| |
| |||||||
Log-Analyse und Auswertung: Gootkit lt. Telekom, wonach muss ich in den LogFiles suchenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.02.2021, 22:14
| #1 |
| |  Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Laut Telekom soll auf einem unserer Rechner Gootkit sein. Leider machen die Datums-und Zeitangaben, die ich in einem Telefonanruf dann bekommen habe, keinen Sinn. Damit kann ich nur die Rechner der Reihe nach durchgehen. Auf allen Rechnern ist WIN10 drauf. Habe versucht, aus den geposteten Files was rauslesen zu können. Ist mir leider nicht gelungen. Da wir als große Familie auch ein paar mehr Rechner haben, und ich die Geschichte hier nicht ausarten lassen möchte, habe ich folgende Fragen. Kann mir jemand sagen, nach was ich in der frst.txt und addition.txt suchen muß? Was sind Hinweise auf einen Befall? Was passiert, wenn man einfach mal zur "Vorsicht" bei FRST auf Reparieren geht? Im Anhang mal noch von 2 Rechnern besagte Dateien. Wenn wirklich was drauf ist, habe ich eher den 1. Rechner im Verdacht, bin mir aber nicht sicher. Rechner 1: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-02-2021
durchgeführt von Katja (Administrator) auf DESKTOP-72DG63D (ASUSTeK COMPUTER INC. X550VXK) (04-02-2021 20:58:51)
Gestartet von D:\
Geladene Profile: Katja
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Discord Inc. -> Discord Inc.) C:\Users\Katja\AppData\Local\Discord\app-0.0.307\Discord.exe <3>
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Programme\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(INMUSIC BRANDS INC -> M-Audio) C:\Program Files (x86)\M-Audio\M-Track 8X4M\AudioDevMon.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksdeui.exe
(MAGIX AG) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Katja\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NCH Software, Inc. -> NCH Software) C:\Program Files (x86)\NCH Software\PhotoPad\photopad.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Opera Software AS -> Opera Software) C:\Users\Katja\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\wpscenter.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\wpscloudsvr.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-11-24] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [U22_XT_USBPan.exe] => U22_XT_USBPan.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ACHTUNG
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [EpicGamesLauncher] => D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-26] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Discord] => C:\Users\Katja\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Opera Browser Assistant] => C:\Users\Katja\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Katja\AppData\Local\ASUS GIFTBOX\User Data" (Der Dateneintrag hat 123 mehr Zeichen).
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Katja\AppData\Local\ASUS GIFTBOX\User Data" (Der Dateneintrag hat 123 mehr Zeichen).
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Uninstall 20.201.1005.0009\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Uninstall 20.201.1005.0009] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\20.201.1005.0009"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\MountPoints2: {14fa7206-e242-11ea-a1a1-107b443602d0} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\ricu0olm: C:\Windows\system32\ricu0olm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.146\Installer\chrmstp.exe [2021-02-04] (Google LLC -> Google LLC)
Startup: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2019-06-13]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {15553461-2314-4A24-8313-64720A14A97F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {193DA2E6-54EA-424B-AE52-56180AAF83F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1683352 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {21532607-F3D4-43B3-B4E4-D37D5E0641F3} - System32\Tasks\WpsUpdateTask_Katja => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\wtoolex\wpsupdate.exe [653992 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {26EA8E84-31FF-4A4F-8979-C943775CD602} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DB6C0B4-139B-4E0F-B31B-AC8365E534F0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19786024 2016-08-24] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {309E3EF8-8C76-4B15-8BA2-267A6707F7A7} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [1531136 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {389DC292-80F9-442C-9D2B-8D863F3BB0DA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {48B71FCF-1E7C-475F-B4BB-0F13ECF34572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {49667D5A-CD48-450C-8C02-0CC76DF53805} - System32\Tasks\WpsExternal_Katja_20200105153215 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [1285800 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {4A9E92C6-71BC-4D3A-A253-4E5BED30AB27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {507EF729-A441-47D8-9406-67BAB2B275B8} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-72DG63D-Katja => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {514823E1-3CEB-4CF2-BB8E-247EF4F1BE96} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {526B461F-F78A-4DA3-BEE2-98A3AC71F919} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
Task: {530A2AED-1596-4E51-941E-50EC3AAE014A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EE08B53-5F87-4A5E-86DF-72BD5B745C05} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1578784 2016-07-07] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [Datei ist nicht signiert]
Task: {60BD2060-BA9B-4D8F-99AA-F6618286B46E} - System32\Tasks\Opera scheduled Autoupdate 1594114837 => C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {700439AD-0AB3-4DD0-A72E-D2F57A21FF17} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16747008 2016-11-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7490A73F-CAAF-4109-9752-D8B4EFE1497A} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {7D419AF6-982D-450D-AFA0-604D61AD674E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {8360F909-7D21-44F5-8E92-5C7FB75F3303} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {874E847A-2205-4D08-9C8D-503CC5084CB4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {88E1451A-F1C5-47BC-918C-B2CAED651BFD} - System32\Tasks\Opera scheduled assistant Autoupdate 1594114845 => C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Katja\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {89A74F5F-6F3C-4F4F-BCEB-D5112F9F6805} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {984DAAFA-04CC-4CF7-9ED2-9765C6EC6DA7} - System32\Tasks\ASUS Battery Health Charging Notification => C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe [2478776 2016-11-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {9AF5EFAF-9494-482F-8013-BBD24EEA707F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {A159E453-6C69-4E9C-BBC4-9DDFCA839196} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2013264 2017-12-12] (NVIDIA Corporation -> )
Task: {AE9450CD-A96E-484A-A097-91A71670044F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF13C45B-52CE-454F-B936-433171A8EDC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5C781C4-C567-437B-8A6D-32E069B44BFF} - System32\Tasks\AdwCleaner_onReboot => //SRV-DC01/Setups/Virenscanner/adwcleaner_8.0.9.1(1).exe [8457584 2021-01-27] (Malwarebytes Inc -> Malwarebytes)
Task: {C4C864FF-EBB4-4E60-AE3B-61195E0EC7DE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {D031EDA3-3A4E-4F06-9E36-A621F355BD99} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D22A7074-279B-4B0A-9ADC-2FC199E12731} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {D402CBA4-84F3-46B8-8E45-2BADCA602FA1} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {E29396D1-54EA-4339-B0AD-04F1569B63DA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {E39B04FB-3166-494E-B519-06F60D7B1BBC} - System32\Tasks\WpsExternal_20161111081738 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [1285800 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {EB155E2A-DE4D-4BD6-97F5-07FD98330620} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {F74A871A-865E-43E3-ABBC-DA125CD0410D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\WpsExternal_20161111081738.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 10.11.100.12
Tcpip\..\Interfaces\{534d5b2c-e792-4b93-a565-cef7f7cdc6cf}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{b9c5cc92-b6cb-46af-8f47-f62d5468f69a}: [DhcpNameServer] 10.11.100.12
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2020-08-26] <==== ACHTUNG
Edge Profile: C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-01]
Edge Extension: (Kaspersky Protection) - C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-01-28]
Edge Extension: (Citavi Picker) - C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-01-06]
Edge HKU\S-1-5-21-2081738662-375674699-890820183-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]
FireFox:
========
FF DefaultProfile: x11q7e72.default-1575375523631
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 [2021-02-04]
FF Homepage: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://myfiresearch.com/homepage?hp=1&bitmask=9996&pId=CH180901FF&iDate=2018-11-09 05:55:56&bName=
FF Session Restore: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> ist aktiviert.
FF Notifications: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://adshield.me; hxxps://studip.sw.eah-jena.de
FF Extension: (AdShield) - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\Extensions\{32d829ea-7c44-4510-b199-a212400315c5}.xpi [2020-01-01] [UpdateUrl:hxxps://cdn.adshield-cdn.co/xpi/adshield/data/1219/updates.json]
FF Extension: (Citavi Picker) - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2021-01-05]
FF SearchPlugin: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\searchplugins\My Firefox Search.xml [2020-11-22]
FF Extension: (Citavi Picker) - C:\Program Files\Mozilla Firefox\distribution\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2020-10-27]
FF HKLM\...\Firefox\Extensions: [nickrr878@gmail.com] - C:\Program Files (x86)\Vondos\amadello-1.0.3-fx.xpi => nicht gefunden
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [nickrr878@gmail.com] - C:\Program Files (x86)\Vondos\amadello-1.0.3-fx.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => nicht gefunden
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-01-28] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-01-28] <==== ACHTUNG
Chrome:
=======
CHR Profile: C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default [2020-12-06]
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?fr=mcafee&type=E210DE91212G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/gossip/gossip-de-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Docs) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-08]
CHR Extension: (Google Drive) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-08]
CHR Extension: (YouTube) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-08]
CHR Extension: (Tabellen) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-23]
CHR Extension: (Google Mail) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-23]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]
Opera:
=======
OPR Profile: C:\Users\Katja\AppData\Roaming\Opera Software\Opera Stable [2021-02-02]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AsBhcService; C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe [114360 2016-10-20] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 AVP21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe [381928 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8854920 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11963616 2020-05-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S3 klvssbridge64_21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\vssbridge64.exe [467352 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [351424 2021-01-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe [644264 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MTrack8X4MAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track 8X4M\AudioDevMon.exe [289880 2018-06-07] (INMUSIC BRANDS INC -> M-Audio)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [524512 2020-05-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [244392 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare UniConverter (Desktop Deutsch)\Transfer\DriverInstall.exe [112560 2020-04-21] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\\McCSPServiceHost.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AiCharger; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29312 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [98784 2016-09-01] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [251608 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2021-01-27] (CPUID -> CPUID)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [24056 2017-07-19] (IObit Information Technology -> IObit)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110392 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [212280 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [127288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37496 2020-10-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [523576 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [659768 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1341232 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.2\Bases\klids.sys [244784 2021-01-28] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1025336 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [95544 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [97080 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2020-10-21] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [257208 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2021-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [310232 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116888 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [207352 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [153400 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [250168 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300856 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-04 20:43 - 2021-02-04 20:59 - 000000000 ____D C:\FRST
2021-02-01 09:13 - 2021-02-01 09:13 - 000003208 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2021-02-01 09:11 - 2021-02-01 09:13 - 000000000 ____D C:\AdwCleaner
2021-01-28 20:57 - 2021-01-28 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-28 10:10 - 2021-02-01 09:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-28 07:57 - 2021-01-28 07:57 - 000001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000001209 _____ C:\Users\Public\Desktop\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000001209 _____ C:\ProgramData\Desktop\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000000000 ____D C:\Users\Katja\NCH Software Produktpalette
2021-01-27 12:45 - 2021-01-27 12:45 - 000310232 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-01-27 12:45 - 2021-01-27 12:45 - 000001229 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2021-01-27 12:45 - 2021-01-27 12:45 - 000001229 _____ C:\ProgramData\Desktop\Kaspersky Password Manager.lnk
2021-01-27 12:45 - 2021-01-27 12:45 - 000000000 ____D C:\Users\Katja\AppData\Local\Kaspersky Lab
2021-01-27 12:44 - 2021-01-27 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2021-01-27 12:43 - 2021-01-27 12:43 - 000257208 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000207352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000116888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000099152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000001165 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-01-27 12:43 - 2021-01-27 12:43 - 000001165 _____ C:\ProgramData\Desktop\Kaspersky VPN.lnk
2021-01-27 12:43 - 2021-01-27 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-01-27 12:43 - 2021-01-27 12:43 - 000000000 ____D C:\Program Files\Common Files\AV
2021-01-27 12:42 - 2021-01-27 12:44 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-01-27 12:42 - 2021-01-27 12:44 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-01-27 12:42 - 2021-01-27 12:42 - 000002150 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2021-01-27 12:42 - 2021-01-27 12:42 - 000002150 _____ C:\ProgramData\Desktop\Kaspersky Anti-Virus.lnk
2021-01-27 12:42 - 2021-01-27 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2021-01-27 12:42 - 2020-10-21 23:12 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2021-01-27 12:42 - 2020-10-21 23:11 - 001025336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-01-27 12:42 - 2020-10-21 23:11 - 000523576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-01-26 17:40 - 2021-01-26 17:40 - 000002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-01-13 16:58 - 2021-01-13 16:58 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 16:58 - 2021-01-13 16:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 16:58 - 2021-01-13 16:58 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 16:58 - 2021-01-13 16:58 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 16:58 - 2021-01-13 16:58 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 16:58 - 2021-01-13 16:58 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 16:57 - 2021-01-13 16:57 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 16:57 - 2021-01-13 16:57 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 16:57 - 2021-01-13 16:57 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-13 16:56 - 2021-01-13 16:56 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 16:56 - 2021-01-13 16:56 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 16:56 - 2021-01-13 16:56 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 16:56 - 2021-01-13 16:56 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 16:56 - 2021-01-13 16:56 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 16:55 - 2021-01-13 16:56 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-04 20:58 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-04 20:43 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-04 20:41 - 2019-09-16 17:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-04 19:52 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-04 19:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-04 19:51 - 2018-05-14 15:25 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-04 19:51 - 2018-05-14 15:25 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-04 19:51 - 2018-05-14 15:25 - 000002254 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-04 19:50 - 2020-11-04 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-02-04 19:50 - 2020-04-08 08:24 - 000000000 ____D C:\Program Files\CCleaner
2021-02-04 19:50 - 2019-09-16 17:19 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2081738662-375674699-890820183-1001
2021-02-04 19:50 - 2019-09-16 17:12 - 000002381 _____ C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-04 19:50 - 2018-02-20 22:32 - 000000000 ___RD C:\Users\Katja\OneDrive
2021-02-02 12:51 - 2018-02-21 10:21 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\Mozilla
2021-02-02 12:50 - 2020-04-28 11:44 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-02 12:48 - 2018-02-20 22:30 - 000000000 __SHD C:\Users\Katja\IntelGraphicsProfiles
2021-02-02 12:48 - 2017-07-20 17:25 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-01 09:18 - 2019-09-16 17:20 - 001725108 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-01 09:18 - 2019-03-19 13:16 - 000746614 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-01 09:18 - 2019-03-19 13:16 - 000150886 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-01 09:13 - 2019-09-16 17:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-01 09:13 - 2019-03-19 05:37 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Users\Katja\AppData\Roaming\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Users\Katja\AppData\Local\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\ProgramData\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-02-01 09:13 - 2018-02-21 14:25 - 000000995 _____ C:\Users\Katja\Desktop\Firefox.lnk
2021-02-01 09:13 - 2018-02-21 13:44 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\IObit
2021-02-01 09:13 - 2018-02-21 13:43 - 000000000 ____D C:\Users\Katja\AppData\Roaming\IObit
2021-02-01 09:13 - 2018-02-21 13:43 - 000000000 ____D C:\ProgramData\IObit
2021-02-01 09:13 - 2018-02-20 16:14 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-01 09:13 - 2018-02-20 16:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-01 09:13 - 2016-11-11 09:17 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-02-01 09:10 - 2018-02-20 22:33 - 000000200 _____ C:\Users\Katja\AppData\Roaming\sp_data.sys
2021-01-31 15:55 - 2020-08-23 18:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-31 15:55 - 2020-08-23 18:23 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-31 15:55 - 2020-08-23 18:23 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\Users\Katja\AppData\Roaming\NCH Software
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\ProgramData\NCH Software
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\Program Files (x86)\NCH Software
2021-01-28 07:57 - 2019-09-16 17:12 - 000000000 ____D C:\Users\Katja
2021-01-28 07:53 - 2018-03-05 15:15 - 000000000 ____D C:\Users\Katja\AppData\Local\Packages
2021-01-27 12:53 - 2018-04-18 15:26 - 000000000 ____D C:\ProgramData\Updater
2021-01-27 12:42 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-27 12:42 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-27 12:37 - 2018-02-20 16:15 - 000000000 ____D C:\ProgramData\AVAST Software
2021-01-27 12:37 - 2016-11-11 09:17 - 000000742 _____ C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job
2021-01-27 12:37 - 2016-11-11 09:17 - 000000448 _____ C:\WINDOWS\Tasks\WpsExternal_20161111081738.job
2021-01-27 12:34 - 2018-04-23 10:23 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-26 17:40 - 2019-01-14 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-26 17:40 - 2018-03-23 10:43 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-26 17:36 - 2018-02-21 13:44 - 000000000 ____D C:\ProgramData\ProductData
2021-01-26 12:54 - 2020-08-23 18:22 - 000003628 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-26 12:54 - 2020-08-23 18:22 - 000003404 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-26 12:54 - 2020-07-07 10:40 - 000003854 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1594114845
2021-01-26 12:54 - 2020-07-07 10:40 - 000003622 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1594114837
2021-01-26 12:54 - 2020-04-08 08:25 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-01-26 12:54 - 2020-01-05 15:32 - 000002938 _____ C:\WINDOWS\system32\Tasks\WpsExternal_Katja_20200105153215
2021-01-26 12:54 - 2019-12-12 19:46 - 000002666 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Katja
2021-01-26 12:54 - 2019-10-06 14:52 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-01-26 12:54 - 2019-09-16 17:19 - 000003558 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-26 12:54 - 2019-09-16 17:19 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-26 12:54 - 2019-09-16 17:19 - 000003266 _____ C:\WINDOWS\system32\Tasks\WpsKtpcntrQingTask_Administrator
2021-01-26 12:54 - 2019-09-16 17:19 - 000003118 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-01-26 12:54 - 2019-09-16 17:19 - 000003024 _____ C:\WINDOWS\system32\Tasks\WpsExternal_20161111081738
2021-01-26 12:54 - 2019-09-16 17:19 - 000002968 _____ C:\WINDOWS\system32\Tasks\Update Checker
2021-01-26 12:54 - 2019-09-16 17:19 - 000002924 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
2021-01-26 12:54 - 2019-09-16 17:19 - 000002798 _____ C:\WINDOWS\system32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-26 12:54 - 2019-09-16 17:19 - 000002770 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-72DG63D-Katja
2021-01-26 12:54 - 2019-09-16 17:19 - 000002562 _____ C:\WINDOWS\system32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-26 12:54 - 2019-09-16 17:19 - 000002346 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice
2021-01-26 12:54 - 2019-09-16 17:19 - 000002340 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus
2021-01-26 12:54 - 2019-09-16 17:19 - 000002330 _____ C:\WINDOWS\system32\Tasks\ASUS Battery Health Charging Notification
2021-01-26 12:54 - 2019-09-16 17:19 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-01-26 12:54 - 2019-09-16 17:19 - 000002214 _____ C:\WINDOWS\system32\Tasks\ATK Package A22126881260
2021-01-26 09:45 - 2018-06-26 14:08 - 000000000 ____D C:\Users\Katja\AppData\Local\AVAST Software
2021-01-21 20:53 - 2020-04-08 08:25 - 000002234 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-01-21 07:52 - 2020-07-07 10:40 - 000001407 _____ C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2021-01-16 18:40 - 2018-11-09 17:01 - 000000000 ____D C:\Users\Katja\AppData\Local\Bitwig Studio
2021-01-13 17:12 - 2019-09-16 17:09 - 000568528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-13 17:12 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-13 17:12 - 2018-03-05 15:31 - 000000000 ___RD C:\Users\Katja\3D Objects
2021-01-13 17:12 - 2017-07-20 17:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-13 17:11 - 2019-03-19 13:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 17:11 - 2019-03-19 13:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 17:05 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 17:04 - 2018-02-22 12:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 17:01 - 2018-02-22 12:39 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 16:55 - 2019-09-16 17:10 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-12 08:58 - 2019-09-16 17:12 - 000000000 ____D C:\Users\defaultuser0
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2002-09-11 13:33 - 2001-12-08 18:58 - 000133200 _____ (Europress Software) C:\Users\Katja\cncs.dll
2002-09-11 13:33 - 2001-12-08 18:58 - 000280064 _____ () C:\Users\Katja\cncs232.dll
2002-09-11 13:33 - 2001-12-08 18:58 - 000172032 _____ (Europress Software) C:\Users\Katja\cncs32.dll
2020-05-09 09:27 - 2020-05-09 09:36 - 000037998 _____ () C:\Users\Katja\Uninstal.exe
2018-11-09 17:48 - 2018-11-09 17:48 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P10804_GK Amplification 2 LE_log.inTone2Log
2018-11-10 09:48 - 2018-11-10 09:48 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P13568_ampLion Free_log.inTone2Log
2018-11-10 09:45 - 2018-11-10 09:45 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P14776_GK Amplification 2 LE_log.inTone2Log
2018-11-10 15:20 - 2018-11-10 15:20 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P15472_GK Amplification 2 LE_log.inTone2Log
2020-11-05 16:01 - 2020-11-05 16:01 - 000003820 _____ () C:\Users\Katja\AppData\Roaming\P15960_ampLion Free_log.inTone2Log
2019-01-17 16:09 - 2019-01-17 16:09 - 000003631 _____ () C:\Users\Katja\AppData\Roaming\P16284_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:16 - 2018-11-09 19:16 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P16504_GK Amplification 2 LE_log.inTone2Log
2018-11-10 10:01 - 2018-11-10 10:01 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P16824_GK Amplification 2 LE_log.inTone2Log
2018-11-10 13:21 - 2018-11-10 13:21 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P17308_GK Amplification 2 LE_log.inTone2Log
2018-11-10 10:01 - 2018-11-10 10:01 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P17920_ampLion Free_log.inTone2Log
2018-11-10 15:20 - 2018-11-10 15:20 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P19080_ampLion Free_log.inTone2Log
2018-11-10 13:20 - 2018-11-10 13:20 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P3408_ampLion Free_log.inTone2Log
2018-11-09 17:35 - 2018-11-09 17:35 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P3784_ampLion Free_log.inTone2Log
2018-11-09 16:42 - 2018-11-09 16:42 - 000003755 _____ () C:\Users\Katja\AppData\Roaming\P4268_GK Amplification 2 LE_log.inTone2Log
2018-11-09 16:45 - 2018-11-09 16:45 - 000003616 _____ () C:\Users\Katja\AppData\Roaming\P4708_ampLion Free_log.inTone2Log
2018-11-09 17:23 - 2018-11-09 17:23 - 000030467 _____ () C:\Users\Katja\AppData\Roaming\P7612_inTone2 ESI Edition_log.inTone2Log
2018-11-09 17:35 - 2018-11-09 17:35 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P7732_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:10 - 2018-11-09 19:10 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P7752_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:47 - 2018-11-09 19:47 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P9936_GK Amplification 2 LE_log.inTone2Log
2018-02-20 22:33 - 2021-02-01 09:10 - 000000200 _____ () C:\Users\Katja\AppData\Roaming\sp_data.sys
2018-10-02 11:46 - 2018-10-02 11:46 - 000000000 _____ () C:\Users\Katja\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Die 2. Datei im nächsten Beitrag, da für diesen schon zu groß. Geändert von FSP (04.02.2021 um 22:26 Uhr) |
|
04.02.2021, 22:24
| #2 |
| /// TB-Ausbilder   | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen. Poste bitte die andere Logdatei von FRST, Addition.txt. Dann sehen wir weiter. Wenn du kein Experte bist bzw. dich nicht wirklich gut mit FRST auskennst, sollest du nicht blind damit "rumspielen". Wir wollen ja nicht, dass du was "kaputt" machst.  Dann hast du zudem schon selber "rumgespielt" und AdwCleaner und Kaspersky ausgeführt. Von diesen beiden Programmen hätte ich gerne die Logdateien mit den Funden. Geändert von M-K-D-B (04.02.2021 um 22:33 Uhr) |
|
05.02.2021, 19:15
| #3 |
| | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Hier nun endlich noch die 2. Datei
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-02-2021
durchgeführt von Katja (04-02-2021 21:00:52)
Gestartet von D:\
Windows 10 Home Version 1909 18363.1316 (X64) (2019-09-16 16:19:24)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2081738662-375674699-890820183-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2081738662-375674699-890820183-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2081738662-375674699-890820183-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-2081738662-375674699-890820183-501 - Limited - Disabled)
Katja (S-1-5-21-2081738662-375674699-890820183-1001 - Administrator - Enabled) => C:\Users\Katja
WDAGUtilityAccount (S-1-5-21-2081738662-375674699-890820183-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_1) (Version: 15.0.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
ampLion Free 1.2.0 (HKLM-x32\...\{C0355E2A-5FA6-4782-85B1-107C560E904A}_is1) (Version: 1.2.0 - Audiffex)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS Battery Health Charging (HKLM-x32\...\{3A7E73B6-3A04-49ED-811E-CC39F7EA2E34}) (Version: 1.0.0002 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
Atti-TUBE (HKLM-x32\...\Atti-TUBE) (Version: - )
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.16 - ICEpower a/s)
Bananarama (HKLM-x32\...\Bananarama) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitwig 8-Track (HKLM-x32\...\{8A2AC349-1D0C-475B-980B-FC3BA141153F}) (Version: 1.3.7.37083 - Bitwig GmbH)
Bitwig Studio (HKLM\...\{7180D515-FED7-40B8-9090-C3307A2463A6}) (Version: 3.0.3.81986 - Bitwig GmbH)
Bovbjerg Piano Module (HKLM-x32\...\Bovbjerg Piano Module) (Version: - )
Brother MFL-Pro Suite MFC-J4410DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.7.0.0 - Swiss Academic Software)
Clickteam Fusion 2.5 Free Edition (HKLM-x32\...\Clickteam Fusion 2.5 Free Edition) (Version: - Clickteam)
CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
DaVinci Resolve (HKLM\...\{B038DE18-6092-4C56-ACD4-E268DCFE2B20}) (Version: 14.3.0014 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{332552D0-B8EE-49BF-B904-E038A72BD2B2}) (Version: 1.1.2.0 - Blackmagic Design)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Discord (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EGOSYS FX-Pack (HKLM-x32\...\EGOSYS FX-Pack) (Version: - )
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.11.0.73 - NVIDIA Corporation) Hidden
GK Amplification 2 LE 2.2.2 (HKLM-x32\...\{CB13830D-9A15-4D25-A55C-9E52BF57DD4B}_is1) (Version: 2.2.2 - Audiffex)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.146 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
IBM SPSS Statistics 25 (HKLM\...\{C2D1E17D-CB8A-4742-84FA-1DB5C6A1ABDD}) (Version: 25.0.0.0 - IBM Corp)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7325 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.5.1035 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
inTone 2 ESI Edition 2.4.0 (HKLM-x32\...\{D72463A2-6C42-41DF-9114-D939C8E65A9D}_is1) (Version: 2.4.0.86 - Audified)
inTone 2 ESI Edition 64bit 2.4.0 (HKLM\...\{0A7FC75F-817B-416D-B927-CDB4C1404866}_is1) (Version: 2.4.0.86 - Audified)
Jitsi (HKLM\...\{D20996B9-BCB6-4877-8104-BDEEF5ED3097}) (Version: 2.10.5550 - Jitsi)
Kaspersky Anti-Virus (HKLM-x32\...\{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky VPN (HKLM-x32\...\{221FA56C-0A92-4E58-98FD-CAF82237540C}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{221FA56C-0A92-4E58-98FD-CAF82237540C}) (Version: 21.2.16.590 - Kaspersky)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.2 - LUXONIX)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM\...\{AEC8A163-C23A-4348-A31F-750BAF9519E4}) (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver (HKLM-x32\...\MX.{AEC8A163-C23A-4348-A31F-750BAF9519E4}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver Soundpools (HKLM\...\{9B02E643-CFDA-435E-9538-C02234A42021}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
M-Audio M-Track 8X4M 1.0.3 (HKLM\...\{5E248784-8915-4AF3-A06B-6D3A050B4B9C}) (Version: 1.0.3 - M-Audio)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13127.21064 - Microsoft Corporation)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13127.21064 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Teams) (Version: 1.3.00.3564 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MixPad Musikstudio-Software (HKLM-x32\...\MixPad) (Version: 5.99 - NCH Software)
Mozilla Firefox 85.0 (x64 de) (HKLM\...\Mozilla Firefox 85.0 (x64 de)) (Version: 85.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{0317B5F7-01A3-4640-A491-456B453CCAB3}) (Version: 2.2.1 - Werner Schweer and Others)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Opera Stable 73.0.3856.344 (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
PhotoPad Foto-Editor (HKLM-x32\...\PhotoPad) (Version: 6.78 - NCH Software)
PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.3.3.41198 - PreSonus Audio Electronics)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.887.091316 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7997 - Realtek Semiconductor Corp.)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0008 - REALTEK Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Snapseed (HKLM-x32\...\{D5BEB842-5696-4AE8-A222-03D06384856D}) (Version: 1.2.1 - Nik Software, Inc.)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.8.10.170 - EnigmaSoft Limited)
Stanton Deckadance 2.72 (HKLM-x32\...\Stanton Deckadance) (Version: 2.72 - Stanton)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studio Devil British Valve Custom v1.1 (HKLM-x32\...\{9DEE696E-FBA6-473A-9B5E-576E86B6183F}) (Version: 1.1.0 - Studio Devil)
StudioDevil VGA 1.3 (HKLM-x32\...\StudioDevil VGA_is1) (Version: - StudioDevil)
Tassman ESI Edition (HKLM-x32\...\{AF9F71C9-2F5F-4E00-9A34-D7BC1D6E1DA7}) (Version: - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.34161 - Microsoft Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
U22 XT USB Driver version v1.3.1.0 (HKLM\...\{A7C4B7E9-C70A-4D75-A497-EFE8E61B3409}_is1) (Version: v1.3.1.0 - ESI-Audiotechnik)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM-x32\...\{F35DD4F5-1F85-43CD-AC7A-FE54CA7EABA2}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 11.22 - NCH Software)
Windows Driver Package - ASUS (AsusTP) Mouse (08/19/2016 6.0.0.83) (HKLM\...\67D3C04C0088D5D88ABB7419CBFDF094E3B809C1) (Version: 08/19/2016 6.0.0.83 - ASUS)
Windows Driver Package - ESI (U22_XT_USB_AA) MEDIA (10/11/2018 1.3.1.0) (HKLM\...\406BEFE077C994845635F321499568604730DB83) (Version: 10/11/2018 1.3.1.0 - ESI)
Windows Driver Package - ESI (U22_XT_USBWDM_01) MEDIA (10/11/2018 1.3.1.0) (HKLM\...\614DB88564DB0A7BD420220B25837D9047C59561) (Version: 10/11/2018 1.3.1.0 - ESI)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 11.7.5.1) (HKLM-x32\...\UniConverter_is1) (Version: 11.7.5.1 - Wondershare Software)
WPS Office (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Kingsoft Office) (Version: 10.2.0.7646 - Kingsoft Corp.)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Packages:
=========
ASUS ZenLink -> C:\Program Files\WindowsApps\B9ECED6F.ZenSync_1.0.7.0_x86__qmba6cd70vzyy [2018-02-21] (ASUSTeK COMPUTER INC.) [MS Ad]
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-10] (Autodesk Inc.)
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.3.18.0_x86__ffd303wmbhcjt [2020-07-26] (BreeZip) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2020-12-28] (Dolby Laboratories)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-13] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-16] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-09-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Studios) [MS Ad]
-My Notes- -> C:\Program Files\WindowsApps\22944SamJarawan.-MyNotes-_2.1.47.0_x64__3gv8nk7frgb5p [2020-03-05] (Sam Jarawan) [MS Ad]
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-05-01] (ASUSTeK COMPUTER INC.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-26] (Netflix, Inc.)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.6.0.0_x86__fxme7667cy4q4 [2020-02-16] (Ricoh Company, Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-31] (Spotify AB) [Startup Task]
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_2.5.1.0_x64__t4vj0pshhgkwm [2020-12-28] (Telegram Messenger LLP)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2100.7.0_x64__cv1g1gvanyjgm [2021-01-28] (WhatsApp Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52 [2021-01-19] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6B64E7666B22} -> [Creative Cloud Files] => C:\Users\Katja\Creative Cloud Files [2018-02-20 16:59]
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Katja\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Katja\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxDTCM.dll [2019-10-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers1_S-1-5-21-2081738662-375674699-890820183-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers5_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Katja\Desktop\facebook.lnk -> C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
ShortcutWithArgument: C:\Users\Katja\Desktop\Profil 1 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Default"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2018-04-10 14:29 - 2009-02-27 15:38 - 000139264 ____R () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-11-07 13:03 - 2016-07-21 10:54 - 000137728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-11-07 13:03 - 2017-03-23 09:49 - 001506304 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-04-10 14:29 - 2017-11-07 18:55 - 000137728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2018-04-10 14:29 - 2017-08-18 10:23 - 000087552 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2018-04-10 14:29 - 2017-08-18 10:23 - 017974784 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2018-04-10 14:29 - 2017-11-07 19:04 - 000095232 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcLGer.dll
2018-05-14 15:22 - 2017-11-07 18:55 - 000440832 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\Track.dll
2018-04-10 14:29 - 2005-04-22 05:36 - 000143360 _____ () [Datei ist nicht signiert] C:\WINDOWS\system32\BrSNMP64.dll
2018-04-10 14:29 - 2012-04-23 14:03 - 000380928 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-04-10 14:29 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BroSNMP.dll
2018-04-10 14:29 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2018-04-10 14:29 - 2012-01-11 13:39 - 000626688 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2018-04-10 14:29 - 2012-07-27 06:07 - 000087040 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\WINDOWS\system32\BrNetSti.dll
2017-07-20 17:41 - 2017-07-20 17:41 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2017-07-20 17:41 - 2017-07-20 17:41 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2017-07-20 17:26 - 2016-06-14 21:01 - 001298640 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2017-07-20 17:26 - 2016-06-14 21:01 - 001767944 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\WINDOWS\system32\nvspcap64.dll
2020-11-07 13:03 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2081738662-375674699-890820183-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2081738662-375674699-890820183-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.DLL [2020-10-27] (Swiss Academic Software -> Swiss Academic Software)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.DLL [2020-10-27] (Swiss Academic Software -> Swiss Academic Software)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-07-16 12:47 - 2019-01-04 11:39 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts
2019-05-02 14:52 - 2019-07-13 19:54 - 000000513 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\IBM\SPSS\Statistics\25\JRE\bin
HKU\S-1-5-21-2081738662-375674699-890820183-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katja\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG-20201126-WA0000.jpg
DNS Servers: 10.11.100.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{ACF474C7-6B92-4574-989C-5EED602D98F3}C:\program files\ibm\spss\statistics\25\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\25\stats.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{A415168B-3611-4F70-B7AF-A84C158F9AD2}C:\program files\ibm\spss\statistics\25\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\25\stats.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{DFD5BC1D-6220-4B55-B755-6D8A40F38D5C}] => (Allow) C:\Users\Katja\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{CE18431A-0924-4412-A952-374B94FE3267}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{18EA528D-D248-4F20-9C31-8EEA7BBA21BD}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5949B9D6-541C-486A-91EF-93D0AC5950EC}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\WinWrapIDE.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{455A9131-59FA-403B-B797-7D4D2C3A26E9}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\stats.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{5FF9BA0F-2B12-4A0F-9A34-B6764531C870}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\stats.com (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{8C366F65-A8FA-4ECC-AB87-13F003756B13}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\WinWrapIDE.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{524C798F-0781-4BAD-8ADA-E93A8252D7BF}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\stats.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{2B6AB65F-D557-4615-9347-532B9AFAFD6C}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\stats.com (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{FBF4B0A6-5EB9-4945-9CC4-CC0F37F64B7C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{4594A9AD-C774-484D-B60E-5E8647428E0D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{0B35B2AC-0CF8-41D7-B2F9-FE6BC1D0E789}C:\program files\bitwig studio\bitwig studio.exe] => (Block) C:\program files\bitwig studio\bitwig studio.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [TCP Query User{C1B1359A-1FD4-43D4-9DCC-01EF2843A62B}C:\program files\bitwig studio\bitwig studio.exe] => (Block) C:\program files\bitwig studio\bitwig studio.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [UDP Query User{D448B127-EA72-4518-A3B5-084F40B2CD9F}C:\program files (x86)\bitwig 8-track\bitwig 8-track.exe] => (Allow) C:\program files (x86)\bitwig 8-track\bitwig 8-track.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [TCP Query User{59715BA3-E348-4189-B8B8-AE91C900B822}C:\program files (x86)\bitwig 8-track\bitwig 8-track.exe] => (Allow) C:\program files (x86)\bitwig 8-track\bitwig 8-track.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [UDP Query User{A721852B-D4B1-4658-BE75-9110153D9A2B}C:\program files\bitwig studio\bitwig studio.exe] => (Allow) C:\program files\bitwig studio\bitwig studio.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [TCP Query User{144F3DAB-1C92-4D49-BE4A-050F3EBA468B}C:\program files\bitwig studio\bitwig studio.exe] => (Allow) C:\program files\bitwig studio\bitwig studio.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [{7DD1EFCE-98DF-4F9D-9300-7223FA064680}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{F1C37390-AFAA-4A5D-A654-9EB69225DDE6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{A4C3FAFB-5398-4D61-B0C6-5C9BEB3C0806}] => (Allow) C:\Program Files (x86)\PreSonus\Studio One 3\Studio One.exe (PreSonus) [Datei ist nicht signiert]
FirewallRules: [{2E2F3AC0-EFAF-4B2F-8099-25AE194C8E32}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E449A71-A8F6-42A7-AEC0-A873C369BF5D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BCD0E504-368B-4A04-9858-3246E5EC0DA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4ECD05E2-9759-4E61-9E0D-1A568A277CA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C2F66F40-7981-461C-9AAE-2D3772E618FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DC8A9500-A134-4E77-92CE-7FF204CFEE37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F1498679-AB18-4C24-B366-B5A49D1F66C7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B181FC74-6B2B-43A3-8C9F-5D26C2088844}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{8354D7DE-F9E7-4178-8ADB-B3D4A7529C8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{330795B2-535F-4A6E-81A3-514B70F3AFF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{90839865-C252-423B-9462-8FF039173977}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{F55A0220-89A5-4417-8162-6D2D1582E442}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{6D1115DD-22CF-4F56-89D9-3E37E31242EE}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe () [Datei ist nicht signiert]
FirewallRules: [{E6714C82-FA19-4A9C-8BA1-1752D072B268}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{B0190148-BFC4-4E82-9E45-A3573919D88F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{7AF620AC-3BED-4AB6-B28B-FCCBC0AF0DE2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{FCDF3B59-6874-46EE-8E7E-5A91800A343A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{A70FAF36-8891-4AF5-86DC-A12B7D011AA9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{81C8F7E0-E1D6-40FA-AE8B-676816459A62}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{C59D4D20-5DE3-4C91-BA34-4B16B9DB7B31}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{76391E86-B406-43F5-B838-CEAE19D01E48}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe (Brother Industries, Ltd.) [Datei ist nicht signiert]
FirewallRules: [{0EB27B6B-25B9-4F2F-894C-CF7E8D5412B6}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe (Brother Industries, Ltd.) [Datei ist nicht signiert]
FirewallRules: [{F2586BB2-11E4-4E0C-AC85-F8B74B0C7112}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{2CA1F4C0-9BF6-4FCB-8D71-3681FE676803}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [UDP Query User{5E16E2D5-47A5-4042-A4D6-35536FB93843}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query User{98E3F47C-B200-482D-B9A6-C0A35A47E719}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{7749A80A-F198-4CEA-AEC7-FC5B774768A3}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{5EF7FA72-F5A5-4E49-B642-952C94A037ED}E:\bitwig studio\bitwig studio.exe] => (Allow) E:\bitwig studio\bitwig studio.exe => Keine Datei
FirewallRules: [UDP Query User{D5E5EFEC-710B-48C3-8CD5-2BD0E6796CB3}E:\bitwig studio\bitwig studio.exe] => (Allow) E:\bitwig studio\bitwig studio.exe => Keine Datei
FirewallRules: [{E171F794-FC24-496D-B6DD-C1823E544830}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\wpscloudsvr.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [{9CA7E799-34EE-45B7-A392-5A4575386CF4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7503E1BA-680F-4A37-A579-272439B8A20A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{55ECB660-087C-48A2-B5F2-C40B2C6B5F35}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED4F1C81-CD73-42EA-82F2-C3C35477A011}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BF096A05-6A3F-4818-8FB1-9D6456520FF4}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{804BBAAE-073C-4E56-ABF9-EC55A3C95281}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe () [Datei ist nicht signiert]
FirewallRules: [{E9698A10-C45C-4C16-B9D5-36959FFD33B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7E8B133C-9E64-45FE-B829-811ECBA54C9A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B9492A39-2251-4610-B088-F58A15CF3CB8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{095D03FD-617E-4BE8-9642-BD2355966205}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{03E2ABBE-19A2-4C3E-98F5-CD7FE737ED97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{6F8DD97C-16C0-4D6C-BFB6-5872293A38CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{623CA3E4-61A2-42CE-9D2D-9166D174A0C3}D:\programme\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\programme\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [UDP Query User{F4A29DDF-5CCA-47AC-9DB6-FF1E7533C56B}D:\programme\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\programme\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [{82A9AEB3-AA0F-4389-80E8-C7006FC711A4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5EAD68A4-25FA-4929-B201-CDAADD4DD6BE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{6BFE5BCB-FFF8-4B5E-A0EA-EA598102835A}D:\programme\theescapists2\theescapists2.exe] => (Allow) D:\programme\theescapists2\theescapists2.exe => Keine Datei
FirewallRules: [UDP Query User{B8BF0420-04A3-4752-BA91-6A4E068D171B}D:\programme\theescapists2\theescapists2.exe] => (Allow) D:\programme\theescapists2\theescapists2.exe => Keine Datei
FirewallRules: [TCP Query User{4113F22D-8E88-4709-95BB-5BEB955BFFEC}C:\program files\jitsi\jitsi.exe] => (Allow) C:\program files\jitsi\jitsi.exe (Open Source Developer, Ingo Bauersachs -> jitsi.org)
FirewallRules: [UDP Query User{DBD084CF-9060-4962-9D56-1EFB873BF525}C:\program files\jitsi\jitsi.exe] => (Allow) C:\program files\jitsi\jitsi.exe (Open Source Developer, Ingo Bauersachs -> jitsi.org)
FirewallRules: [{6CEE5ECD-801F-46F0-9834-E297E27957F5}] => (Allow) C:\Users\Katja\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{094FBFB7-8C40-442F-AAEE-F64C341DFC96}] => (Allow) C:\Users\Katja\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{0B646825-A50D-4140-8BC0-38BA365EB96C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{824CA236-0959-4860-A62D-A7D08C14CB53}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E2CA614-1A22-4390-903F-ACA963055BFD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{25F03161-803C-4084-8963-E26E01511E2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B0BCF6C7-8E79-475F-8A5B-CB283D4209EA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6BC846B2-FD1F-469A-81BF-906C5A184E15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{91B13FC2-DE28-4115-B029-C804B402211F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9BC06C70-0FAA-4153-9228-5C9639406B16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AA7BC95E-F0BC-4463-B47A-2126AE909A93}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5432AA86-9848-4C79-B098-F2468BD77F4A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D14390A-6796-4883-A1E0-35EA4A72AFBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{81E3C55D-B2DB-4D67-B7BE-A00998F6D09B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE5B43F4-17B4-446E-BD51-8A91FB285E9E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8762BB37-3CA9-4E98-A9D9-469FBA01A29E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:117.71 GB) (Free:15.45 GB) (13%)
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/04/2021 09:01:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (20028,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/04/2021 08:54:57 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (18724,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/04/2021 08:11:22 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9396,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/04/2021 07:57:20 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10628,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/02/2021 12:50:48 PM) (Source: Firefox) (EventID: 5) (User: )
Description: Event-ID 5
Error: (02/02/2021 09:21:54 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (18660,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/02/2021 09:15:30 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12472,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/02/2021 09:11:05 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (16676,G,0) Der Versuch, die Datei "C:\Users\Katja\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Systemfehler:
=============
Error: (02/04/2021 07:50:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240017 fehlgeschlagen: Brother - Printer - 4/22/2009 12:00:00 AM - 10.0.17119.1
Error: (02/04/2021 07:50:07 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-72DG63D)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/04/2021 05:52:40 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-72DG63D)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/02/2021 12:50:18 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-72DG63D)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/02/2021 12:50:09 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT-AUTORITÄT)
Description: Der Zeitdienst hat festgestellt, dass die Systemzeit um 197865 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal 54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone richtig sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->51.105.208.173:123) ordnungsgemäß ausgeführt wird.
Error: (02/02/2021 12:50:07 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT-AUTORITÄT)
Description: Der Zeitdienst hat festgestellt, dass die Systemzeit um 197865 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal 54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone richtig sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->51.105.208.173:123) ordnungsgemäß ausgeführt wird.
Error: (02/02/2021 12:50:06 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT-AUTORITÄT)
Description: Der Zeitdienst hat festgestellt, dass die Systemzeit um 197865 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal 54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone richtig sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->51.105.208.173:123) ordnungsgemäß ausgeführt wird.
Error: (02/02/2021 12:50:05 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT-AUTORITÄT)
Description: Der Zeitdienst hat festgestellt, dass die Systemzeit um 197865 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal 54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone richtig sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->51.105.208.173:123) ordnungsgemäß ausgeführt wird.
Windows Defender:
===================================
Date: 2019-10-04 11:57:21.190
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {D16400BC-88C2-4381-B6F9-DC061612597D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-27 22:17:21.150
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {EE759CBA-47EA-4D4E-9AC5-6BFA8D4E81B7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-19 19:56:45.729
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {A8668A42-07EA-4C37-9C09-8DA205B37B8E}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-19 18:46:11.603
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {CF066013-967D-42CB-B320-3E525CF6020C}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-01-27 12:36:38.216
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.303.1022.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.16400.2
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Date: 2021-01-27 12:36:38.216
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.303.1022.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.16400.2
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Date: 2019-09-29 12:59:25.537
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.303.314.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.16400.2
Fehlercode: 0x8024402c
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".
CodeIntegrity:
===================================
Date: 2021-02-04 19:50:15.124
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-04 19:50:15.109
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-04 19:50:15.091
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-04 19:50:15.074
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-04 19:50:15.052
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-02 09:11:23.936
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-02 09:11:23.921
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-02 09:11:23.903
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. X550VXK.307 04/19/2019
Hauptplatine: ASUSTeK COMPUTER INC. X550VXK
Prozessor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 58%
Installierter physikalischer RAM: 8077.04 MB
Verfügbarer physikalischer RAM: 3348.79 MB
Summe virtueller Speicher: 10253.04 MB
Verfügbarer virtueller Speicher: 5080.37 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:117.71 GB) (Free:15.45 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:781.26 GB) NTFS
\\?\Volume{db185c5f-80e1-4e3e-a56f-5e871b78703c}\ () (Fixed) (Total:0.48 GB) (Free:0.04 GB) NTFS
\\?\Volume{002f04c3-60f1-4b35-8840-89fa1788299f}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.44 GB) NTFS
\\?\Volume{fc5b06db-5457-4b06-81cf-80528ff87fee}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 646A106C)
Partition: GPT.
==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 726C32AF)
Partition: GPT.
==================== Ende von Addition.txt =======================
Und hier noch die beiden Dateien vom AdwCleaner. Mit den Kasperskydaten kann ich leider nicht weiterhelfen. Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-01-2021
# Duration: 00:00:06
# OS: Windows 10 Home
# Cleaned: 140
# Awaiting reboot:1
# Failed: 0
***** [ Services ] *****
Deleted AdvancedSystemCareService11
Deleted WCAssistantService
Deleted chip1click
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Chip Digital GmbH
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\GoodGame
Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files (x86)\Qweb Symbol
Deleted C:\Program Files (x86)\Startfenster Symbol
Deleted C:\Program Files (x86)\Startfenster-Replace
Deleted C:\Program Files (x86)\Vondos
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodGame
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qweb Symbol
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startfenster Symbol
Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\Katja\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Katja\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Katja\AppData\Local\Temp\DMR
Deleted C:\Users\Katja\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Katja\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startfenster-Replace
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
Deleted C:\Users\Katja\AppData\Roaming\QScan System-Check
Deleted C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Needs Reboot C:\Program Files (x86)\IObit\Advanced SystemCare
***** [ Files ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\GoodGame BigFarm spielen.lnk
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\GoodGame Empire spielen.lnk
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Qweb Converter installieren.lnk
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Startfenster.lnk
Deleted C:\Users\Katja\AppData\Local\DOWNLOADED INSTALLATIONS\{3BD9A53F-F9BC-44DF-B0FA-6DD88C79F92A}\CHIP INSTALLER.MSI
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GoodGame BigFarm spielen.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GoodGame Empire spielen.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Qweb Converter installieren.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GOODGAME.LNK
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Qweb Symbol.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster Symbol.lnk
Deleted C:\Users\Katja\Favorites\GoodGame BigFarm spielen.lnk
Deleted C:\Users\Katja\Favorites\GoodGame Empire spielen.lnk
Deleted C:\Users\Katja\Favorites\Links\GoodGame BigFarm spielen.lnk
Deleted C:\Users\Katja\Favorites\Links\GoodGame Empire spielen.lnk
Deleted C:\Users\Katja\Favorites\Links\Qweb Converter installieren.lnk
Deleted C:\Users\Katja\Favorites\Links\Startfenster.lnk
Deleted C:\Users\Katja\Favorites\Qweb Converter installieren.lnk
Deleted C:\Users\Katja\Favorites\Startfenster.lnk
Deleted C:\Users\Public\Desktop\Qweb Converter installieren.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
Deleted C:\Users\Katja\Desktop\Firefox.lnk
Deleted C:\Users\Public\Desktop\Google Chrome.lnk
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\ASC11_PERFORMANCEMONITOR
***** [ Registry ] *****
Deleted HKCU\SOFTWARE\AM|GoodGame
Deleted HKCU\SOFTWARE\AM|Startfenster-Replace
Deleted HKCU\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKCU\Software\AM|Startfenster Symbol
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 11
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QScan System-Check
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QScan System-Check
Deleted HKCU\Software\WebDiscoverBrowser
Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8DBE359-F531-44BD-A0CA-8F97CBF68DCB}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startfenster-Replace.exe
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service
Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted HKLM\Software\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E61B1AB66C44604797AC56F6BC3B0FF
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37A47D4566095BF44A2CA19FBDFA04A9
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B90A3D3F68EADC47B40D2D572B76E62
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638EEBF8065E4B845AD5CAB77949D6CC
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\884DF2290FDFBE9408D20E763774932B
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F60B79E6444F2DE4EAC868B34B7EDADA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE90F95E2F75E9143B28CD4FD9C91A78
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\WebDiscoverBrowser
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|UninstallString
Deleted HKLM\Software\Wow6432Node\WebDiscoverBrowser
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\Startfenster-Replace.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\GoodGame.de
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Qweb.de
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Startfenster-Replace.de
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Startfenster.de
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EB9BC83F-521C-4709-98EF-EBF789D0AD57}
Deleted HKLM\System\Setup\FirstBoot\Services\AdvancedSystemCareService11
Deleted HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted HKLM\System\Setup\FirstBoot\Services\chip1click
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Deleted https://myfiresearch.com/homepage?hp=1&bitmask=9996&pId=CH180901FF&iDate=2018-11-09 05:55:56&bName=
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.ASUSDeviceActivation Folder C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION
Deleted Preinstalled.ASUSDeviceActivation Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}
Deleted Preinstalled.ASUSGiftBox Folder C:\Program Files (x86)\ASUS\GIFTBOX
Deleted Preinstalled.ASUSGiftBox Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ASUS GIFTBOX
Deleted Preinstalled.ASUSSmartGesture Folder C:\Program Files (x86)\ASUS\ASUS SMART GESTURE
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADC666AD-42FD-4495-8B4A-F97126A4B09E}
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1}
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}
Deleted Preinstalled.ASUSSmartGesture Task C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER
Deleted Preinstalled.ASUSSplendid Folder C:\Program Files (x86)\ASUS\SPLENDID
Deleted Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE2C0494-7FC4-415B-A615-DF5108CA8853}
Deleted Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON
Deleted Preinstalled.ASUSSplendid Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}
Deleted Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ASUS SPLENDID ACMON
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-01-2021
# Duration: 00:00:27
# OS: Windows 10 Home
# Scanned: 31956
# Detected: 147
***** [ Services ] *****
PUP.Optional.AdvancedSystemCare AdvancedSystemCareService11
PUP.Optional.Chip chip1click
PUP.Optional.Legacy WCAssistantService
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Katja\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Katja\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Chip C:\Program Files (x86)\Chip Digital GmbH
PUP.Optional.Chip C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
PUP.Optional.DownloadSponsor C:\Users\Katja\AppData\Local\Temp\DMR
PUP.Optional.Legacy C:\Program Files (x86)\GoodGame
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodGame
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite
PUP.Optional.QScanSystemCheck C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
PUP.Optional.QScanSystemCheck C:\Users\Katja\AppData\Roaming\QScan System-Check
PUP.Optional.Qweb C:\Program Files (x86)\Qweb Symbol
PUP.Optional.Qweb C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qweb Symbol
PUP.Optional.StartFenster.ShrtCln C:\Program Files (x86)\Startfenster Symbol
PUP.Optional.StartFenster.ShrtCln C:\Program Files (x86)\Startfenster-Replace
PUP.Optional.StartFenster.ShrtCln C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startfenster Symbol
PUP.Optional.StartFenster.ShrtCln C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startfenster-Replace
PUP.Optional.Vondos C:\Program Files (x86)\Vondos
PUP.Optional.WebCompanion C:\Program Files (x86)\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
PUP.Optional.WebCompanion C:\Users\Katja\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
PUP.Optional.WebCompanion C:\Users\Katja\AppData\Roaming\Lavasoft\Web Companion
***** [ Files ] *****
PUP.Optional.Chip C:\Users\Katja\AppData\Local\DOWNLOADED INSTALLATIONS\{3BD9A53F-F9BC-44DF-B0FA-6DD88C79F92A}\CHIP INSTALLER.MSI
PUP.Optional.GoodGame C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GOODGAME.LNK
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\GoodGame BigFarm spielen.lnk
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\GoodGame Empire spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GoodGame BigFarm spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GoodGame Empire spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\Favorites\GoodGame BigFarm spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\Favorites\GoodGame Empire spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\Favorites\Links\GoodGame BigFarm spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\Favorites\Links\GoodGame Empire spielen.lnk
PUP.Optional.Qweb C:\ProgramData\Microsoft\Windows\Start Menu\Qweb Converter installieren.lnk
PUP.Optional.Qweb C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Qweb Converter installieren.lnk
PUP.Optional.Qweb C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Qweb Symbol.lnk
PUP.Optional.Qweb C:\Users\Katja\Favorites\Links\Qweb Converter installieren.lnk
PUP.Optional.Qweb C:\Users\Katja\Favorites\Qweb Converter installieren.lnk
PUP.Optional.Qweb C:\Users\Public\Desktop\Qweb Converter installieren.lnk
PUP.Optional.StartFenster C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster Symbol.lnk
PUP.Optional.StartFenster.ShrtCln C:\ProgramData\Microsoft\Windows\Start Menu\Startfenster.lnk
PUP.Optional.StartFenster.ShrtCln C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
PUP.Optional.StartFenster.ShrtCln C:\Users\Katja\Favorites\Links\Startfenster.lnk
PUP.Optional.StartFenster.ShrtCln C:\Users\Katja\Favorites\Startfenster.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
PUP.Optional.StartFenster C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
PUP.Optional.StartFenster C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
PUP.Optional.StartFenster C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
PUP.Optional.StartFenster C:\Users\Katja\Desktop\Firefox.lnk
PUP.Optional.StartFenster C:\Users\Public\Desktop\Google Chrome.lnk
***** [ Tasks ] *****
PUP.Optional.AdvancedSystemCare C:\Windows\System32\Tasks\ASC11_PERFORMANCEMONITOR
***** [ Registry ] *****
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|DisplayIcon
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|DisplayName
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|UninstallString
PUP.Optional.AMUpdaterDE HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater
PUP.Optional.AdvancedSystemCare HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 11
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8DBE359-F531-44BD-A0CA-8F97CBF68DCB}
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\System\Setup\FirstBoot\Services\AdvancedSystemCareService11
PUP.Optional.Chip HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service
PUP.Optional.Chip HKLM\Software\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9
PUP.Optional.Chip HKLM\Software\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9
PUP.Optional.Chip HKLM\Software\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E61B1AB66C44604797AC56F6BC3B0FF
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37A47D4566095BF44A2CA19FBDFA04A9
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B90A3D3F68EADC47B40D2D572B76E62
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638EEBF8065E4B845AD5CAB77949D6CC
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\884DF2290FDFBE9408D20E763774932B
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F60B79E6444F2DE4EAC868B34B7EDADA
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE90F95E2F75E9143B28CD4FD9C91A78
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9
PUP.Optional.Chip HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
PUP.Optional.Chip HKLM\System\Setup\FirstBoot\Services\chip1click
PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.GoodGame.ShrtCln HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\GoodGame.de
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\WebDiscoverBrowser
PUP.Optional.Legacy HKLM\Software\WebDiscoverBrowser
PUP.Optional.Legacy HKLM\Software\Wow6432Node\WebDiscoverBrowser
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
PUP.Optional.Legacy HKLM\System\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.QScanSystemCheck HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QScan System-Check
PUP.Optional.QScanSystemCheck HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QScan System-Check
PUP.Optional.Qweb HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Qweb.de
PUP.Optional.StartFenster HKCU\SOFTWARE\AM|GoodGame
PUP.Optional.StartFenster HKCU\SOFTWARE\AM|Startfenster-Replace
PUP.Optional.StartFenster HKCU\Software\AM|Startfenster Symbol
PUP.Optional.StartFenster HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startfenster-Replace.exe
PUP.Optional.StartFenster HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\Startfenster-Replace.exe
PUP.Optional.StartFenster.ShrtCln HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Startfenster-Replace.de
PUP.Optional.StartFenster.ShrtCln HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Startfenster.de
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.Vondos HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EB9BC83F-521C-4709-98EF-EBF789D0AD57}
PUP.Optional.WebCompanion HKCU\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
Adware.StartPage https://myfiresearch.com/homepage?hp=1&bitmask=9996&pId=CH180901FF&iDate=2018-11-09 05:55:56&bName=
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.ASUSDeviceActivation Folder C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION
Preinstalled.ASUSDeviceActivation Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}
Preinstalled.ASUSGiftBox Folder C:\Program Files (x86)\ASUS\GIFTBOX
Preinstalled.ASUSGiftBox Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ASUS GIFTBOX
Preinstalled.ASUSLiveUpdate Folder C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE
Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D402CBA4-84F3-46B8-8E45-2BADCA602FA1}
Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker
Preinstalled.ASUSLiveUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}
Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\UPDATE CHECKER
Preinstalled.ASUSProductRegistration Folder C:\Program Files (x86)\ASUS\APRP
Preinstalled.ASUSProductRegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1}
Preinstalled.ASUSSmartGesture Folder C:\Program Files (x86)\ASUS\ASUS SMART GESTURE
Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADC666AD-42FD-4495-8B4A-F97126A4B09E}
Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher
Preinstalled.ASUSSmartGesture Registry HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1}
Preinstalled.ASUSSmartGesture Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}
Preinstalled.ASUSSmartGesture Task C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER
Preinstalled.ASUSSplendid Folder C:\Program Files (x86)\ASUS\SPLENDID
Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE2C0494-7FC4-415B-A615-DF5108CA8853}
Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON
Preinstalled.ASUSSplendid Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}
Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ASUS SPLENDID ACMON
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Hoffe das hilft erst einmal weiter. Wie schon geschrieben, würde ich gern wissen nach was ich suchen muß wenn es um den Gootkit geht. Einfach um erst einmal zu sehen auf welchem Rechner Handlungsbedarf ist. |
|
05.02.2021, 21:00
| #4 | |
| /// TB-Ausbilder | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchenZitat:
Aber du scheinst auch jemand zu sein, der ständig sein AntiVirenprogramm wechselt... mal Avast, mal McAfee, mal Kasperle... mit Sicherheit hat das nicht viel zu tun. Alle diese Programme hättest du dir sparen können. Ob Gootkit auf dem Rechner war/ist, müssen wir erst auslesen, da wir ja nicht wissen, ob bzw. was Kaspersky noch erkannt hat. Wir bereinigen jetzt erst mal dieses Gerät zu Ende. Wenn wir damit fertig sind, können wir uns das nächste Windows Gerät vornehmen. Eins nach dem anderen. Zudem solltest du dir Gedanken über deine schlechten Downloadquellen machen, du hast dir ja alles Mögliche an PUP/Adware installiert. Downloadquellen Lade keine Software von Chip.de, Softonic.de, sourceforge.net, openoffice.de, VLC.de, audacity.de, gimp24.de oder updatestar.com. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software (Potentially Unwanted Programs, kurz PUP) oder Adware installiert. Auf manchen Seiten wird direkt PUP / Adware zum Download angeboten. Für Windows gibt es seit einiger Zeit einen brauchbaren Paketmanager, der mit einfachen Befehlen es erlaubt, automatisiert Software herunterzuladen und zu installieren. Das erspart eine Menge Arbeit, denn ohne einen Paketmanager muss man jedes Programm selbst prüfen und separat manuell updaten, vorher manuell noch runterladen etc. pp. - siehe auch --> chocolatey Paketmanager für Windows Wir empfehlen dringend, alle Programme, sofern verfügbar, über chocolatey zu installieren. Falls du schon mit Linux zu tun hattest, wird dir die Syntax sehr vertraut sein. Die FAQs zu choco findest du da --> Chocolatey: Häufig gestellte Fragen (englisch) Selbstverständlich darfst du auch Fragen zu chocolatey im o.g. Thread zu chocolatey stellen. Für den seltenen Fall, dass du das benötigte Programm nicht im repository von chocolatey findest: Lade diese Software immer direkt beim jeweiligen Hersteller / Entwickler. Schritt 1 Die folgenden Programme sind veraltet, stören die Bereinigung oder es handelt sich um Werbesoftware bzw. unerwünschte Software (Adware, PUP) und müssen entfernt werden.
Schritt 2 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
Schritt 3
Bitte poste mit deiner nächsten Antwort:
|
|
06.02.2021, 18:18
| #5 |
| | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Die Antwort dauert leider immer etwas länger. Im Moment ist der Rechner "auf Reisen". Deshalb etwas umständlich, aber wir bekommen es hin. Deinstallation lief ohne Probleme durch. Neustart nach Fertigstellung. Alles OK. Und jetzt die Files. Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-02-2021
durchgeführt von Katja (06-02-2021 17:08:40) Run:1
Gestartet von D:\
Geladene Profile: Katja
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ACHTUNG
Edge Profile: C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2020-08-26] <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
Task: {7490A73F-CAAF-4109-9752-D8B4EFE1497A} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\prefs.js
FF SearchPlugin: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\searchplugins\My Firefox Search.xml [2020-11-22]
FF HKLM\...\Firefox\Extensions: [nickrr878@gmail.com] - C:\Program Files (x86)\Vondos\amadello-1.0.3-fx.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [nickrr878@gmail.com] - C:\Program Files (x86)\Vondos\amadello-1.0.3-fx.xpi => nicht gefunden
CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?fr=mcafee&type=E210DE91212G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/gossip/gossip-de-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\\McCSPServiceHost.exe" [X]
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Users\Katja\AppData\Roaming\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Users\Katja\AppData\Local\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\ProgramData\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-02-01 09:13 - 2018-02-21 14:25 - 000000995 _____ C:\Users\Katja\Desktop\Firefox.lnk
2021-02-01 09:13 - 2018-02-21 13:44 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\IObit
2021-02-01 09:13 - 2018-02-21 13:43 - 000000000 ____D C:\Users\Katja\AppData\Roaming\IObit
2021-02-01 09:13 - 2018-02-21 13:43 - 000000000 ____D C:\ProgramData\IObit
2021-01-27 12:53 - 2018-04-18 15:26 - 000000000 ____D C:\ProgramData\Updater
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
CMD: reg query HKCU\Software
CMD: reg query HKCU\Environment
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
Hosts:
RemoveProxy:
SystemRestore: On
EmptyTemp:
*****************
Prozesse erfolgreich geschlossen.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ACHTUNG => erfolgreich wiederhergestellt
C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Mozilla => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Google => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7490A73F-CAAF-4109-9752-D8B4EFE1497A}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7490A73F-CAAF-4109-9752-D8B4EFE1497A}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => nicht gefunden
C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\prefs.js => erfolgreich verschoben
C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\searchplugins\My Firefox Search.xml => erfolgreich verschoben
"HKLM\Software\Mozilla\Firefox\Extensions\\nickrr878@gmail.com" => erfolgreich entfernt
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\nickrr878@gmail.com" => erfolgreich entfernt
"Chrome DefaultSearchURL" => erfolgreich entfernt
"Chrome DefaultSearchKeyword" => erfolgreich entfernt
"Chrome DefaultSuggestURL" => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\DevActSvc => erfolgreich entfernt
DevActSvc => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\mccspsvc => erfolgreich entfernt
mccspsvc => Dienst erfolgreich entfernt
C:\Users\Katja\AppData\Roaming\Lavasoft => erfolgreich verschoben
C:\Users\Katja\AppData\Local\Lavasoft => erfolgreich verschoben
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => erfolgreich verschoben
C:\ProgramData\Lavasoft => erfolgreich verschoben
C:\Program Files (x86)\Lavasoft => erfolgreich verschoben
C:\Users\Katja\Desktop\Firefox.lnk => erfolgreich verschoben
C:\Users\Katja\AppData\LocalLow\IObit => erfolgreich verschoben
C:\Users\Katja\AppData\Roaming\IObit => erfolgreich verschoben
C:\ProgramData\IObit => erfolgreich verschoben
C:\ProgramData\Updater => erfolgreich verschoben
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => erfolgreich entfernt
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => erfolgreich entfernt
========= reg query HKCU\Software =========
HKEY_CURRENT_USER\Software\Adobe
HKEY_CURRENT_USER\Software\AM
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\Applied Acoustics Systems
HKEY_CURRENT_USER\Software\ASIO4ALL v2 by Wuschel
HKEY_CURRENT_USER\Software\ASUS
HKEY_CURRENT_USER\Software\Audiffex
HKEY_CURRENT_USER\Software\Avast Software
HKEY_CURRENT_USER\Software\Blackmagic Design
HKEY_CURRENT_USER\Software\Blizzard Entertainment
HKEY_CURRENT_USER\Software\Brother
HKEY_CURRENT_USER\Software\Browser Cleanup
HKEY_CURRENT_USER\Software\Chromium
HKEY_CURRENT_USER\Software\Clickteam
HKEY_CURRENT_USER\Software\Clients
HKEY_CURRENT_USER\Software\Dim Bulb Games
HKEY_CURRENT_USER\Software\Discord
HKEY_CURRENT_USER\Software\Epic Games
HKEY_CURRENT_USER\Software\ESI
HKEY_CURRENT_USER\Software\Google
HKEY_CURRENT_USER\Software\HDID
HKEY_CURRENT_USER\Software\IGA
HKEY_CURRENT_USER\Software\IM Providers
HKEY_CURRENT_USER\Software\Intel
HKEY_CURRENT_USER\Software\IO Interactive
HKEY_CURRENT_USER\Software\IObit
HKEY_CURRENT_USER\Software\JavaSoft
HKEY_CURRENT_USER\Software\KasperskyLab
HKEY_CURRENT_USER\Software\Khronos
HKEY_CURRENT_USER\Software\Kingsoft
HKEY_CURRENT_USER\Software\KsoLogViewer
HKEY_CURRENT_USER\Software\Lavasoft
HKEY_CURRENT_USER\Software\M-Audio
HKEY_CURRENT_USER\Software\Macromedia
HKEY_CURRENT_USER\Software\MAGIX
HKEY_CURRENT_USER\Software\Microsoft
HKEY_CURRENT_USER\Software\Mozilla
HKEY_CURRENT_USER\Software\MozillaPlugins
HKEY_CURRENT_USER\Software\MuseScore2
HKEY_CURRENT_USER\Software\NCH Software
HKEY_CURRENT_USER\Software\NCH Swift Sound
HKEY_CURRENT_USER\Software\Netscape
HKEY_CURRENT_USER\Software\Nik Software
HKEY_CURRENT_USER\Software\NVIDIA Corporation
HKEY_CURRENT_USER\Software\nwjs
HKEY_CURRENT_USER\Software\OCS
HKEY_CURRENT_USER\Software\ODBC
HKEY_CURRENT_USER\Software\Opera Software
HKEY_CURRENT_USER\Software\Opera Stable Offer
HKEY_CURRENT_USER\Software\Piriform
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software\PreSonus
HKEY_CURRENT_USER\Software\QtProject
HKEY_CURRENT_USER\Software\Realtek
HKEY_CURRENT_USER\Software\RegisteredApplications
HKEY_CURRENT_USER\Software\roamingdevice
HKEY_CURRENT_USER\Software\Snapseed
HKEY_CURRENT_USER\Software\Swiss Academic Software
HKEY_CURRENT_USER\Software\SyncEngines
HKEY_CURRENT_USER\Software\Team 17 Digital ltd.
HKEY_CURRENT_USER\Software\Trolltech
HKEY_CURRENT_USER\Software\Unity
HKEY_CURRENT_USER\Software\UpdateDownloadTool
HKEY_CURRENT_USER\Software\Valve
HKEY_CURRENT_USER\Software\Werner Schweer and Others
HKEY_CURRENT_USER\Software\Wondershare
HKEY_CURRENT_USER\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Classes
========= Ende von CMD: =========
========= reg query HKCU\Environment =========
HKEY_CURRENT_USER\Environment
Path REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
TEMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
OneDrive REG_EXPAND_SZ C:\Users\Katja\OneDrive
OneDriveConsumer REG_EXPAND_SZ C:\Users\Katja\OneDrive
========= Ende von CMD: =========
"AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}" => erfolgreich entfernt
"AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}" => erfolgreich entfernt
"AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}" => erfolgreich entfernt
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
========= netsh advfirewall reset =========
OK.
========= Ende von CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= Ende von CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
0 out of 0 jobs canceled.
========= Ende von CMD: =========
========= Set-MpPreference -PUAProtection Enabled =========
Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -PUAProtection Enabled
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
========= Ende von Powershell: =========
========= Set-MpPreference -DisableScanningNetworkFiles 0 =========
Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -DisableScanningNetworkFiles 0
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
========= Ende von Powershell: =========
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-2081738662-375674699-890820183-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-2081738662-375674699-890820183-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
========= Ende von RemoveProxy: =========
SystemRestore: On => abgeschlossen
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1069447169 B
Java, Flash, Steam htmlcache => 29063879 B
Windows/system/drivers => 24230420 B
Edge => 175272 B
Chrome => 308644 B
Firefox => 1011803918 B
Opera => 699602 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 327308 B
systemprofile32 => 327308 B
LocalService => 549662 B
NetworkService => 562714 B
defaultuser0 => 562714 B
Katja => 353656716 B
RecycleBin => 0 B
EmptyTemp: => 2.3 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 17:22:18 ====
Jetzt die FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-02-2021
durchgeführt von Katja (Administrator) auf DESKTOP-72DG63D (ASUSTeK COMPUTER INC. X550VXK) (06-02-2021 17:24:26)
Gestartet von D:\
Geladene Profile: Katja
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\APRP\aprp.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Discord Inc. -> Discord Inc.) C:\Users\Katja\AppData\Local\Discord\app-0.0.307\Discord.exe <3>
(Epic Games Inc. -> Epic Games, Inc.) D:\Programme\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(INMUSIC BRANDS INC -> M-Audio) C:\Program Files (x86)\M-Audio\M-Track 8X4M\AudioDevMon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avpui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Katja\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1310_none_16f941c72a2d5db6\TiWorker.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Opera Software AS -> Opera Software) C:\Users\Katja\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe <5>
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-11-24] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [U22_XT_USBPan.exe] => U22_XT_USBPan.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [EpicGamesLauncher] => D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-26] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Discord] => C:\Users\Katja\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Opera Browser Assistant] => C:\Users\Katja\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Katja\AppData\Local\ASUS GIFTBOX\User Data" (Der Dateneintrag hat 123 mehr Zeichen).
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\MountPoints2: {14fa7206-e242-11ea-a1a1-107b443602d0} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\ricu0olm: C:\Windows\system32\ricu0olm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-06] (Google LLC -> Google LLC)
Startup: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2019-06-13]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {15553461-2314-4A24-8313-64720A14A97F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {193DA2E6-54EA-424B-AE52-56180AAF83F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1683352 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {21532607-F3D4-43B3-B4E4-D37D5E0641F3} - System32\Tasks\WpsUpdateTask_Katja => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\wtoolex\wpsupdate.exe [653992 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {26EA8E84-31FF-4A4F-8979-C943775CD602} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DB6C0B4-139B-4E0F-B31B-AC8365E534F0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19786024 2016-08-24] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {309E3EF8-8C76-4B15-8BA2-267A6707F7A7} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [1531136 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {389DC292-80F9-442C-9D2B-8D863F3BB0DA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {48B71FCF-1E7C-475F-B4BB-0F13ECF34572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {49667D5A-CD48-450C-8C02-0CC76DF53805} - System32\Tasks\WpsExternal_Katja_20200105153215 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [1285800 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {4A9E92C6-71BC-4D3A-A253-4E5BED30AB27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {507EF729-A441-47D8-9406-67BAB2B275B8} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-72DG63D-Katja => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {514823E1-3CEB-4CF2-BB8E-247EF4F1BE96} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {526B461F-F78A-4DA3-BEE2-98A3AC71F919} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
Task: {530A2AED-1596-4E51-941E-50EC3AAE014A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EE08B53-5F87-4A5E-86DF-72BD5B745C05} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1578784 2016-07-07] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [Datei ist nicht signiert]
Task: {60BD2060-BA9B-4D8F-99AA-F6618286B46E} - System32\Tasks\Opera scheduled Autoupdate 1594114837 => C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {700439AD-0AB3-4DD0-A72E-D2F57A21FF17} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16747008 2016-11-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7D419AF6-982D-450D-AFA0-604D61AD674E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {8360F909-7D21-44F5-8E92-5C7FB75F3303} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {874E847A-2205-4D08-9C8D-503CC5084CB4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {88E1451A-F1C5-47BC-918C-B2CAED651BFD} - System32\Tasks\Opera scheduled assistant Autoupdate 1594114845 => C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Katja\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {89A74F5F-6F3C-4F4F-BCEB-D5112F9F6805} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {984DAAFA-04CC-4CF7-9ED2-9765C6EC6DA7} - System32\Tasks\ASUS Battery Health Charging Notification => C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe [2478776 2016-11-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {9AF5EFAF-9494-482F-8013-BBD24EEA707F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {A159E453-6C69-4E9C-BBC4-9DDFCA839196} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2013264 2017-12-12] (NVIDIA Corporation -> )
Task: {AE9450CD-A96E-484A-A097-91A71670044F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF13C45B-52CE-454F-B936-433171A8EDC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5C781C4-C567-437B-8A6D-32E069B44BFF} - System32\Tasks\AdwCleaner_onReboot => //SRV-DC01/Setups/Virenscanner/adwcleaner_8.0.9.1(1).exe
Task: {C4C864FF-EBB4-4E60-AE3B-61195E0EC7DE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {D031EDA3-3A4E-4F06-9E36-A621F355BD99} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D22A7074-279B-4B0A-9ADC-2FC199E12731} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {D402CBA4-84F3-46B8-8E45-2BADCA602FA1} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {E29396D1-54EA-4339-B0AD-04F1569B63DA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation)
Task: {E39B04FB-3166-494E-B519-06F60D7B1BBC} - System32\Tasks\WpsExternal_20161111081738 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [1285800 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {EB155E2A-DE4D-4BD6-97F5-07FD98330620} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {F74A871A-865E-43E3-ABBC-DA125CD0410D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\WpsExternal_20161111081738.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{534d5b2c-e792-4b93-a565-cef7f7cdc6cf}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{b9c5cc92-b6cb-46af-8f47-f62d5468f69a}: [DhcpNameServer] 192.168.178.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-05]
Edge Extension: (Kaspersky Protection) - C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-01-28]
Edge Extension: (Citavi Picker) - C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-01-06]
Edge HKU\S-1-5-21-2081738662-375674699-890820183-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]
FireFox:
========
FF DefaultProfile: x11q7e72.default-1575375523631
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 [2021-02-06]
FF Notifications: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://adshield.me; hxxps://studip.sw.eah-jena.de
FF Extension: (AdShield) - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\Extensions\{32d829ea-7c44-4510-b199-a212400315c5}.xpi [2020-01-01] [UpdateUrl:hxxps://cdn.adshield-cdn.co/xpi/adshield/data/1219/updates.json]
FF Extension: (Citavi Picker) - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2021-01-05]
FF Extension: (Citavi Picker) - C:\Program Files\Mozilla Firefox\distribution\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2020-10-27]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => nicht gefunden
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-01-28] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-01-28] <==== ACHTUNG
Chrome:
=======
CHR Profile: C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default [2021-02-06]
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Docs) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-08]
CHR Extension: (Google Drive) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-08]
CHR Extension: (YouTube) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-08]
CHR Extension: (Tabellen) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-23]
CHR Extension: (Google Mail) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-23]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]
Opera:
=======
OPR Profile: C:\Users\Katja\AppData\Roaming\Opera Software\Opera Stable [2021-02-06]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AsBhcService; C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe [114360 2016-10-20] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 AVP21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe [381928 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8854920 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S3 klvssbridge64_21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\vssbridge64.exe [467352 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [351424 2021-01-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 KSDE5.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe [644264 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MTrack8X4MAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track 8X4M\AudioDevMon.exe [289880 2018-06-07] (INMUSIC BRANDS INC -> M-Audio)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [244392 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare UniConverter (Desktop Deutsch)\Transfer\DriverInstall.exe [112560 2020-04-21] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AiCharger; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29312 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [98784 2016-09-01] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [251608 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [24056 2017-07-19] (IObit Information Technology -> IObit)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110392 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [212280 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [127288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37496 2020-10-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [523576 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [659768 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1341232 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.2\Bases\klids.sys [244784 2021-01-28] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1025336 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [95544 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [97080 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2020-10-21] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [257208 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2021-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [310232 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116888 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [207352 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [153400 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [250168 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300856 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-04 20:43 - 2021-02-06 17:24 - 000000000 ____D C:\FRST
2021-02-01 09:13 - 2021-02-01 09:13 - 000003208 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2021-02-01 09:11 - 2021-02-01 09:13 - 000000000 ____D C:\AdwCleaner
2021-01-28 20:57 - 2021-01-28 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-28 10:10 - 2021-02-06 16:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-28 07:57 - 2021-01-28 07:57 - 000001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000001209 _____ C:\Users\Public\Desktop\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000001209 _____ C:\ProgramData\Desktop\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000000000 ____D C:\Users\Katja\NCH Software Produktpalette
2021-01-27 12:45 - 2021-01-27 12:45 - 000310232 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-01-27 12:45 - 2021-01-27 12:45 - 000001229 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2021-01-27 12:45 - 2021-01-27 12:45 - 000001229 _____ C:\ProgramData\Desktop\Kaspersky Password Manager.lnk
2021-01-27 12:45 - 2021-01-27 12:45 - 000000000 ____D C:\Users\Katja\AppData\Local\Kaspersky Lab
2021-01-27 12:44 - 2021-01-27 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2021-01-27 12:43 - 2021-01-27 12:43 - 000257208 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000207352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000116888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000099152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000001165 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-01-27 12:43 - 2021-01-27 12:43 - 000001165 _____ C:\ProgramData\Desktop\Kaspersky VPN.lnk
2021-01-27 12:43 - 2021-01-27 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-01-27 12:43 - 2021-01-27 12:43 - 000000000 ____D C:\Program Files\Common Files\AV
2021-01-27 12:42 - 2021-01-27 12:44 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-01-27 12:42 - 2021-01-27 12:44 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-01-27 12:42 - 2021-01-27 12:42 - 000002150 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2021-01-27 12:42 - 2021-01-27 12:42 - 000002150 _____ C:\ProgramData\Desktop\Kaspersky Anti-Virus.lnk
2021-01-27 12:42 - 2021-01-27 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2021-01-27 12:42 - 2020-10-21 23:12 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2021-01-27 12:42 - 2020-10-21 23:11 - 001025336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-01-27 12:42 - 2020-10-21 23:11 - 000523576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-01-26 17:40 - 2021-01-26 17:40 - 000002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-01-13 16:58 - 2021-01-13 16:58 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 16:58 - 2021-01-13 16:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 16:58 - 2021-01-13 16:58 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 16:58 - 2021-01-13 16:58 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 16:58 - 2021-01-13 16:58 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 16:58 - 2021-01-13 16:58 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 16:57 - 2021-01-13 16:57 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 16:57 - 2021-01-13 16:57 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 16:57 - 2021-01-13 16:57 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-13 16:56 - 2021-01-13 16:56 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 16:56 - 2021-01-13 16:56 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 16:56 - 2021-01-13 16:56 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 16:56 - 2021-01-13 16:56 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 16:56 - 2021-01-13 16:56 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 16:55 - 2021-01-13 16:56 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-06 17:25 - 2020-04-08 08:24 - 000000000 ____D C:\Program Files\CCleaner
2021-02-06 17:23 - 2020-04-28 11:44 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-06 17:23 - 2019-09-16 17:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-06 17:23 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-06 17:23 - 2019-03-19 05:37 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-02-06 17:23 - 2018-02-20 22:32 - 000000000 ___RD C:\Users\Katja\OneDrive
2021-02-06 17:23 - 2018-02-20 22:30 - 000000000 __SHD C:\Users\Katja\IntelGraphicsProfiles
2021-02-06 17:23 - 2017-07-20 17:25 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-06 17:12 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-02-06 17:10 - 2018-04-07 11:04 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\Temp
2021-02-06 17:02 - 2018-05-14 15:25 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-06 17:02 - 2018-05-14 15:25 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-06 17:02 - 2018-05-14 15:25 - 000002254 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-06 16:57 - 2020-08-23 18:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-06 16:57 - 2020-08-23 18:23 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-06 16:57 - 2020-08-23 18:23 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-02-06 16:57 - 2019-09-16 17:19 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-06 16:57 - 2019-09-16 17:19 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-06 16:56 - 2018-02-21 10:21 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\Mozilla
2021-02-05 14:11 - 2019-09-16 17:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-05 09:32 - 2019-09-16 17:20 - 001725108 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-05 09:32 - 2019-03-19 13:16 - 000746614 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-05 09:32 - 2019-03-19 13:16 - 000150886 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-05 09:32 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-05 09:30 - 2020-05-09 09:27 - 000000000 ____D C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Natomic Studios
2021-02-05 09:30 - 2020-04-08 08:25 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-05 09:30 - 2019-09-16 17:12 - 000000000 ____D C:\Users\Katja
2021-02-05 09:30 - 2018-02-20 22:53 - 000000000 ____D C:\Users\Katja\AppData\Local\CrashDumps
2021-02-04 19:52 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-04 19:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-04 19:50 - 2020-11-04 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-02-04 19:50 - 2019-09-16 17:19 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2081738662-375674699-890820183-1001
2021-02-04 19:50 - 2019-09-16 17:12 - 000002381 _____ C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-01 09:13 - 2018-02-20 16:14 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-01 09:13 - 2018-02-20 16:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-01 09:13 - 2016-11-11 09:17 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-02-01 09:10 - 2018-02-20 22:33 - 000000200 _____ C:\Users\Katja\AppData\Roaming\sp_data.sys
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\Users\Katja\AppData\Roaming\NCH Software
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\ProgramData\NCH Software
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\Program Files (x86)\NCH Software
2021-01-28 07:53 - 2018-03-05 15:15 - 000000000 ____D C:\Users\Katja\AppData\Local\Packages
2021-01-27 12:42 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-27 12:37 - 2018-02-20 16:15 - 000000000 ____D C:\ProgramData\AVAST Software
2021-01-27 12:37 - 2016-11-11 09:17 - 000000742 _____ C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job
2021-01-27 12:37 - 2016-11-11 09:17 - 000000448 _____ C:\WINDOWS\Tasks\WpsExternal_20161111081738.job
2021-01-27 12:34 - 2018-04-23 10:23 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-26 17:40 - 2019-01-14 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-26 17:40 - 2018-03-23 10:43 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-26 17:36 - 2018-02-21 13:44 - 000000000 ____D C:\ProgramData\ProductData
2021-01-26 12:54 - 2020-08-23 18:22 - 000003628 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-26 12:54 - 2020-08-23 18:22 - 000003404 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-26 12:54 - 2020-07-07 10:40 - 000003854 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1594114845
2021-01-26 12:54 - 2020-07-07 10:40 - 000003622 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1594114837
2021-01-26 12:54 - 2020-01-05 15:32 - 000002938 _____ C:\WINDOWS\system32\Tasks\WpsExternal_Katja_20200105153215
2021-01-26 12:54 - 2019-12-12 19:46 - 000002666 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Katja
2021-01-26 12:54 - 2019-10-06 14:52 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-01-26 12:54 - 2019-09-16 17:19 - 000003266 _____ C:\WINDOWS\system32\Tasks\WpsKtpcntrQingTask_Administrator
2021-01-26 12:54 - 2019-09-16 17:19 - 000003118 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-01-26 12:54 - 2019-09-16 17:19 - 000003024 _____ C:\WINDOWS\system32\Tasks\WpsExternal_20161111081738
2021-01-26 12:54 - 2019-09-16 17:19 - 000002968 _____ C:\WINDOWS\system32\Tasks\Update Checker
2021-01-26 12:54 - 2019-09-16 17:19 - 000002924 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
2021-01-26 12:54 - 2019-09-16 17:19 - 000002798 _____ C:\WINDOWS\system32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-26 12:54 - 2019-09-16 17:19 - 000002770 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-72DG63D-Katja
2021-01-26 12:54 - 2019-09-16 17:19 - 000002562 _____ C:\WINDOWS\system32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-26 12:54 - 2019-09-16 17:19 - 000002346 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice
2021-01-26 12:54 - 2019-09-16 17:19 - 000002340 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus
2021-01-26 12:54 - 2019-09-16 17:19 - 000002330 _____ C:\WINDOWS\system32\Tasks\ASUS Battery Health Charging Notification
2021-01-26 12:54 - 2019-09-16 17:19 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-01-26 12:54 - 2019-09-16 17:19 - 000002214 _____ C:\WINDOWS\system32\Tasks\ATK Package A22126881260
2021-01-26 09:45 - 2018-06-26 14:08 - 000000000 ____D C:\Users\Katja\AppData\Local\AVAST Software
2021-01-21 20:53 - 2020-04-08 08:25 - 000002234 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-01-21 07:52 - 2020-07-07 10:40 - 000001407 _____ C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2021-01-16 18:40 - 2018-11-09 17:01 - 000000000 ____D C:\Users\Katja\AppData\Local\Bitwig Studio
2021-01-13 17:12 - 2019-09-16 17:09 - 000568528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-13 17:12 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-13 17:12 - 2018-03-05 15:31 - 000000000 ___RD C:\Users\Katja\3D Objects
2021-01-13 17:12 - 2017-07-20 17:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-13 17:11 - 2019-03-19 13:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 17:11 - 2019-03-19 13:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 17:05 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 17:04 - 2018-02-22 12:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 17:01 - 2018-02-22 12:39 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 16:55 - 2019-09-16 17:10 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-12 08:58 - 2019-09-16 17:12 - 000000000 ____D C:\Users\defaultuser0
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2018-11-09 17:48 - 2018-11-09 17:48 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P10804_GK Amplification 2 LE_log.inTone2Log
2018-11-10 09:48 - 2018-11-10 09:48 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P13568_ampLion Free_log.inTone2Log
2018-11-10 09:45 - 2018-11-10 09:45 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P14776_GK Amplification 2 LE_log.inTone2Log
2018-11-10 15:20 - 2018-11-10 15:20 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P15472_GK Amplification 2 LE_log.inTone2Log
2020-11-05 16:01 - 2020-11-05 16:01 - 000003820 _____ () C:\Users\Katja\AppData\Roaming\P15960_ampLion Free_log.inTone2Log
2019-01-17 16:09 - 2019-01-17 16:09 - 000003631 _____ () C:\Users\Katja\AppData\Roaming\P16284_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:16 - 2018-11-09 19:16 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P16504_GK Amplification 2 LE_log.inTone2Log
2018-11-10 10:01 - 2018-11-10 10:01 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P16824_GK Amplification 2 LE_log.inTone2Log
2018-11-10 13:21 - 2018-11-10 13:21 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P17308_GK Amplification 2 LE_log.inTone2Log
2018-11-10 10:01 - 2018-11-10 10:01 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P17920_ampLion Free_log.inTone2Log
2018-11-10 15:20 - 2018-11-10 15:20 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P19080_ampLion Free_log.inTone2Log
2018-11-10 13:20 - 2018-11-10 13:20 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P3408_ampLion Free_log.inTone2Log
2018-11-09 17:35 - 2018-11-09 17:35 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P3784_ampLion Free_log.inTone2Log
2018-11-09 16:42 - 2018-11-09 16:42 - 000003755 _____ () C:\Users\Katja\AppData\Roaming\P4268_GK Amplification 2 LE_log.inTone2Log
2018-11-09 16:45 - 2018-11-09 16:45 - 000003616 _____ () C:\Users\Katja\AppData\Roaming\P4708_ampLion Free_log.inTone2Log
2018-11-09 17:23 - 2018-11-09 17:23 - 000030467 _____ () C:\Users\Katja\AppData\Roaming\P7612_inTone2 ESI Edition_log.inTone2Log
2018-11-09 17:35 - 2018-11-09 17:35 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P7732_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:10 - 2018-11-09 19:10 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P7752_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:47 - 2018-11-09 19:47 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P9936_GK Amplification 2 LE_log.inTone2Log
2018-02-20 22:33 - 2021-02-01 09:10 - 000000200 _____ () C:\Users\Katja\AppData\Roaming\sp_data.sys
2018-10-02 11:46 - 2018-10-02 11:46 - 000000000 _____ () C:\Users\Katja\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Die 3. Datei im nächsten Beitrag. |
|
06.02.2021, 18:20
| #6 |
| | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Und hier noch die Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-02-2021
durchgeführt von Katja (06-02-2021 17:27:02)
Gestartet von D:\
Windows 10 Home Version 1909 18363.1316 (X64) (2019-09-16 16:19:24)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2081738662-375674699-890820183-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2081738662-375674699-890820183-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2081738662-375674699-890820183-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-2081738662-375674699-890820183-501 - Limited - Disabled)
Katja (S-1-5-21-2081738662-375674699-890820183-1001 - Administrator - Enabled) => C:\Users\Katja
WDAGUtilityAccount (S-1-5-21-2081738662-375674699-890820183-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_1) (Version: 15.0.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
ampLion Free 1.2.0 (HKLM-x32\...\{C0355E2A-5FA6-4782-85B1-107C560E904A}_is1) (Version: 1.2.0 - Audiffex)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS Battery Health Charging (HKLM-x32\...\{3A7E73B6-3A04-49ED-811E-CC39F7EA2E34}) (Version: 1.0.0002 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
Atti-TUBE (HKLM-x32\...\Atti-TUBE) (Version: - )
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.16 - ICEpower a/s)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitwig 8-Track (HKLM-x32\...\{8A2AC349-1D0C-475B-980B-FC3BA141153F}) (Version: 1.3.7.37083 - Bitwig GmbH)
Bitwig Studio (HKLM\...\{7180D515-FED7-40B8-9090-C3307A2463A6}) (Version: 3.0.3.81986 - Bitwig GmbH)
Bovbjerg Piano Module (HKLM-x32\...\Bovbjerg Piano Module) (Version: - )
Brother MFL-Pro Suite MFC-J4410DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.7.0.0 - Swiss Academic Software)
Clickteam Fusion 2.5 Free Edition (HKLM-x32\...\Clickteam Fusion 2.5 Free Edition) (Version: - Clickteam)
CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
DaVinci Resolve (HKLM\...\{B038DE18-6092-4C56-ACD4-E268DCFE2B20}) (Version: 14.3.0014 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{332552D0-B8EE-49BF-B904-E038A72BD2B2}) (Version: 1.1.2.0 - Blackmagic Design)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Discord (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EGOSYS FX-Pack (HKLM-x32\...\EGOSYS FX-Pack) (Version: - )
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.11.0.73 - NVIDIA Corporation) Hidden
GK Amplification 2 LE 2.2.2 (HKLM-x32\...\{CB13830D-9A15-4D25-A55C-9E52BF57DD4B}_is1) (Version: 2.2.2 - Audiffex)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
IBM SPSS Statistics 25 (HKLM\...\{C2D1E17D-CB8A-4742-84FA-1DB5C6A1ABDD}) (Version: 25.0.0.0 - IBM Corp)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7325 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.5.1035 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
inTone 2 ESI Edition 2.4.0 (HKLM-x32\...\{D72463A2-6C42-41DF-9114-D939C8E65A9D}_is1) (Version: 2.4.0.86 - Audified)
inTone 2 ESI Edition 64bit 2.4.0 (HKLM\...\{0A7FC75F-817B-416D-B927-CDB4C1404866}_is1) (Version: 2.4.0.86 - Audified)
Jitsi (HKLM\...\{D20996B9-BCB6-4877-8104-BDEEF5ED3097}) (Version: 2.10.5550 - Jitsi)
Kaspersky Anti-Virus (HKLM-x32\...\{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky VPN (HKLM-x32\...\{221FA56C-0A92-4E58-98FD-CAF82237540C}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{221FA56C-0A92-4E58-98FD-CAF82237540C}) (Version: 21.2.16.590 - Kaspersky)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.2 - LUXONIX)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM\...\{AEC8A163-C23A-4348-A31F-750BAF9519E4}) (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver (HKLM-x32\...\MX.{AEC8A163-C23A-4348-A31F-750BAF9519E4}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver Soundpools (HKLM\...\{9B02E643-CFDA-435E-9538-C02234A42021}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
M-Audio M-Track 8X4M 1.0.3 (HKLM\...\{5E248784-8915-4AF3-A06B-6D3A050B4B9C}) (Version: 1.0.3 - M-Audio)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13127.21064 - Microsoft Corporation)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13127.21064 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Teams) (Version: 1.3.00.3564 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MixPad Musikstudio-Software (HKLM-x32\...\MixPad) (Version: 5.99 - NCH Software)
Mozilla Firefox 85.0 (x64 de) (HKLM\...\Mozilla Firefox 85.0 (x64 de)) (Version: 85.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{0317B5F7-01A3-4640-A491-456B453CCAB3}) (Version: 2.2.1 - Werner Schweer and Others)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Opera Stable 73.0.3856.344 (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
PhotoPad Foto-Editor (HKLM-x32\...\PhotoPad) (Version: 6.78 - NCH Software)
PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.3.3.41198 - PreSonus Audio Electronics)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.887.091316 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7997 - Realtek Semiconductor Corp.)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0008 - REALTEK Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Snapseed (HKLM-x32\...\{D5BEB842-5696-4AE8-A222-03D06384856D}) (Version: 1.2.1 - Nik Software, Inc.)
Stanton Deckadance 2.72 (HKLM-x32\...\Stanton Deckadance) (Version: 2.72 - Stanton)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studio Devil British Valve Custom v1.1 (HKLM-x32\...\{9DEE696E-FBA6-473A-9B5E-576E86B6183F}) (Version: 1.1.0 - Studio Devil)
StudioDevil VGA 1.3 (HKLM-x32\...\StudioDevil VGA_is1) (Version: - StudioDevil)
Tassman ESI Edition (HKLM-x32\...\{AF9F71C9-2F5F-4E00-9A34-D7BC1D6E1DA7}) (Version: - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.34161 - Microsoft Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
U22 XT USB Driver version v1.3.1.0 (HKLM\...\{A7C4B7E9-C70A-4D75-A497-EFE8E61B3409}_is1) (Version: v1.3.1.0 - ESI-Audiotechnik)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM-x32\...\{F35DD4F5-1F85-43CD-AC7A-FE54CA7EABA2}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 11.22 - NCH Software)
Windows Driver Package - ASUS (AsusTP) Mouse (08/19/2016 6.0.0.83) (HKLM\...\67D3C04C0088D5D88ABB7419CBFDF094E3B809C1) (Version: 08/19/2016 6.0.0.83 - ASUS)
Windows Driver Package - ESI (U22_XT_USB_AA) MEDIA (10/11/2018 1.3.1.0) (HKLM\...\406BEFE077C994845635F321499568604730DB83) (Version: 10/11/2018 1.3.1.0 - ESI)
Windows Driver Package - ESI (U22_XT_USBWDM_01) MEDIA (10/11/2018 1.3.1.0) (HKLM\...\614DB88564DB0A7BD420220B25837D9047C59561) (Version: 10/11/2018 1.3.1.0 - ESI)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 11.7.5.1) (HKLM-x32\...\UniConverter_is1) (Version: 11.7.5.1 - Wondershare Software)
WPS Office (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Kingsoft Office) (Version: 10.2.0.7646 - Kingsoft Corp.)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Packages:
=========
ASUS ZenLink -> C:\Program Files\WindowsApps\B9ECED6F.ZenSync_1.0.7.0_x86__qmba6cd70vzyy [2018-02-21] (ASUSTeK COMPUTER INC.) [MS Ad]
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-10] (Autodesk Inc.)
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.3.18.0_x86__ffd303wmbhcjt [2020-07-26] (BreeZip) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2020-12-28] (Dolby Laboratories)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-13] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-16] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-09-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Studios) [MS Ad]
-My Notes- -> C:\Program Files\WindowsApps\22944SamJarawan.-MyNotes-_2.1.47.0_x64__3gv8nk7frgb5p [2020-03-05] (Sam Jarawan) [MS Ad]
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-05-01] (ASUSTeK COMPUTER INC.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-26] (Netflix, Inc.)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.6.0.0_x86__fxme7667cy4q4 [2020-02-16] (Ricoh Company, Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-31] (Spotify AB) [Startup Task]
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_2.5.1.0_x64__t4vj0pshhgkwm [2020-12-28] (Telegram Messenger LLP)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2100.7.0_x64__cv1g1gvanyjgm [2021-01-28] (WhatsApp Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52 [2021-01-19] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6B64E7666B22} -> [Creative Cloud Files] => C:\Users\Katja\Creative Cloud Files [2018-02-20 16:59]
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Katja\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Katja\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxDTCM.dll [2019-10-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers1_S-1-5-21-2081738662-375674699-890820183-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers5_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Katja\Desktop\facebook.lnk -> C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
ShortcutWithArgument: C:\Users\Katja\Desktop\Profil 1 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Default"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2018-04-10 14:29 - 2009-02-27 15:38 - 000139264 ____R () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-11-07 13:03 - 2016-07-21 10:54 - 000137728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-11-07 13:03 - 2017-03-23 09:49 - 001506304 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-04-10 14:29 - 2017-11-07 18:55 - 000137728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2018-04-10 14:29 - 2017-08-18 10:23 - 000087552 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2018-04-10 14:29 - 2017-08-18 10:23 - 017974784 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2018-04-10 14:29 - 2017-11-07 19:04 - 000095232 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcLGer.dll
2018-05-14 15:22 - 2017-11-07 18:55 - 000440832 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\Track.dll
2020-07-26 15:22 - 2020-07-26 15:22 - 001410560 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\3138AweZip.AweZip_1.3.18.0_x86__ffd303wmbhcjt\BackgoundTaskUWP.dll
2019-11-10 14:18 - 2019-11-10 14:18 - 000710656 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52\e_sqlite3.dll
2021-01-19 11:29 - 2021-01-19 11:29 - 038125568 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52\Xing.UWP.dll
2018-04-10 14:29 - 2005-04-22 05:36 - 000143360 _____ () [Datei ist nicht signiert] C:\WINDOWS\system32\BrSNMP64.dll
2018-04-10 14:29 - 2012-04-23 14:03 - 000380928 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-04-10 14:29 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BroSNMP.dll
2018-04-10 14:29 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2018-04-10 14:29 - 2012-01-11 13:39 - 000626688 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2018-04-10 14:29 - 2012-07-27 06:07 - 000087040 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\WINDOWS\system32\BrNetSti.dll
2020-12-19 21:12 - 2020-12-19 21:14 - 088921088 _____ (HP Development Company, L.P.) [Datei ist nicht signiert] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6\HP.Smart.dll
2017-07-20 17:41 - 2017-07-20 17:41 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2017-07-20 17:41 - 2017-07-20 17:41 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2017-07-20 17:26 - 2016-06-14 21:01 - 001298640 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2017-07-20 17:26 - 2016-06-14 21:01 - 001767944 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\WINDOWS\system32\nvspcap64.dll
2020-11-07 13:03 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2081738662-375674699-890820183-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2081738662-375674699-890820183-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.DLL [2020-10-27] (Swiss Academic Software -> Swiss Academic Software)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.DLL [2020-10-27] (Swiss Academic Software -> Swiss Academic Software)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-07-16 12:47 - 2021-02-06 17:08 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2019-05-02 14:52 - 2019-07-13 19:54 - 000000513 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\IBM\SPSS\Statistics\25\JRE\bin
HKU\S-1-5-21-2081738662-375674699-890820183-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katja\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG-20201126-WA0000.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{11991BB3-3EAA-41BC-8B24-E496EE1D07B0}C:\program files\windowsapps\spotifyab.spotifymusic_1.151.382.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.151.382.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{F37C834D-9E96-4E42-8F6D-A197D7965A2F}C:\program files\windowsapps\spotifyab.spotifymusic_1.151.382.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.151.382.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/06/2021 05:20:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (556,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/06/2021 05:13:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8692,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/06/2021 04:56:38 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/05/2021 09:39:01 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4568,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/05/2021 09:30:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Blizzard Uninstaller.exe, Version: 1.16.2.82, Zeitstempel: 0x5c33aa06
Name des fehlerhaften Moduls: Blizzard Uninstaller.exe, Version: 1.16.2.82, Zeitstempel: 0x5c33aa06
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001089f
ID des fehlerhaften Prozesses: 0x16a0
Startzeit der fehlerhaften Anwendung: 0x01d6fb9930a58ae4
Pfad der fehlerhaften Anwendung: C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe
Pfad des fehlerhaften Moduls: C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe
Berichtskennung: 2f3bb63c-654d-489a-a5c2-891599b1a8e3
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/05/2021 09:30:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Blizzard Uninstaller.exe, Version: 1.16.2.82, Zeitstempel: 0x5c33aa06
Name des fehlerhaften Moduls: Blizzard Uninstaller.exe, Version: 1.16.2.82, Zeitstempel: 0x5c33aa06
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001089f
ID des fehlerhaften Prozesses: 0x84c
Startzeit der fehlerhaften Anwendung: 0x01d6fb992af2e444
Pfad der fehlerhaften Anwendung: C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe
Pfad des fehlerhaften Moduls: C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe
Berichtskennung: d36216d7-155a-48fe-ae8e-1b3c0d817168
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/05/2021 09:04:43 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (16416,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/04/2021 09:01:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (20028,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Systemfehler:
=============
Error: (02/06/2021 05:26:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-72DG63D)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/06/2021 05:23:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-72DG63D)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/06/2021 05:08:50 PM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Ein DCOM-Server konnte nicht gestartet werden: {0358B920-0AC7-461F-98F4-58E32CD89148}. Fehler:
"2147942405"
Aufgetreten beim Start dieses Befehls:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (02/06/2021 05:08:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kaspersky VPN Secure Connection-Dienst 5.2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/06/2021 05:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/06/2021 05:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/06/2021 05:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/06/2021 05:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Windows Defender:
===================================
Date: 2019-10-04 11:57:21.190
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {D16400BC-88C2-4381-B6F9-DC061612597D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-27 22:17:21.150
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {EE759CBA-47EA-4D4E-9AC5-6BFA8D4E81B7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-19 19:56:45.729
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {A8668A42-07EA-4C37-9C09-8DA205B37B8E}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-19 18:46:11.603
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {CF066013-967D-42CB-B320-3E525CF6020C}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-02-05 09:29:39.348
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.329.2954.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.17700.4
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2021-02-05 09:29:39.348
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.329.2954.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.17700.4
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2021-02-05 09:29:39.347
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.329.2954.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.17700.4
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2021-02-05 09:29:39.340
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.329.2954.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.17700.4
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2021-02-05 09:29:39.340
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.329.2954.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.17700.4
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
CodeIntegrity:
===================================
Date: 2021-02-06 17:25:17.788
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:10.838
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:10.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:10.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:06.903
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:05.675
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:04.876
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:02.849
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. X550VXK.307 04/19/2019
Hauptplatine: ASUSTeK COMPUTER INC. X550VXK
Prozessor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 8077.04 MB
Verfügbarer physikalischer RAM: 3511.78 MB
Summe virtueller Speicher: 10253.04 MB
Verfügbarer virtueller Speicher: 5686.91 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:117.71 GB) (Free:23.44 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:809.58 GB) NTFS
\\?\Volume{db185c5f-80e1-4e3e-a56f-5e871b78703c}\ () (Fixed) (Total:0.48 GB) (Free:0.04 GB) NTFS
\\?\Volume{002f04c3-60f1-4b35-8840-89fa1788299f}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.44 GB) NTFS
\\?\Volume{fc5b06db-5457-4b06-81cf-80528ff87fee}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 646A106C)
Partition: GPT.
==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 726C32AF)
Partition: GPT.
==================== Ende von Addition.txt =======================
Jetzt bin ich gespannt. |
|
06.02.2021, 21:20
| #7 |
| /// TB-Ausbilder | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Die Malware Gootkit ist nicht zu sehen. Dafür noch etwas PUP/Adware, die ich gerne aufspühren und entfernen möchte. Schritt 1 Führe RogueKiller Anti-Malware gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 2
Bitte poste mit deiner nächsten Antwort:
|
|
08.02.2021, 08:08
| #8 |
| | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Hier mal die 2 Dateien. Code:
ATTFilter RogueKiller Anti-Malware V14.8.4.0 (x64) [Jan 13 2021] (Free) von Adlice Software Mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Betriebssystem : Windows 10 (10.0.18363) 64 bits Gestartet in : Normaler Modus Benutzer : Katja [Administrator] Gestartet von : C:\Users\Katja\Desktop\RogueKiller_portable64.exe Signaturen : 20210203_130952, Treiber : Geladen Modus : Standard-Scan, Löschen -- Datum : 2021/02/07 13:19:27 (Dauer : 00:08:03) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Löschen ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\.DEFAULT\Software\OCS -- -> Gelöscht [PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-21-2081738662-375674699-890820183-1001\Software\OCS -- -> Gelöscht [PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-18\Software\OCS -- -> Gelöscht Und noch die Search Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 04-02-2021
durchgeführt von Katja (07-02-2021 13:33:39)
Gestartet von D:\
Start-Modus: Normal
================== Datei-Suche: "SearchAll: Chip Digital;Advanced SystemCare;GoodGame;Lavasoft;Web Companion;webcompanion;Qweb;Startfenster;Vondos;QScan System-Check;WebDiscoverBrowser;{92e8bd03-8c7b-4afa-8197-58d85c78203f};AdvancedSystemCare" =============
Datei:
========
C:\Windows\WinSxS\x86_netfx35linq-linqwebconfig_31bf3856ad364e35_10.0.18362.1_none_cd4b8a20ace36203\LinqWebConfig.exe
[2019-09-16 17:43][2019-09-16 17:43] 000088272 _____ (Microsoft Corporation) E9883E3426E8D87B27D039DBE01ADE45 [Datei ist digital signiert]
C:\Windows\WinSxS\Manifests\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_10.0.18362.1_none_296a25a46540d339.manifest
[2019-09-16 17:43][2019-09-16 17:43] 000000265 ____N () 7E28CC90FE0C026F1E0CC6A66A85026C [Datei ist nicht signiert]
C:\Windows\WinSxS\Manifests\x86_netfx35linq-linqwebconfig_31bf3856ad364e35_10.0.18362.1_none_cd4b8a20ace36203.manifest
[2019-09-16 17:43][2019-09-16 17:43] 000000262 ____N () FDFE99DE1C0942318A9BAE51BFFB04C0 [Datei ist nicht signiert]
C:\Windows\WinSxS\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_10.0.18362.1_none_296a25a46540d339\LinqWebConfig.exe
[2019-09-16 17:43][2019-09-16 17:43] 000094416 _____ (Microsoft Corporation) 4F90B301764576EA4D323C0C33144076 [Datei ist digital signiert]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WebCompanion.exe.log
[2020-11-22 12:22][2020-12-10 07:57] 000002380 _____ () 0349D5D4490471A5802FA6CE0C15F396 [Datei ist nicht signiert]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WebCompanionInstaller.exe.log
[2020-11-22 12:22][2020-12-10 07:57] 000002351 _____ () 2ADE5A58B9F503E5F1CC99C3B8DB2537 [Datei ist nicht signiert]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Lavasoft.WCAssistant.WinService.exe.log
[2020-04-08 08:26][2021-01-27 12:36] 000002145 _____ () 468D67F0780A8DC458B46583C2C14CBA [Datei ist nicht signiert]
C:\Windows\Prefetch\WEBCOMPANION.EXE-9800DBBB.pf
[2020-10-13 13:08][2021-01-31 18:00] 000071129 _____ () 8E9B719C02DE34F77D7C6FE71B37D035 [Datei ist nicht signiert]
C:\Users\Katja\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WebCompanion.exe.log
[2021-01-12 17:05][2021-01-16 17:25] 000001535 _____ () 91F5D095A7CC90AF4235442097F331B2 [Datei ist nicht signiert]
C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\Onboarding\imageformats\qwebp.dll
[2015-06-29 18:10][2015-06-29 18:10] 000362496 _____ (The Qt Company Ltd) CA9C0782C43FFB6918C5F04A83F18628 [Datei ist nicht signiert]
C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\Onboarding\html\js\qwebchannel.js
[2018-02-01 17:42][2018-02-01 17:42] 000014808 _____ () 7266DCAFA2C31054D5CFFB535BA5C381 [Datei ist nicht signiert]
C:\Program Files (x86)\MAGIX\Music Maker 2015 Silver\plugins\imageformats\qwebp.dll
[2014-06-06 14:30][2014-06-06 14:30] 000290304 _____ () BCB511FC67C30E85C53655319C71291A [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\99\Web Companion\Logs\Webcompanion\webcompanion.log#BB97EE6A0C723DA2
[2018-11-09 18:55][2020-12-10 07:57] 000124024 _____ () B1B905E05D70B07C68776A6A187B9178 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Ad-Aware Web Companion.exe#7CF51017700F8807
[2018-11-09 18:55][2020-12-10 07:57] 000641632 _____ ( ) 071F87AC2610DA980631DEF54B40408F [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll#C9EF4B5CE4658A50
[2018-11-09 18:55][2020-12-10 07:57] 000059488 _____ ( ) BB37B9168987EDE58FB340CEA9BF2E1B [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.adblocker.dll#54CF9A4CE0ED19B6
[2018-11-09 18:55][2020-12-10 07:57] 000065632 _____ () 1A42EC46AEA9751927BF17238E54D45C [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.AppCore.dll#41624F2670753300
[2018-11-09 18:55][2020-12-10 07:57] 000202848 _____ () 4D40F38B6C6FEE069E6FECCA58D7D131 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.Automation.dll#D84E55472F8FABF6
[2018-11-09 18:55][2020-12-10 07:57] 000045664 _____ () 513C8AADBA9F142C05ABD97952439B74 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.Compression.dll#40224114988E902A
[2018-11-09 18:55][2020-12-10 07:57] 000023648 _____ () E8E3C4692D608256FEEE88714538C6BD [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.CSharp.Utilities.dll#252636A9C011E666
[2018-11-09 18:55][2020-12-10 07:57] 000060512 _____ () 6C5A0EA5667726B0374334D8431D713D [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.Events.dll#30A1275AE66F3DC4
[2018-11-09 18:55][2020-12-10 07:57] 000127072 _____ () C8DB4A2AF57E626B2B8EE375A821090F [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.Extension.dll#71B316DB7D768D9F
[2019-11-07 11:04][2020-12-10 07:57] 000118880 _____ () 1723FAD9178A9FEB391BD456DD6313D1 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.IEController.dll#1221C0E18BD96CC5
[2018-11-09 18:55][2020-12-10 07:57] 000140896 _____ () 5D0BBB9D8B695A35A08FE4835BB84EC4 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.Omni.dll#86F90E3B7187C6AE
[2018-11-09 18:55][2020-12-10 07:57] 000028256 _____ () 9D2F439B7FDE165A97CFAB24605AC983 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.SearchProtect.Business.dll#37E9A5FD37C9AC46
[2018-11-09 18:55][2020-12-10 07:57] 000490080 _____ () 1C85B79DB79137A1A87C5E79F239F4F1 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll#1C98F0D1229E61EC
[2018-11-09 18:55][2020-12-10 07:57] 000043104 _____ () AC0E2551CC706A842173C72AC1A43BA2 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.Settings.dll#488ECBA755068445
[2018-11-09 18:55][2020-12-10 07:57] 000023648 _____ () 066D64D3751D9EE62CA4E1DCD2FF1281 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.SysInfo.dll#33C2B3EEA7BF36BD
[2018-11-09 18:55][2020-12-10 07:57] 000087136 _____ () 0DA1D8EAB2CACC556A0D58D1E58B0995 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.Utils.dll#9AD30F788DCE0961
[2020-10-09 19:10][2020-12-10 07:57] 000108128 _____ () DB13C52A1CFF5958EC234E827DEA0A23 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.Utils.SqlLite.dll#74D8B7C058506596
[2018-11-09 18:55][2020-12-10 07:57] 000024160 _____ () E05547E61D33EB7D0C1E813FF44EB6E9 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll#C2C7DE8D4F2B84BC
[2018-11-09 18:55][2020-12-10 07:57] 000020576 _____ () 96E319D9C5E180C6F9F65645750D1C58 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll#D5891BA34176A459
[2018-11-09 18:55][2020-12-10 07:57] 000053344 _____ () 590072F3030184147E20915CF3FF6902 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe#15B1301DF9C55566
[2018-11-09 18:55][2020-12-10 07:57] 000029280 _____ () F0A4EF69148F7CDF53E5AE78C1583D33 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe.config#06315C70C31187CC
[2018-11-09 18:55][2020-12-10 07:57] 000002379 _____ () AED25C4BB45D63F367AC309DA2D91716 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\WebCompanion.exe#0A40221CF0E9D2C8
[2018-11-09 18:55][2020-12-10 07:57] 008442464 _____ (Lavasoft) B99CB0981CEF2D9192236E81C2383AC2 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\WebCompanion.exe.config#5469DA64A6304025
[2018-11-09 18:55][2020-12-10 07:57] 000018770 _____ () 7DA2E2448142BE04EB4F14E75263728D [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\WebCompanion.Loader.exe#2776C7772881A542
[2018-11-09 18:55][2020-12-10 07:57] 000021088 _____ () 615594CE39A8F1050E64411A896F4FFF [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\WebCompanionExtensionIE.dll#BE57B50C96A6A6AA
[2018-11-09 18:55][2020-12-10 07:57] 002144352 _____ ( ) 46FE63A7F3AB30B2DAD43B5E6EF0E701 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\WebCompanionIcon.ico#9FE175067585D3F7
[2018-11-09 18:55][2020-12-10 07:57] 000024337 _____ () 1DD04466644E96E0AD308D1E637E9621 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\WebCompanionIcon_Pro.ico#4CEBED0F2D744668
[2018-11-09 18:55][2020-12-10 07:57] 000025507 _____ () BBD842A6E91D908141DE6FA59D3A9868 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\WebCompanionInstaller.exe#C4A30326681F81BC
[2018-11-09 18:55][2020-12-10 07:57] 000372832 _____ (Lavasoft) 86F23E92F9468D25234B24F6DD59F48C [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\WebCompanionInstaller.exe.config#AA33033195EDC874
[2018-11-09 18:55][2020-12-10 07:57] 000001025 _____ () 0D86E732C7D385B99B69EB1EC27AF0A3 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\WebCompanionInstaller.pdb#1FA9A2F90E86F5F1
[2018-11-09 18:55][2020-12-10 07:57] 000673280 _____ () F3EEFBCF832D32D717D6779E68F64035 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\zh-Hans\WebCompanion.resources.dll#A7DF24B5F8A60E06
[2018-11-09 18:55][2020-12-10 07:57] 000047200 _____ (Lavasoft) 567C3AA5EE6150B41C40D1F4C37DD812 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\zh-CHS\WebCompanionInstaller.resources.dll#724D4BE97A0FB864
[2018-11-09 18:55][2020-12-10 07:57] 000021600 _____ () B1FB631AE3103C43E0E47C6B29F5FB5B [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\tr-TR\WebCompanion.resources.dll#A7DF24B5F8A60E06
[2018-11-09 18:55][2020-12-10 07:57] 000051296 _____ (Lavasoft) C6119666DFF93DCE7E171367B259E203 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\tr-TR\WebCompanionInstaller.resources.dll#724D4BE97A0FB864
[2018-11-09 18:55][2020-12-10 07:57] 000022112 _____ () DAA3C2BC2381962D1527D802BA3A9801 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\ru-RU\WebCompanion.resources.dll#A7DF24B5F8A60E06
[2018-11-09 18:55][2020-12-10 07:57] 000063584 _____ (Lavasoft) 25861ABBCE8FB22830390A8BE5D9B1BD [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\ru-RU\WebCompanionInstaller.resources.dll#724D4BE97A0FB864
[2018-11-09 18:55][2020-12-10 07:57] 000023136 _____ () 7080232809BE76BC5BB45228A2830751 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\pt-BR\WebCompanion.resources.dll#A7DF24B5F8A60E06
[2018-11-09 18:55][2020-12-10 07:57] 000055392 _____ (Lavasoft) B84E735961BF9143F7CA676C5A990637 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\pt-BR\WebCompanionInstaller.resources.dll#724D4BE97A0FB864
[2018-11-09 18:55][2020-12-10 07:57] 000022112 _____ () 93DF99EE9182A4D10DF7DAFA2AB28C5F [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\ja-JP\WebCompanion.resources.dll#A7DF24B5F8A60E06
[2018-11-09 18:55][2020-12-10 07:57] 000055392 _____ (Lavasoft) F78EFBAEE24C8A1BA3B6DF9CC7EDA323 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\ja-JP\WebCompanionInstaller.resources.dll#724D4BE97A0FB864
[2018-11-09 18:55][2020-12-10 07:57] 000022624 _____ () 2AD93386FCF82DA44EC412F0C6AE27C0 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\it-IT\WebCompanion.resources.dll#A7DF24B5F8A60E06
[2018-11-09 18:55][2020-12-10 07:57] 000055392 _____ (Lavasoft) 5C11AE2A34E99854DF7AEAE59B4211EF [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\it-IT\WebCompanionInstaller.resources.dll#724D4BE97A0FB864
[2018-11-09 18:55][2020-12-10 07:57] 000022112 _____ () 246ECC6F012580854C13300BB075A16A [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\fr-CA\WebCompanion.resources.dll#A7DF24B5F8A60E06
[2018-11-09 18:55][2020-12-10 07:57] 000067680 _____ (Lavasoft) 880ED689799CDC613E0FD9E7D6065267 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\fr-CA\WebCompanionInstaller.resources.dll#724D4BE97A0FB864
[2018-11-09 18:55][2020-12-10 07:57] 000023136 _____ () 3BE4777856B6B4C0BE1728D3E76460BF [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\es-ES\WebCompanion.resources.dll#A7DF24B5F8A60E06
[2018-11-09 18:55][2020-12-10 07:57] 000063584 _____ (Lavasoft) 4E6E69E84717975838DB5DFCDF962A8C [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\es-ES\WebCompanionInstaller.resources.dll#724D4BE97A0FB864
[2018-11-09 18:55][2020-12-10 07:57] 000022624 _____ () 7274ABC8383647E76B5158C26FEF06FC [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\en-US\WebCompanion.resources.dll#A7DF24B5F8A60E06
[2018-11-09 18:55][2020-12-10 07:57] 000067680 _____ (Lavasoft) 5124E672BC9F580134656A318195BF2A [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\en-US\WebCompanionInstaller.resources.dll#724D4BE97A0FB864
[2018-11-09 18:55][2020-12-10 07:57] 000022624 _____ () 7D0293FFE3C7B958D1C93B8C5B209AB8 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\de-DE\WebCompanion.resources.dll#A7DF24B5F8A60E06
[2018-11-09 18:55][2020-12-10 07:57] 000067680 _____ (Lavasoft) 5195AE8E3EC1B6DDC67ED23AECC83352 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion\Application\de-DE\WebCompanionInstaller.resources.dll#724D4BE97A0FB864
[2018-11-09 18:55][2020-12-10 07:57] 000023136 _____ () 31455E41310AACF1E96A5FA9A8247D22 [Datei ist digital signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\95\WebCompanion\Web Companion.lnk#F43545EC1516B202
[2018-11-09 18:55][2018-11-09 18:55] 000002330 _____ () A26BA727B645D1AF1B0A447984C67761 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\8\GoodGame Empire spielen.lnk#F71D17B9200B43A7
[2021-02-01 09:13][2020-05-05 07:59] 000001166 _____ () 30D7D37DA3C02E97A295E72191EEBFBE [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\72\Qweb Symbol\Qweb Converter installieren.lnk#B108D41F874B854A
[2018-04-18 15:26][2018-05-17 18:27] 000001232 _____ () 3E9DADC7A69FF007E90069FF81161A96 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\71\Qweb Symbol\qweb.ico#3E41BE8FE40A64C7
[2017-08-18 12:29][2019-01-06 16:08] 000099678 _____ () 36D4D68344A3095BDFAB1FA5FE030795 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\70\Qweb Symbol.lnk#0022A3C15F62F663
[2021-02-01 09:13][2018-05-17 18:27] 000001232 _____ () 3E9DADC7A69FF007E90069FF81161A96 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\7\GoodGame Empire spielen.lnk#F71D17B9200B43A7
[2021-02-01 09:13][2020-05-05 07:59] 000001166 _____ () 30D7D37DA3C02E97A295E72191EEBFBE [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\69\Qweb Converter installieren.lnk#B108D41F874B854A
[2021-02-01 09:13][2018-05-17 18:27] 000001232 _____ () 3E9DADC7A69FF007E90069FF81161A96 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\68\Qweb Converter installieren.lnk#B108D41F874B854A
[2021-02-01 09:13][2018-05-17 18:27] 000001232 _____ () 3E9DADC7A69FF007E90069FF81161A96 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\67\Qweb Converter installieren.lnk#B108D41F874B854A
[2021-02-01 09:13][2018-05-17 18:27] 000001232 _____ () 3E9DADC7A69FF007E90069FF81161A96 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\66\Qweb Converter installieren.lnk#B108D41F874B854A
[2021-02-01 09:13][2020-03-23 20:29] 000001232 _____ () 3E9DADC7A69FF007E90069FF81161A96 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\65\Qweb Converter installieren.lnk#B108D41F874B854A
[2021-02-01 09:13][2020-03-23 20:29] 000001232 _____ () 3E9DADC7A69FF007E90069FF81161A96 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\60\Startfenster-Replace\Startfenster.lnk#59E7DF20017A541E
[2018-05-02 15:20][2019-08-30 10:20] 000001248 _____ () 1F0FFCD941BEC47D7D9186C34F6C97B4 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\6\GoodGame Empire spielen.lnk#F71D17B9200B43A7
[2021-02-01 09:13][2020-05-05 07:59] 000001166 _____ () 30D7D37DA3C02E97A295E72191EEBFBE [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\59\Startfenster Symbol\Startfenster.lnk#59E7DF20017A541E
[2020-05-05 07:59][2020-05-05 07:59] 000001234 _____ () AAB7871094306698B22967D64C38551C [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\57\Startfenster.lnk#59E7DF20017A541E
[2021-02-01 09:13][2020-05-05 07:59] 000001234 _____ () 89AED4FF82C1C3C28F8A6D18795CC4A7 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\56\Startfenster.lnk#59E7DF20017A541E
[2021-02-01 09:13][2020-05-05 07:59] 000001238 _____ () 705B6EF22CF09503FCD84C87BDE8614D [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\55\Startfenster.lnk#59E7DF20017A541E
[2021-02-01 09:13][2020-05-05 07:59] 000001232 _____ () 72E50585634CBE31A20D3A4041AC7022 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\54\Startfenster.lnk#59E7DF20017A541E
[2021-02-01 09:13][2020-05-05 07:59] 000001232 _____ () 72E50585634CBE31A20D3A4041AC7022 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\5\GoodGame Empire spielen.lnk#F71D17B9200B43A7
[2021-02-01 09:13][2020-05-05 07:59] 000001166 _____ () 30D7D37DA3C02E97A295E72191EEBFBE [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\44\Startfenster Symbol.lnk#29E3EA6640ADDC72
[2021-02-01 09:13][2020-05-05 07:59] 000001234 _____ () 4335E2A9C86EAF6F50605D66F53C0CD5 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\43\GOODGAME.LNK#20B27163300B49ED
[2021-02-01 09:13][2020-05-05 07:59] 000001172 _____ () EA120EBBF3C266CAC8EFD91C524A74E1 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\4\GoodGame BigFarm spielen.lnk#DE6C7A34FF086081
[2021-02-01 09:13][2020-05-05 07:59] 000001172 _____ () EA120EBBF3C266CAC8EFD91C524A74E1 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\3\GoodGame BigFarm spielen.lnk#DE6C7A34FF086081
[2021-02-01 09:13][2020-05-05 07:59] 000001172 _____ () EA120EBBF3C266CAC8EFD91C524A74E1 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\2\GoodGame BigFarm spielen.lnk#DE6C7A34FF086081
[2021-02-01 09:13][2020-05-05 07:59] 000001172 _____ () EA120EBBF3C266CAC8EFD91C524A74E1 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\11\Advanced SystemCare\Advanced SystemCare entfernen.lnk#9C653FC3DCD974A3
[2018-02-21 13:44][2018-02-21 13:44] 000001328 _____ () 7940D20564B9ED9EBC5BD96EC0BA1042 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\10\GoodGame\GoodGame BigFarm spielen.lnk#DE6C7A34FF086081
[2020-05-05 07:59][2020-05-05 07:59] 000001172 _____ () EA120EBBF3C266CAC8EFD91C524A74E1 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\10\GoodGame\GoodGame Empire spielen.lnk#F71D17B9200B43A7
[2020-05-05 07:59][2020-05-05 07:59] 000001166 _____ () 30D7D37DA3C02E97A295E72191EEBFBE [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20210201.091321\1\GoodGame BigFarm spielen.lnk#DE6C7A34FF086081
[2021-02-01 09:13][2020-05-05 07:59] 000001172 _____ () EA120EBBF3C266CAC8EFD91C524A74E1 [Datei ist nicht signiert]
Ordner:
========
2019-09-16 17:43 - 2019-09-16 17:43 _____ C:\Windows\WinSxS\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_10.0.18362.1_none_296a25a46540d339
2019-09-16 17:43 - 2019-09-16 17:43 _____ C:\Windows\WinSxS\x86_netfx35linq-linqwebconfig_31bf3856ad364e35_10.0.18362.1_none_cd4b8a20ace36203
2020-11-22 12:22 - 2020-11-22 12:22 _____ C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Lavasoft
2020-11-22 12:22 - 2020-12-10 07:57 _____ C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng
2019-12-11 16:31 - 2019-12-11 16:31 _____ C:\Users\Katja\Favorites\Qweb Converter installieren
2019-12-11 16:31 - 2019-12-11 16:31 _____ C:\Users\Katja\Favorites\Links\Qweb Converter installieren
2020-02-13 19:17 - 2020-02-13 19:17 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_00264e1b-4af1-4b53-be4c-bd29193e2e81
2020-06-08 21:11 - 2020-06-08 21:11 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_0034d1a8-2eb3-47cf-b3ee-23dede202589
2020-03-30 12:50 - 2020-03-30 12:50 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_014fdf55-31bd-4037-bbdd-5c4cf89277f0
2020-09-11 09:19 - 2020-09-11 09:19 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_02e8c8af-c083-4708-bb58-a6488304b845
2020-03-02 09:38 - 2020-03-02 09:38 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_041997cd-de06-4c91-846d-6ef77bd9fb74
2020-05-27 10:30 - 2020-05-27 10:30 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_0654ed58-b9e8-47b7-a42f-fc4928722ce8
2020-04-20 20:36 - 2020-04-20 20:36 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_077fca33-288e-438f-acb8-700eaa968884
2020-04-21 20:24 - 2020-04-21 20:24 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_08a351f7-6108-4889-8dae-faa2ea3ff84a
2020-05-22 21:19 - 2020-05-22 21:19 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_0999ae24-83a2-4e88-a802-8f5dfbe2b45a
2020-08-01 20:14 - 2020-08-01 20:14 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_09ea9e96-b1b2-4853-9021-62a9869b5d7e
2020-03-11 09:39 - 2020-03-11 09:39 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_0c0b9fa4-a2b6-4e31-8697-c65a706b4aaa
2020-07-28 20:06 - 2020-07-28 20:06 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_0e075180-287d-4b3f-8770-a1b4f6562f0e
2020-08-27 08:32 - 2020-08-27 08:32 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_0ed7f66f-9312-4c05-93d0-4a6ca5bd4102
2020-01-30 18:58 - 2020-01-30 18:58 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_0fe8312e-047a-4f5f-834a-b94b247414ad
2020-08-27 08:32 - 2020-08-27 08:32 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_11a03d8e-86f5-4c2d-a947-686ca484bcd0
2020-09-14 19:50 - 2020-09-14 19:50 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_13f02368-92f8-4901-bb5e-d67667f56959
2020-04-19 20:08 - 2020-04-19 20:08 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_15081626-705a-4fd1-b94b-258c8380972d
2020-07-06 18:51 - 2020-07-06 18:51 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_15361a42-9ec3-4f0f-8665-e5bec4f07178
2020-01-31 10:51 - 2020-01-31 10:51 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_15a746db-23e0-4294-af98-23c5fc7b64dd
2020-07-30 20:44 - 2020-07-30 20:44 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_15b24089-9478-4d6a-afd8-07b6133babd1
2020-09-09 09:57 - 2020-09-09 09:57 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_176b7e5a-61a2-44b5-a52e-1fd1652ab0d7
2020-09-08 21:33 - 2020-09-08 21:33 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_17b82ff6-eee1-48ea-a6ca-c5b505fa5f8f
2020-07-14 21:32 - 2020-07-14 21:32 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_18a184c8-05fe-4e2c-b895-fb4814a3ecab
2020-05-29 14:34 - 2020-05-29 14:34 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_1919d302-8746-4792-bf13-00996f06a966
2020-08-16 11:11 - 2020-08-16 11:11 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_195048f0-7540-49ec-8490-d5d3836bc079
2020-09-25 19:37 - 2020-09-25 19:37 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_1aa9de00-1abd-4db5-8a91-37f3e27b3bd8
2020-08-05 13:20 - 2020-08-05 13:20 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_1b45cf4c-ab6a-4b23-9734-9f7a3b2619fe
2020-09-23 13:49 - 2020-09-23 13:49 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_1c90d7e5-8d82-4f3e-b4fc-4013a4413044
2020-08-04 20:42 - 2020-08-04 20:42 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_1ecb8839-fa31-4ac5-a98c-d80afe09c31e
2020-04-08 08:29 - 2020-04-08 08:29 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_1f173589-3597-4833-8ed3-69cafa6fe7c5
2020-05-13 15:00 - 2020-05-13 15:00 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_2060765f-4392-4692-97d1-9c161fb40f6e
2020-10-07 20:01 - 2020-10-07 20:01 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_21e7b702-8bc6-4fbd-917d-f47031a8b995
2020-02-24 08:44 - 2020-02-24 08:44 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_21f545bb-1f2b-4d5a-85e8-90cc6cf2305f
2020-04-08 09:04 - 2020-04-08 09:04 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_23a7a093-8850-4fa6-9452-a594f410314b
2020-08-31 21:11 - 2020-08-31 21:11 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_24e28e3d-d67b-40dd-ac07-247865515fe0
2020-05-09 08:18 - 2020-05-09 08:18 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_252bc291-993d-4977-8da7-cade4b80d991
2020-09-01 19:37 - 2020-09-01 19:37 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_2554955f-4e17-444e-8042-168c75836c99
2020-02-02 14:55 - 2020-02-02 14:55 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_25913f70-b486-4f26-962c-855df1ab6304
2020-05-22 15:12 - 2020-05-22 15:12 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_26659b4c-de94-411e-bba1-914134a39eff
2020-02-19 14:46 - 2020-02-19 14:46 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_2819ddaa-9927-4d81-805d-b5b4daf2f898
2020-10-07 14:42 - 2020-10-07 14:42 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_29e69454-2a16-47b4-a3b3-6b4502d2f5c2
2020-07-25 14:38 - 2020-07-25 14:38 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_2ba214a8-6d6d-4dd4-9a28-c89ddf406d5d
2020-02-06 12:29 - 2020-02-06 12:29 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_2bcc9a84-1ab5-4205-a512-9de589ae3d42
2020-09-13 19:04 - 2020-09-13 19:04 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_2ddc9816-26b0-4bf5-afd1-90c7d4df4237
2020-07-13 11:31 - 2020-07-13 11:31 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_2e0f356c-ec6c-439c-8fd9-d81754ac3131
2020-07-01 15:14 - 2020-07-01 15:14 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_2eda7c40-ca27-42a2-a4a1-55632d0176aa
2020-10-08 21:44 - 2020-10-08 21:44 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_302de857-c15d-4087-9589-c1cacf11f41d
2020-05-23 09:03 - 2020-05-23 09:03 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_30541f51-2452-4427-af14-a2f1b47b1968
2020-09-09 19:57 - 2020-09-09 19:57 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_316cf5af-8b7a-4618-b019-2a0d4bf64d52
2020-02-13 12:17 - 2020-02-13 12:17 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_31b30cbf-ef63-4c2d-a783-cfa4eb47f083
2020-07-06 08:27 - 2020-07-06 08:27 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_3236c64e-d7e9-48ca-b7a9-5dff6c195024
2020-06-21 20:37 - 2020-06-21 20:37 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_341bfa60-3532-4532-a8ef-9e5af6e20c93
2020-05-14 21:51 - 2020-05-14 21:51 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_34efdbb6-e483-4852-9673-a3c6e8c34740
2020-06-09 17:34 - 2020-06-09 17:34 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_350c9996-1ea4-4d9e-9d67-fb2842924c4f
2020-08-20 10:24 - 2020-08-20 10:24 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_352b53b4-d5fc-4d4b-aa50-0ac81f18c27d
2020-06-24 14:59 - 2020-06-24 14:59 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_36b37547-be6a-4b4e-885f-df9d337ce66f
2020-05-19 20:17 - 2020-05-19 20:17 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_36c0a409-ca46-40f9-ac07-a6520420a657
2020-04-22 07:46 - 2020-04-22 07:46 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_38077707-a396-40bb-a033-242ed0686ea0
2020-07-08 12:23 - 2020-07-08 12:23 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_395cf203-7ab8-4c67-b0c9-2595520f9842
2020-07-26 19:43 - 2020-07-26 19:43 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_397e576e-96e3-429e-9405-33a747c6a436
2020-06-15 16:12 - 2020-06-15 16:12 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_3996099d-029d-466c-8b48-37fc628562ea
2020-08-01 10:31 - 2020-08-01 10:31 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_3ac36b3c-48f1-4860-922f-e1dcd75596c4
2020-06-16 20:15 - 2020-06-16 20:15 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_3c6a308f-964d-4af1-83d2-811273dfea1d
2020-09-04 09:40 - 2020-09-04 09:40 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_3c998688-cc3a-4fbd-9d8b-4077c8c24705
2020-02-07 19:34 - 2020-02-07 19:34 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_3e5a02f3-09df-4c24-b48f-4245148f04e0
2020-07-22 13:41 - 2020-07-22 13:41 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_3e7a4e83-8898-4437-89c5-bdb19224a390
2020-06-24 11:56 - 2020-06-24 11:56 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_3f3df8fb-8a4d-4740-bf8b-6511eb472f15
2020-10-05 09:13 - 2020-10-05 09:13 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_4152b4d5-2d68-45e0-b49c-345977b6e90d
2020-09-03 20:43 - 2020-09-03 20:43 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_4176dab1-542b-4124-887d-712d91cbe559
2020-06-17 21:29 - 2020-06-17 21:29 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_41b43feb-8876-4046-8b90-02ed1447b57c
2020-07-13 16:57 - 2020-07-13 16:57 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_42d2e0d4-71a9-4525-8c20-14b98909d8d1
2020-06-19 16:33 - 2020-06-19 16:33 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_439d3c0d-5899-4cdb-af7e-19ad93ceab7c
2020-05-18 19:24 - 2020-05-18 19:24 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_43be950b-40cd-4fde-94b4-6fd1102ea272
2020-05-05 22:14 - 2020-05-05 22:14 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_45ea4074-a098-49fc-b85c-9e528dc1b9a6
2020-07-07 20:16 - 2020-07-07 20:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_46bca202-27e6-4eee-80b8-e8e39f13e6f5
2020-09-06 20:16 - 2020-09-06 20:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_4abeb87d-c399-420c-8ecf-f53e819a9746
2020-09-24 18:15 - 2020-09-24 18:15 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_4bf059fe-9bae-4bf7-8db4-d0ab90b1725c
2020-05-27 18:45 - 2020-05-27 18:45 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_4c797dac-695d-4c8b-aa37-5be7c8c66428
2020-04-15 13:46 - 2020-04-15 13:46 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_4cb31ba6-8a12-40e7-adaa-3767672e91a8
2020-03-31 12:18 - 2020-03-31 12:18 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_4d1eeb01-aa97-4467-b0c8-8bece1184eaa
2020-05-04 09:48 - 2020-05-04 09:48 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_4eb2aca0-f520-4b68-9c0a-e15f4249511b
2020-04-20 19:57 - 2020-04-20 19:57 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_4eed4616-cccc-4f44-a8e8-b014525b11e8
2020-09-28 19:35 - 2020-09-28 19:35 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_51995335-6fc8-43c8-be7e-be15e221e8ff
2020-02-05 14:57 - 2020-02-05 14:57 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_52c9a8f5-0aac-4cf8-b14b-64624e7f705b
2020-02-03 11:36 - 2020-02-03 11:36 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_53c6fe22-8e59-47a6-96ac-30c5bca3e8be
2020-06-18 21:55 - 2020-06-18 21:55 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_53cc411d-2ccd-415e-a043-ce4b7d1ee300
2020-10-07 09:59 - 2020-10-07 09:59 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_53e96936-072a-44b3-babf-f59b00a7b60d
2020-05-27 13:18 - 2020-05-27 13:18 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_55e18226-a7ca-48ab-bd69-2d2a4c07e069
2020-06-22 17:24 - 2020-06-22 17:24 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_57afcd32-4f65-4cc7-959e-056d8a3169a4
2020-07-03 20:52 - 2020-07-03 20:52 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_57ecd60a-df47-484e-9caf-0e8d5697afb4
2020-03-06 16:52 - 2020-03-06 16:52 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_58ad41a3-a273-48d7-9da8-eadbb3d334d3
2020-08-22 10:53 - 2020-08-22 10:53 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5a16e6ab-0fe2-4fb4-a771-a705195f3c88
2020-09-11 14:01 - 2020-09-11 14:01 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5a59305e-3117-4ac9-92d9-a9c27a70f9eb
2020-06-23 17:21 - 2020-06-23 17:21 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5a99fa0d-9a07-4a67-a977-a65d35abc73c
2020-06-11 11:49 - 2020-06-11 11:49 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5ac9315a-e34d-4583-8d11-4d3975cf84d3
2020-08-05 10:21 - 2020-08-05 10:21 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5b4aa6e0-5c15-4236-aa61-b66ae6132ef0
2020-08-31 14:20 - 2020-08-31 14:20 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5c670bd4-5121-4d96-b34f-bac9ce240fcd
2020-09-06 19:13 - 2020-09-06 19:13 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5c7c7df4-96fa-45d4-965f-047581fd28fb
2020-06-25 09:07 - 2020-06-25 09:07 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5cddb246-cb8e-49e3-9c70-02f61b53ac90
2020-07-22 20:39 - 2020-07-22 20:39 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5cdf647a-ab98-406e-97f5-cea980ec1772
2020-06-27 20:35 - 2020-06-27 20:35 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5ce65973-a935-4aba-9ac7-8046717e57f6
2020-07-29 18:06 - 2020-07-29 18:06 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5d121b10-b2e0-449a-8202-646a98cbe917
2020-07-08 19:02 - 2020-07-08 19:02 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5e11f39a-cf81-4aea-9e0b-1dc39cfd49bd
2020-09-02 21:15 - 2020-09-02 21:15 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_5f84a326-0d12-4a2f-9b6b-51230c4c771d
2020-04-23 21:39 - 2020-04-23 21:39 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_600103a0-5324-4193-b32d-5ddf67358a63
2020-03-11 09:16 - 2020-03-11 09:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_616f94a4-e3e2-4f32-888e-3aa9512f6d4d
2020-05-03 20:59 - 2020-05-03 20:59 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_634c4ca7-a0df-4370-9fc8-ca3197cf13d4
2020-09-17 14:23 - 2020-09-17 14:23 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_6402064c-3b16-4701-a643-6cf774698ef2
2020-09-07 20:32 - 2020-09-07 20:32 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_67c07f56-74db-4c5c-96b2-4f54049a49fd
2020-09-08 11:58 - 2020-09-08 11:58 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_6865c3b3-fddf-4fae-a5bb-f03472242761
2020-05-09 16:23 - 2020-05-09 16:23 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_68b0248b-379e-49e1-8b43-0de219618b46
2020-10-09 19:03 - 2020-10-09 19:03 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_68bb4cce-f389-4afd-8adc-dd13fe3d8528
2020-06-07 18:26 - 2020-06-07 18:26 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_69bf43fa-2a2a-4a55-a5a3-07e3daf45ca6
2020-07-15 14:49 - 2020-07-15 14:49 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_6a2c6187-2cb6-49c2-a0b3-23068d04e7ba
2020-07-01 19:38 - 2020-07-01 19:38 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_6b71741e-05a6-464e-bf1f-a105457ef1cf
2020-07-04 20:35 - 2020-07-04 20:35 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_6bbef605-475c-47fe-b2be-f1fee62841c5
2020-05-27 21:59 - 2020-05-27 21:59 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_6de74bde-d6d6-4e66-bdc6-7c21352da1c3
2020-03-19 15:16 - 2020-03-19 15:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_70d2c06b-0276-4133-a073-91b6ce3b8720
2020-08-25 11:02 - 2020-08-25 11:02 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_72888f99-07d2-4af5-a0bb-c731d56fdbb5
2020-07-23 15:02 - 2020-07-23 15:02 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_7469c0db-ebdb-4705-a410-f4c3bd8b18bc
2020-04-08 07:54 - 2020-04-08 07:54 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_7475a0a7-885c-413d-b7ac-51c96f89c4ca
2020-01-30 18:58 - 2020-01-30 18:58 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_747ccda0-ccc0-400e-85ec-99d2d460c38d
2020-06-27 11:37 - 2020-06-27 11:37 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_75472bb6-63f7-475b-b6de-c26e9fad6609
2020-02-01 09:36 - 2020-02-01 09:36 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_75ad7e88-2351-4a2d-82b0-0cd11b84fc22
2020-04-09 15:48 - 2020-04-09 15:48 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_7623ab4a-f9ed-4945-b856-b9fb6f6b5f74
2020-05-15 18:56 - 2020-05-15 18:56 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_7726a556-88c2-4c4a-95a0-882c589e9207
2020-05-24 19:38 - 2020-05-24 19:38 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_78910af5-4765-4eb2-940e-78208eca81d8
2020-06-11 10:10 - 2020-06-11 10:10 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_78cf6593-6f1a-4a31-95c9-39a32e821de4
2020-07-31 19:50 - 2020-07-31 19:50 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_79afa5d1-0136-4080-b6a7-c3e57469fce6
2020-09-29 19:59 - 2020-09-29 19:59 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_7c736d03-ddc7-4c4d-a078-4675539749c8
2020-05-15 12:41 - 2020-05-15 12:41 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_7d263b30-000e-442e-9bb0-b89ed2a14228
2020-03-23 20:28 - 2020-03-23 20:28 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_7ecf9b56-f0fe-44da-a0f0-d3dd0d90d90a
2020-02-13 19:57 - 2020-02-13 19:57 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_81692c08-9bac-4bef-bfb1-0619a8be462c
2020-03-03 10:07 - 2020-03-03 10:07 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_81b4b5b1-eb2f-4aab-a867-6da5b77f2c05
2020-09-29 19:47 - 2020-09-29 19:47 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_81e4b3fa-4b6e-4924-adce-cc37661c69b1
2020-02-03 14:58 - 2020-02-03 14:58 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_8301965a-5ab7-4586-8a9d-eaa759f5fdf1
2020-07-16 13:10 - 2020-07-16 13:10 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_8331d8f8-2d73-42a9-8267-44ed7d1fb8b5
2020-06-01 16:05 - 2020-06-01 16:05 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_84190a64-f543-483a-a48e-24a453aec7ec
2020-02-19 11:42 - 2020-02-19 11:42 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_84d8ffed-f992-4845-b9f1-0012f8d08fc2
2020-03-30 19:55 - 2020-03-30 19:55 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_85a683ec-b8ab-4e2f-8de0-763f90808ea7
2020-05-21 22:36 - 2020-05-21 22:36 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_86396402-80ef-4756-a345-204ff3165ecb
2020-03-03 11:09 - 2020-03-03 11:09 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_874527dc-f482-4e3a-aa40-e6049160ab40
2020-04-10 21:54 - 2020-04-10 21:54 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_884ef93a-88ef-4775-a187-51de8969c59a
2020-03-05 18:09 - 2020-03-05 18:09 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_885eeffe-b7f8-4928-afad-f984892b6ea8
2020-07-31 12:52 - 2020-07-31 12:52 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_894ba34a-f082-4503-85bb-e8febfdcced8
2020-04-09 15:48 - 2020-04-09 15:48 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_89cbb163-4ec8-4cc9-842d-19dd8d454d3b
2020-05-21 11:36 - 2020-05-21 11:36 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_8a54fa89-aee9-4e3a-a401-7ce439e6ec10
2020-04-16 18:29 - 2020-04-16 18:29 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_8a93d43d-60de-4c4e-8c0c-d0f22b6cf377
2020-07-09 21:36 - 2020-07-09 21:36 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_8b2a00be-0443-4f09-a942-44ae6ce0b0c6
2020-06-11 20:31 - 2020-06-11 20:31 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_8be0082e-79c9-4653-ba41-7ac5c5c7bebc
2020-07-21 16:59 - 2020-07-21 16:59 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_8fbdd349-1881-4d1e-aefe-2cd494f56be6
2020-02-18 16:14 - 2020-02-18 16:14 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_91f706dc-c325-41e0-b4a9-30626ac95a13
2020-05-11 18:17 - 2020-05-11 18:17 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_92aab111-2ebc-4562-894c-bef5dc103f30
2020-04-08 09:07 - 2020-04-08 09:07 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_937d605e-5056-4095-9792-a37002e68281
2020-06-01 20:33 - 2020-06-01 20:33 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_93964240-cb6c-4c72-899a-0a6a1d39090c
2020-06-29 16:03 - 2020-06-29 16:03 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_944fcebf-946c-4bba-8c17-2158bbd6071d
2020-06-29 17:50 - 2020-06-29 17:50 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_964c5bbf-213e-42a0-b46f-bae78347fafc
2020-10-06 17:13 - 2020-10-06 17:13 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_9781d603-fdfb-40cc-8484-75cb302bcce9
2020-06-14 12:45 - 2020-06-14 12:45 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_986f0b87-9c2a-41d1-8394-da17789dbf7b
2020-08-16 11:11 - 2020-08-16 11:11 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_98b9f89d-2059-4380-9a0f-90a2e78ead40
2020-06-03 17:52 - 2020-06-03 17:52 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_9966a692-a22e-4492-a3e8-fd416d83a030
2020-05-25 19:16 - 2020-05-25 19:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_9a75d658-bb15-45c6-8af5-69a3aff73184
2020-02-12 23:56 - 2020-02-12 23:56 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_9c6ab14f-3bbc-41ff-9239-ead8c4ce8312
2020-03-12 12:48 - 2020-03-12 12:48 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_9d4f00f1-a1e6-42bb-a8cb-8d6a70b3b1a4
2020-06-04 19:48 - 2020-06-04 19:48 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_9db6293e-d3c7-470d-85e2-a9a4ba39d410
2020-05-13 20:55 - 2020-05-13 20:55 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_9ed63b40-09ae-4bf3-bcab-79ae89993b74
2020-04-16 09:41 - 2020-04-16 09:41 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_9fa331a8-870a-4121-aa18-7eaab7005fbb
2020-05-25 17:06 - 2020-05-25 17:06 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a0be8d91-7bf2-4176-9a71-6c49b621d6b1
2020-02-14 12:28 - 2020-02-14 12:28 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a1d5f1b9-04a3-485c-a648-c4e1e217b07f
2020-07-07 17:13 - 2020-07-07 17:13 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a429722a-2446-4eb0-8bae-136d02de96fc
2020-07-21 11:04 - 2020-07-21 11:04 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a4de7027-f5d6-470c-a316-95475e019928
2020-03-24 09:42 - 2020-03-24 09:42 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a55bd582-ffb7-42f3-a739-5ec9b9e59305
2020-07-21 20:45 - 2020-07-21 20:45 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a60de829-1ce9-4947-a2f5-a4ce8f95cbf0
2020-05-06 20:22 - 2020-05-06 20:22 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a6a54184-9c10-430c-a089-49b33cced284
2020-07-21 09:19 - 2020-07-21 09:19 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a7e1523e-e950-4da5-8c0b-1071b3bbe06c
2020-03-02 17:14 - 2020-03-02 17:14 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a943eb4b-0928-44c2-9e40-1919fb9fb79a
2020-03-18 11:57 - 2020-03-18 11:57 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a987540d-18ec-40f1-ae36-1d399682d463
2020-03-18 17:26 - 2020-03-18 17:26 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a9b252dc-f267-48df-94b8-70547be61e92
2020-05-01 13:13 - 2020-05-01 13:13 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_a9fd9f5f-31fb-422e-89e5-0823d771f5a4
2020-08-05 18:16 - 2020-08-05 18:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_aaf2dc2d-9842-4f56-90db-f97e77ab2dc2
2020-10-02 13:10 - 2020-10-02 13:10 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ab0b2acb-9f42-40df-ac45-b6abff7f73ce
2020-06-11 12:20 - 2020-06-11 12:20 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ab5d91ee-3132-40cd-8165-25c87beea6b5
2020-08-24 14:18 - 2020-08-24 14:18 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ab78eaf3-8be1-444e-b50a-dffa5a7e7ab2
2020-09-21 18:20 - 2020-09-21 18:20 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_abb33d43-b15a-466c-92a4-2335eb6480c2
2020-03-06 09:24 - 2020-03-06 09:24 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ae0d2d70-f9f3-473e-88cf-b811d5251a2d
2020-07-16 21:28 - 2020-07-16 21:28 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ae896d71-60c5-49dc-bc74-8a086954ace9
2020-04-26 21:43 - 2020-04-26 21:43 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_aea1053e-d3c7-48ee-967c-ae7e5a88287a
2020-04-27 15:57 - 2020-04-27 15:57 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_af952e9e-d3bd-41d5-be68-3c2956503ff6
2020-04-09 19:07 - 2020-04-09 19:07 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_b176d5e7-09f0-452b-89db-bc57baa87dd6
2020-03-16 14:29 - 2020-03-16 14:29 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_b257ea05-6dc5-4f97-b440-63fc2583ec20
2020-08-30 20:37 - 2020-08-30 20:37 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_b3341ffb-afe5-494d-ab6c-6464ae6649b2
2020-05-25 07:05 - 2020-05-25 07:05 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_b4117d9a-b455-49e1-b3a4-67f9e4f1288e
2020-07-24 21:54 - 2020-07-24 21:54 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_b65c7b4a-c6d5-4b65-9b38-e767e7d625b3
2020-07-08 14:43 - 2020-07-08 14:43 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_b7c35887-be32-4bf4-a458-d8c619ee1da6
2020-03-07 09:58 - 2020-03-07 09:58 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_b851c343-3423-45f0-a128-621ce26e8655
2020-05-28 20:21 - 2020-05-28 20:21 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_b9aa68c9-c656-44bf-b8b4-c261a6059a69
2020-04-18 21:16 - 2020-04-18 21:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ba7b9aad-adc2-4407-bdd2-eef0fff8d300
2020-07-04 13:40 - 2020-07-04 13:40 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_bae7ee38-2bb0-45a7-aead-687c3c884236
2020-02-16 13:47 - 2020-02-16 13:47 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_bc264106-0be0-471d-9310-6d5a40ae1a0b
2020-06-14 17:58 - 2020-06-14 17:58 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_bd2048e7-20ed-4872-8fba-b65b7425f1c0
2020-06-30 19:53 - 2020-06-30 19:53 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_bdd0d268-732b-457e-9086-afc8a16663f4
2020-07-23 17:25 - 2020-07-23 17:25 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_bdfc396d-a8c5-4454-9b3e-e2e76438c10b
2020-05-04 17:11 - 2020-05-04 17:11 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_be282105-7eec-43e5-b329-b481bbd35abe
2020-05-12 19:10 - 2020-05-12 19:10 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c0eeb459-f654-4eb3-9cc6-1dcb5e8bdb52
2020-03-04 12:41 - 2020-03-04 12:41 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c12bea0c-5472-4c95-800c-ecebb4c5fb35
2020-09-25 12:10 - 2020-09-25 12:10 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c1957fc9-489c-45e2-98c6-c2e4f2929a26
2020-07-09 23:25 - 2020-07-09 23:25 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c1d58b2a-7983-4cd0-8d2e-9d85c8b0329d
2020-02-06 20:08 - 2020-02-06 20:08 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c351ff86-257e-4a58-8cd0-2da0f32ce193
2020-06-07 21:49 - 2020-06-07 21:49 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c452ed8a-9e5f-4039-9de3-91bbfd5dffd8
2020-06-28 19:31 - 2020-06-28 19:31 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c45f908f-7d1f-424b-8886-92a53aa860a9
2020-07-04 18:01 - 2020-07-04 18:01 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c4bb6e70-a44e-45c2-b26b-544a427b58dd
2020-05-07 21:56 - 2020-05-07 21:56 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c5ff8974-ddaf-4690-94fb-8c954d4b6759
2020-04-29 10:43 - 2020-04-29 10:43 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c7b5b096-a0c9-482b-89ae-8fdcd102003d
2020-04-09 15:48 - 2020-04-09 15:48 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c8d65e4a-d611-47db-b741-02380cdb5d89
2020-09-30 19:22 - 2020-09-30 19:22 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_c93ebcfa-3beb-48b2-96d7-51ee9a64cdae
2020-08-27 11:42 - 2020-08-27 11:42 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_cb4c508a-e481-4cb3-9f24-0fb42a2b86f4
2020-07-05 19:34 - 2020-07-05 19:34 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_cc7aa143-8b77-44d3-bae3-268f291f29c7
2020-06-08 15:46 - 2020-06-08 15:46 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ce2f8eaf-ce3a-45b5-af55-afc5f6e9e105
2020-09-23 19:16 - 2020-09-23 19:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ceb8ce9e-c7f5-4013-a586-c3370c8a7788
2020-05-25 22:43 - 2020-05-25 22:43 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ceea8f49-1981-42ae-af99-69e8d80a24bd
2020-08-24 13:49 - 2020-08-24 13:49 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_cf9f8044-5788-441e-ac4d-157a7aea508d
2020-09-05 19:41 - 2020-09-05 19:41 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_cff562b7-ff9d-49e8-89b3-bbf376d0c835
2020-09-01 10:46 - 2020-09-01 10:46 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_d26cb22e-e622-4116-a2f4-7c1fa053f305
2020-02-09 17:46 - 2020-02-09 17:46 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_d512442b-1d5d-482b-bd68-ea3430ca79ce
2020-04-22 20:19 - 2020-04-22 20:19 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_d5a55b3c-c36b-4f92-9056-7522b656116a
2020-04-09 21:26 - 2020-04-09 21:26 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_d967607c-0344-4a5c-b664-c5d5da75af14
2020-05-16 20:24 - 2020-05-16 20:24 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_da46b38b-5b94-48f1-b654-c01c9483b13c
2020-06-03 14:43 - 2020-06-03 14:43 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_da8b180d-dfc3-4f2a-a296-7268348f4e9b
2020-05-22 17:47 - 2020-05-22 17:47 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_dab54ea1-38a5-4dc4-8b05-a472ad8c7b88
2020-09-27 21:09 - 2020-09-27 21:09 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_dd181df0-e69c-4eaa-83ab-b8d8f5e6addf
2020-05-02 20:50 - 2020-05-02 20:50 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_dd250ccc-8104-444f-9fdf-6ce04f775197
2020-02-04 13:46 - 2020-02-04 13:46 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_df33debb-0a55-4abd-8feb-367e0ef522bb
2020-08-04 20:01 - 2020-08-04 20:01 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e00eab5f-0495-4378-aef4-57cf79eb446d
2020-04-08 15:23 - 2020-04-08 15:23 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e0addcc5-61ae-419a-8b0b-4d5a745ff180
2020-07-27 22:48 - 2020-07-27 22:48 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e1ec15a8-1890-4872-93e8-1af034969c6d
2020-07-02 20:56 - 2020-07-02 20:56 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e21728c7-a6d1-4fbb-ae5a-60563938dae4
2020-06-27 18:22 - 2020-06-27 18:22 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e32a96c5-3410-4cf9-a839-fd0521f21a7d
2020-03-08 20:59 - 2020-03-08 20:59 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e36aad15-6b21-46ae-b7dd-43b5b7ac1dec
2020-05-23 20:49 - 2020-05-23 20:49 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e3a14260-e84d-45db-a1e1-503a9538e162
2020-02-10 19:57 - 2020-02-10 19:57 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e4812e08-2b5a-42df-8ce0-e515d7fdb761
2020-06-02 19:19 - 2020-06-02 19:19 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e5a7a669-88d8-4551-974e-f09b2573fbf6
2020-02-27 16:18 - 2020-02-27 16:18 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e6a0eabf-acc7-4813-9eaa-714f9b4290aa
2020-07-14 17:09 - 2020-07-14 17:09 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e97e4b8a-b67a-482e-82c2-0d8ea1b27b7e
2020-04-15 13:50 - 2020-04-15 13:50 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e9e27f21-9bec-4c0d-85f6-d65a04c04a48
2020-04-21 11:48 - 2020-04-21 11:48 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e9ea874f-25fd-4c2f-a959-f12ef1cc2d22
2020-03-20 13:10 - 2020-03-20 13:10 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_e9efd2fb-f8b8-45f5-9d14-d7c15a3af4c1
2020-02-29 10:01 - 2020-02-29 10:01 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ea3d840b-061f-4d2c-b993-e04122bed298
2020-04-09 17:20 - 2020-04-09 17:20 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ea40d7ff-9812-4aca-bc65-f4276eff2a58
2020-09-22 13:12 - 2020-09-22 13:12 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_eac474f6-1cde-49e4-bfb0-90ab833a732e
2020-09-26 17:31 - 2020-09-26 17:31 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_eaf27788-6a7f-40c8-a19f-8854c969738a
2020-09-04 22:09 - 2020-09-04 22:09 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ebd65ed5-8bc7-40dc-a0fa-8fd443c58dca
2020-09-04 14:12 - 2020-09-04 14:12 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ebf4758f-bb6e-49fb-89ee-0fc7625e7cbd
2020-06-25 21:59 - 2020-06-25 21:59 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ec06fd36-0c0b-4b2d-8f91-d7789fa39679
2020-07-14 16:22 - 2020-07-14 16:22 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ed19c9ba-5bc4-43f1-9e6d-825c35207e01
2020-07-27 20:45 - 2020-07-27 20:45 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_eeab9d58-48de-4715-aa22-029d17de67e0
2020-02-14 16:04 - 2020-02-14 16:04 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_f133f65a-bf7b-4da2-a49c-9f98802b9a70
2020-05-26 21:28 - 2020-05-26 21:28 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_f160065a-274c-4827-af36-72e4a701daeb
2020-10-01 20:33 - 2020-10-01 20:33 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_f35a22a6-d6bd-4815-bfb5-5d5d9e94dc9f
2020-04-30 21:12 - 2020-04-30 21:12 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_f69800bb-0be6-4541-a810-0e7957a55167
2020-07-16 08:08 - 2020-07-16 08:08 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_f6b82e07-026c-4b29-ba18-6df134727040
2020-08-19 18:34 - 2020-08-19 18:34 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_f79095c1-1068-4981-8be6-4843c079738b
2020-04-20 15:34 - 2020-04-20 15:34 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_f887af28-aa2b-493d-b2ff-c10172bcb96a
2020-03-06 11:12 - 2020-03-06 11:12 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_f89302d6-1a0a-41ce-8331-5e1450e8c339
2020-04-25 17:16 - 2020-04-25 17:16 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_f9c87316-8acd-4ae2-851c-0f0927a1674c
2020-04-08 09:10 - 2020-04-08 09:10 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_fb9162b7-feb5-4a12-854b-b858dc73684c
2020-09-07 12:02 - 2020-09-07 12:02 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_fba23a83-b40a-41af-b0a1-4d47e9d2652d
2020-08-27 11:56 - 2020-08-27 11:56 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_fbdacb4f-8ad5-4e44-bde2-f2e61207aa66
2020-04-29 18:03 - 2020-04-29 18:03 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_fc3d588f-b06e-49f7-8f94-d8e49d59dbb3
2020-05-20 20:59 - 2020-05-20 20:59 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_fc942e0d-2382-4730-8692-6b8d4704d672
2020-07-02 11:51 - 2020-07-02 11:51 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_fd106cc4-b355-427f-849a-9550457fb845
2020-06-20 20:13 - 2020-06-20 20:13 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_webcompanion.exe_25dfdb583da5607e4383501e56f3bf1a334c59c4_00000000_ff0e39b9-3b25-4f0f-9e50-4b7e6b47ae24
2018-11-09 18:55 - 2021-02-01 09:13 _____ C:\ProgramData\Application Data\Lavasoft
2018-02-21 13:43 - 2021-01-31 18:01 ____A C:\Program Files (x86)\IObit\Advanced SystemCare
2018-11-09 18:55 - 2021-02-01 09:13 _____ C:\FRST\Quarantine\C\Users\Katja\AppData\Roaming\Lavasoft
2018-11-09 18:55 - 2021-02-01 09:13 _____ C:\FRST\Quarantine\C\Users\Katja\AppData\Local\Lavasoft
2018-11-09 18:55 - 2021-02-01 09:13 _____ C:\FRST\Quarantine\C\ProgramData\Lavasoft
2018-11-09 18:55 - 2021-02-01 09:13 _____ C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-11-09 18:55 - 2021-02-01 09:13 _____ C:\FRST\Quarantine\C\Program Files (x86)\Lavasoft
2018-11-09 18:55 - 2018-11-09 18:55 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\99\Web Companion
2018-11-09 18:55 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\99\Web Companion\Logs\Webcompanion
2018-11-09 18:55 - 2018-11-09 18:56 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\98\Web Companion
2018-11-09 18:55 - 2018-11-09 18:55 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\97\Web Companion
2018-11-09 18:55 - 2018-11-09 18:55 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\96\Web Companion
2018-11-09 18:55 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\95\WebCompanion
2020-05-05 07:59 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\9\GoodGame
2018-11-09 18:56 - 2018-11-09 18:56 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\77\Chip Digital GmbH
2018-04-18 15:26 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\72\Qweb Symbol
2018-04-18 15:26 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\71\Qweb Symbol
2018-05-02 15:20 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\61\Startfenster-Replace
2018-05-02 15:20 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\60\Startfenster-Replace
2020-05-05 07:59 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\59\Startfenster Symbol
2020-05-05 07:59 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\58\Startfenster Symbol
2018-02-21 13:44 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\25\Advanced SystemCare
2021-02-01 09:13 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\24\Advanced SystemCare
2018-02-21 13:44 - 2018-02-21 13:44 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\23\Advanced SystemCare
2019-09-16 17:14 - 2019-09-16 17:14 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\22\Advanced SystemCare
2018-02-21 13:44 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\21\Advanced SystemCare
2018-02-21 13:43 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\20\Advanced SystemCare
2020-10-09 19:08 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\121\QScan System-Check
2018-11-09 18:54 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\118\Vondos
2018-02-21 13:44 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\11\Advanced SystemCare
2018-11-09 18:55 - 2020-12-10 07:57 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\100\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
2020-05-05 07:59 - 2021-02-01 09:13 _____ C:\AdwCleaner\Quarantine\v1\20210201.091321\10\GoodGame
Registry:
========
===================== Suchergebnis für "Chip Digital" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Chip Digital GmbH|chip1click|chip 1-click installer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Chip Digital GmbH|chip1click|CHIP Active Download.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Chip Digital GmbH|chip1click|CHIP Starter.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Chip Digital GmbH|chip1click|CHIP Updater.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Chip Digital GmbH|chip1click|SplashForm.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Chip Digital GmbH\chip1click\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Chip Digital GmbH\"="1"
===================== Suchergebnis für "Advanced SystemCare" ==========
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\iobit_monitor_server]
"Path"="\??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\iobit_monitor_server]
"Path.Org"="\??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\iobit_monitor_server]
"Path.Win32"="C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2081738662-375674699-890820183-1001]
"\Device\HarddiskVolume4\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe"="0x5EA4231B72F8D60100000000000000000000000002000000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2081738662-375674699-890820183-1001]
"\Device\HarddiskVolume4\Program Files (x86)\IObit\Advanced SystemCare\Register.exe"="0xE03539B571F8D60100000000000000000000000002000000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2081738662-375674699-890820183-1001]
"\Device\HarddiskVolume4\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe"="0x40EC34BD71F8D60100000000000000000000000002000000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-2081738662-375674699-890820183-1001]
"\Device\HarddiskVolume4\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe"="0x611A77ADA46CD50100000000000000000000000002000000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-2081738662-375674699-890820183-1001]
"\Device\HarddiskVolume4\Program Files (x86)\IObit\Advanced SystemCare\Register.exe"="0x895B7956586CD50100000000000000000000000002000000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-2081738662-375674699-890820183-1001]
"\Device\HarddiskVolume4\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe"="0x5BFFE710656CD50100000000000000000000000002000000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iobit_monitor_server]
"ImagePath"="\??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys"
[HKEY_USERS\S-1-5-21-2081738662-375674699-890820183-1001\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{6EA9BF93-5F1A-4853-89B9-F2E60A5DF313}]
"AppPath"="C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe"
[HKEY_USERS\S-1-5-21-2081738662-375674699-890820183-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\IObit\Advanced SystemCare\StartupInfo.exe"="0x53414350010000000000000007000000280000002045080081CB080001000000000000000000000A71200000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000077570000000000009100000091000000"
===================== Suchergebnis für "GoodGame" ==========
===================== Suchergebnis für "Lavasoft" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lavasoft]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}]
"Publisher"="Lavasoft"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}]
"URLInfoAbout"="hxxp://www.lavasoft.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}]
"Contact"="support@lavasoft.com"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-2081738662-375674699-890820183-1001]
"\Device\HarddiskVolume4\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe"="0xD4DE7BADA46CD50100000000000000000000000002000000"
[HKEY_USERS\S-1-5-21-2081738662-375674699-890820183-1001\Software\Lavasoft]
===================== Suchergebnis für "Web Companion" ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-2081738662-375674699-890820183-1001]
"\Device\HarddiskVolume4\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe"="0xD4DE7BADA46CD50100000000000000000000000002000000"
===================== Suchergebnis für "webcompanion" ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-2081738662-375674699-890820183-1001]
"\Device\HarddiskVolume4\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe"="0xD4DE7BADA46CD50100000000000000000000000002000000"
===================== Suchergebnis für "Qweb" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\24577C8D4FF84433CA2641291687DE42]
"361A8CEAA32C84343AF157B0FA59914E"="C:\Program Files (x86)\MAGIX\Music Maker 2015 Silver\plugins\imageformats\qwebp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2081738662-375674699-890820183-1001\Components\2C40A223650169047874AE5E8F2335E4]
"81ED830B290665C4CA4D2E86CDEFB202"="C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\Onboarding\imageformats\qwebp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2081738662-375674699-890820183-1001\Components\CB7E9381E9F39D44E92312BB380A882F]
"81ED830B290665C4CA4D2E86CDEFB202"="C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\Onboarding\html\js\qwebchannel.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_none_e1df726b7c8b3c8f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_netfx35linq-linqwebconfig_31bf3856ad364e35_none_85c0d6e7c42dcb59]
===================== Suchergebnis für "Startfenster" ==========
===================== Suchergebnis für "Vondos" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\vondos\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00C6D66CD6AA0FB5DAB221D9D48824EB]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-util-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05F3DE36035DC2A5AA25427CA5B0F415]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-locale-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\101E07A94610A3A59859E566D477A853]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-synch-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1560A65F3D3791A5A909590FDDA7B941]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-libraryloader-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\212D0D604008EB959973C3D006289B1D]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-processthreads-l1-1-1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\215E6F78A016B9742874726DACA30BF7]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\settings.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25811893563DC795E838A130A7F39D15]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-convert-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\296A783A9FF1FA25EBD2558441E558BD]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-profile-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3076DDE1882EBF85A88109609BC0BEF9]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-utility-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31B90B612A4072754BE3209745ED72DD]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-console-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35A83CEACD0E66458A44883C6B0F3084]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-namedpipe-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35D6B661475037B53A1A2A229DB581DC]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-stdio-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E86B55A7731CED5BA20951C7BB8D167]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-rtlsupport-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46547CA2B3F74E35988B4F88F607F9CC]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-private-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5AA8B9F2AE0B4014EA55A0F31E57C661]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\instui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6082181F4EEA93F58AECF1CC78DBAD51]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-file-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\610E706C0389B53509FEEE1BA303289B]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-processenvironment-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\720712C9537001155B6B9994BCA029C3]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-environment-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\745F28E6505913E5F9471E5D792E171E]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-multibyte-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7697FF45C62ECA55887A3C26C8AF103E]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-heap-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\769AD111C61CB4556B1A4C498A004CED]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-math-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BFAB4508EF1E055BBECD41CC54EA725]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-file-l2-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8155981C2620C3F5EAF38E8624DACF30]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-debug-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\860DE5EAD47B32B5AA85CFE389BA0A9E]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-interlocked-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\882F269A4A5B8105586C7B9BB7D8FBF9]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\ucrtbase.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\895E6A78A006B9843874726DACA30AF7]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\amadello-1.0.3-fx.xpi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D7E5BD2150204C56914F11BB62A1EAD]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-localization-l1-2-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\909BAA346E9F76255B7857E369E4AC72]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-file-l1-2-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91F10F9777E186D52B4810E59BA0E3A6]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-datetime-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95BAB495509B9885580DB3BD741A1AB9]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-synch-l1-2-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\99387E9C4BF470058AF85D5C1941FDEA]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-heap-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9CC1024967300DF59B795A144BBCA3DC]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-process-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E0B4CD4A56C0C158A6E229CEEE9460B]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-conio-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A316DA142C1D60C57813E9CAF67AA93C]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\msvcp140.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A52866C1B539C6D5BA00FA507CFE5C8C]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-filesystem-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A90A972A951BF1D5ABAFE629854DDA62]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-sysinfo-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3108950065806454A48E35E5F528D78]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-time-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7EC99DF05AD39E57B064408B2F2FD9D]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-string-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B7F9377E155DFDD54B0BCF0BF99EB345]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-memory-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA23178C392ACA7599370D9BB97C15EA]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-timezone-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1F4F7F0819D8F55EAEA6DCA69F0D94B]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-runtime-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C770617F9F6A9805EBFF6641C32814AB]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\vcruntime140.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CECE8D5F055E57F53A20453032FF5C56]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-handle-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD0F209A8601AD15F865A092D118BC59]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-crt-string-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEFE5B5B102728C5C8B7F0C347C223F1]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-errorhandling-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB9DAFF3E61B1C952A522584D7CBC8CD]
"F38CB9BEC125907489FEBE7F980DDA75"="C:\Program Files (x86)\vondos\api-ms-win-core-processthreads-l1-1-0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F38CB9BEC125907489FEBE7F980DDA75\InstallProperties]
"Publisher"="Vondos Media GmbH"
===================== Suchergebnis für "QScan System-Check" ==========
[HKEY_USERS\S-1-5-21-2081738662-375674699-890820183-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"QScan System-Check.lnk"="0x020000000000000000000000"
===================== Suchergebnis für "WebDiscoverBrowser" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumHTM\Application]
"ApplicationIcon"="C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumHTM\Application]
"ApplicationName"="WebDiscoverBrowser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\WebDiscoverBrowser]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\WebDiscoverBrowser]
""="WebDiscoverBrowser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\WebDiscoverBrowser\Capabilities]
"ApplicationIcon"="C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\WebDiscoverBrowser\Capabilities]
"ApplicationName"="WebDiscoverBrowser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\WebDiscoverBrowser\Capabilities\Startmenu]
"StartMenuInternet"="WebDiscoverBrowser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\WebDiscoverBrowser\DefaultIcon]
""="C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\WebDiscoverBrowser\InstallInfo]
"ReinstallCommand"=""C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\WebDiscoverBrowser\InstallInfo]
"HideIconsCommand"=""C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\WebDiscoverBrowser\InstallInfo]
"ShowIconsCommand"=""C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\WebDiscoverBrowser\shell\open\command]
""=""C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"WebDiscoverBrowser"="Software\Clients\StartMenuInternet\WebDiscoverBrowser\Capabilities"
[HKEY_USERS\S-1-5-21-2081738662-375674699-890820183-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b26b262e_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0255&subsys_10431130&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume4\Program Files\WebDiscoverBrowser\3.210.2\browser.exe%b{00000000-0000-0000-0000-000000000000}"
===================== Suchergebnis für "{92e8bd03-8c7b-4afa-8197-58d85c78203f}" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}]
"Publisher"="Lavasoft"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}]
"URLInfoAbout"="hxxp://www.lavasoft.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}]
"Contact"="support@lavasoft.com"
===================== Suchergebnis für "AdvancedSystemCare" ==========
====== Ende von Suche ======
|
|
08.02.2021, 08:32
| #9 | |
| /// TB-Ausbilder | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Schritt 1
Schritt 2 Auf deinem Computer fehlt das aktuelle Funktionsupdate Version 20H2. Zitat:
Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt: Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...  Vielleicht möchtest du das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
10.02.2021, 20:59
| #10 |
| /// TB-Ausbilder | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Damit wären wir mit diesem Windows Rechner fertig. Wenn wir noch ein weiteren Rechner überprüfen sollen, dann eröffne dazu bitte ein neues Thema. Wir sind froh, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
|
| Themen zu Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen |
| .dll, administrator, adobe, avast, cid, computer, cs3, defender, firefox, frage, google, home, homepage, kaspersky, mozilla, nvidia, prozesse, realtek, registry, scan, server, software, temp, webadvisor, windows, zugriff verweigert |
Lesestoff:
Linear-Darstellung
