - 000000000 ___RD C:\Users\nicob\Desktop\Games
2021-01-22 20:06 - 2020-08-23 10:10 - 000000000 ____D C:\Users\nicob\AppData\Local\Frontier_Developments
2021-01-22 17:03 - 2020-12-06 14:10 - 000000000 ____D C:\Users\nicob\Desktop\Quellen
2021-01-22 09:24 - 2020-04-11 09:44 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-01-20 22:55 - 2020-04-12 20:08 - 000000000 ____D C:\Users\nicob\AppData\Local\ElevatedDiagnostics
2021-01-20 09:36 - 2020-04-10 23:39 - 000000000 ____D C:\Users\nicob\AppData\Local\PlaceholderTileLogoFolder
2021-01-18 23:23 - 2020-05-07 00:05 - 000000000 ____D C:\Program Files\Epic Games
2021-01-18 17:19 - 2020-04-11 00:38 - 000000000 ____D C:\Users\nicob\AppData\Local\NVIDIA
2021-01-18 10:08 - 2020-10-01 18:46 - 000000000 ___RD C:\Users\nicob\Desktop\Archiv
2021-01-16 11:29 - 2020-06-26 08:31 - 000003688 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-16 11:29 - 2020-06-26 08:31 - 000003464 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-16 11:17 - 2020-04-11 00:34 - 000000000 ____D C:\Program Files\VST Plugins
2021-01-16 10:02 - 2020-04-11 01:24 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-01-16 09:45 - 2020-04-10 23:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-16 09:45 - 2020-04-10 23:37 - 000000000 ___RD C:\Users\nicob\3D Objects
2021-01-16 09:44 - 2020-04-10 23:32 - 000446400 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-16 09:44 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2021-01-16 09:44 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\LiveKernelReports
2021-01-15 22:30 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-15 22:30 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-15 22:30 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\F12
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SystemResources
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\setup
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\oobe
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\migwiz
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Dism
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Com
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellComponents
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\Provisioning
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\IME
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\bcastdvr
2021-01-15 22:30 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-15 09:12 - 2020-04-11 23:36 - 000000000 ____D C:\Windows\system32\MRT
2021-01-15 09:12 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2021-01-15 09:10 - 2020-04-11 23:36 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-01-15 09:05 - 2020-04-10 23:35 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-14 16:32 - 2020-10-06 14:29 - 000002278 ____H C:\Users\nicob\Documents\Default.rdp
2021-01-14 15:54 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-01-12 10:11 - 2020-04-11 01:24 - 000000000 ____D C:\Program Files\Adobe
2021-01-09 12:35 - 2020-06-26 08:31 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-08 11:25 - 2020-04-11 00:27 - 000000000 ____D C:\ProgramData\Adobe
2021-01-04 15:43 - 2020-04-10 23:39 - 007115280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2020-09-26 08:41 - 2020-09-26 08:41 - 000008106 _____ () C:\Program Files\Common Files\InstallationLogFile.log
2020-09-26 08:41 - 2020-09-26 08:41 - 000008637 _____ () C:\Program Files\Common Files\unins000.dat
2020-09-26 08:41 - 2020-09-26 08:39 - 002540184 _____ () C:\Program Files\Common Files\unins000.exe
2020-09-26 08:41 - 2020-09-26 08:41 - 000022837 _____ () C:\Program Files\Common Files\unins000.msg
2020-07-12 07:44 - 2020-07-12 07:46 - 000000016 _____ () C:\Users\nicob\AppData\Roaming\msregsvv.dll
2020-04-11 00:47 - 2020-04-17 17:44 - 000508758 _____ () C:\Users\nicob\AppData\Roaming\overbridge_install_log.txt
2020-04-11 01:24 - 2020-04-11 01:24 - 000000410 _____ () C:\Users\nicob\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
         

--- --- ---

[/CODE]

FRST Addition

Code: Alles auswählenAufklappen

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-01-2021
durchgeführt von nicob (29-01-2021 17:19:16)
Gestartet von C:\Users\nicob\Downloads
Windows 10 Pro Version 1909 18363.1316 (X64) (2020-04-10 22:34:09)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3787991472-4217386366-3756147439-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3787991472-4217386366-3756147439-503 - Limited - Disabled)
Gast (S-1-5-21-3787991472-4217386366-3756147439-501 - Limited - Disabled)
nicob (S-1-5-21-3787991472-4217386366-3756147439-1001 - Administrator - Enabled) => C:\Users\nicob
WDAGUtilityAccount (S-1-5-21-3787991472-4217386366-3756147439-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AAS - Lounge Lizard Session 4 (HKLM-x32\...\Lounge Lizard Session 4) (Version:  - Applied Acoustics Systems)
AAS - Strum Session 2 (HKLM-x32\...\Strum Session 2) (Version:  - Applied Acoustics Systems)
AAS - Ultra Analog Session 2 (HKLM-x32\...\Ultra Analog Session 2) (Version:  - Applied Acoustics Systems)
Ableton Live 10 Standard (HKLM\...\{5DFB3F43-0CB5-4C3D-AF4E-A02DFA66186E}) (Version: 10.0.0.0 - Ableton)
Acon Digital DeVerberate (64 bit) 2.0.7 (HKLM\...\{458357DE-C14B-4FDE-B614-7862427596C4}_is1) (Version: 2.0.7 - Acon AS)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_0_1) (Version: 11.0.1 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
AmpliTube 4 version 4.10.0 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.10.0 - IK Multimedia)
BABY Audio - I Heart NY version 1.1.0 (HKLM\...\BABY Audio - I Heart NY_is1) (Version: 1.1.0 - )
Balancer 1.0.3 (HKLM\...\{469C9553-FB7D-46A9-8A9E-AFE3D21EEFC4}_is1) (Version: 1.0.3 - focusrite)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.66.0 - Bethesda Softworks)
Blackmagic RAW Common Components (HKLM\...\{60461BA6-AFA0-4D54-AFE1-54EC717AA7D9}) (Version: 1.8.2 - Blackmagic Design)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bx_subfilter 1.5.1 (HKLM\...\bx_subfilter_is1) (Version: 1.5.1 - Plugin Alliance)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.9.03049 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{960848DA-AFA2-4067-8260-C866B7411DA4}) (Version: 4.9.03049 - Cisco Systems, Inc.) Hidden
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.8.0.0 - Swiss Academic Software)
CollaB3 version 1.0.0 (HKLM\...\CollaB3_is1) (Version: 1.0.0 - )
DaVinci Resolve (HKLM\...\{47B30418-F683-4F19-BEF9-BA5E490154BF}) (Version: 16.2.8005 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
DC1A3 version 3.2.0.0 (HKLM\...\DC1A3_is1) (Version: 3.2.0.0 - )
Denise Noize Retro version 1.0.0 (HKLM\...\Denise Noize Retro_is1) (Version: 1.0.0 - )
Denise Punisher version 1.0.0 (HKLM\...\Denise Punisher_is1) (Version: 1.0.0 - )
discoDSP OB-Xd 1.5 (HKLM\...\OBXD_is1) (Version: 1.5 - discoDSP)
Discord (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Elektron Overbridge 2.0.37.3 (HKLM\...\{E957ACC7-6E9E-4CB0-B8ED-D71D941D77A5}) (Version: 2.0.37.3 - Elektron Music Machines MAV AB)
Elektron Transfer 1.2.2.9 (HKLM\...\{D2A949AD-B13D-4455-9E63-98F826AD15E8}) (Version: 1.2.2.9 - Elektron Music Machines MAV AB)
E-License Manager (HKLM\...\{6C169D27-4A5B-41AB-815B-3B5CADD10D6F}) (Version: 1.4.0.0 - Magix) Hidden
E-License Manager (HKLM-x32\...\E-License Manager) (Version: 1.4.0.0 - Best Service)
elysia niveau filter 1.12 (HKLM\...\elysia niveau filter_is1) (Version: 1.12 - Plugin Alliance)
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Exponential Audio:: Excalibur version 4.0.2 (HKLM\...\{9BABADBE-DC2D-4EB2-A9A8-AF7E1EB57724}_is1) (Version: 4.0.2 - Exponential Audio LLC)
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
Fairlight Studio Utility (HKLM\...\{6C7FC3A1-DA64-4ACE-8F05-301CBECD5BE9}) (Version: 1.2.0.0 - Blackmagic Design)
Firefly version 1.0.1 (HKLM\...\Firefly_is1) (Version: 1.0.1 - )
Focus version 1.0.1 (HKLM\...\Focus_is1) (Version: 1.0.1 - )
Frontier (64bit) (HKLM\...\{AE40D361-16A0-48EB-98ED-317F6402A498}) (Version: 1.0.0.0 - D16 Group Audio Software)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Halls Of Fame 3 (HKLM\...\{F7F63B6D-1A00-4191-9BEC-A8A56D6F581E}) (Version: 3.1.5 - Best Service) Hidden
Halls Of Fame 3 (HKLM-x32\...\Halls Of Fame 3) (Version: 3.1.5 - Best Service)
HY-SEQ16x3v2_free version 1.1.3 (HKLM\...\HY-SEQ16x3v2_free_is1) (Version: 1.1.3 - )
IK Multimedia Authorization Manager version 1.0.26 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.26 - IK Multimedia)
Impulse Record Convology XT (HKLM-x32\...\Impulse Record Convology XT) (Version: 1.18 - Impulse Record)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{9B7D5CA0-5521-458D-88D9-AF7D9A06E753}) (Version: 11.1.072 - Intel Corporation)
IVGI2 version 2.2.0.0 (HKLM\...\IVGI2_is1) (Version: 2.2.0.0 - )
iZotope Trash 2 (HKLM-x32\...\iZotope Trash 2) (Version: 2.05d.322 - iZotope, Inc.)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java(TM) SE Development Kit 15.0.2 (64-bit) (HKLM\...\{2041CF7D-1F63-5C58-9F35-C445251E39C9}) (Version: 15.0.2.0 - Oracle Corporation)
kikzilla 1.0.1 (HKLM-x32\...\kikzilla) (Version: 1.0.1 - intelligent sounds & music)
KORG M1 Le (HKLM\...\{2D2D5665-7009-4F75-A0EA-C73F57700E36}) (Version: 1.1.0 - KORG Inc.)
KORG minilogue xd Sound Librarian (HKLM-x32\...\{3B6B7B81-23CB-4BDF-914B-B02C6D37A5F5}) (Version: 1.0.5 - KORG Inc.)
KORG USB-MIDI Driver Tools for Windows 10 (HKLM-x32\...\{C7B06DB0-64A6-436E-B473-0E0EECC5E174}) (Version: 1.15.3502 - Korg Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Mackie USB Driver v4.67.0 (HKLM-x32\...\Software_LOUD Technologies Inc._loudusbaudio_Setup) (Version: 4.67.0 - LOUD Technologies Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
MH Thump version 2.0.2 (HKLM\...\MH Thump_is1) (Version: 2.0.2 - Metric Halo)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13628.20274 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.65 - )
Microsoft OneDrive (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\Teams) (Version: 1.3.00.26064 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM-x32\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation)
MJUCjr version 1.2.0.0 (HKLM\...\MJUCjr_is1) (Version: 1.2.0.0 - )
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.6.0.513 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.12.1.129 - Native Instruments)
Native Instruments Traktor DJ 2 (HKLM-x32\...\Native Instruments Traktor DJ 2) (Version: 2.4.1.478 - Native Instruments)
Neutron 3 Elements (HKLM-x32\...\Neutron 3 Elements) (Version: 3.1.1 - iZotope, Inc.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 461.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Oracle version 1.0.2 (HKLM\...\Oracle_is1) (Version: 1.0.2 - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.91.46291 - Electronic Arts, Inc.)
Overtone version 1.0.1 (HKLM\...\Overtone_is1) (Version: 1.0.1 - )
Ozone 9 Elements (HKLM\...\Ozone 9 Elements) (Version: 9.1.0 - iZotope, Inc.)
PACE License Support Win64 (HKLM\...\{CDDC4CA3-FBF0-46c3-8EB1-B001EA7FDA55}) (Version: 5.2.1.3096 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{CDDC4CA3-FBF0-46c3-8EB1-B001EA7FDA55}) (Version: 5.2.1.3096 - PACE Anti-Piracy, Inc.)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
Percolate version 1.0.1 (HKLM\...\Percolate_is1) (Version: 1.0.1 - )
Phoscyon 1.9.5 (64bit) (HKLM\...\{D32B89DD-B8E6-4443-9BB2-97290BA4B8A8}) (Version: 1.9.5.0 - D16 Group Audio Software)
PlanetSide 2 (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Product Portal (HKLM-x32\...\Product Portal) (Version:  - iZotope, Inc.)
Pulsar Smasher (HKLM-x32\...\9F5698D7-A1EA-4593-BB9A-E59A7437023E_is1) (Version: 1.0.3 - Pulsar Audio)
PunchBox (64bit) (HKLM\...\{1450ADD8-4144-45AE-96EC-98970124D3A4}) (Version: 1.0.6.0 - D16 Group Audio Software)
Radio version 1.1.5 (HKLM\...\Radio_is1) (Version: 1.1.5 - )
REDlauncher (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Reference 4 AAX plugin for ProTools 10 (HKLM-x32\...\{4046F39E-98E9-4DFA-B3AC-F83288B5BC93}) (Version: 4.4.6.20 - Sonarworks)
Reference 4 AAX plugin for ProTools 11/12 (HKLM\...\{0DA8484E-B284-4944-AE41-C3EED4884CC8}) (Version: 4.4.6.20 - Sonarworks)
Reference 4 RTAS plugin (HKLM-x32\...\{C5ADB05C-F758-4C70-998F-900C693CB29E}) (Version: 4.4.5.51 - Sonarworks)
Reference 4 VST plugin (32-bit) (HKLM-x32\...\{251D830E-D913-45AB-ADA7-19751C649EE3}) (Version: 4.4.6.20 - Sonarworks)
Reference 4 VST plugin (64-bit) (HKLM\...\{5F524C89-B8AE-49DB-9828-D5233294CCDD}) (Version: 4.4.6.20 - Sonarworks)
rekordbox 6.0.3 64bit (HKLM\...\Pioneer rekordbox 6.0.3) (Version: 6.0.3.0003 - AlphaTheta)
RICOH SP 150 (HKLM-x32\...\{236068F9-94B6-45CD-A6BE-3BF03170AAB8}) (Version: 1.045.00 - Ricoh Co., Ltd.) Hidden
RICOH SP 150 (HKLM-x32\...\InstallShield_{236068F9-94B6-45CD-A6BE-3BF03170AAB8}) (Version: 1.045.00 - Ricoh Co., Ltd.)
RX 7 Elements (HKLM-x32\...\RX 7 Audio Editor) (Version: 7.01 - iZotope, Inc.)
Sonarworks Reference 4 Systemwide (HKLM\...\{8760905F-8968-46EF-ADF3-7CFF91CE9952}) (Version: 4.4.6.20 - Sonarworks)
Spitfire Audio (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.2.12 - Spitfire Audio Holdings Ltd)
SPL Free Ranger 1.14.1 (HKLM\...\SPL Free Ranger_is1) (Version: 1.14.1 - Plugin Alliance)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
STL Ignite - Emissary Plug-In Bundle (HKLM\...\STL Ignite - Emissary Plug-In Bundle_is1) (Version: 2.0.2 - )
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SyS Audioresearch notomizer (HKLM-x32\...\Notomizer_v1.1) (Version:  - )
SyS Audioresearch Ton-Geraet I (HKLM-x32\...\Ton-Geraet I) (Version:  - )
TAL-Chorus-LX (64bit) (HKLM\...\{AD82F5D9-5FF3-497E-94E1-752DBB38E5D4}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Filter-2 (64bit) (HKLM\...\{248546B8-D8A9-44AD-B60C-0B599D8E5265}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-NoiseMaker (64bit) (HKLM\...\{75E692A0-5118-4BE0-98CE-649A21B7C76A}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-Reverb-4 (64bit) (HKLM\...\{91FB3C47-132B-402A-AC35-E9B5588AC257}) (Version: 1.3.7 - TAL - Togu Audio Line)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.13.6 - TeamViewer)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version:  - Electronic Arts, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 112.3 - Ubisoft)
UVI Portal 1.2.4 (HKLM-x32\...\UVI Portal_is1) (Version: 1.2.4 - UVI)
UVI Workstation x64 3.0.11 (HKLM\...\UVI Workstation x64_is1) (Version: 3.0.11 - UVI)
ValhallaFreqEcho version 1.0.5 (HKLM-x32\...\{86164718-6457-42DE-8DB6-EA05F7045F2C}_is1) (Version: 1.0.5 - Valhalla DSP, LLC)
ValhallaSupermassive version 1.0.0 (HKLM-x32\...\{32E5DA92-251F-41D5-93E1-450C00D0B159}_is1) (Version: 1.0.0 - Valhalla DSP, LLC)
Venom version 1.0.0 (HKLM\...\Venom_is1) (Version: 1.0.0 - W.A. Production)
VG-CARBON 1.0.1 (HKLM\...\98ba8073-3012-43fc-a569-31a2d3c9fd80_is1) (Version: 1.0.1 - UJAM)
vmpc version 1.1 (HKLM\...\vmpc_is1) (Version: 1.1 - )
Vocal Splitter version 2.0.1 (HKLM\...\Vocal Splitter_is1) (Version: 2.0.1 - )
Voltage Modular (HKLM\...\Voltage Modular) (Version: 1.3.16 - Cherry Audio)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
Waves Central (HKLM\...\{ab507e17-892b-5203-838d-d58d8d09c50f}) (Version: 11.0.58 - Waves Audio Ltd)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Zoom (HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\ZoomUMX) (Version: 5.4.1 (58698.1027) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-10-09] (Adobe Systems Incorporated)
Dolby Atmos for Gaming -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosforGaming_3.20500.501.0_x64__rz1tebttyb220 [2020-06-23] (Dolby Laboratories)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.50.7.0_x86__kgqvnymyfvs32 [2020-12-16] (king.com)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-02] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4251.0_x64__8wekyb3d8bbwe [2021-01-27] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-20] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-06-23] (Realtek Semiconductor Corp)
Sea of Thieves -> C:\Program Files\WindowsApps\Microsoft.SeaofThieves_2.97.2612.2_x64__8wekyb3d8bbwe [2020-12-12] (ms-resource:PublisherDisplayName)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-EBA3EC031F98} -> [Creative Cloud Files] => C:\Users\nicob\Creative Cloud Files [2020-04-11 01:28]
CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\nicob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\nicob\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4ddb3cc1d1c1ca09\nvshext.dll [2021-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-10] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-29] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Drivers32: [midi1] => C:\Windows\system32\KORGUM64.DRV [327088 2020-01-29] (KORG INC. -> KORG INC.)
HKLM\...\Drivers32: [midi1] => C:\Windows\SysWOW64\KORGUM64.DRV [314800 2020-01-29] (KORG INC. -> KORG INC.)

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2020-11-11 14:50 - 2021-01-11 12:36 - 004397568 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Citavi Picker\CitaviPicker.api
2021-01-16 11:29 - 2021-01-28 11:30 - 000010752 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Microsoft\Edge\Application\VERSION.dll
2020-06-14 13:31 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\PACE:894E73564E31FA2E [1]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.DLL [2021-01-11] (Swiss Academic Software -> Swiss Academic Software)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll => Keine Datei
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.DLL [2021-01-11] (Swiss Academic Software -> Swiss Academic Software)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-28] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\sharepoint.com -> hxxps://iwfhpotsdam-files.sharepoint.com

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2019-03-19 05:49 - 2021-01-29 12:38 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\nodejs\
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "launchOnStartup"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "Reference 4 Systemwide.exe"
HKU\S-1-5-21-3787991472-4217386366-3756147439-1001\...\StartupApproved\Run: => "OPENVPN-GUI"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{EFCDD1BD-FD2B-47C3-A9B3-90600986D9C5}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => Keine Datei
FirewallRules: [{618674DD-18C2-494B-A0B7-F93BF49E0C19}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => Keine Datei
FirewallRules: [{F1D33160-3505-42B4-88A9-46875CB39376}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{33E14DF6-47AA-4263-92AC-6A721FE84B23}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B7B8BE48-6E06-40C6-B549-F0839A5E01D4}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

22-01-2021 21:08:30 Installed Minecraft Launcher
26-01-2021 12:51:06 Installed Java(TM) SE Development Kit 15.0.2 (64-bit)
29-01-2021 15:15:37 AdwCleaner_BeforeCleaning_29/01/2021_15:15:36

==================== Fehlerhafte Geräte im Gerätemanager ============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (01/29/2021 02:52:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-8GVFC0U.local already in use; will try DESKTOP-8GVFC0U-2.local instead

Error: (01/29/2021 02:52:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 DESKTOP-8GVFC0U.local. Addr 192.168.178.23

Error: (01/29/2021 02:52:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.23:5353   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:A8C2:8634:ECC4:EE8C

Error: (01/29/2021 02:52:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 DESKTOP-8GVFC0U.local. AAAA FE80:0000:0000:0000:C4ED:AE9C:22E3:4F37

Error: (01/29/2021 02:52:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.23:5353   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:A8C2:8634:ECC4:EE8C

Error: (01/29/2021 02:52:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:6499:3487:3A9C:2990

Error: (01/29/2021 02:52:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.23:5353   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:A8C2:8634:ECC4:EE8C

Error: (01/29/2021 02:52:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 DESKTOP-8GVFC0U.local. AAAA 2001:16B8:5CD9:8A00:C4ED:AE9C:22E3:4F37


Systemfehler:
=============
Error: (01/29/2021 03:15:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "System Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/29/2021 03:15:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/29/2021 03:15:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2021 03:15:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "PACE License Services" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2021 03:15:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2021 03:15:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/29/2021 03:15:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NIHardwareService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/29/2021 03:15:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Genuine Monitor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Windows Defender:
===================================
Date: 2021-01-28 16:58:51.009
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {8DC05A32-71A5-4133-AF75-CF031044F379}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-27 14:32:20.224
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {E7D6333B-6F0C-48DA-8D01-DBD66898C897}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-26 12:19:26.534
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {F217B4B7-1879-4D42-81F3-5CE704E96E9B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-24 22:48:43.570
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {3F6AE31A-B060-464F-80F8-45A120995300}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-21 20:35:41.809
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {00B3CBEA-2DD2-4C3F-BC6B-2E8EA82DECA6}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2021-01-29 12:39:14.891
Description: 
Fehler des Windows Defender Antivirus-Echtzeitschutz-Features.
Feature: Netzwerkinspektionssystem
Fehlercode: 0x8007041d
Fehlerbeschreibung: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. 
Ursache: Dem System fehlen erforderliche Updates zum Ausführen des Netzwerkinspektionssystems. Installieren Sie die erforderlichen Updates, und starten Sie das Gerät neu.

CodeIntegrity:
===================================

Date: 2021-01-29 17:15:35.924
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 17:15:35.923
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 17:15:35.807
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 17:15:35.806
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 17:15:35.708
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 17:15:35.707
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 17:15:16.898
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-29 17:15:16.897
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Speicherinformationen =========================== 

BIOS: LENOVO BHCN39WW 06/23/2020
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 16303.24 MB
Verfügbarer physikalischer RAM: 10708.15 MB
Summe virtueller Speicher: 18735.24 MB
Verfügbarer virtueller Speicher: 10806.34 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:953.24 GB) (Free:490.74 GB) NTFS

\\?\Volume{6f244b36-6b8f-4242-a2b6-8c22800c7990}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{946f9023-b43b-4e8a-92a8-9e753af490c2}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: D9FA2484)

Partition: GPT.

==================== Ende von Addition.txt =======================
         

Schritt 1

• Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
• Kopiere den gesamten Inhalt der folgenden Code-Box:
  
  Code: Alles auswählenAufklappen

  ATTFilter

  Start::
  DeleteQuarantine:
  Unlock: C:\FRST
  Reboot:
  End::
           

• Starte nun FRST und klicke direkt den Reparieren Button.
  Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
• Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
• Gegebenenfalls muss dein Rechner neu gestartet werden.
• Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Auf deinem Computer fehlt das aktuelle Funktionsupdate Version 20H2.

Zitat:

Platform: Windows 10 Pro Version 1909

• Folge dem Pfad Start > Einstellungen > Update und Sicherheit > Windows Update und klicke auf Nach Updates suchen.
• Wähle das Funktionsupdates aus, downloade und installiere es.
• Alternativ kannst du auch mit dem Update Assistenten deine Windows-Version auf den neuesten Stand bringen.
  Klicke dazu auf Jetzt aktualisieren, lade dir den Update-Assistenten herunter und führe ihn aus.

Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.


Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:

Lesestoff:
Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners

Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...
Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.


Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Vielen vielen Dank für deine Geduld und das Entfernen des Trojaners.
Der letzte Durchlauf mit FRST ist abgeschlossen und das Funktionsupdate lädt gerade herunter.
In Zukunft werde ich meine Download-Quellen definitiv besser überprüfen.

Hier der Fixlog:

Code: Alles auswählenAufklappen

ATTFilter

Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-01-2021
durchgeführt von nicob (29-01-2021 20:47:08) Run:3
Gestartet von C:\Users\nicob\Downloads
Geladene Profile: nicob
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
DeleteQuarantine:
Unlock: C:\FRST
Reboot:

*****************

"C:\FRST\Quarantine" => erfolgreich entfernt
"C:\FRST" => wurde entsperrt


Das System musste neu gestartet werden.

==== Ende von Fixlog 20:47:25 ====
         

Wir sind froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.