| |
| |||||||
Log-Analyse und Auswertung: Gootkit lt. Telekom, wonach muss ich in den LogFiles suchenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
04.02.2021, 22:14
| #1 |
| |  Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Laut Telekom soll auf einem unserer Rechner Gootkit sein. Leider machen die Datums-und Zeitangaben, die ich in einem Telefonanruf dann bekommen habe, keinen Sinn. Damit kann ich nur die Rechner der Reihe nach durchgehen. Auf allen Rechnern ist WIN10 drauf. Habe versucht, aus den geposteten Files was rauslesen zu können. Ist mir leider nicht gelungen. Da wir als große Familie auch ein paar mehr Rechner haben, und ich die Geschichte hier nicht ausarten lassen möchte, habe ich folgende Fragen. Kann mir jemand sagen, nach was ich in der frst.txt und addition.txt suchen muß? Was sind Hinweise auf einen Befall? Was passiert, wenn man einfach mal zur "Vorsicht" bei FRST auf Reparieren geht? Im Anhang mal noch von 2 Rechnern besagte Dateien. Wenn wirklich was drauf ist, habe ich eher den 1. Rechner im Verdacht, bin mir aber nicht sicher. Rechner 1: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-02-2021
durchgeführt von Katja (Administrator) auf DESKTOP-72DG63D (ASUSTeK COMPUTER INC. X550VXK) (04-02-2021 20:58:51)
Gestartet von D:\
Geladene Profile: Katja
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Discord Inc. -> Discord Inc.) C:\Users\Katja\AppData\Local\Discord\app-0.0.307\Discord.exe <3>
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Programme\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(INMUSIC BRANDS INC -> M-Audio) C:\Program Files (x86)\M-Audio\M-Track 8X4M\AudioDevMon.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksdeui.exe
(MAGIX AG) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Katja\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NCH Software, Inc. -> NCH Software) C:\Program Files (x86)\NCH Software\PhotoPad\photopad.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Opera Software AS -> Opera Software) C:\Users\Katja\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\wpscenter.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\wpscloudsvr.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-11-24] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [U22_XT_USBPan.exe] => U22_XT_USBPan.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ACHTUNG
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [EpicGamesLauncher] => D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-26] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Discord] => C:\Users\Katja\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Opera Browser Assistant] => C:\Users\Katja\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Katja\AppData\Local\ASUS GIFTBOX\User Data" (Der Dateneintrag hat 123 mehr Zeichen).
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Katja\AppData\Local\ASUS GIFTBOX\User Data" (Der Dateneintrag hat 123 mehr Zeichen).
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Uninstall 20.201.1005.0009\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Uninstall 20.201.1005.0009] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\20.201.1005.0009"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\MountPoints2: {14fa7206-e242-11ea-a1a1-107b443602d0} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\ricu0olm: C:\Windows\system32\ricu0olm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.146\Installer\chrmstp.exe [2021-02-04] (Google LLC -> Google LLC)
Startup: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2019-06-13]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {15553461-2314-4A24-8313-64720A14A97F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {193DA2E6-54EA-424B-AE52-56180AAF83F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1683352 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {21532607-F3D4-43B3-B4E4-D37D5E0641F3} - System32\Tasks\WpsUpdateTask_Katja => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\wtoolex\wpsupdate.exe [653992 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {26EA8E84-31FF-4A4F-8979-C943775CD602} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DB6C0B4-139B-4E0F-B31B-AC8365E534F0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19786024 2016-08-24] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {309E3EF8-8C76-4B15-8BA2-267A6707F7A7} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [1531136 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {389DC292-80F9-442C-9D2B-8D863F3BB0DA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {48B71FCF-1E7C-475F-B4BB-0F13ECF34572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {49667D5A-CD48-450C-8C02-0CC76DF53805} - System32\Tasks\WpsExternal_Katja_20200105153215 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [1285800 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {4A9E92C6-71BC-4D3A-A253-4E5BED30AB27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {507EF729-A441-47D8-9406-67BAB2B275B8} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-72DG63D-Katja => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {514823E1-3CEB-4CF2-BB8E-247EF4F1BE96} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {526B461F-F78A-4DA3-BEE2-98A3AC71F919} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
Task: {530A2AED-1596-4E51-941E-50EC3AAE014A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EE08B53-5F87-4A5E-86DF-72BD5B745C05} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1578784 2016-07-07] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [Datei ist nicht signiert]
Task: {60BD2060-BA9B-4D8F-99AA-F6618286B46E} - System32\Tasks\Opera scheduled Autoupdate 1594114837 => C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {700439AD-0AB3-4DD0-A72E-D2F57A21FF17} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16747008 2016-11-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7490A73F-CAAF-4109-9752-D8B4EFE1497A} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {7D419AF6-982D-450D-AFA0-604D61AD674E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {8360F909-7D21-44F5-8E92-5C7FB75F3303} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {874E847A-2205-4D08-9C8D-503CC5084CB4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {88E1451A-F1C5-47BC-918C-B2CAED651BFD} - System32\Tasks\Opera scheduled assistant Autoupdate 1594114845 => C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Katja\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {89A74F5F-6F3C-4F4F-BCEB-D5112F9F6805} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {984DAAFA-04CC-4CF7-9ED2-9765C6EC6DA7} - System32\Tasks\ASUS Battery Health Charging Notification => C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe [2478776 2016-11-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {9AF5EFAF-9494-482F-8013-BBD24EEA707F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {A159E453-6C69-4E9C-BBC4-9DDFCA839196} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2013264 2017-12-12] (NVIDIA Corporation -> )
Task: {AE9450CD-A96E-484A-A097-91A71670044F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF13C45B-52CE-454F-B936-433171A8EDC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5C781C4-C567-437B-8A6D-32E069B44BFF} - System32\Tasks\AdwCleaner_onReboot => //SRV-DC01/Setups/Virenscanner/adwcleaner_8.0.9.1(1).exe [8457584 2021-01-27] (Malwarebytes Inc -> Malwarebytes)
Task: {C4C864FF-EBB4-4E60-AE3B-61195E0EC7DE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {D031EDA3-3A4E-4F06-9E36-A621F355BD99} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D22A7074-279B-4B0A-9ADC-2FC199E12731} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {D402CBA4-84F3-46B8-8E45-2BADCA602FA1} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {E29396D1-54EA-4339-B0AD-04F1569B63DA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {E39B04FB-3166-494E-B519-06F60D7B1BBC} - System32\Tasks\WpsExternal_20161111081738 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [1285800 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {EB155E2A-DE4D-4BD6-97F5-07FD98330620} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {F74A871A-865E-43E3-ABBC-DA125CD0410D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\WpsExternal_20161111081738.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 10.11.100.12
Tcpip\..\Interfaces\{534d5b2c-e792-4b93-a565-cef7f7cdc6cf}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{b9c5cc92-b6cb-46af-8f47-f62d5468f69a}: [DhcpNameServer] 10.11.100.12
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2020-08-26] <==== ACHTUNG
Edge Profile: C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-01]
Edge Extension: (Kaspersky Protection) - C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-01-28]
Edge Extension: (Citavi Picker) - C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-01-06]
Edge HKU\S-1-5-21-2081738662-375674699-890820183-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]
FireFox:
========
FF DefaultProfile: x11q7e72.default-1575375523631
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 [2021-02-04]
FF Homepage: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://myfiresearch.com/homepage?hp=1&bitmask=9996&pId=CH180901FF&iDate=2018-11-09 05:55:56&bName=
FF Session Restore: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> ist aktiviert.
FF Notifications: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://adshield.me; hxxps://studip.sw.eah-jena.de
FF Extension: (AdShield) - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\Extensions\{32d829ea-7c44-4510-b199-a212400315c5}.xpi [2020-01-01] [UpdateUrl:hxxps://cdn.adshield-cdn.co/xpi/adshield/data/1219/updates.json]
FF Extension: (Citavi Picker) - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2021-01-05]
FF SearchPlugin: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\searchplugins\My Firefox Search.xml [2020-11-22]
FF Extension: (Citavi Picker) - C:\Program Files\Mozilla Firefox\distribution\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2020-10-27]
FF HKLM\...\Firefox\Extensions: [nickrr878@gmail.com] - C:\Program Files (x86)\Vondos\amadello-1.0.3-fx.xpi => nicht gefunden
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [nickrr878@gmail.com] - C:\Program Files (x86)\Vondos\amadello-1.0.3-fx.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => nicht gefunden
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-01-28] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-01-28] <==== ACHTUNG
Chrome:
=======
CHR Profile: C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default [2020-12-06]
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?fr=mcafee&type=E210DE91212G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/gossip/gossip-de-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Docs) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-08]
CHR Extension: (Google Drive) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-08]
CHR Extension: (YouTube) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-08]
CHR Extension: (Tabellen) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-23]
CHR Extension: (Google Mail) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-23]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]
Opera:
=======
OPR Profile: C:\Users\Katja\AppData\Roaming\Opera Software\Opera Stable [2021-02-02]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AsBhcService; C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe [114360 2016-10-20] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 AVP21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe [381928 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8854920 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11963616 2020-05-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S3 klvssbridge64_21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\vssbridge64.exe [467352 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [351424 2021-01-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe [644264 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MTrack8X4MAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track 8X4M\AudioDevMon.exe [289880 2018-06-07] (INMUSIC BRANDS INC -> M-Audio)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [524512 2020-05-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [244392 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare UniConverter (Desktop Deutsch)\Transfer\DriverInstall.exe [112560 2020-04-21] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\\McCSPServiceHost.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AiCharger; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29312 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [98784 2016-09-01] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [251608 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2021-01-27] (CPUID -> CPUID)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [24056 2017-07-19] (IObit Information Technology -> IObit)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110392 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [212280 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [127288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37496 2020-10-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [523576 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [659768 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1341232 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.2\Bases\klids.sys [244784 2021-01-28] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1025336 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [95544 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [97080 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2020-10-21] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [257208 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2021-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [310232 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116888 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [207352 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [153400 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [250168 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300856 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-04 20:43 - 2021-02-04 20:59 - 000000000 ____D C:\FRST
2021-02-01 09:13 - 2021-02-01 09:13 - 000003208 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2021-02-01 09:11 - 2021-02-01 09:13 - 000000000 ____D C:\AdwCleaner
2021-01-28 20:57 - 2021-01-28 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-28 10:10 - 2021-02-01 09:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-28 07:57 - 2021-01-28 07:57 - 000001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000001209 _____ C:\Users\Public\Desktop\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000001209 _____ C:\ProgramData\Desktop\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000000000 ____D C:\Users\Katja\NCH Software Produktpalette
2021-01-27 12:45 - 2021-01-27 12:45 - 000310232 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-01-27 12:45 - 2021-01-27 12:45 - 000001229 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2021-01-27 12:45 - 2021-01-27 12:45 - 000001229 _____ C:\ProgramData\Desktop\Kaspersky Password Manager.lnk
2021-01-27 12:45 - 2021-01-27 12:45 - 000000000 ____D C:\Users\Katja\AppData\Local\Kaspersky Lab
2021-01-27 12:44 - 2021-01-27 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2021-01-27 12:43 - 2021-01-27 12:43 - 000257208 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000207352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000116888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000099152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000001165 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-01-27 12:43 - 2021-01-27 12:43 - 000001165 _____ C:\ProgramData\Desktop\Kaspersky VPN.lnk
2021-01-27 12:43 - 2021-01-27 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-01-27 12:43 - 2021-01-27 12:43 - 000000000 ____D C:\Program Files\Common Files\AV
2021-01-27 12:42 - 2021-01-27 12:44 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-01-27 12:42 - 2021-01-27 12:44 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-01-27 12:42 - 2021-01-27 12:42 - 000002150 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2021-01-27 12:42 - 2021-01-27 12:42 - 000002150 _____ C:\ProgramData\Desktop\Kaspersky Anti-Virus.lnk
2021-01-27 12:42 - 2021-01-27 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2021-01-27 12:42 - 2020-10-21 23:12 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2021-01-27 12:42 - 2020-10-21 23:11 - 001025336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-01-27 12:42 - 2020-10-21 23:11 - 000523576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-01-26 17:40 - 2021-01-26 17:40 - 000002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-01-13 16:58 - 2021-01-13 16:58 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 16:58 - 2021-01-13 16:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 16:58 - 2021-01-13 16:58 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 16:58 - 2021-01-13 16:58 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 16:58 - 2021-01-13 16:58 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 16:58 - 2021-01-13 16:58 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 16:57 - 2021-01-13 16:57 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 16:57 - 2021-01-13 16:57 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 16:57 - 2021-01-13 16:57 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-13 16:56 - 2021-01-13 16:56 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 16:56 - 2021-01-13 16:56 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 16:56 - 2021-01-13 16:56 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 16:56 - 2021-01-13 16:56 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 16:56 - 2021-01-13 16:56 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 16:55 - 2021-01-13 16:56 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-04 20:58 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-04 20:43 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-04 20:41 - 2019-09-16 17:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-04 19:52 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-04 19:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-04 19:51 - 2018-05-14 15:25 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-04 19:51 - 2018-05-14 15:25 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-04 19:51 - 2018-05-14 15:25 - 000002254 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-04 19:50 - 2020-11-04 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-02-04 19:50 - 2020-04-08 08:24 - 000000000 ____D C:\Program Files\CCleaner
2021-02-04 19:50 - 2019-09-16 17:19 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2081738662-375674699-890820183-1001
2021-02-04 19:50 - 2019-09-16 17:12 - 000002381 _____ C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-04 19:50 - 2018-02-20 22:32 - 000000000 ___RD C:\Users\Katja\OneDrive
2021-02-02 12:51 - 2018-02-21 10:21 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\Mozilla
2021-02-02 12:50 - 2020-04-28 11:44 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-02 12:48 - 2018-02-20 22:30 - 000000000 __SHD C:\Users\Katja\IntelGraphicsProfiles
2021-02-02 12:48 - 2017-07-20 17:25 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-01 09:18 - 2019-09-16 17:20 - 001725108 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-01 09:18 - 2019-03-19 13:16 - 000746614 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-01 09:18 - 2019-03-19 13:16 - 000150886 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-01 09:13 - 2019-09-16 17:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-01 09:13 - 2019-03-19 05:37 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Users\Katja\AppData\Roaming\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Users\Katja\AppData\Local\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\ProgramData\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-02-01 09:13 - 2018-02-21 14:25 - 000000995 _____ C:\Users\Katja\Desktop\Firefox.lnk
2021-02-01 09:13 - 2018-02-21 13:44 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\IObit
2021-02-01 09:13 - 2018-02-21 13:43 - 000000000 ____D C:\Users\Katja\AppData\Roaming\IObit
2021-02-01 09:13 - 2018-02-21 13:43 - 000000000 ____D C:\ProgramData\IObit
2021-02-01 09:13 - 2018-02-20 16:14 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-01 09:13 - 2018-02-20 16:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-01 09:13 - 2016-11-11 09:17 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-02-01 09:10 - 2018-02-20 22:33 - 000000200 _____ C:\Users\Katja\AppData\Roaming\sp_data.sys
2021-01-31 15:55 - 2020-08-23 18:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-31 15:55 - 2020-08-23 18:23 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-31 15:55 - 2020-08-23 18:23 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\Users\Katja\AppData\Roaming\NCH Software
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\ProgramData\NCH Software
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\Program Files (x86)\NCH Software
2021-01-28 07:57 - 2019-09-16 17:12 - 000000000 ____D C:\Users\Katja
2021-01-28 07:53 - 2018-03-05 15:15 - 000000000 ____D C:\Users\Katja\AppData\Local\Packages
2021-01-27 12:53 - 2018-04-18 15:26 - 000000000 ____D C:\ProgramData\Updater
2021-01-27 12:42 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-27 12:42 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-27 12:37 - 2018-02-20 16:15 - 000000000 ____D C:\ProgramData\AVAST Software
2021-01-27 12:37 - 2016-11-11 09:17 - 000000742 _____ C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job
2021-01-27 12:37 - 2016-11-11 09:17 - 000000448 _____ C:\WINDOWS\Tasks\WpsExternal_20161111081738.job
2021-01-27 12:34 - 2018-04-23 10:23 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-26 17:40 - 2019-01-14 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-26 17:40 - 2018-03-23 10:43 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-26 17:36 - 2018-02-21 13:44 - 000000000 ____D C:\ProgramData\ProductData
2021-01-26 12:54 - 2020-08-23 18:22 - 000003628 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-26 12:54 - 2020-08-23 18:22 - 000003404 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-26 12:54 - 2020-07-07 10:40 - 000003854 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1594114845
2021-01-26 12:54 - 2020-07-07 10:40 - 000003622 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1594114837
2021-01-26 12:54 - 2020-04-08 08:25 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-01-26 12:54 - 2020-01-05 15:32 - 000002938 _____ C:\WINDOWS\system32\Tasks\WpsExternal_Katja_20200105153215
2021-01-26 12:54 - 2019-12-12 19:46 - 000002666 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Katja
2021-01-26 12:54 - 2019-10-06 14:52 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-01-26 12:54 - 2019-09-16 17:19 - 000003558 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-26 12:54 - 2019-09-16 17:19 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-26 12:54 - 2019-09-16 17:19 - 000003266 _____ C:\WINDOWS\system32\Tasks\WpsKtpcntrQingTask_Administrator
2021-01-26 12:54 - 2019-09-16 17:19 - 000003118 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-01-26 12:54 - 2019-09-16 17:19 - 000003024 _____ C:\WINDOWS\system32\Tasks\WpsExternal_20161111081738
2021-01-26 12:54 - 2019-09-16 17:19 - 000002968 _____ C:\WINDOWS\system32\Tasks\Update Checker
2021-01-26 12:54 - 2019-09-16 17:19 - 000002924 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
2021-01-26 12:54 - 2019-09-16 17:19 - 000002798 _____ C:\WINDOWS\system32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-26 12:54 - 2019-09-16 17:19 - 000002770 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-72DG63D-Katja
2021-01-26 12:54 - 2019-09-16 17:19 - 000002562 _____ C:\WINDOWS\system32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-26 12:54 - 2019-09-16 17:19 - 000002346 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice
2021-01-26 12:54 - 2019-09-16 17:19 - 000002340 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus
2021-01-26 12:54 - 2019-09-16 17:19 - 000002330 _____ C:\WINDOWS\system32\Tasks\ASUS Battery Health Charging Notification
2021-01-26 12:54 - 2019-09-16 17:19 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-01-26 12:54 - 2019-09-16 17:19 - 000002214 _____ C:\WINDOWS\system32\Tasks\ATK Package A22126881260
2021-01-26 09:45 - 2018-06-26 14:08 - 000000000 ____D C:\Users\Katja\AppData\Local\AVAST Software
2021-01-21 20:53 - 2020-04-08 08:25 - 000002234 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-01-21 07:52 - 2020-07-07 10:40 - 000001407 _____ C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2021-01-16 18:40 - 2018-11-09 17:01 - 000000000 ____D C:\Users\Katja\AppData\Local\Bitwig Studio
2021-01-13 17:12 - 2019-09-16 17:09 - 000568528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-13 17:12 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-13 17:12 - 2018-03-05 15:31 - 000000000 ___RD C:\Users\Katja\3D Objects
2021-01-13 17:12 - 2017-07-20 17:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-13 17:11 - 2019-03-19 13:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 17:11 - 2019-03-19 13:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 17:05 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 17:04 - 2018-02-22 12:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 17:01 - 2018-02-22 12:39 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 16:55 - 2019-09-16 17:10 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-12 08:58 - 2019-09-16 17:12 - 000000000 ____D C:\Users\defaultuser0
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2002-09-11 13:33 - 2001-12-08 18:58 - 000133200 _____ (Europress Software) C:\Users\Katja\cncs.dll
2002-09-11 13:33 - 2001-12-08 18:58 - 000280064 _____ () C:\Users\Katja\cncs232.dll
2002-09-11 13:33 - 2001-12-08 18:58 - 000172032 _____ (Europress Software) C:\Users\Katja\cncs32.dll
2020-05-09 09:27 - 2020-05-09 09:36 - 000037998 _____ () C:\Users\Katja\Uninstal.exe
2018-11-09 17:48 - 2018-11-09 17:48 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P10804_GK Amplification 2 LE_log.inTone2Log
2018-11-10 09:48 - 2018-11-10 09:48 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P13568_ampLion Free_log.inTone2Log
2018-11-10 09:45 - 2018-11-10 09:45 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P14776_GK Amplification 2 LE_log.inTone2Log
2018-11-10 15:20 - 2018-11-10 15:20 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P15472_GK Amplification 2 LE_log.inTone2Log
2020-11-05 16:01 - 2020-11-05 16:01 - 000003820 _____ () C:\Users\Katja\AppData\Roaming\P15960_ampLion Free_log.inTone2Log
2019-01-17 16:09 - 2019-01-17 16:09 - 000003631 _____ () C:\Users\Katja\AppData\Roaming\P16284_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:16 - 2018-11-09 19:16 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P16504_GK Amplification 2 LE_log.inTone2Log
2018-11-10 10:01 - 2018-11-10 10:01 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P16824_GK Amplification 2 LE_log.inTone2Log
2018-11-10 13:21 - 2018-11-10 13:21 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P17308_GK Amplification 2 LE_log.inTone2Log
2018-11-10 10:01 - 2018-11-10 10:01 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P17920_ampLion Free_log.inTone2Log
2018-11-10 15:20 - 2018-11-10 15:20 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P19080_ampLion Free_log.inTone2Log
2018-11-10 13:20 - 2018-11-10 13:20 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P3408_ampLion Free_log.inTone2Log
2018-11-09 17:35 - 2018-11-09 17:35 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P3784_ampLion Free_log.inTone2Log
2018-11-09 16:42 - 2018-11-09 16:42 - 000003755 _____ () C:\Users\Katja\AppData\Roaming\P4268_GK Amplification 2 LE_log.inTone2Log
2018-11-09 16:45 - 2018-11-09 16:45 - 000003616 _____ () C:\Users\Katja\AppData\Roaming\P4708_ampLion Free_log.inTone2Log
2018-11-09 17:23 - 2018-11-09 17:23 - 000030467 _____ () C:\Users\Katja\AppData\Roaming\P7612_inTone2 ESI Edition_log.inTone2Log
2018-11-09 17:35 - 2018-11-09 17:35 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P7732_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:10 - 2018-11-09 19:10 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P7752_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:47 - 2018-11-09 19:47 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P9936_GK Amplification 2 LE_log.inTone2Log
2018-02-20 22:33 - 2021-02-01 09:10 - 000000200 _____ () C:\Users\Katja\AppData\Roaming\sp_data.sys
2018-10-02 11:46 - 2018-10-02 11:46 - 000000000 _____ () C:\Users\Katja\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Die 2. Datei im nächsten Beitrag, da für diesen schon zu groß. Geändert von FSP (04.02.2021 um 22:26 Uhr) |
|
04.02.2021, 22:24
| #2 |
| /// TB-Ausbilder   | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen. Poste bitte die andere Logdatei von FRST, Addition.txt. Dann sehen wir weiter. Wenn du kein Experte bist bzw. dich nicht wirklich gut mit FRST auskennst, sollest du nicht blind damit "rumspielen". Wir wollen ja nicht, dass du was "kaputt" machst.  Dann hast du zudem schon selber "rumgespielt" und AdwCleaner und Kaspersky ausgeführt. Von diesen beiden Programmen hätte ich gerne die Logdateien mit den Funden. Geändert von M-K-D-B (04.02.2021 um 22:33 Uhr) |
|
05.02.2021, 19:15
| #3 |
| | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Hier nun endlich noch die 2. Datei
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-02-2021
durchgeführt von Katja (04-02-2021 21:00:52)
Gestartet von D:\
Windows 10 Home Version 1909 18363.1316 (X64) (2019-09-16 16:19:24)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2081738662-375674699-890820183-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2081738662-375674699-890820183-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2081738662-375674699-890820183-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-2081738662-375674699-890820183-501 - Limited - Disabled)
Katja (S-1-5-21-2081738662-375674699-890820183-1001 - Administrator - Enabled) => C:\Users\Katja
WDAGUtilityAccount (S-1-5-21-2081738662-375674699-890820183-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_1) (Version: 15.0.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
ampLion Free 1.2.0 (HKLM-x32\...\{C0355E2A-5FA6-4782-85B1-107C560E904A}_is1) (Version: 1.2.0 - Audiffex)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS Battery Health Charging (HKLM-x32\...\{3A7E73B6-3A04-49ED-811E-CC39F7EA2E34}) (Version: 1.0.0002 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
Atti-TUBE (HKLM-x32\...\Atti-TUBE) (Version: - )
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.16 - ICEpower a/s)
Bananarama (HKLM-x32\...\Bananarama) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitwig 8-Track (HKLM-x32\...\{8A2AC349-1D0C-475B-980B-FC3BA141153F}) (Version: 1.3.7.37083 - Bitwig GmbH)
Bitwig Studio (HKLM\...\{7180D515-FED7-40B8-9090-C3307A2463A6}) (Version: 3.0.3.81986 - Bitwig GmbH)
Bovbjerg Piano Module (HKLM-x32\...\Bovbjerg Piano Module) (Version: - )
Brother MFL-Pro Suite MFC-J4410DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.7.0.0 - Swiss Academic Software)
Clickteam Fusion 2.5 Free Edition (HKLM-x32\...\Clickteam Fusion 2.5 Free Edition) (Version: - Clickteam)
CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
DaVinci Resolve (HKLM\...\{B038DE18-6092-4C56-ACD4-E268DCFE2B20}) (Version: 14.3.0014 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{332552D0-B8EE-49BF-B904-E038A72BD2B2}) (Version: 1.1.2.0 - Blackmagic Design)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Discord (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EGOSYS FX-Pack (HKLM-x32\...\EGOSYS FX-Pack) (Version: - )
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.11.0.73 - NVIDIA Corporation) Hidden
GK Amplification 2 LE 2.2.2 (HKLM-x32\...\{CB13830D-9A15-4D25-A55C-9E52BF57DD4B}_is1) (Version: 2.2.2 - Audiffex)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.146 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
IBM SPSS Statistics 25 (HKLM\...\{C2D1E17D-CB8A-4742-84FA-1DB5C6A1ABDD}) (Version: 25.0.0.0 - IBM Corp)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7325 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.5.1035 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
inTone 2 ESI Edition 2.4.0 (HKLM-x32\...\{D72463A2-6C42-41DF-9114-D939C8E65A9D}_is1) (Version: 2.4.0.86 - Audified)
inTone 2 ESI Edition 64bit 2.4.0 (HKLM\...\{0A7FC75F-817B-416D-B927-CDB4C1404866}_is1) (Version: 2.4.0.86 - Audified)
Jitsi (HKLM\...\{D20996B9-BCB6-4877-8104-BDEEF5ED3097}) (Version: 2.10.5550 - Jitsi)
Kaspersky Anti-Virus (HKLM-x32\...\{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky VPN (HKLM-x32\...\{221FA56C-0A92-4E58-98FD-CAF82237540C}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{221FA56C-0A92-4E58-98FD-CAF82237540C}) (Version: 21.2.16.590 - Kaspersky)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.2 - LUXONIX)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM\...\{AEC8A163-C23A-4348-A31F-750BAF9519E4}) (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver (HKLM-x32\...\MX.{AEC8A163-C23A-4348-A31F-750BAF9519E4}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver Soundpools (HKLM\...\{9B02E643-CFDA-435E-9538-C02234A42021}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
M-Audio M-Track 8X4M 1.0.3 (HKLM\...\{5E248784-8915-4AF3-A06B-6D3A050B4B9C}) (Version: 1.0.3 - M-Audio)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13127.21064 - Microsoft Corporation)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13127.21064 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Teams) (Version: 1.3.00.3564 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MixPad Musikstudio-Software (HKLM-x32\...\MixPad) (Version: 5.99 - NCH Software)
Mozilla Firefox 85.0 (x64 de) (HKLM\...\Mozilla Firefox 85.0 (x64 de)) (Version: 85.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{0317B5F7-01A3-4640-A491-456B453CCAB3}) (Version: 2.2.1 - Werner Schweer and Others)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Opera Stable 73.0.3856.344 (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
PhotoPad Foto-Editor (HKLM-x32\...\PhotoPad) (Version: 6.78 - NCH Software)
PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.3.3.41198 - PreSonus Audio Electronics)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.887.091316 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7997 - Realtek Semiconductor Corp.)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0008 - REALTEK Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Snapseed (HKLM-x32\...\{D5BEB842-5696-4AE8-A222-03D06384856D}) (Version: 1.2.1 - Nik Software, Inc.)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.8.10.170 - EnigmaSoft Limited)
Stanton Deckadance 2.72 (HKLM-x32\...\Stanton Deckadance) (Version: 2.72 - Stanton)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studio Devil British Valve Custom v1.1 (HKLM-x32\...\{9DEE696E-FBA6-473A-9B5E-576E86B6183F}) (Version: 1.1.0 - Studio Devil)
StudioDevil VGA 1.3 (HKLM-x32\...\StudioDevil VGA_is1) (Version: - StudioDevil)
Tassman ESI Edition (HKLM-x32\...\{AF9F71C9-2F5F-4E00-9A34-D7BC1D6E1DA7}) (Version: - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.34161 - Microsoft Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
U22 XT USB Driver version v1.3.1.0 (HKLM\...\{A7C4B7E9-C70A-4D75-A497-EFE8E61B3409}_is1) (Version: v1.3.1.0 - ESI-Audiotechnik)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM-x32\...\{F35DD4F5-1F85-43CD-AC7A-FE54CA7EABA2}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 11.22 - NCH Software)
Windows Driver Package - ASUS (AsusTP) Mouse (08/19/2016 6.0.0.83) (HKLM\...\67D3C04C0088D5D88ABB7419CBFDF094E3B809C1) (Version: 08/19/2016 6.0.0.83 - ASUS)
Windows Driver Package - ESI (U22_XT_USB_AA) MEDIA (10/11/2018 1.3.1.0) (HKLM\...\406BEFE077C994845635F321499568604730DB83) (Version: 10/11/2018 1.3.1.0 - ESI)
Windows Driver Package - ESI (U22_XT_USBWDM_01) MEDIA (10/11/2018 1.3.1.0) (HKLM\...\614DB88564DB0A7BD420220B25837D9047C59561) (Version: 10/11/2018 1.3.1.0 - ESI)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 11.7.5.1) (HKLM-x32\...\UniConverter_is1) (Version: 11.7.5.1 - Wondershare Software)
WPS Office (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Kingsoft Office) (Version: 10.2.0.7646 - Kingsoft Corp.)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Packages:
=========
ASUS ZenLink -> C:\Program Files\WindowsApps\B9ECED6F.ZenSync_1.0.7.0_x86__qmba6cd70vzyy [2018-02-21] (ASUSTeK COMPUTER INC.) [MS Ad]
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-10] (Autodesk Inc.)
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.3.18.0_x86__ffd303wmbhcjt [2020-07-26] (BreeZip) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2020-12-28] (Dolby Laboratories)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-13] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-16] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-09-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Studios) [MS Ad]
-My Notes- -> C:\Program Files\WindowsApps\22944SamJarawan.-MyNotes-_2.1.47.0_x64__3gv8nk7frgb5p [2020-03-05] (Sam Jarawan) [MS Ad]
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-05-01] (ASUSTeK COMPUTER INC.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-26] (Netflix, Inc.)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.6.0.0_x86__fxme7667cy4q4 [2020-02-16] (Ricoh Company, Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-31] (Spotify AB) [Startup Task]
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_2.5.1.0_x64__t4vj0pshhgkwm [2020-12-28] (Telegram Messenger LLP)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2100.7.0_x64__cv1g1gvanyjgm [2021-01-28] (WhatsApp Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52 [2021-01-19] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6B64E7666B22} -> [Creative Cloud Files] => C:\Users\Katja\Creative Cloud Files [2018-02-20 16:59]
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Katja\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Katja\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxDTCM.dll [2019-10-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers1_S-1-5-21-2081738662-375674699-890820183-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers5_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Katja\Desktop\facebook.lnk -> C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
ShortcutWithArgument: C:\Users\Katja\Desktop\Profil 1 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Default"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2018-04-10 14:29 - 2009-02-27 15:38 - 000139264 ____R () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-11-07 13:03 - 2016-07-21 10:54 - 000137728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-11-07 13:03 - 2017-03-23 09:49 - 001506304 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-04-10 14:29 - 2017-11-07 18:55 - 000137728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2018-04-10 14:29 - 2017-08-18 10:23 - 000087552 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2018-04-10 14:29 - 2017-08-18 10:23 - 017974784 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2018-04-10 14:29 - 2017-11-07 19:04 - 000095232 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcLGer.dll
2018-05-14 15:22 - 2017-11-07 18:55 - 000440832 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\Track.dll
2018-04-10 14:29 - 2005-04-22 05:36 - 000143360 _____ () [Datei ist nicht signiert] C:\WINDOWS\system32\BrSNMP64.dll
2018-04-10 14:29 - 2012-04-23 14:03 - 000380928 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-04-10 14:29 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BroSNMP.dll
2018-04-10 14:29 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2018-04-10 14:29 - 2012-01-11 13:39 - 000626688 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2018-04-10 14:29 - 2012-07-27 06:07 - 000087040 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\WINDOWS\system32\BrNetSti.dll
2017-07-20 17:41 - 2017-07-20 17:41 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2017-07-20 17:41 - 2017-07-20 17:41 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2017-07-20 17:26 - 2016-06-14 21:01 - 001298640 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2017-07-20 17:26 - 2016-06-14 21:01 - 001767944 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\WINDOWS\system32\nvspcap64.dll
2020-11-07 13:03 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2081738662-375674699-890820183-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2081738662-375674699-890820183-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.DLL [2020-10-27] (Swiss Academic Software -> Swiss Academic Software)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.DLL [2020-10-27] (Swiss Academic Software -> Swiss Academic Software)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-07-16 12:47 - 2019-01-04 11:39 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts
2019-05-02 14:52 - 2019-07-13 19:54 - 000000513 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\IBM\SPSS\Statistics\25\JRE\bin
HKU\S-1-5-21-2081738662-375674699-890820183-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katja\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG-20201126-WA0000.jpg
DNS Servers: 10.11.100.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{ACF474C7-6B92-4574-989C-5EED602D98F3}C:\program files\ibm\spss\statistics\25\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\25\stats.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{A415168B-3611-4F70-B7AF-A84C158F9AD2}C:\program files\ibm\spss\statistics\25\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\25\stats.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{DFD5BC1D-6220-4B55-B755-6D8A40F38D5C}] => (Allow) C:\Users\Katja\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{CE18431A-0924-4412-A952-374B94FE3267}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{18EA528D-D248-4F20-9C31-8EEA7BBA21BD}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5949B9D6-541C-486A-91EF-93D0AC5950EC}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\WinWrapIDE.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{455A9131-59FA-403B-B797-7D4D2C3A26E9}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\stats.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{5FF9BA0F-2B12-4A0F-9A34-B6764531C870}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\stats.com (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{8C366F65-A8FA-4ECC-AB87-13F003756B13}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\WinWrapIDE.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{524C798F-0781-4BAD-8ADA-E93A8252D7BF}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\stats.exe (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [{2B6AB65F-D557-4615-9347-532B9AFAFD6C}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\25\stats.com (IBM -> IBM Corp.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{FBF4B0A6-5EB9-4945-9CC4-CC0F37F64B7C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{4594A9AD-C774-484D-B60E-5E8647428E0D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{0B35B2AC-0CF8-41D7-B2F9-FE6BC1D0E789}C:\program files\bitwig studio\bitwig studio.exe] => (Block) C:\program files\bitwig studio\bitwig studio.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [TCP Query User{C1B1359A-1FD4-43D4-9DCC-01EF2843A62B}C:\program files\bitwig studio\bitwig studio.exe] => (Block) C:\program files\bitwig studio\bitwig studio.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [UDP Query User{D448B127-EA72-4518-A3B5-084F40B2CD9F}C:\program files (x86)\bitwig 8-track\bitwig 8-track.exe] => (Allow) C:\program files (x86)\bitwig 8-track\bitwig 8-track.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [TCP Query User{59715BA3-E348-4189-B8B8-AE91C900B822}C:\program files (x86)\bitwig 8-track\bitwig 8-track.exe] => (Allow) C:\program files (x86)\bitwig 8-track\bitwig 8-track.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [UDP Query User{A721852B-D4B1-4658-BE75-9110153D9A2B}C:\program files\bitwig studio\bitwig studio.exe] => (Allow) C:\program files\bitwig studio\bitwig studio.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [TCP Query User{144F3DAB-1C92-4D49-BE4A-050F3EBA468B}C:\program files\bitwig studio\bitwig studio.exe] => (Allow) C:\program files\bitwig studio\bitwig studio.exe (Bitwig GmbH -> Bitwig GmbH)
FirewallRules: [{7DD1EFCE-98DF-4F9D-9300-7223FA064680}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{F1C37390-AFAA-4A5D-A654-9EB69225DDE6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{A4C3FAFB-5398-4D61-B0C6-5C9BEB3C0806}] => (Allow) C:\Program Files (x86)\PreSonus\Studio One 3\Studio One.exe (PreSonus) [Datei ist nicht signiert]
FirewallRules: [{2E2F3AC0-EFAF-4B2F-8099-25AE194C8E32}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E449A71-A8F6-42A7-AEC0-A873C369BF5D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BCD0E504-368B-4A04-9858-3246E5EC0DA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4ECD05E2-9759-4E61-9E0D-1A568A277CA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C2F66F40-7981-461C-9AAE-2D3772E618FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DC8A9500-A134-4E77-92CE-7FF204CFEE37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F1498679-AB18-4C24-B366-B5A49D1F66C7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B181FC74-6B2B-43A3-8C9F-5D26C2088844}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{8354D7DE-F9E7-4178-8ADB-B3D4A7529C8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{330795B2-535F-4A6E-81A3-514B70F3AFF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{90839865-C252-423B-9462-8FF039173977}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{F55A0220-89A5-4417-8162-6D2D1582E442}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{6D1115DD-22CF-4F56-89D9-3E37E31242EE}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe () [Datei ist nicht signiert]
FirewallRules: [{E6714C82-FA19-4A9C-8BA1-1752D072B268}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{B0190148-BFC4-4E82-9E45-A3573919D88F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{7AF620AC-3BED-4AB6-B28B-FCCBC0AF0DE2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{FCDF3B59-6874-46EE-8E7E-5A91800A343A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{A70FAF36-8891-4AF5-86DC-A12B7D011AA9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{81C8F7E0-E1D6-40FA-AE8B-676816459A62}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe () [Datei ist nicht signiert]
FirewallRules: [{C59D4D20-5DE3-4C91-BA34-4B16B9DB7B31}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{76391E86-B406-43F5-B838-CEAE19D01E48}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe (Brother Industries, Ltd.) [Datei ist nicht signiert]
FirewallRules: [{0EB27B6B-25B9-4F2F-894C-CF7E8D5412B6}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe (Brother Industries, Ltd.) [Datei ist nicht signiert]
FirewallRules: [{F2586BB2-11E4-4E0C-AC85-F8B74B0C7112}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{2CA1F4C0-9BF6-4FCB-8D71-3681FE676803}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [UDP Query User{5E16E2D5-47A5-4042-A4D6-35536FB93843}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query User{98E3F47C-B200-482D-B9A6-C0A35A47E719}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{7749A80A-F198-4CEA-AEC7-FC5B774768A3}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{5EF7FA72-F5A5-4E49-B642-952C94A037ED}E:\bitwig studio\bitwig studio.exe] => (Allow) E:\bitwig studio\bitwig studio.exe => Keine Datei
FirewallRules: [UDP Query User{D5E5EFEC-710B-48C3-8CD5-2BD0E6796CB3}E:\bitwig studio\bitwig studio.exe] => (Allow) E:\bitwig studio\bitwig studio.exe => Keine Datei
FirewallRules: [{E171F794-FC24-496D-B6DD-C1823E544830}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\wpscloudsvr.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [{9CA7E799-34EE-45B7-A392-5A4575386CF4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7503E1BA-680F-4A37-A579-272439B8A20A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{55ECB660-087C-48A2-B5F2-C40B2C6B5F35}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED4F1C81-CD73-42EA-82F2-C3C35477A011}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BF096A05-6A3F-4818-8FB1-9D6456520FF4}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{804BBAAE-073C-4E56-ABF9-EC55A3C95281}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe () [Datei ist nicht signiert]
FirewallRules: [{E9698A10-C45C-4C16-B9D5-36959FFD33B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7E8B133C-9E64-45FE-B829-811ECBA54C9A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B9492A39-2251-4610-B088-F58A15CF3CB8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{095D03FD-617E-4BE8-9642-BD2355966205}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{03E2ABBE-19A2-4C3E-98F5-CD7FE737ED97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{6F8DD97C-16C0-4D6C-BFB6-5872293A38CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{623CA3E4-61A2-42CE-9D2D-9166D174A0C3}D:\programme\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\programme\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [UDP Query User{F4A29DDF-5CCA-47AC-9DB6-FF1E7533C56B}D:\programme\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\programme\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [{82A9AEB3-AA0F-4389-80E8-C7006FC711A4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5EAD68A4-25FA-4929-B201-CDAADD4DD6BE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{6BFE5BCB-FFF8-4B5E-A0EA-EA598102835A}D:\programme\theescapists2\theescapists2.exe] => (Allow) D:\programme\theescapists2\theescapists2.exe => Keine Datei
FirewallRules: [UDP Query User{B8BF0420-04A3-4752-BA91-6A4E068D171B}D:\programme\theescapists2\theescapists2.exe] => (Allow) D:\programme\theescapists2\theescapists2.exe => Keine Datei
FirewallRules: [TCP Query User{4113F22D-8E88-4709-95BB-5BEB955BFFEC}C:\program files\jitsi\jitsi.exe] => (Allow) C:\program files\jitsi\jitsi.exe (Open Source Developer, Ingo Bauersachs -> jitsi.org)
FirewallRules: [UDP Query User{DBD084CF-9060-4962-9D56-1EFB873BF525}C:\program files\jitsi\jitsi.exe] => (Allow) C:\program files\jitsi\jitsi.exe (Open Source Developer, Ingo Bauersachs -> jitsi.org)
FirewallRules: [{6CEE5ECD-801F-46F0-9834-E297E27957F5}] => (Allow) C:\Users\Katja\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{094FBFB7-8C40-442F-AAEE-F64C341DFC96}] => (Allow) C:\Users\Katja\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{0B646825-A50D-4140-8BC0-38BA365EB96C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{824CA236-0959-4860-A62D-A7D08C14CB53}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E2CA614-1A22-4390-903F-ACA963055BFD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{25F03161-803C-4084-8963-E26E01511E2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B0BCF6C7-8E79-475F-8A5B-CB283D4209EA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6BC846B2-FD1F-469A-81BF-906C5A184E15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{91B13FC2-DE28-4115-B029-C804B402211F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9BC06C70-0FAA-4153-9228-5C9639406B16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AA7BC95E-F0BC-4463-B47A-2126AE909A93}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5432AA86-9848-4C79-B098-F2468BD77F4A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D14390A-6796-4883-A1E0-35EA4A72AFBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{81E3C55D-B2DB-4D67-B7BE-A00998F6D09B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE5B43F4-17B4-446E-BD51-8A91FB285E9E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8762BB37-3CA9-4E98-A9D9-469FBA01A29E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:117.71 GB) (Free:15.45 GB) (13%)
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/04/2021 09:01:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (20028,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/04/2021 08:54:57 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (18724,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/04/2021 08:11:22 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9396,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/04/2021 07:57:20 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10628,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/02/2021 12:50:48 PM) (Source: Firefox) (EventID: 5) (User: )
Description: Event-ID 5
Error: (02/02/2021 09:21:54 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (18660,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/02/2021 09:15:30 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12472,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/02/2021 09:11:05 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (16676,G,0) Der Versuch, die Datei "C:\Users\Katja\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Systemfehler:
=============
Error: (02/04/2021 07:50:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240017 fehlgeschlagen: Brother - Printer - 4/22/2009 12:00:00 AM - 10.0.17119.1
Error: (02/04/2021 07:50:07 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-72DG63D)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/04/2021 05:52:40 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-72DG63D)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/02/2021 12:50:18 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-72DG63D)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/02/2021 12:50:09 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT-AUTORITÄT)
Description: Der Zeitdienst hat festgestellt, dass die Systemzeit um 197865 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal 54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone richtig sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->51.105.208.173:123) ordnungsgemäß ausgeführt wird.
Error: (02/02/2021 12:50:07 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT-AUTORITÄT)
Description: Der Zeitdienst hat festgestellt, dass die Systemzeit um 197865 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal 54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone richtig sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->51.105.208.173:123) ordnungsgemäß ausgeführt wird.
Error: (02/02/2021 12:50:06 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT-AUTORITÄT)
Description: Der Zeitdienst hat festgestellt, dass die Systemzeit um 197865 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal 54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone richtig sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->51.105.208.173:123) ordnungsgemäß ausgeführt wird.
Error: (02/02/2021 12:50:05 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT-AUTORITÄT)
Description: Der Zeitdienst hat festgestellt, dass die Systemzeit um 197865 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal 54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone richtig sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->51.105.208.173:123) ordnungsgemäß ausgeführt wird.
Windows Defender:
===================================
Date: 2019-10-04 11:57:21.190
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {D16400BC-88C2-4381-B6F9-DC061612597D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-27 22:17:21.150
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {EE759CBA-47EA-4D4E-9AC5-6BFA8D4E81B7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-19 19:56:45.729
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {A8668A42-07EA-4C37-9C09-8DA205B37B8E}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-19 18:46:11.603
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {CF066013-967D-42CB-B320-3E525CF6020C}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-01-27 12:36:38.216
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.303.1022.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.16400.2
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Date: 2021-01-27 12:36:38.216
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.303.1022.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.16400.2
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Date: 2019-09-29 12:59:25.537
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.303.314.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.16400.2
Fehlercode: 0x8024402c
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".
CodeIntegrity:
===================================
Date: 2021-02-04 19:50:15.124
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-04 19:50:15.109
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-04 19:50:15.091
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-04 19:50:15.074
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-04 19:50:15.052
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-02 09:11:23.936
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-02 09:11:23.921
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-02 09:11:23.903
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. X550VXK.307 04/19/2019
Hauptplatine: ASUSTeK COMPUTER INC. X550VXK
Prozessor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 58%
Installierter physikalischer RAM: 8077.04 MB
Verfügbarer physikalischer RAM: 3348.79 MB
Summe virtueller Speicher: 10253.04 MB
Verfügbarer virtueller Speicher: 5080.37 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:117.71 GB) (Free:15.45 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:781.26 GB) NTFS
\\?\Volume{db185c5f-80e1-4e3e-a56f-5e871b78703c}\ () (Fixed) (Total:0.48 GB) (Free:0.04 GB) NTFS
\\?\Volume{002f04c3-60f1-4b35-8840-89fa1788299f}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.44 GB) NTFS
\\?\Volume{fc5b06db-5457-4b06-81cf-80528ff87fee}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 646A106C)
Partition: GPT.
==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 726C32AF)
Partition: GPT.
==================== Ende von Addition.txt =======================
Und hier noch die beiden Dateien vom AdwCleaner. Mit den Kasperskydaten kann ich leider nicht weiterhelfen. Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-01-2021
# Duration: 00:00:06
# OS: Windows 10 Home
# Cleaned: 140
# Awaiting reboot:1
# Failed: 0
***** [ Services ] *****
Deleted AdvancedSystemCareService11
Deleted WCAssistantService
Deleted chip1click
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Chip Digital GmbH
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\GoodGame
Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files (x86)\Qweb Symbol
Deleted C:\Program Files (x86)\Startfenster Symbol
Deleted C:\Program Files (x86)\Startfenster-Replace
Deleted C:\Program Files (x86)\Vondos
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodGame
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qweb Symbol
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startfenster Symbol
Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\Katja\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Katja\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Katja\AppData\Local\Temp\DMR
Deleted C:\Users\Katja\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Katja\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startfenster-Replace
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
Deleted C:\Users\Katja\AppData\Roaming\QScan System-Check
Deleted C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Needs Reboot C:\Program Files (x86)\IObit\Advanced SystemCare
***** [ Files ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\GoodGame BigFarm spielen.lnk
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\GoodGame Empire spielen.lnk
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Qweb Converter installieren.lnk
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Startfenster.lnk
Deleted C:\Users\Katja\AppData\Local\DOWNLOADED INSTALLATIONS\{3BD9A53F-F9BC-44DF-B0FA-6DD88C79F92A}\CHIP INSTALLER.MSI
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GoodGame BigFarm spielen.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GoodGame Empire spielen.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Qweb Converter installieren.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GOODGAME.LNK
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Qweb Symbol.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster Symbol.lnk
Deleted C:\Users\Katja\Favorites\GoodGame BigFarm spielen.lnk
Deleted C:\Users\Katja\Favorites\GoodGame Empire spielen.lnk
Deleted C:\Users\Katja\Favorites\Links\GoodGame BigFarm spielen.lnk
Deleted C:\Users\Katja\Favorites\Links\GoodGame Empire spielen.lnk
Deleted C:\Users\Katja\Favorites\Links\Qweb Converter installieren.lnk
Deleted C:\Users\Katja\Favorites\Links\Startfenster.lnk
Deleted C:\Users\Katja\Favorites\Qweb Converter installieren.lnk
Deleted C:\Users\Katja\Favorites\Startfenster.lnk
Deleted C:\Users\Public\Desktop\Qweb Converter installieren.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Deleted C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
Deleted C:\Users\Katja\Desktop\Firefox.lnk
Deleted C:\Users\Public\Desktop\Google Chrome.lnk
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\ASC11_PERFORMANCEMONITOR
***** [ Registry ] *****
Deleted HKCU\SOFTWARE\AM|GoodGame
Deleted HKCU\SOFTWARE\AM|Startfenster-Replace
Deleted HKCU\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKCU\Software\AM|Startfenster Symbol
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 11
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QScan System-Check
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QScan System-Check
Deleted HKCU\Software\WebDiscoverBrowser
Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8DBE359-F531-44BD-A0CA-8F97CBF68DCB}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startfenster-Replace.exe
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service
Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted HKLM\Software\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E61B1AB66C44604797AC56F6BC3B0FF
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37A47D4566095BF44A2CA19FBDFA04A9
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B90A3D3F68EADC47B40D2D572B76E62
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638EEBF8065E4B845AD5CAB77949D6CC
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\884DF2290FDFBE9408D20E763774932B
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F60B79E6444F2DE4EAC868B34B7EDADA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE90F95E2F75E9143B28CD4FD9C91A78
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\WebDiscoverBrowser
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|UninstallString
Deleted HKLM\Software\Wow6432Node\WebDiscoverBrowser
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\Startfenster-Replace.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\GoodGame.de
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Qweb.de
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Startfenster-Replace.de
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Startfenster.de
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EB9BC83F-521C-4709-98EF-EBF789D0AD57}
Deleted HKLM\System\Setup\FirstBoot\Services\AdvancedSystemCareService11
Deleted HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted HKLM\System\Setup\FirstBoot\Services\chip1click
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Deleted https://myfiresearch.com/homepage?hp=1&bitmask=9996&pId=CH180901FF&iDate=2018-11-09 05:55:56&bName=
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.ASUSDeviceActivation Folder C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION
Deleted Preinstalled.ASUSDeviceActivation Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}
Deleted Preinstalled.ASUSGiftBox Folder C:\Program Files (x86)\ASUS\GIFTBOX
Deleted Preinstalled.ASUSGiftBox Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ASUS GIFTBOX
Deleted Preinstalled.ASUSSmartGesture Folder C:\Program Files (x86)\ASUS\ASUS SMART GESTURE
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADC666AD-42FD-4495-8B4A-F97126A4B09E}
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1}
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}
Deleted Preinstalled.ASUSSmartGesture Task C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER
Deleted Preinstalled.ASUSSplendid Folder C:\Program Files (x86)\ASUS\SPLENDID
Deleted Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE2C0494-7FC4-415B-A615-DF5108CA8853}
Deleted Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON
Deleted Preinstalled.ASUSSplendid Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}
Deleted Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ASUS SPLENDID ACMON
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-01-2021
# Duration: 00:00:27
# OS: Windows 10 Home
# Scanned: 31956
# Detected: 147
***** [ Services ] *****
PUP.Optional.AdvancedSystemCare AdvancedSystemCareService11
PUP.Optional.Chip chip1click
PUP.Optional.Legacy WCAssistantService
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Katja\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Katja\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Chip C:\Program Files (x86)\Chip Digital GmbH
PUP.Optional.Chip C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
PUP.Optional.DownloadSponsor C:\Users\Katja\AppData\Local\Temp\DMR
PUP.Optional.Legacy C:\Program Files (x86)\GoodGame
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodGame
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite
PUP.Optional.QScanSystemCheck C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
PUP.Optional.QScanSystemCheck C:\Users\Katja\AppData\Roaming\QScan System-Check
PUP.Optional.Qweb C:\Program Files (x86)\Qweb Symbol
PUP.Optional.Qweb C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qweb Symbol
PUP.Optional.StartFenster.ShrtCln C:\Program Files (x86)\Startfenster Symbol
PUP.Optional.StartFenster.ShrtCln C:\Program Files (x86)\Startfenster-Replace
PUP.Optional.StartFenster.ShrtCln C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startfenster Symbol
PUP.Optional.StartFenster.ShrtCln C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startfenster-Replace
PUP.Optional.Vondos C:\Program Files (x86)\Vondos
PUP.Optional.WebCompanion C:\Program Files (x86)\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
PUP.Optional.WebCompanion C:\Users\Katja\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
PUP.Optional.WebCompanion C:\Users\Katja\AppData\Roaming\Lavasoft\Web Companion
***** [ Files ] *****
PUP.Optional.Chip C:\Users\Katja\AppData\Local\DOWNLOADED INSTALLATIONS\{3BD9A53F-F9BC-44DF-B0FA-6DD88C79F92A}\CHIP INSTALLER.MSI
PUP.Optional.GoodGame C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GOODGAME.LNK
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\GoodGame BigFarm spielen.lnk
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\GoodGame Empire spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GoodGame BigFarm spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GoodGame Empire spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\Favorites\GoodGame BigFarm spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\Favorites\GoodGame Empire spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\Favorites\Links\GoodGame BigFarm spielen.lnk
PUP.Optional.Legacy C:\Users\Katja\Favorites\Links\GoodGame Empire spielen.lnk
PUP.Optional.Qweb C:\ProgramData\Microsoft\Windows\Start Menu\Qweb Converter installieren.lnk
PUP.Optional.Qweb C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Qweb Converter installieren.lnk
PUP.Optional.Qweb C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Qweb Symbol.lnk
PUP.Optional.Qweb C:\Users\Katja\Favorites\Links\Qweb Converter installieren.lnk
PUP.Optional.Qweb C:\Users\Katja\Favorites\Qweb Converter installieren.lnk
PUP.Optional.Qweb C:\Users\Public\Desktop\Qweb Converter installieren.lnk
PUP.Optional.StartFenster C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster Symbol.lnk
PUP.Optional.StartFenster.ShrtCln C:\ProgramData\Microsoft\Windows\Start Menu\Startfenster.lnk
PUP.Optional.StartFenster.ShrtCln C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
PUP.Optional.StartFenster.ShrtCln C:\Users\Katja\Favorites\Links\Startfenster.lnk
PUP.Optional.StartFenster.ShrtCln C:\Users\Katja\Favorites\Startfenster.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
PUP.Optional.StartFenster C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
PUP.Optional.StartFenster C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
PUP.Optional.StartFenster C:\Users\Katja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
PUP.Optional.StartFenster C:\Users\Katja\Desktop\Firefox.lnk
PUP.Optional.StartFenster C:\Users\Public\Desktop\Google Chrome.lnk
***** [ Tasks ] *****
PUP.Optional.AdvancedSystemCare C:\Windows\System32\Tasks\ASC11_PERFORMANCEMONITOR
***** [ Registry ] *****
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|DisplayIcon
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|DisplayName
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92e8bd03-8c7b-4afa-8197-58d85c78203f}|UninstallString
PUP.Optional.AMUpdaterDE HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater
PUP.Optional.AdvancedSystemCare HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 11
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8DBE359-F531-44BD-A0CA-8F97CBF68DCB}
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\System\Setup\FirstBoot\Services\AdvancedSystemCareService11
PUP.Optional.Chip HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service
PUP.Optional.Chip HKLM\Software\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9
PUP.Optional.Chip HKLM\Software\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9
PUP.Optional.Chip HKLM\Software\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E61B1AB66C44604797AC56F6BC3B0FF
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37A47D4566095BF44A2CA19FBDFA04A9
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B90A3D3F68EADC47B40D2D572B76E62
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638EEBF8065E4B845AD5CAB77949D6CC
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\884DF2290FDFBE9408D20E763774932B
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F60B79E6444F2DE4EAC868B34B7EDADA
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE90F95E2F75E9143B28CD4FD9C91A78
PUP.Optional.Chip HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9
PUP.Optional.Chip HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
PUP.Optional.Chip HKLM\System\Setup\FirstBoot\Services\chip1click
PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.GoodGame.ShrtCln HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\GoodGame.de
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\WebDiscoverBrowser
PUP.Optional.Legacy HKLM\Software\WebDiscoverBrowser
PUP.Optional.Legacy HKLM\Software\Wow6432Node\WebDiscoverBrowser
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
PUP.Optional.Legacy HKLM\System\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.QScanSystemCheck HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QScan System-Check
PUP.Optional.QScanSystemCheck HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QScan System-Check
PUP.Optional.Qweb HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Qweb.de
PUP.Optional.StartFenster HKCU\SOFTWARE\AM|GoodGame
PUP.Optional.StartFenster HKCU\SOFTWARE\AM|Startfenster-Replace
PUP.Optional.StartFenster HKCU\Software\AM|Startfenster Symbol
PUP.Optional.StartFenster HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Startfenster-Replace.exe
PUP.Optional.StartFenster HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\Startfenster-Replace.exe
PUP.Optional.StartFenster.ShrtCln HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Startfenster-Replace.de
PUP.Optional.StartFenster.ShrtCln HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Startfenster.de
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.Vondos HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EB9BC83F-521C-4709-98EF-EBF789D0AD57}
PUP.Optional.WebCompanion HKCU\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
Adware.StartPage https://myfiresearch.com/homepage?hp=1&bitmask=9996&pId=CH180901FF&iDate=2018-11-09 05:55:56&bName=
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.ASUSDeviceActivation Folder C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION
Preinstalled.ASUSDeviceActivation Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}
Preinstalled.ASUSGiftBox Folder C:\Program Files (x86)\ASUS\GIFTBOX
Preinstalled.ASUSGiftBox Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\ASUS GIFTBOX
Preinstalled.ASUSLiveUpdate Folder C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE
Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D402CBA4-84F3-46B8-8E45-2BADCA602FA1}
Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker
Preinstalled.ASUSLiveUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}
Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\UPDATE CHECKER
Preinstalled.ASUSProductRegistration Folder C:\Program Files (x86)\ASUS\APRP
Preinstalled.ASUSProductRegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1}
Preinstalled.ASUSSmartGesture Folder C:\Program Files (x86)\ASUS\ASUS SMART GESTURE
Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADC666AD-42FD-4495-8B4A-F97126A4B09E}
Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher
Preinstalled.ASUSSmartGesture Registry HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1}
Preinstalled.ASUSSmartGesture Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}
Preinstalled.ASUSSmartGesture Task C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER
Preinstalled.ASUSSplendid Folder C:\Program Files (x86)\ASUS\SPLENDID
Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE2C0494-7FC4-415B-A615-DF5108CA8853}
Preinstalled.ASUSSplendid Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Splendid ACMON
Preinstalled.ASUSSplendid Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}
Preinstalled.ASUSSplendid Task C:\Windows\System32\Tasks\ASUS SPLENDID ACMON
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Hoffe das hilft erst einmal weiter. Wie schon geschrieben, würde ich gern wissen nach was ich suchen muß wenn es um den Gootkit geht. Einfach um erst einmal zu sehen auf welchem Rechner Handlungsbedarf ist. |
|
05.02.2021, 21:00
| #4 | |
| /// TB-Ausbilder | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchenZitat:
Aber du scheinst auch jemand zu sein, der ständig sein AntiVirenprogramm wechselt... mal Avast, mal McAfee, mal Kasperle... mit Sicherheit hat das nicht viel zu tun. Alle diese Programme hättest du dir sparen können. Ob Gootkit auf dem Rechner war/ist, müssen wir erst auslesen, da wir ja nicht wissen, ob bzw. was Kaspersky noch erkannt hat. Wir bereinigen jetzt erst mal dieses Gerät zu Ende. Wenn wir damit fertig sind, können wir uns das nächste Windows Gerät vornehmen. Eins nach dem anderen. Zudem solltest du dir Gedanken über deine schlechten Downloadquellen machen, du hast dir ja alles Mögliche an PUP/Adware installiert. Downloadquellen Lade keine Software von Chip.de, Softonic.de, sourceforge.net, openoffice.de, VLC.de, audacity.de, gimp24.de oder updatestar.com. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software (Potentially Unwanted Programs, kurz PUP) oder Adware installiert. Auf manchen Seiten wird direkt PUP / Adware zum Download angeboten. Für Windows gibt es seit einiger Zeit einen brauchbaren Paketmanager, der mit einfachen Befehlen es erlaubt, automatisiert Software herunterzuladen und zu installieren. Das erspart eine Menge Arbeit, denn ohne einen Paketmanager muss man jedes Programm selbst prüfen und separat manuell updaten, vorher manuell noch runterladen etc. pp. - siehe auch --> chocolatey Paketmanager für Windows Wir empfehlen dringend, alle Programme, sofern verfügbar, über chocolatey zu installieren. Falls du schon mit Linux zu tun hattest, wird dir die Syntax sehr vertraut sein. Die FAQs zu choco findest du da --> Chocolatey: Häufig gestellte Fragen (englisch) Selbstverständlich darfst du auch Fragen zu chocolatey im o.g. Thread zu chocolatey stellen. Für den seltenen Fall, dass du das benötigte Programm nicht im repository von chocolatey findest: Lade diese Software immer direkt beim jeweiligen Hersteller / Entwickler. Schritt 1 Die folgenden Programme sind veraltet, stören die Bereinigung oder es handelt sich um Werbesoftware bzw. unerwünschte Software (Adware, PUP) und müssen entfernt werden.
Schritt 2 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
Schritt 3
Bitte poste mit deiner nächsten Antwort:
|
|
06.02.2021, 18:18
| #5 |
| | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Die Antwort dauert leider immer etwas länger. Im Moment ist der Rechner "auf Reisen". Deshalb etwas umständlich, aber wir bekommen es hin. Deinstallation lief ohne Probleme durch. Neustart nach Fertigstellung. Alles OK. Und jetzt die Files. Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-02-2021
durchgeführt von Katja (06-02-2021 17:08:40) Run:1
Gestartet von D:\
Geladene Profile: Katja
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ACHTUNG
Edge Profile: C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2020-08-26] <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
Task: {7490A73F-CAAF-4109-9752-D8B4EFE1497A} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\prefs.js
FF SearchPlugin: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\searchplugins\My Firefox Search.xml [2020-11-22]
FF HKLM\...\Firefox\Extensions: [nickrr878@gmail.com] - C:\Program Files (x86)\Vondos\amadello-1.0.3-fx.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [nickrr878@gmail.com] - C:\Program Files (x86)\Vondos\amadello-1.0.3-fx.xpi => nicht gefunden
CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?fr=mcafee&type=E210DE91212G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/gossip/gossip-de-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\\McCSPServiceHost.exe" [X]
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Users\Katja\AppData\Roaming\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Users\Katja\AppData\Local\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\ProgramData\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-02-01 09:13 - 2018-02-21 14:25 - 000000995 _____ C:\Users\Katja\Desktop\Firefox.lnk
2021-02-01 09:13 - 2018-02-21 13:44 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\IObit
2021-02-01 09:13 - 2018-02-21 13:43 - 000000000 ____D C:\Users\Katja\AppData\Roaming\IObit
2021-02-01 09:13 - 2018-02-21 13:43 - 000000000 ____D C:\ProgramData\IObit
2021-01-27 12:53 - 2018-04-18 15:26 - 000000000 ____D C:\ProgramData\Updater
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
CMD: reg query HKCU\Software
CMD: reg query HKCU\Environment
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
Hosts:
RemoveProxy:
SystemRestore: On
EmptyTemp:
*****************
Prozesse erfolgreich geschlossen.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ACHTUNG => erfolgreich wiederhergestellt
C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Mozilla => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Google => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7490A73F-CAAF-4109-9752-D8B4EFE1497A}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7490A73F-CAAF-4109-9752-D8B4EFE1497A}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => nicht gefunden
C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\prefs.js => erfolgreich verschoben
C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\searchplugins\My Firefox Search.xml => erfolgreich verschoben
"HKLM\Software\Mozilla\Firefox\Extensions\\nickrr878@gmail.com" => erfolgreich entfernt
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\nickrr878@gmail.com" => erfolgreich entfernt
"Chrome DefaultSearchURL" => erfolgreich entfernt
"Chrome DefaultSearchKeyword" => erfolgreich entfernt
"Chrome DefaultSuggestURL" => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\DevActSvc => erfolgreich entfernt
DevActSvc => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\mccspsvc => erfolgreich entfernt
mccspsvc => Dienst erfolgreich entfernt
C:\Users\Katja\AppData\Roaming\Lavasoft => erfolgreich verschoben
C:\Users\Katja\AppData\Local\Lavasoft => erfolgreich verschoben
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => erfolgreich verschoben
C:\ProgramData\Lavasoft => erfolgreich verschoben
C:\Program Files (x86)\Lavasoft => erfolgreich verschoben
C:\Users\Katja\Desktop\Firefox.lnk => erfolgreich verschoben
C:\Users\Katja\AppData\LocalLow\IObit => erfolgreich verschoben
C:\Users\Katja\AppData\Roaming\IObit => erfolgreich verschoben
C:\ProgramData\IObit => erfolgreich verschoben
C:\ProgramData\Updater => erfolgreich verschoben
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => erfolgreich entfernt
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => erfolgreich entfernt
========= reg query HKCU\Software =========
HKEY_CURRENT_USER\Software\Adobe
HKEY_CURRENT_USER\Software\AM
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\Applied Acoustics Systems
HKEY_CURRENT_USER\Software\ASIO4ALL v2 by Wuschel
HKEY_CURRENT_USER\Software\ASUS
HKEY_CURRENT_USER\Software\Audiffex
HKEY_CURRENT_USER\Software\Avast Software
HKEY_CURRENT_USER\Software\Blackmagic Design
HKEY_CURRENT_USER\Software\Blizzard Entertainment
HKEY_CURRENT_USER\Software\Brother
HKEY_CURRENT_USER\Software\Browser Cleanup
HKEY_CURRENT_USER\Software\Chromium
HKEY_CURRENT_USER\Software\Clickteam
HKEY_CURRENT_USER\Software\Clients
HKEY_CURRENT_USER\Software\Dim Bulb Games
HKEY_CURRENT_USER\Software\Discord
HKEY_CURRENT_USER\Software\Epic Games
HKEY_CURRENT_USER\Software\ESI
HKEY_CURRENT_USER\Software\Google
HKEY_CURRENT_USER\Software\HDID
HKEY_CURRENT_USER\Software\IGA
HKEY_CURRENT_USER\Software\IM Providers
HKEY_CURRENT_USER\Software\Intel
HKEY_CURRENT_USER\Software\IO Interactive
HKEY_CURRENT_USER\Software\IObit
HKEY_CURRENT_USER\Software\JavaSoft
HKEY_CURRENT_USER\Software\KasperskyLab
HKEY_CURRENT_USER\Software\Khronos
HKEY_CURRENT_USER\Software\Kingsoft
HKEY_CURRENT_USER\Software\KsoLogViewer
HKEY_CURRENT_USER\Software\Lavasoft
HKEY_CURRENT_USER\Software\M-Audio
HKEY_CURRENT_USER\Software\Macromedia
HKEY_CURRENT_USER\Software\MAGIX
HKEY_CURRENT_USER\Software\Microsoft
HKEY_CURRENT_USER\Software\Mozilla
HKEY_CURRENT_USER\Software\MozillaPlugins
HKEY_CURRENT_USER\Software\MuseScore2
HKEY_CURRENT_USER\Software\NCH Software
HKEY_CURRENT_USER\Software\NCH Swift Sound
HKEY_CURRENT_USER\Software\Netscape
HKEY_CURRENT_USER\Software\Nik Software
HKEY_CURRENT_USER\Software\NVIDIA Corporation
HKEY_CURRENT_USER\Software\nwjs
HKEY_CURRENT_USER\Software\OCS
HKEY_CURRENT_USER\Software\ODBC
HKEY_CURRENT_USER\Software\Opera Software
HKEY_CURRENT_USER\Software\Opera Stable Offer
HKEY_CURRENT_USER\Software\Piriform
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software\PreSonus
HKEY_CURRENT_USER\Software\QtProject
HKEY_CURRENT_USER\Software\Realtek
HKEY_CURRENT_USER\Software\RegisteredApplications
HKEY_CURRENT_USER\Software\roamingdevice
HKEY_CURRENT_USER\Software\Snapseed
HKEY_CURRENT_USER\Software\Swiss Academic Software
HKEY_CURRENT_USER\Software\SyncEngines
HKEY_CURRENT_USER\Software\Team 17 Digital ltd.
HKEY_CURRENT_USER\Software\Trolltech
HKEY_CURRENT_USER\Software\Unity
HKEY_CURRENT_USER\Software\UpdateDownloadTool
HKEY_CURRENT_USER\Software\Valve
HKEY_CURRENT_USER\Software\Werner Schweer and Others
HKEY_CURRENT_USER\Software\Wondershare
HKEY_CURRENT_USER\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Classes
========= Ende von CMD: =========
========= reg query HKCU\Environment =========
HKEY_CURRENT_USER\Environment
Path REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
TEMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
OneDrive REG_EXPAND_SZ C:\Users\Katja\OneDrive
OneDriveConsumer REG_EXPAND_SZ C:\Users\Katja\OneDrive
========= Ende von CMD: =========
"AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}" => erfolgreich entfernt
"AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}" => erfolgreich entfernt
"AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}" => erfolgreich entfernt
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
========= netsh advfirewall reset =========
OK.
========= Ende von CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= Ende von CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
0 out of 0 jobs canceled.
========= Ende von CMD: =========
========= Set-MpPreference -PUAProtection Enabled =========
Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -PUAProtection Enabled
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
========= Ende von Powershell: =========
========= Set-MpPreference -DisableScanningNetworkFiles 0 =========
Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -DisableScanningNetworkFiles 0
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
========= Ende von Powershell: =========
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-2081738662-375674699-890820183-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-2081738662-375674699-890820183-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
========= Ende von RemoveProxy: =========
SystemRestore: On => abgeschlossen
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1069447169 B
Java, Flash, Steam htmlcache => 29063879 B
Windows/system/drivers => 24230420 B
Edge => 175272 B
Chrome => 308644 B
Firefox => 1011803918 B
Opera => 699602 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 327308 B
systemprofile32 => 327308 B
LocalService => 549662 B
NetworkService => 562714 B
defaultuser0 => 562714 B
Katja => 353656716 B
RecycleBin => 0 B
EmptyTemp: => 2.3 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 17:22:18 ====
Jetzt die FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-02-2021
durchgeführt von Katja (Administrator) auf DESKTOP-72DG63D (ASUSTeK COMPUTER INC. X550VXK) (06-02-2021 17:24:26)
Gestartet von D:\
Geladene Profile: Katja
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\APRP\aprp.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Discord Inc. -> Discord Inc.) C:\Users\Katja\AppData\Local\Discord\app-0.0.307\Discord.exe <3>
(Epic Games Inc. -> Epic Games, Inc.) D:\Programme\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(INMUSIC BRANDS INC -> M-Audio) C:\Program Files (x86)\M-Audio\M-Track 8X4M\AudioDevMon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avpui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Katja\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1310_none_16f941c72a2d5db6\TiWorker.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Opera Software AS -> Opera Software) C:\Users\Katja\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe <5>
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-11-24] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [U22_XT_USBPan.exe] => U22_XT_USBPan.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [EpicGamesLauncher] => D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-26] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Discord] => C:\Users\Katja\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Opera Browser Assistant] => C:\Users\Katja\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Katja\AppData\Local\ASUS GIFTBOX\User Data" (Der Dateneintrag hat 123 mehr Zeichen).
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\MountPoints2: {14fa7206-e242-11ea-a1a1-107b443602d0} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\ricu0olm: C:\Windows\system32\ricu0olm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-06] (Google LLC -> Google LLC)
Startup: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2019-06-13]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {15553461-2314-4A24-8313-64720A14A97F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {193DA2E6-54EA-424B-AE52-56180AAF83F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1683352 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {21532607-F3D4-43B3-B4E4-D37D5E0641F3} - System32\Tasks\WpsUpdateTask_Katja => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\wtoolex\wpsupdate.exe [653992 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {26EA8E84-31FF-4A4F-8979-C943775CD602} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DB6C0B4-139B-4E0F-B31B-AC8365E534F0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19786024 2016-08-24] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {309E3EF8-8C76-4B15-8BA2-267A6707F7A7} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [1531136 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {389DC292-80F9-442C-9D2B-8D863F3BB0DA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {48B71FCF-1E7C-475F-B4BB-0F13ECF34572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {49667D5A-CD48-450C-8C02-0CC76DF53805} - System32\Tasks\WpsExternal_Katja_20200105153215 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [1285800 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {4A9E92C6-71BC-4D3A-A253-4E5BED30AB27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {507EF729-A441-47D8-9406-67BAB2B275B8} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-72DG63D-Katja => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {514823E1-3CEB-4CF2-BB8E-247EF4F1BE96} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {526B461F-F78A-4DA3-BEE2-98A3AC71F919} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
Task: {530A2AED-1596-4E51-941E-50EC3AAE014A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EE08B53-5F87-4A5E-86DF-72BD5B745C05} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1578784 2016-07-07] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [Datei ist nicht signiert]
Task: {60BD2060-BA9B-4D8F-99AA-F6618286B46E} - System32\Tasks\Opera scheduled Autoupdate 1594114837 => C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {700439AD-0AB3-4DD0-A72E-D2F57A21FF17} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16747008 2016-11-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7D419AF6-982D-450D-AFA0-604D61AD674E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {8360F909-7D21-44F5-8E92-5C7FB75F3303} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {874E847A-2205-4D08-9C8D-503CC5084CB4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {88E1451A-F1C5-47BC-918C-B2CAED651BFD} - System32\Tasks\Opera scheduled assistant Autoupdate 1594114845 => C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Katja\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {89A74F5F-6F3C-4F4F-BCEB-D5112F9F6805} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {984DAAFA-04CC-4CF7-9ED2-9765C6EC6DA7} - System32\Tasks\ASUS Battery Health Charging Notification => C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe [2478776 2016-11-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {9AF5EFAF-9494-482F-8013-BBD24EEA707F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {A159E453-6C69-4E9C-BBC4-9DDFCA839196} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2013264 2017-12-12] (NVIDIA Corporation -> )
Task: {AE9450CD-A96E-484A-A097-91A71670044F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF13C45B-52CE-454F-B936-433171A8EDC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5C781C4-C567-437B-8A6D-32E069B44BFF} - System32\Tasks\AdwCleaner_onReboot => //SRV-DC01/Setups/Virenscanner/adwcleaner_8.0.9.1(1).exe
Task: {C4C864FF-EBB4-4E60-AE3B-61195E0EC7DE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {D031EDA3-3A4E-4F06-9E36-A621F355BD99} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D22A7074-279B-4B0A-9ADC-2FC199E12731} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {D402CBA4-84F3-46B8-8E45-2BADCA602FA1} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {E29396D1-54EA-4339-B0AD-04F1569B63DA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation)
Task: {E39B04FB-3166-494E-B519-06F60D7B1BBC} - System32\Tasks\WpsExternal_20161111081738 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [1285800 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {EB155E2A-DE4D-4BD6-97F5-07FD98330620} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {F74A871A-865E-43E3-ABBC-DA125CD0410D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\WpsExternal_20161111081738.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{534d5b2c-e792-4b93-a565-cef7f7cdc6cf}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{b9c5cc92-b6cb-46af-8f47-f62d5468f69a}: [DhcpNameServer] 192.168.178.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-05]
Edge Extension: (Kaspersky Protection) - C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-01-28]
Edge Extension: (Citavi Picker) - C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-01-06]
Edge HKU\S-1-5-21-2081738662-375674699-890820183-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]
FireFox:
========
FF DefaultProfile: x11q7e72.default-1575375523631
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 [2021-02-06]
FF Notifications: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://adshield.me; hxxps://studip.sw.eah-jena.de
FF Extension: (AdShield) - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\Extensions\{32d829ea-7c44-4510-b199-a212400315c5}.xpi [2020-01-01] [UpdateUrl:hxxps://cdn.adshield-cdn.co/xpi/adshield/data/1219/updates.json]
FF Extension: (Citavi Picker) - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2021-01-05]
FF Extension: (Citavi Picker) - C:\Program Files\Mozilla Firefox\distribution\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2020-10-27]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => nicht gefunden
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-01-28] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-01-28] <==== ACHTUNG
Chrome:
=======
CHR Profile: C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default [2021-02-06]
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Docs) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-08]
CHR Extension: (Google Drive) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-08]
CHR Extension: (YouTube) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-08]
CHR Extension: (Tabellen) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-23]
CHR Extension: (Google Mail) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-23]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]
Opera:
=======
OPR Profile: C:\Users\Katja\AppData\Roaming\Opera Software\Opera Stable [2021-02-06]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AsBhcService; C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe [114360 2016-10-20] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 AVP21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe [381928 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8854920 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S3 klvssbridge64_21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\vssbridge64.exe [467352 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [351424 2021-01-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 KSDE5.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe [644264 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MTrack8X4MAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track 8X4M\AudioDevMon.exe [289880 2018-06-07] (INMUSIC BRANDS INC -> M-Audio)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [244392 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare UniConverter (Desktop Deutsch)\Transfer\DriverInstall.exe [112560 2020-04-21] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AiCharger; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29312 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [98784 2016-09-01] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [251608 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [24056 2017-07-19] (IObit Information Technology -> IObit)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110392 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [212280 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [127288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37496 2020-10-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [523576 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [659768 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1341232 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.2\Bases\klids.sys [244784 2021-01-28] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1025336 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [95544 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [97080 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2020-10-21] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [257208 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2021-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [310232 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116888 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [207352 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [153400 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [250168 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300856 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-04 20:43 - 2021-02-06 17:24 - 000000000 ____D C:\FRST
2021-02-01 09:13 - 2021-02-01 09:13 - 000003208 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2021-02-01 09:11 - 2021-02-01 09:13 - 000000000 ____D C:\AdwCleaner
2021-01-28 20:57 - 2021-01-28 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-28 10:10 - 2021-02-06 16:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-28 07:57 - 2021-01-28 07:57 - 000001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000001209 _____ C:\Users\Public\Desktop\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000001209 _____ C:\ProgramData\Desktop\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000000000 ____D C:\Users\Katja\NCH Software Produktpalette
2021-01-27 12:45 - 2021-01-27 12:45 - 000310232 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-01-27 12:45 - 2021-01-27 12:45 - 000001229 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2021-01-27 12:45 - 2021-01-27 12:45 - 000001229 _____ C:\ProgramData\Desktop\Kaspersky Password Manager.lnk
2021-01-27 12:45 - 2021-01-27 12:45 - 000000000 ____D C:\Users\Katja\AppData\Local\Kaspersky Lab
2021-01-27 12:44 - 2021-01-27 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2021-01-27 12:43 - 2021-01-27 12:43 - 000257208 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000207352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000116888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000099152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000001165 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-01-27 12:43 - 2021-01-27 12:43 - 000001165 _____ C:\ProgramData\Desktop\Kaspersky VPN.lnk
2021-01-27 12:43 - 2021-01-27 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-01-27 12:43 - 2021-01-27 12:43 - 000000000 ____D C:\Program Files\Common Files\AV
2021-01-27 12:42 - 2021-01-27 12:44 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-01-27 12:42 - 2021-01-27 12:44 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-01-27 12:42 - 2021-01-27 12:42 - 000002150 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2021-01-27 12:42 - 2021-01-27 12:42 - 000002150 _____ C:\ProgramData\Desktop\Kaspersky Anti-Virus.lnk
2021-01-27 12:42 - 2021-01-27 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2021-01-27 12:42 - 2020-10-21 23:12 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2021-01-27 12:42 - 2020-10-21 23:11 - 001025336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-01-27 12:42 - 2020-10-21 23:11 - 000523576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-01-26 17:40 - 2021-01-26 17:40 - 000002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-01-13 16:58 - 2021-01-13 16:58 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 16:58 - 2021-01-13 16:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 16:58 - 2021-01-13 16:58 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 16:58 - 2021-01-13 16:58 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 16:58 - 2021-01-13 16:58 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 16:58 - 2021-01-13 16:58 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 16:57 - 2021-01-13 16:57 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 16:57 - 2021-01-13 16:57 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 16:57 - 2021-01-13 16:57 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-13 16:56 - 2021-01-13 16:56 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 16:56 - 2021-01-13 16:56 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 16:56 - 2021-01-13 16:56 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 16:56 - 2021-01-13 16:56 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 16:56 - 2021-01-13 16:56 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 16:55 - 2021-01-13 16:56 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-06 17:25 - 2020-04-08 08:24 - 000000000 ____D C:\Program Files\CCleaner
2021-02-06 17:23 - 2020-04-28 11:44 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-06 17:23 - 2019-09-16 17:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-06 17:23 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-06 17:23 - 2019-03-19 05:37 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-02-06 17:23 - 2018-02-20 22:32 - 000000000 ___RD C:\Users\Katja\OneDrive
2021-02-06 17:23 - 2018-02-20 22:30 - 000000000 __SHD C:\Users\Katja\IntelGraphicsProfiles
2021-02-06 17:23 - 2017-07-20 17:25 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-06 17:12 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-02-06 17:10 - 2018-04-07 11:04 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\Temp
2021-02-06 17:02 - 2018-05-14 15:25 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-06 17:02 - 2018-05-14 15:25 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-06 17:02 - 2018-05-14 15:25 - 000002254 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-06 16:57 - 2020-08-23 18:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-06 16:57 - 2020-08-23 18:23 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-06 16:57 - 2020-08-23 18:23 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-02-06 16:57 - 2019-09-16 17:19 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-06 16:57 - 2019-09-16 17:19 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-06 16:56 - 2018-02-21 10:21 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\Mozilla
2021-02-05 14:11 - 2019-09-16 17:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-05 09:32 - 2019-09-16 17:20 - 001725108 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-05 09:32 - 2019-03-19 13:16 - 000746614 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-05 09:32 - 2019-03-19 13:16 - 000150886 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-05 09:32 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-05 09:30 - 2020-05-09 09:27 - 000000000 ____D C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Natomic Studios
2021-02-05 09:30 - 2020-04-08 08:25 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-05 09:30 - 2019-09-16 17:12 - 000000000 ____D C:\Users\Katja
2021-02-05 09:30 - 2018-02-20 22:53 - 000000000 ____D C:\Users\Katja\AppData\Local\CrashDumps
2021-02-04 19:52 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-04 19:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-04 19:50 - 2020-11-04 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-02-04 19:50 - 2019-09-16 17:19 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2081738662-375674699-890820183-1001
2021-02-04 19:50 - 2019-09-16 17:12 - 000002381 _____ C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-01 09:13 - 2018-02-20 16:14 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-01 09:13 - 2018-02-20 16:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-01 09:13 - 2016-11-11 09:17 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-02-01 09:10 - 2018-02-20 22:33 - 000000200 _____ C:\Users\Katja\AppData\Roaming\sp_data.sys
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\Users\Katja\AppData\Roaming\NCH Software
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\ProgramData\NCH Software
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\Program Files (x86)\NCH Software
2021-01-28 07:53 - 2018-03-05 15:15 - 000000000 ____D C:\Users\Katja\AppData\Local\Packages
2021-01-27 12:42 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-27 12:37 - 2018-02-20 16:15 - 000000000 ____D C:\ProgramData\AVAST Software
2021-01-27 12:37 - 2016-11-11 09:17 - 000000742 _____ C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job
2021-01-27 12:37 - 2016-11-11 09:17 - 000000448 _____ C:\WINDOWS\Tasks\WpsExternal_20161111081738.job
2021-01-27 12:34 - 2018-04-23 10:23 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-26 17:40 - 2019-01-14 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-26 17:40 - 2018-03-23 10:43 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-26 17:36 - 2018-02-21 13:44 - 000000000 ____D C:\ProgramData\ProductData
2021-01-26 12:54 - 2020-08-23 18:22 - 000003628 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-26 12:54 - 2020-08-23 18:22 - 000003404 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-26 12:54 - 2020-07-07 10:40 - 000003854 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1594114845
2021-01-26 12:54 - 2020-07-07 10:40 - 000003622 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1594114837
2021-01-26 12:54 - 2020-01-05 15:32 - 000002938 _____ C:\WINDOWS\system32\Tasks\WpsExternal_Katja_20200105153215
2021-01-26 12:54 - 2019-12-12 19:46 - 000002666 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Katja
2021-01-26 12:54 - 2019-10-06 14:52 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-01-26 12:54 - 2019-09-16 17:19 - 000003266 _____ C:\WINDOWS\system32\Tasks\WpsKtpcntrQingTask_Administrator
2021-01-26 12:54 - 2019-09-16 17:19 - 000003118 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-01-26 12:54 - 2019-09-16 17:19 - 000003024 _____ C:\WINDOWS\system32\Tasks\WpsExternal_20161111081738
2021-01-26 12:54 - 2019-09-16 17:19 - 000002968 _____ C:\WINDOWS\system32\Tasks\Update Checker
2021-01-26 12:54 - 2019-09-16 17:19 - 000002924 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
2021-01-26 12:54 - 2019-09-16 17:19 - 000002798 _____ C:\WINDOWS\system32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-26 12:54 - 2019-09-16 17:19 - 000002770 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-72DG63D-Katja
2021-01-26 12:54 - 2019-09-16 17:19 - 000002562 _____ C:\WINDOWS\system32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-26 12:54 - 2019-09-16 17:19 - 000002346 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice
2021-01-26 12:54 - 2019-09-16 17:19 - 000002340 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus
2021-01-26 12:54 - 2019-09-16 17:19 - 000002330 _____ C:\WINDOWS\system32\Tasks\ASUS Battery Health Charging Notification
2021-01-26 12:54 - 2019-09-16 17:19 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-01-26 12:54 - 2019-09-16 17:19 - 000002214 _____ C:\WINDOWS\system32\Tasks\ATK Package A22126881260
2021-01-26 09:45 - 2018-06-26 14:08 - 000000000 ____D C:\Users\Katja\AppData\Local\AVAST Software
2021-01-21 20:53 - 2020-04-08 08:25 - 000002234 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-01-21 07:52 - 2020-07-07 10:40 - 000001407 _____ C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2021-01-16 18:40 - 2018-11-09 17:01 - 000000000 ____D C:\Users\Katja\AppData\Local\Bitwig Studio
2021-01-13 17:12 - 2019-09-16 17:09 - 000568528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-13 17:12 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-13 17:12 - 2018-03-05 15:31 - 000000000 ___RD C:\Users\Katja\3D Objects
2021-01-13 17:12 - 2017-07-20 17:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-13 17:11 - 2019-03-19 13:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 17:11 - 2019-03-19 13:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 17:05 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 17:04 - 2018-02-22 12:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 17:01 - 2018-02-22 12:39 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 16:55 - 2019-09-16 17:10 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-12 08:58 - 2019-09-16 17:12 - 000000000 ____D C:\Users\defaultuser0
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2018-11-09 17:48 - 2018-11-09 17:48 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P10804_GK Amplification 2 LE_log.inTone2Log
2018-11-10 09:48 - 2018-11-10 09:48 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P13568_ampLion Free_log.inTone2Log
2018-11-10 09:45 - 2018-11-10 09:45 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P14776_GK Amplification 2 LE_log.inTone2Log
2018-11-10 15:20 - 2018-11-10 15:20 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P15472_GK Amplification 2 LE_log.inTone2Log
2020-11-05 16:01 - 2020-11-05 16:01 - 000003820 _____ () C:\Users\Katja\AppData\Roaming\P15960_ampLion Free_log.inTone2Log
2019-01-17 16:09 - 2019-01-17 16:09 - 000003631 _____ () C:\Users\Katja\AppData\Roaming\P16284_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:16 - 2018-11-09 19:16 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P16504_GK Amplification 2 LE_log.inTone2Log
2018-11-10 10:01 - 2018-11-10 10:01 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P16824_GK Amplification 2 LE_log.inTone2Log
2018-11-10 13:21 - 2018-11-10 13:21 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P17308_GK Amplification 2 LE_log.inTone2Log
2018-11-10 10:01 - 2018-11-10 10:01 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P17920_ampLion Free_log.inTone2Log
2018-11-10 15:20 - 2018-11-10 15:20 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P19080_ampLion Free_log.inTone2Log
2018-11-10 13:20 - 2018-11-10 13:20 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P3408_ampLion Free_log.inTone2Log
2018-11-09 17:35 - 2018-11-09 17:35 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P3784_ampLion Free_log.inTone2Log
2018-11-09 16:42 - 2018-11-09 16:42 - 000003755 _____ () C:\Users\Katja\AppData\Roaming\P4268_GK Amplification 2 LE_log.inTone2Log
2018-11-09 16:45 - 2018-11-09 16:45 - 000003616 _____ () C:\Users\Katja\AppData\Roaming\P4708_ampLion Free_log.inTone2Log
2018-11-09 17:23 - 2018-11-09 17:23 - 000030467 _____ () C:\Users\Katja\AppData\Roaming\P7612_inTone2 ESI Edition_log.inTone2Log
2018-11-09 17:35 - 2018-11-09 17:35 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P7732_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:10 - 2018-11-09 19:10 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P7752_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:47 - 2018-11-09 19:47 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P9936_GK Amplification 2 LE_log.inTone2Log
2018-02-20 22:33 - 2021-02-01 09:10 - 000000200 _____ () C:\Users\Katja\AppData\Roaming\sp_data.sys
2018-10-02 11:46 - 2018-10-02 11:46 - 000000000 _____ () C:\Users\Katja\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Die 3. Datei im nächsten Beitrag. |
|
06.02.2021, 18:20
| #6 |
| | Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Und hier noch die Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-02-2021
durchgeführt von Katja (06-02-2021 17:27:02)
Gestartet von D:\
Windows 10 Home Version 1909 18363.1316 (X64) (2019-09-16 16:19:24)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2081738662-375674699-890820183-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2081738662-375674699-890820183-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2081738662-375674699-890820183-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-2081738662-375674699-890820183-501 - Limited - Disabled)
Katja (S-1-5-21-2081738662-375674699-890820183-1001 - Administrator - Enabled) => C:\Users\Katja
WDAGUtilityAccount (S-1-5-21-2081738662-375674699-890820183-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_1) (Version: 15.0.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
ampLion Free 1.2.0 (HKLM-x32\...\{C0355E2A-5FA6-4782-85B1-107C560E904A}_is1) (Version: 1.2.0 - Audiffex)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS Battery Health Charging (HKLM-x32\...\{3A7E73B6-3A04-49ED-811E-CC39F7EA2E34}) (Version: 1.0.0002 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
Atti-TUBE (HKLM-x32\...\Atti-TUBE) (Version: - )
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.16 - ICEpower a/s)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitwig 8-Track (HKLM-x32\...\{8A2AC349-1D0C-475B-980B-FC3BA141153F}) (Version: 1.3.7.37083 - Bitwig GmbH)
Bitwig Studio (HKLM\...\{7180D515-FED7-40B8-9090-C3307A2463A6}) (Version: 3.0.3.81986 - Bitwig GmbH)
Bovbjerg Piano Module (HKLM-x32\...\Bovbjerg Piano Module) (Version: - )
Brother MFL-Pro Suite MFC-J4410DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.7.0.0 - Swiss Academic Software)
Clickteam Fusion 2.5 Free Edition (HKLM-x32\...\Clickteam Fusion 2.5 Free Edition) (Version: - Clickteam)
CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
DaVinci Resolve (HKLM\...\{B038DE18-6092-4C56-ACD4-E268DCFE2B20}) (Version: 14.3.0014 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{332552D0-B8EE-49BF-B904-E038A72BD2B2}) (Version: 1.1.2.0 - Blackmagic Design)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
Discord (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EGOSYS FX-Pack (HKLM-x32\...\EGOSYS FX-Pack) (Version: - )
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.11.0.73 - NVIDIA Corporation) Hidden
GK Amplification 2 LE 2.2.2 (HKLM-x32\...\{CB13830D-9A15-4D25-A55C-9E52BF57DD4B}_is1) (Version: 2.2.2 - Audiffex)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
IBM SPSS Statistics 25 (HKLM\...\{C2D1E17D-CB8A-4742-84FA-1DB5C6A1ABDD}) (Version: 25.0.0.0 - IBM Corp)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7325 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.5.1035 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
inTone 2 ESI Edition 2.4.0 (HKLM-x32\...\{D72463A2-6C42-41DF-9114-D939C8E65A9D}_is1) (Version: 2.4.0.86 - Audified)
inTone 2 ESI Edition 64bit 2.4.0 (HKLM\...\{0A7FC75F-817B-416D-B927-CDB4C1404866}_is1) (Version: 2.4.0.86 - Audified)
Jitsi (HKLM\...\{D20996B9-BCB6-4877-8104-BDEEF5ED3097}) (Version: 2.10.5550 - Jitsi)
Kaspersky Anti-Virus (HKLM-x32\...\{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 - Kaspersky)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky VPN (HKLM-x32\...\{221FA56C-0A92-4E58-98FD-CAF82237540C}) (Version: 21.2.16.590 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{221FA56C-0A92-4E58-98FD-CAF82237540C}) (Version: 21.2.16.590 - Kaspersky)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LUXONIX LFX-1310 (HKLM-x32\...\LUXONIX_LFX-1310) (Version: 1.2 - LUXONIX)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM\...\{AEC8A163-C23A-4348-A31F-750BAF9519E4}) (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver (HKLM-x32\...\MX.{AEC8A163-C23A-4348-A31F-750BAF9519E4}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver Soundpools (HKLM\...\{9B02E643-CFDA-435E-9538-C02234A42021}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
M-Audio M-Track 8X4M 1.0.3 (HKLM\...\{5E248784-8915-4AF3-A06B-6D3A050B4B9C}) (Version: 1.0.3 - M-Audio)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13127.21064 - Microsoft Corporation)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13127.21064 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Teams) (Version: 1.3.00.3564 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MixPad Musikstudio-Software (HKLM-x32\...\MixPad) (Version: 5.99 - NCH Software)
Mozilla Firefox 85.0 (x64 de) (HKLM\...\Mozilla Firefox 85.0 (x64 de)) (Version: 85.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{0317B5F7-01A3-4640-A491-456B453CCAB3}) (Version: 2.2.1 - Werner Schweer and Others)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Opera Stable 73.0.3856.344 (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
PhotoPad Foto-Editor (HKLM-x32\...\PhotoPad) (Version: 6.78 - NCH Software)
PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.3.3.41198 - PreSonus Audio Electronics)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.887.091316 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7997 - Realtek Semiconductor Corp.)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0008 - REALTEK Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Snapseed (HKLM-x32\...\{D5BEB842-5696-4AE8-A222-03D06384856D}) (Version: 1.2.1 - Nik Software, Inc.)
Stanton Deckadance 2.72 (HKLM-x32\...\Stanton Deckadance) (Version: 2.72 - Stanton)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studio Devil British Valve Custom v1.1 (HKLM-x32\...\{9DEE696E-FBA6-473A-9B5E-576E86B6183F}) (Version: 1.1.0 - Studio Devil)
StudioDevil VGA 1.3 (HKLM-x32\...\StudioDevil VGA_is1) (Version: - StudioDevil)
Tassman ESI Edition (HKLM-x32\...\{AF9F71C9-2F5F-4E00-9A34-D7BC1D6E1DA7}) (Version: - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.34161 - Microsoft Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
U22 XT USB Driver version v1.3.1.0 (HKLM\...\{A7C4B7E9-C70A-4D75-A497-EFE8E61B3409}_is1) (Version: v1.3.1.0 - ESI-Audiotechnik)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM-x32\...\{F35DD4F5-1F85-43CD-AC7A-FE54CA7EABA2}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 11.22 - NCH Software)
Windows Driver Package - ASUS (AsusTP) Mouse (08/19/2016 6.0.0.83) (HKLM\...\67D3C04C0088D5D88ABB7419CBFDF094E3B809C1) (Version: 08/19/2016 6.0.0.83 - ASUS)
Windows Driver Package - ESI (U22_XT_USB_AA) MEDIA (10/11/2018 1.3.1.0) (HKLM\...\406BEFE077C994845635F321499568604730DB83) (Version: 10/11/2018 1.3.1.0 - ESI)
Windows Driver Package - ESI (U22_XT_USBWDM_01) MEDIA (10/11/2018 1.3.1.0) (HKLM\...\614DB88564DB0A7BD420220B25837D9047C59561) (Version: 10/11/2018 1.3.1.0 - ESI)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 11.7.5.1) (HKLM-x32\...\UniConverter_is1) (Version: 11.7.5.1 - Wondershare Software)
WPS Office (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Kingsoft Office) (Version: 10.2.0.7646 - Kingsoft Corp.)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Packages:
=========
ASUS ZenLink -> C:\Program Files\WindowsApps\B9ECED6F.ZenSync_1.0.7.0_x86__qmba6cd70vzyy [2018-02-21] (ASUSTeK COMPUTER INC.) [MS Ad]
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-10] (Autodesk Inc.)
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.3.18.0_x86__ffd303wmbhcjt [2020-07-26] (BreeZip) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2020-12-28] (Dolby Laboratories)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-13] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-16] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-09-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Studios) [MS Ad]
-My Notes- -> C:\Program Files\WindowsApps\22944SamJarawan.-MyNotes-_2.1.47.0_x64__3gv8nk7frgb5p [2020-03-05] (Sam Jarawan) [MS Ad]
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-05-01] (ASUSTeK COMPUTER INC.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-26] (Netflix, Inc.)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.6.0.0_x86__fxme7667cy4q4 [2020-02-16] (Ricoh Company, Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-31] (Spotify AB) [Startup Task]
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_2.5.1.0_x64__t4vj0pshhgkwm [2020-12-28] (Telegram Messenger LLP)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2100.7.0_x64__cv1g1gvanyjgm [2021-01-28] (WhatsApp Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-04-11] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52 [2021-01-19] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6B64E7666B22} -> [Creative Cloud Files] => C:\Users\Katja\Creative Cloud Files [2018-02-20 16:59]
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Katja\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Katja\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2081738662-375674699-890820183-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxDTCM.dll [2019-10-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers1_S-1-5-21-2081738662-375674699-890820183-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers5_S-1-5-21-2081738662-375674699-890820183-1001: [ qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\qingshellext64.dll [2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Katja\Desktop\facebook.lnk -> C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
ShortcutWithArgument: C:\Users\Katja\Desktop\Profil 1 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Default"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2018-04-10 14:29 - 2009-02-27 15:38 - 000139264 ____R () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-11-07 13:03 - 2016-07-21 10:54 - 000137728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-11-07 13:03 - 2017-03-23 09:49 - 001506304 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-04-10 14:29 - 2017-11-07 18:55 - 000137728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2018-04-10 14:29 - 2017-08-18 10:23 - 000087552 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2018-04-10 14:29 - 2017-08-18 10:23 - 017974784 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2018-04-10 14:29 - 2017-11-07 19:04 - 000095232 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcLGer.dll
2018-05-14 15:22 - 2017-11-07 18:55 - 000440832 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\Track.dll
2020-07-26 15:22 - 2020-07-26 15:22 - 001410560 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\3138AweZip.AweZip_1.3.18.0_x86__ffd303wmbhcjt\BackgoundTaskUWP.dll
2019-11-10 14:18 - 2019-11-10 14:18 - 000710656 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52\e_sqlite3.dll
2021-01-19 11:29 - 2021-01-19 11:29 - 038125568 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52\Xing.UWP.dll
2018-04-10 14:29 - 2005-04-22 05:36 - 000143360 _____ () [Datei ist nicht signiert] C:\WINDOWS\system32\BrSNMP64.dll
2018-04-10 14:29 - 2012-04-23 14:03 - 000380928 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-04-10 14:29 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BroSNMP.dll
2018-04-10 14:29 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2018-04-10 14:29 - 2012-01-11 13:39 - 000626688 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2018-04-10 14:29 - 2012-07-27 06:07 - 000087040 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\WINDOWS\system32\BrNetSti.dll
2020-12-19 21:12 - 2020-12-19 21:14 - 088921088 _____ (HP Development Company, L.P.) [Datei ist nicht signiert] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6\HP.Smart.dll
2017-07-20 17:41 - 2017-07-20 17:41 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2017-07-20 17:41 - 2017-07-20 17:41 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2017-07-20 17:26 - 2016-06-14 21:01 - 001298640 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2017-07-20 17:26 - 2016-06-14 21:01 - 001767944 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\WINDOWS\system32\nvspcap64.dll
2020-11-07 13:03 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2081738662-375674699-890820183-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2081738662-375674699-890820183-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.DLL [2020-10-27] (Swiss Academic Software -> Swiss Academic Software)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.DLL [2020-10-27] (Swiss Academic Software -> Swiss Academic Software)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-07-16 12:47 - 2021-02-06 17:08 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2019-05-02 14:52 - 2019-07-13 19:54 - 000000513 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\IBM\SPSS\Statistics\25\JRE\bin
HKU\S-1-5-21-2081738662-375674699-890820183-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katja\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG-20201126-WA0000.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{11991BB3-3EAA-41BC-8B24-E496EE1D07B0}C:\program files\windowsapps\spotifyab.spotifymusic_1.151.382.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.151.382.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{F37C834D-9E96-4E42-8F6D-A197D7965A2F}C:\program files\windowsapps\spotifyab.spotifymusic_1.151.382.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.151.382.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/06/2021 05:20:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (556,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/06/2021 05:13:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8692,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/06/2021 04:56:38 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/05/2021 09:39:01 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4568,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/05/2021 09:30:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Blizzard Uninstaller.exe, Version: 1.16.2.82, Zeitstempel: 0x5c33aa06
Name des fehlerhaften Moduls: Blizzard Uninstaller.exe, Version: 1.16.2.82, Zeitstempel: 0x5c33aa06
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001089f
ID des fehlerhaften Prozesses: 0x16a0
Startzeit der fehlerhaften Anwendung: 0x01d6fb9930a58ae4
Pfad der fehlerhaften Anwendung: C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe
Pfad des fehlerhaften Moduls: C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe
Berichtskennung: 2f3bb63c-654d-489a-a5c2-891599b1a8e3
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/05/2021 09:30:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Blizzard Uninstaller.exe, Version: 1.16.2.82, Zeitstempel: 0x5c33aa06
Name des fehlerhaften Moduls: Blizzard Uninstaller.exe, Version: 1.16.2.82, Zeitstempel: 0x5c33aa06
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001089f
ID des fehlerhaften Prozesses: 0x84c
Startzeit der fehlerhaften Anwendung: 0x01d6fb992af2e444
Pfad der fehlerhaften Anwendung: C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe
Pfad des fehlerhaften Moduls: C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe
Berichtskennung: d36216d7-155a-48fe-ae8e-1b3c0d817168
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/05/2021 09:04:43 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (16416,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/04/2021 09:01:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (20028,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Systemfehler:
=============
Error: (02/06/2021 05:26:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-72DG63D)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/06/2021 05:23:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-72DG63D)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/06/2021 05:08:50 PM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Ein DCOM-Server konnte nicht gestartet werden: {0358B920-0AC7-461F-98F4-58E32CD89148}. Fehler:
"2147942405"
Aufgetreten beim Start dieses Befehls:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (02/06/2021 05:08:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kaspersky VPN Secure Connection-Dienst 5.2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/06/2021 05:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/06/2021 05:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/06/2021 05:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/06/2021 05:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Windows Defender:
===================================
Date: 2019-10-04 11:57:21.190
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {D16400BC-88C2-4381-B6F9-DC061612597D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-27 22:17:21.150
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {EE759CBA-47EA-4D4E-9AC5-6BFA8D4E81B7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-19 19:56:45.729
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {A8668A42-07EA-4C37-9C09-8DA205B37B8E}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2019-09-19 18:46:11.603
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {CF066013-967D-42CB-B320-3E525CF6020C}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-02-05 09:29:39.348
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.329.2954.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.17700.4
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2021-02-05 09:29:39.348
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.329.2954.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.17700.4
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2021-02-05 09:29:39.347
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.329.2954.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.17700.4
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2021-02-05 09:29:39.340
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.329.2954.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.17700.4
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2021-02-05 09:29:39.340
Description:
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.329.2954.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.17700.4
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
CodeIntegrity:
===================================
Date: 2021-02-06 17:25:17.788
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:10.838
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:10.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:10.803
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:06.903
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:05.675
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:04.876
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-02-06 17:25:02.849
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. X550VXK.307 04/19/2019
Hauptplatine: ASUSTeK COMPUTER INC. X550VXK
Prozessor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 8077.04 MB
Verfügbarer physikalischer RAM: 3511.78 MB
Summe virtueller Speicher: 10253.04 MB
Verfügbarer virtueller Speicher: 5686.91 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:117.71 GB) (Free:23.44 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:809.58 GB) NTFS
\\?\Volume{db185c5f-80e1-4e3e-a56f-5e871b78703c}\ () (Fixed) (Total:0.48 GB) (Free:0.04 GB) NTFS
\\?\Volume{002f04c3-60f1-4b35-8840-89fa1788299f}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.44 GB) NTFS
\\?\Volume{fc5b06db-5457-4b06-81cf-80528ff87fee}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 646A106C)
Partition: GPT.
==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 726C32AF)
Partition: GPT.
==================== Ende von Addition.txt =======================
Jetzt bin ich gespannt. |
|
| Themen zu Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen |
| .dll, administrator, adobe, avast, cid, computer, cs3, defender, firefox, frage, google, home, homepage, kaspersky, mozilla, nvidia, prozesse, realtek, registry, scan, server, software, temp, webadvisor, windows, zugriff verweigert |
Hybrid-Darstellung
