| |
| |||||||
Mülltonne: Kein Ton durch VirusWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
05.04.2021, 19:02
| #1 |
| |  Kein Ton durch Virus Hallo Trojaner-Board! Da meine Kaspersky Lizenz abgelaufen war, war der Schutz deaktiviert. Ich habe das Programm deinstalliert und Avira Security installiert. Es war 1 Tag kein Antivirus-Programm installiert und ich habe mir durch eine Pornoseite oder sowas ähnliches einen Virus eingefangen. Es funktioniert kein Ton und die Schrift in PDF-Dokumenten wird leicht anders. Ich hoffe ihr könnt mir helfen! Phillip |
|
05.04.2021, 21:18
| #2 |
| /// TB-Ausbilder   | Kein Ton durch Virus Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen. Bitte beachte unsere Regeln und Hinweise für Hilfesuchende: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? Nur mit diesen Informationen können wir helfen. Vielen Dank für deine Mitarbeit! |
|
06.04.2021, 15:59
| #3 |
| | FRST.txt und Addition.txt Vielen Dank für die Hilfsbereitschaft!
__________________Was ich noch vergessen hatte, zu erwähnen. Code:
ATTFilter sfc /scannow
Ich war mir nicht sicher ob FRST.txt und Additions.txt hier oder bei "Log-Analyse und Auswertung" posten soll, also habe kopiere ich den Text in beide Sub-Foren. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021 Ran by Phillip (administrator) on DESKTOP-E3LPO85 (LENOVO 80SG) (06-04-2021 16:40:37) Running from C:\Users\Phillip\Desktop Loaded Profiles: Phillip Platform: Windows 10 Pro Version 20H2 19042.906 (X64) Language: German (Germany) -> English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe (IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Driver Booster\8.3.0\DriverBooster.exe (IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2009.30067.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe\Time.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [AusweisApp2] => C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe [2405504 2020-11-30] (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23927096 2021-03-24] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [BitTorrent] => C:\Users\Phillip\AppData\Roaming\BitTorrent\BitTorrent.exe [2135080 2021-03-24] (BitTorrent Inc -> BitTorrent Inc.) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [Opera Browser Assistant] => C:\Users\Phillip\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3900056 2021-03-23] (Opera Software AS -> Opera Software) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [] => [X] HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\MountPoints2: {0bbd7085-7842-11eb-a07d-918a616b63b7} - "D:\autorun.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-03] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.22.71\Installer\chrmstp.exe [2021-04-01] (Brave Software, Inc. -> Brave Software, Inc.) IFEO\FoxitReaderUpdateService.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe IFEO\FoxitUpdater.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe IFEO\maintenanceservice.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe IFEO\SendCrashReport.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe IFEO\ServiceMiniNotice.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe IFEO\TrackReview.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe Startup: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2021-04-06] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-02-13] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0AEBE8EF-4B94-4561-8332-538661ACEA32} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080824 2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Task: {17578569-94A6-420E-9F32-D22B4EB6C36C} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {1BFB017E-8A90-4FE1-9474-E3CE946080A2} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-04-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {1DDEC5B1-C3AE-44AE-99C4-C7B5C8981A08} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080824 2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Task: {254C7783-ACBC-43D4-AEF7-973945C37238} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114024 2021-03-24] (Microsoft Corporation -> Microsoft Corporation) Task: {2BC518DE-A155-404D-AF66-64C89E7FE410} - System32\Tasks\Opera scheduled Autoupdate 1615734086 => C:\Users\Phillip\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-03-23] (Opera Software AS -> Opera Software) Task: {37D59D82-6612-43EF-9403-13445AC47DD4} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\8.3.0\AutoUpdate.exe [2268432 2020-12-23] (IObit Information Technology -> IObit) Task: {39D7E8BC-14DE-4634-845F-33CB40492A5A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform) Task: {414A76FC-619F-4527-BF81-C1CB726333D2} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {496637FA-D488-46E6-BF5F-36DC172EE9A3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114024 2021-03-24] (Microsoft Corporation -> Microsoft Corporation) Task: {509F75B2-301F-450D-8BE9-EFF3A754DE9B} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\8.3.0\Scheduler.exe [152848 2020-12-23] (IObit Information Technology -> IObit) Task: {51F15BF9-B85C-42E5-A150-F3C9528AD04C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-12] (Google LLC -> Google LLC) Task: {67177BCC-906F-4AA7-981C-88EC90870321} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [234200 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {72A22043-F166-4B72-838D-3A245030132F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-12] (Google LLC -> Google LLC) Task: {76633BC2-1C40-417A-A386-239151D4B11C} - System32\Tasks\Driver Booster SkipUAC (Phillip) => C:\Program Files (x86)\IObit\Driver Booster\8.3.0\DriverBooster.exe [8152016 2021-02-01] (IObit Information Technology -> IObit) Task: {77174391-3024-4F89-BA06-C9775F647EDB} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {800726F7-A3B7-4E08-A88D-020C4FD0DB03} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [642544 2021-03-27] (Mozilla Corporation -> Mozilla Foundation) Task: {A32D4BB0-0578-4210-85B9-37FC89CFD05C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {B618B26C-F35C-4ECA-BAD4-2480438206EF} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {DB824803-62B4-4EA6-BCCA-3680C78356F7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Task: {DDAB4885-1EE2-4ACE-836B-7A19A0D0AA44} - System32\Tasks\Opera scheduled assistant Autoupdate 1615734101 => C:\Users\Phillip\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-03-23] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Phillip\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {DE87C263-38FA-4712-8628-650725C71390} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd) Task: {E0FA14AA-B11A-4CCD-A020-7DE75791C2C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Task: {E1D15529-FBB7-4654-BE41-4E740BF78203} - System32\Tasks\Uninstaller_SkipUac_Phillip => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [6701784 2021-03-18] (IObit Information Technology -> IObit) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{dc8435fd-0db0-4c70-8eb9-1e02e3130ac5}: [DhcpNameServer] 172.20.10.1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: ======= DownloadDir: C:\Users\Phillip\Downloads Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-06] Edge DownloadDir: C:\Users\Phillip\Desktop Edge Notifications: Default -> hxxps://mail.google.com; hxxps://www.tvspielfilm.de; hxxps://www.youtube.com Edge HomePage: Default -> hxxps://www.bing.com/?cc=de Edge DefaultSearchURL: Default -> hxxps://www.youporn.com/bundles/youpornwebfront/images/manifest-icons/android-icon-36x36.png Edge Extension: (YouPorn) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aldhaifpedancjeeimgomgjakoglmbjl [2021-03-24] Edge Extension: (AdGuard AdBlocker) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2021-04-02] Edge Extension: (Google Maps) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mnhkaebcjjhencmpkapnbdaogjamfbcj [2021-04-05] Edge Extension: (I don't care about cookies) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oholpbloipjbbhlhohaebmieiiieioal [2021-03-14] Edge Extension: (AdBlocker Ultimate) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pciakllldcajllepkbbihkmfkikheffb [2021-03-14] Edge HKU\S-1-5-21-1307152980-782841198-2650162068-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: 9wxop1so.default FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\9wxop1so.default [2021-02-07] FF user.js: detected! => C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\9wxop1so.default\user.js [2021-03-30] FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\9wxop1so.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2020-07-28] FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552 [2021-04-04] FF user.js: detected! => C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552\user.js [2021-03-30] FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2020-07-28] FF Extension: (Video DownloadHelper) - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-03-25] FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default [2021-04-05] CHR HomePage: Default -> hxxp://www.google.de/ CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.de/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8","hxxps://www.google.com/" CHR Session Restore: Default -> is enabled. CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-10] CHR Extension: (Chrome Media Router) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-10] CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR Profile: C:\Users\Phillip\AppData\Roaming\Opera Software\Opera Stable [2021-04-05] OPR Notifications: Opera Stable -> hxxps://www.accuweather.com OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\Phillip\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-03-14] Brave: ======= BRA Profile: C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-04-04] BRA Extension: (Kaspersky Protection) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-04-03] BRA Extension: (Avira Password Manager) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-04-01] BRA Extension: (Avira Safe Shopping) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-03-31] BRA Extension: (Avira Browser Safety) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-03-31] BRA Extension: (Malwarebytes Browser Guard) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-04] BRA Extension: (Brave Local Data Files Updater) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-03-31] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-04-04] BRA Extension: (Brave NTP sponsored images) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-03-31] BRA Extension: (Brave SpeedReader Updater) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-03-31] BRA Extension: (Brave NTP sponsored images) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2021-04-04] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-03-31] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [385568 2021-03-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [247232 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8990072 2021-03-11] (Microsoft Corporation -> Microsoft Corporation) S3 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\ElevationService.exe [913408 2020-07-31] () [File not signed] S4 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [158992 2020-10-19] (IObit Information Technology -> IObit) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-04] (Microsoft Windows Publisher -> Microsoft Corporation) S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) S4 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-22] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-22] (Microsoft Windows Publisher -> Microsoft Corporation) S3 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262312 2021-01-27] (Wondershare Technology Co.,Ltd -> Wondershare) S3 kpm_launch_service; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40496 2020-06-03] (IObit Information Technology -> IObit) S3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [46008 2020-07-21] (IObit Information Technology -> IObit) S3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46008 2020-06-03] (IObit Information Technology -> IObit) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [209744 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [942576 2020-03-26] (Intel(R) Intel_ICG -> Intel(R) Corporation) S3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2021-04-03] (CPUID -> CPUID) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [161288 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd) R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2016-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Mobile Communications) R3 GoodixTouchDriver; C:\WINDOWS\System32\drivers\GoodixTouchDriver.sys [113312 2015-12-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R3 iaisp; C:\WINDOWS\System32\drivers\iaisp64.sys [38896 2020-03-26] (Intel(R) Intel_ICG -> Intel(R) Corporation) R3 iaspie; C:\WINDOWS\System32\drivers\iaspie.sys [72872 2020-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) R3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [114304 2020-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [105064 2020-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [733680 2021-04-04] (Intel(R) OWR -> ) R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit) R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit) R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit) R3 ov5648; C:\WINDOWS\System32\drivers\ov5648.sys [140576 2016-08-15] (WDKTestCert huizhou1,130864188504416365 -> Intel(R) Corporation) R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [109568 2015-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) R3 rtii2sac64; C:\WINDOWS\System32\drivers\rtii2sac.sys [490976 2021-04-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [757736 2020-03-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [7889408 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2016-07-22] (Microsoft Windows Hardware Compatibility Publisher -> MobileTop) S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2016-07-22] (MCCI Corporation -> MCCI Corporation) S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2016-07-22] (MCCI Corporation -> MCCI Corporation) S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2016-07-22] (MCCI Corporation -> MCCI) S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2016-07-22] (MCCI Corporation -> MCCI Corporation) S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2016-07-22] (MCCI Corporation -> MCCI Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2016-07-22] (MCCI Corporation -> MCCI Corporation) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-03-22] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [420072 2021-03-22] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-22] (Microsoft Windows -> Microsoft Corporation) S1 eamonm; system32\DRIVERS\eamonm.sys [X] S1 ehdrv; \SystemRoot\system32\DRIVERS\ehdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-06 16:40 - 2021-04-06 16:43 - 000034379 _____ C:\Users\Phillip\Desktop\FRST.txt 2021-04-06 16:39 - 2021-04-06 16:41 - 000000000 ____D C:\FRST 2021-04-06 16:38 - 2021-04-06 16:47 - 010991113 _____ C:\Users\Phillip\Desktop\Bild_-_06_April_2021.pdf 2021-04-06 16:34 - 2021-04-06 16:35 - 002298368 _____ (Farbar) C:\Users\Phillip\Desktop\FRST64.exe 2021-04-05 12:57 - 2021-04-05 12:57 - 000002560 _____ C:\WINDOWS\system32\Drivers\202145_12572178_CheckPoint_Dump.txt 2021-04-05 12:57 - 2021-04-05 12:57 - 000000256 _____ C:\WINDOWS\system32\Drivers\202145_12572178_SHIM_Dump.txt 2021-04-05 12:57 - 2021-04-05 12:57 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2021-04-04 22:31 - 2021-04-04 22:31 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_223142656_CheckPoint_Dump.txt 2021-04-04 22:31 - 2021-04-04 22:31 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_223142990_SHIM_Dump.txt 2021-04-04 20:18 - 2021-04-04 20:18 - 000001159 _____ C:\Users\Phillip\Desktop\Sky Ticket.lnk 2021-04-04 20:13 - 2021-04-04 20:14 - 049922752 _____ (Sky Ticket ) C:\Users\Phillip\Desktop\SkyTicket-Windows.exe 2021-04-04 19:53 - 2021-04-04 19:53 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-04-04 16:50 - 2021-04-04 16:50 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\RenPy 2021-04-04 16:47 - 2021-04-04 16:54 - 000000000 ____D C:\Program Files (x86)\Milfy_City_0.5c_Compressed 2021-04-04 16:37 - 2021-04-04 16:37 - 000000000 ____D C:\Users\Phillip\Desktop\Milfy_City_0.5c_Compressed 2021-04-04 16:21 - 2021-04-04 16:38 - 000000000 ____D C:\Users\Phillip\AppData\LocalLow\BitTorrent 2021-04-04 16:21 - 2021-04-04 16:21 - 000001126 _____ C:\Users\Phillip\Desktop\Milfy_City_0.5c_Compressed.zip.1.torrent 2021-04-04 14:36 - 2021-04-04 14:36 - 003244992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2021-04-04 14:36 - 2021-04-04 14:36 - 003137376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkMic64.dll 2021-04-04 14:36 - 2021-04-04 14:36 - 002783528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkMcp64.dll 2021-04-04 14:36 - 2021-04-04 14:36 - 000949956 _____ C:\WINDOWS\system32\Drivers\realtek_fw_sst.bin 2021-04-04 14:36 - 2021-04-04 14:36 - 000733680 _____ C:\WINDOWS\system32\Drivers\isstrtc.sys 2021-04-04 14:36 - 2021-04-04 14:36 - 000588032 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll 2021-04-04 14:36 - 2021-04-04 14:36 - 000168208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2021-04-04 14:36 - 2021-04-04 14:36 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_143648643_CheckPoint_Dump.txt 2021-04-04 14:36 - 2021-04-04 14:36 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_143648643_SHIM_Dump.txt 2021-04-04 14:09 - 2021-04-04 14:09 - 000490976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtii2sac.sys 2021-04-04 13:53 - 2021-04-04 13:53 - 000003708 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update 2021-04-04 13:50 - 2021-04-04 13:50 - 000003374 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray 2021-04-04 13:49 - 2021-03-25 18:05 - 000209744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2021-04-04 13:49 - 2021-02-09 19:03 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2021-04-04 13:49 - 2019-06-07 15:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys 2021-04-04 13:49 - 2019-03-20 19:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2021-04-04 13:49 - 2019-03-20 19:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2021-04-04 13:49 - 2019-03-20 19:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2021-04-04 13:49 - 2019-03-20 19:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys 2021-04-04 13:43 - 2021-04-04 13:43 - 000003780 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate 2021-04-04 13:43 - 2021-04-04 13:43 - 000000000 ____D C:\Users\Public\Speedup Sessions 2021-04-04 13:42 - 2021-04-04 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2021-04-04 13:28 - 2021-04-04 13:28 - 000000193 _____ C:\WINDOWS\1KKkUSW9SJ5yL50z9zRsypjr4JdgqbOKl@e=download 2021-04-04 12:56 - 2021-04-04 12:56 - 000003238 _____ C:\WINDOWS\nl.exe 2021-04-04 12:56 - 2021-04-04 12:56 - 000003231 _____ C:\WINDOWS\sb.bat 2021-04-04 12:55 - 2021-04-04 12:55 - 000000000 ____D C:\WINDOWS\w 2021-04-04 12:55 - 2021-04-04 12:55 - 000000000 ____D C:\WINDOWS\c 2021-04-04 12:50 - 2021-04-04 12:50 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_125032523_CheckPoint_Dump.txt 2021-04-04 12:50 - 2021-04-04 12:50 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_125032523_SHIM_Dump.txt 2021-04-04 12:33 - 2021-04-04 12:33 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_123310887_CheckPoint_Dump.txt 2021-04-04 12:33 - 2021-04-04 12:33 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_123310887_SHIM_Dump.txt 2021-04-04 11:49 - 2021-04-04 12:06 - 098813504 _____ C:\Users\Phillip\Desktop\Z6969.rar 2021-04-04 11:49 - 2021-04-04 11:49 - 000002968 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Phillip 2021-04-04 11:48 - 2021-04-04 11:48 - 000001438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk 2021-04-04 11:48 - 2021-04-04 11:48 - 000001426 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2021-04-04 11:48 - 2021-04-04 11:48 - 000001426 _____ C:\ProgramData\Desktop\IObit Uninstaller.lnk 2021-04-04 11:48 - 2021-04-04 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2021-04-04 11:39 - 2021-04-04 11:58 - 023544087 _____ C:\Users\Phillip\Desktop\Bild_Am_Sonntag_-_04_April_2021.pdf 2021-04-03 20:57 - 2021-04-03 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security 2021-04-03 20:34 - 2021-04-03 20:34 - 000000000 ____D C:\Users\Phillip\AppData\Local\mbam 2021-04-03 20:15 - 2021-04-03 20:15 - 002084016 _____ (Malwarebytes) C:\Users\Phillip\Desktop\MBSetup.exe 2021-04-03 19:12 - 2021-04-03 19:15 - 000000000 ____D C:\Users\Phillip\Desktop\KASPERSKY 2021 2021-04-03 19:08 - 2021-04-03 19:08 - 028539004 _____ C:\Users\Phillip\Desktop\KASPERSKY 2021.rar 2021-04-03 18:52 - 2021-04-04 05:09 - 000000000 ____D C:\Users\Phillip\AppData\Local\CrashDumps 2021-04-03 18:25 - 2021-04-04 11:46 - 000003932 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1615734101 2021-04-03 18:25 - 2021-04-04 11:46 - 000003674 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1615734086 2021-04-03 18:25 - 2021-04-03 18:25 - 000001405 _____ C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2021-04-03 18:05 - 2021-04-03 18:15 - 012440623 _____ C:\Users\Phillip\Desktop\Bild_-_03_April_2021.pdf 2021-04-03 17:58 - 2021-04-04 11:54 - 000000000 ____D C:\Users\Phillip\AppData\Local\Kaspersky Lab 2021-04-03 17:54 - 2021-04-03 17:54 - 000002560 _____ C:\WINDOWS\system32\Drivers\202143_175415263_CheckPoint_Dump.txt 2021-04-03 17:54 - 2021-04-03 17:54 - 000000256 _____ C:\WINDOWS\system32\Drivers\202143_175415263_SHIM_Dump.txt 2021-04-03 17:40 - 2021-04-03 17:40 - 000002560 _____ C:\WINDOWS\system32\Drivers\202143_174043823_CheckPoint_Dump.txt 2021-04-03 17:40 - 2021-04-03 17:40 - 000000256 _____ C:\WINDOWS\system32\Drivers\202143_174043823_SHIM_Dump.txt 2021-04-03 13:51 - 2021-04-04 12:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2021-04-03 13:46 - 2021-04-03 19:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2021-04-03 13:25 - 2021-04-03 13:26 - 000000000 ____D C:\Users\Phillip\Desktop\CCleaner Professional Plus 5.75 Multilingual + Serial Keys [SadeemPC] 2021-04-02 18:48 - 2021-04-02 18:48 - 000002560 _____ C:\WINDOWS\system32\Drivers\202142_184842363_CheckPoint_Dump.txt 2021-04-02 18:48 - 2021-04-02 18:48 - 000000256 _____ C:\WINDOWS\system32\Drivers\202142_184842363_SHIM_Dump.txt 2021-04-02 18:28 - 2021-04-02 18:41 - 015392284 _____ C:\Users\Phillip\Desktop\Bild_-_01_April_2021.pdf 2021-04-02 16:42 - 2021-04-02 16:43 - 015481295 _____ C:\Users\Phillip\Desktop\Amazon_App.apk 2021-04-01 15:44 - 2021-04-01 15:44 - 005074997 _____ C:\Users\Phillip\Desktop\J. K. Rowling - Harry Potter and the Order of the Phoenix.pdf 2021-04-01 10:18 - 2021-04-01 10:18 - 000002560 _____ C:\WINDOWS\system32\Drivers\202141_101816596_CheckPoint_Dump.txt 2021-04-01 10:18 - 2021-04-01 10:18 - 000000256 _____ C:\WINDOWS\system32\Drivers\202141_101816628_SHIM_Dump.txt 2021-03-31 18:41 - 2021-03-31 18:41 - 000001138 _____ C:\Users\Phillip\Desktop\The Tales Of Beedle The Bard.lnk 2021-03-31 15:17 - 2021-03-31 15:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira 2021-03-31 03:29 - 2021-03-31 03:29 - 000010241 _____ C:\Users\Phillip\Desktop\Brown, Dan.1.torrent 2021-03-31 03:29 - 2021-03-31 03:29 - 000000000 ____D C:\Users\Phillip\Desktop\Brown, Dan 2021-03-31 03:23 - 2021-03-31 03:25 - 000000000 ____D C:\Users\Phillip\Desktop\Stephen King eBooks Collection Epub+Mobi 2021-03-31 03:23 - 2021-03-31 03:23 - 000031090 _____ C:\Users\Phillip\Desktop\Stephen King eBooks Collection Epub+Mobi.1.torrent 2021-03-31 03:22 - 2021-03-31 03:27 - 000000000 ____D C:\Users\Phillip\Desktop\J R R Tolkien (Complete Works - Epubs) 1937 to 2018 2021-03-31 03:22 - 2021-03-31 03:22 - 000024306 _____ C:\Users\Phillip\Desktop\J R R Tolkien (Complete Works - Epubs) 1937 to 2018.1.torrent 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\The Subtle Art of Not Giving a Fck - A Counterintuitive Approach to Living a Good Life (2016) (Epub) Gooner 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\The Complete Book of Home Organization - 200+ Tips and Projects 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\KMS_VL_ALL Activator CMD Windows and Office - August 2019 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\IELTS Advantage - Reading + Writing Skills - by Jeremy Taylor , Jon Wright,by Richard Brown , Lewis Richards - Mantesh 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\Barely Legal - February 2021 2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\Artistic Nudes By Various Photographers 2021-03-31 03:10 - 2021-03-31 03:10 - 000012246 _____ C:\Users\Phillip\Desktop\IELTS Advantage - Reading + Writing Skills - by Jeremy Taylor , Jon Wright,by Richard Brown , Lewis Richards - Mantesh.torrent 2021-03-31 03:00 - 2020-09-16 23:58 - 042345058 ____R C:\Users\Phillip\Desktop\Harry Potter and the Cursed Child - J.K. Rowling.exe 2021-03-31 03:00 - 2020-09-16 23:35 - 002538652 _____ C:\Users\Phillip\Desktop\Harry Potter and the Cursed Child - J.K. Rowling.pdf 2021-03-31 02:55 - 2021-03-31 02:55 - 007675697 _____ C:\Users\Phillip\Desktop\The Tales Of Beedle The Bard.pdf 2021-03-31 02:53 - 2021-03-31 02:53 - 000850164 _____ C:\Users\Phillip\Desktop\J_K_Rowling_Quidditch_Through_the_Ages.pdf 2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\The Ickabog by J.K. Rowling EPUB 2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\J.K. Rowling - Harry Potter 2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\J. K. Rowling - The Casual Vacancy (ePub mobi) 2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\J. K. Rowling - Harry Potter Series All ebooks 2021-03-31 02:39 - 2021-03-31 02:26 - 003360816 ____R C:\Users\Phillip\Desktop\J.K. Rowling - Fantastic Beasts & Where to Find Them.pdf 2021-03-31 02:01 - 2021-04-01 23:09 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2021-03-31 02:01 - 2021-04-01 23:09 - 000002325 _____ C:\Users\Public\Desktop\Brave.lnk 2021-03-31 02:01 - 2021-04-01 23:09 - 000002325 _____ C:\ProgramData\Desktop\Brave.lnk 2021-03-31 02:00 - 2021-03-31 02:00 - 000000000 ____D C:\Program Files\BraveSoftware 2021-03-31 01:58 - 2021-04-04 11:46 - 000003426 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA 2021-03-31 01:58 - 2021-04-04 11:46 - 000003202 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore 2021-03-31 01:57 - 2021-03-31 02:01 - 000000000 ____D C:\Users\Phillip\AppData\Local\BraveSoftware 2021-03-31 01:57 - 2021-03-31 01:58 - 000000000 ____D C:\Program Files (x86)\BraveSoftware 2021-03-31 01:57 - 2021-03-31 01:57 - 001242992 _____ (BraveSoftware Inc.) C:\Users\Phillip\Desktop\BraveBrowserSetup.exe 2021-03-31 01:41 - 2021-03-31 01:41 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021331_1411697_CheckPoint_Dump.txt 2021-03-31 01:41 - 2021-03-31 01:41 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021331_1411697_SHIM_Dump.txt 2021-03-31 01:40 - 2021-04-04 22:34 - 001019904 _____ C:\WINDOWS\system32\config\DEFAULT 2021-03-31 01:40 - 2021-04-04 22:34 - 000057344 _____ C:\WINDOWS\system32\config\SECURITY 2021-03-31 01:40 - 2021-04-04 22:31 - 000073728 _____ C:\WINDOWS\system32\config\SAM 2021-03-31 01:40 - 2021-03-31 01:40 - 098181120 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2021-03-31 01:40 - 2021-03-31 01:40 - 098181120 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag 2021-03-31 01:40 - 2021-03-31 01:40 - 001019904 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2021-03-31 01:40 - 2021-03-31 01:40 - 000073728 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak 2021-03-31 01:40 - 2021-03-31 01:40 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2021-03-31 01:40 - 2021-03-31 01:40 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021331_1402190_CheckPoint_Dump.txt 2021-03-31 01:40 - 2021-03-31 01:40 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021331_1402190_SHIM_Dump.txt 2021-03-31 01:40 - 2021-03-31 01:40 - 000000000 ____H C:\asc_rdflag 2021-03-30 21:16 - 2021-04-04 13:54 - 000000000 ____D C:\Users\Public\Security Sessions 2021-03-30 21:12 - 2021-03-30 21:12 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf 2021-03-30 21:02 - 2021-03-30 21:17 - 000000000 ____D C:\Users\Phillip\AppData\Local\Avira 2021-03-30 21:01 - 2021-03-30 21:01 - 098111488 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit 2021-03-30 21:01 - 2021-03-30 21:01 - 001019904 _____ C:\WINDOWS\system32\config\DEFAULT.iobit 2021-03-30 21:01 - 2021-03-30 21:01 - 000073728 _____ C:\WINDOWS\system32\config\SAM.iobit 2021-03-30 21:01 - 2021-03-30 21:01 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2021-03-30 20:55 - 2021-04-04 13:52 - 000000000 ____D C:\Program Files (x86)\Avira 2021-03-30 20:54 - 2021-04-04 13:52 - 000000000 ____D C:\ProgramData\Avira 2021-03-30 13:51 - 2021-03-30 13:51 - 000000000 ____D C:\Users\Phillip\Desktop\convertPdfTo_ae9b65f78ded003c4905e5d001991627 2021-03-30 13:11 - 2021-03-30 13:11 - 000122572 _____ C:\Users\Phillip\Desktop\Persönliche Darlegung der Gewissensentscheidung.pdf 2021-03-30 12:39 - 2021-03-30 12:39 - 000135352 _____ C:\Users\Phillip\Desktop\Lebenslauf von Phillip Kramer.pdf 2021-03-30 11:55 - 2021-03-30 11:55 - 000110370 _____ C:\Users\Phillip\Desktop\Antragsschreiben mit Berufung auf Art. 4 Abs. 3 GG.pdf 2021-03-29 14:47 - 2021-03-29 14:49 - 009981907 _____ C:\Users\Phillip\Desktop\bild29032021.pdf 2021-03-29 14:45 - 2021-03-29 15:01 - 016807722 _____ C:\Users\Phillip\Desktop\Bild_-_29_März_2021.pdf 2021-03-28 13:57 - 2021-03-28 13:57 - 000000000 ____D C:\Users\Phillip\Desktop\Bil280321 2021-03-27 18:51 - 2021-03-27 20:32 - 000000000 ____D C:\Users\Phillip\Desktop\Kuchen backen 2021-03-27 16:23 - 2021-03-27 16:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-03-27 12:17 - 2021-03-27 12:17 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021327_11179683_CheckPoint_Dump.txt 2021-03-27 12:17 - 2021-03-27 12:17 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021327_11179699_SHIM_Dump.txt 2021-03-15 16:35 - 2021-03-15 16:35 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021315_153529610_CheckPoint_Dump.txt 2021-03-15 16:35 - 2021-03-15 16:35 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021315_153529610_SHIM_Dump.txt 2021-03-14 23:23 - 2021-03-14 23:23 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-03-14 23:22 - 2021-03-14 23:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-03-14 23:20 - 2021-03-14 23:20 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-03-14 23:20 - 2021-03-14 23:20 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-03-14 23:19 - 2021-03-14 23:19 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-03-14 23:18 - 2021-03-14 23:18 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-03-14 23:17 - 2021-03-14 23:17 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-03-14 23:17 - 2021-03-14 23:17 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-03-14 23:15 - 2021-03-14 23:15 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-03-14 23:15 - 2021-03-14 23:15 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-03-14 23:15 - 2021-03-14 23:15 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-03-14 20:25 - 2021-03-30 20:07 - 000000000 ____D C:\Users\Phillip\Desktop\Desktop (nicht löschen) 2021-03-14 17:02 - 2021-03-14 17:02 - 000000000 ____D C:\Users\Phillip\AppData\Local\Opera Software 2021-03-14 14:36 - 2021-03-14 14:36 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021314_133631582_CheckPoint_Dump.txt 2021-03-14 14:36 - 2021-03-14 14:36 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021314_133631582_SHIM_Dump.txt 2021-03-14 14:05 - 2021-03-14 14:54 - 000002648 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask 2021-03-14 12:57 - 2021-03-14 12:57 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Opera Software 2021-03-12 14:30 - 2021-03-12 14:30 - 000000000 ____D C:\Users\Phillip\AppData\Local\Foxit Reader 2021-03-12 14:22 - 2021-03-12 14:44 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Foxit Scanner Images 2021-03-12 14:15 - 2021-03-12 14:15 - 001560064 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrWia09b.dll 2021-03-12 14:15 - 2021-03-12 14:15 - 000050176 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrUsi09a.dll 2021-03-12 13:59 - 2021-04-05 15:36 - 000000419 _____ C:\WINDOWS\BRWMARK.INI 2021-03-10 18:55 - 2021-03-10 18:55 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021310_175540780_CheckPoint_Dump.txt 2021-03-10 18:55 - 2021-03-10 18:55 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021310_175540780_SHIM_Dump.txt 2021-03-10 11:48 - 2021-03-10 11:48 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021310_104820619_CheckPoint_Dump.txt 2021-03-10 11:48 - 2021-03-10 11:48 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021310_104820651_SHIM_Dump.txt 2021-03-08 23:20 - 2021-03-08 23:20 - 000002560 _____ C:\WINDOWS\system32\Drivers\202138_222028780_CheckPoint_Dump.txt 2021-03-08 23:20 - 2021-03-08 23:20 - 000000256 _____ C:\WINDOWS\system32\Drivers\202138_222028780_SHIM_Dump.txt 2021-03-08 21:27 - 2021-03-08 21:33 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\bigoLive 2021-03-08 20:55 - 2021-03-08 20:58 - 000000000 ____D C:\Users\Phillip\AppData\Local\WhatsApp 2021-03-07 15:48 - 2021-03-07 15:48 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS Remote Play.lnk 2021-03-07 15:48 - 2021-03-07 15:48 - 000000000 ____D C:\Program Files (x86)\Sony 2021-03-07 12:12 - 2021-03-07 12:12 - 000002560 _____ C:\WINDOWS\system32\Drivers\202137_111238480_CheckPoint_Dump.txt 2021-03-07 12:12 - 2021-03-07 12:12 - 000000256 _____ C:\WINDOWS\system32\Drivers\202137_111238496_SHIM_Dump.txt ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-04-06 16:11 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-04-06 15:27 - 2021-01-12 17:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-04-05 19:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-04-05 19:54 - 2020-12-12 18:57 - 000000000 ____D C:\Users\Phillip\AppData\Local\Packages 2021-04-05 19:53 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-04-05 15:36 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-04-05 13:05 - 2021-01-12 17:54 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-04-05 13:05 - 2019-12-07 16:51 - 000746440 _____ C:\WINDOWS\system32\perfh007.dat 2021-04-05 13:05 - 2019-12-07 16:51 - 000150810 _____ C:\WINDOWS\system32\perfc007.dat 2021-04-05 12:58 - 2020-12-12 18:57 - 000000000 __SHD C:\Users\Phillip\IntelGraphicsProfiles 2021-04-05 12:57 - 2021-01-12 18:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-04-05 12:57 - 2021-01-12 17:39 - 000008192 ___SH C:\DumpStack.log.tmp 2021-04-05 12:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-04-04 22:34 - 2019-12-07 11:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2021-04-04 22:32 - 2021-01-31 20:09 - 000441816 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-04-04 22:29 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-04-04 22:26 - 2021-02-06 21:52 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\NOW TV Player 2021-04-04 20:18 - 2021-02-06 21:51 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Ticket 2021-04-04 20:17 - 2021-02-06 21:51 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Sky Ticket 2021-04-04 20:04 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-04-04 19:50 - 2021-01-12 17:42 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2021-04-04 16:38 - 2021-01-10 09:38 - 000000000 ____D C:\Users\Phillip\.btfs 2021-04-04 16:38 - 2021-01-10 09:35 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\BitTorrent 2021-04-04 16:21 - 2021-02-02 16:57 - 000000000 ____D C:\Users\Phillip\AppData\Local\BitTorrentHelper 2021-04-04 13:51 - 2020-12-23 20:25 - 000000000 ____D C:\Users\Phillip\AppData\Local\PlaceholderTileLogoFolder 2021-04-04 13:50 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-04-04 13:49 - 2021-01-13 21:54 - 000002236 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-04-04 13:49 - 2021-01-13 21:54 - 000000000 ____D C:\Program Files\CCleaner 2021-04-04 13:41 - 2021-01-13 22:32 - 000000000 ____D C:\ProgramData\Package Cache 2021-04-04 12:49 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-04-04 12:42 - 2021-02-26 16:38 - 000000000 ____D C:\Program Files (x86)\Rosetta Stone 2021-04-04 12:40 - 2021-02-02 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone 2021-04-04 12:33 - 2021-01-14 19:20 - 000000000 ____D C:\ProgramData\Avast Software 2021-04-04 11:49 - 2021-01-13 16:26 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\IObit 2021-04-04 11:47 - 2021-01-13 16:29 - 000000000 ____D C:\Program Files (x86)\IObit 2021-04-03 20:34 - 2021-01-10 17:28 - 000000000 ____D C:\Users\Phillip\AppData\LocalLow\Mozilla 2021-04-03 20:34 - 2021-01-10 17:28 - 000000000 ____D C:\ProgramData\Mozilla 2021-04-03 20:17 - 2021-01-12 15:45 - 000000000 ____D C:\Program Files\Common Files\AV 2021-04-03 18:27 - 2021-02-12 15:22 - 000002321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-04-03 14:53 - 2021-01-14 22:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-04-03 14:08 - 2021-02-10 23:21 - 000000000 ____D C:\Users\Phillip\dwhelper 2021-04-03 02:50 - 2021-01-09 19:58 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-04-02 17:41 - 2021-01-03 16:44 - 000000000 ____D C:\Users\Phillip\AppData\Local\ElevatedDiagnostics 2021-04-02 13:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-04-02 12:48 - 2021-01-12 17:44 - 000000000 ____D C:\Users\Phillip 2021-04-01 18:22 - 2021-01-12 12:18 - 000000000 ____D C:\Users\Phillip\AppData\Local\D3DSCache 2021-03-31 01:55 - 2021-01-15 12:13 - 000000000 ___HD C:\WINDOWS\msdownld.tmp 2021-03-31 01:41 - 2021-02-03 14:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-30 21:25 - 2019-12-07 16:53 - 000000000 ____D C:\WINDOWS\OCR 2021-03-30 20:33 - 2021-02-06 11:57 - 000000000 ____D C:\Users\Phillip\AppData\Local\Mozilla Thunderbird 2021-03-27 16:23 - 2021-02-03 14:35 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-27 12:32 - 2021-01-13 16:30 - 000000000 ____D C:\ProgramData\ProductData 2021-03-24 18:30 - 2021-02-13 20:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-03-24 15:24 - 2021-01-11 20:29 - 000000000 ____D C:\Users\Phillip\AppData\Local\JDownloader 2.0 2021-03-24 15:18 - 2021-01-11 20:36 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2021-03-22 15:15 - 2020-12-12 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-03-22 15:05 - 2020-12-27 15:46 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2021-03-15 16:32 - 2019-12-07 16:54 - 000000000 ___SD C:\WINDOWS\system32\AppV 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-03-14 20:38 - 2021-01-09 19:41 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-03-14 14:53 - 2021-02-26 17:30 - 000003254 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-03-14 14:53 - 2021-02-12 15:21 - 000003618 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-03-14 14:53 - 2021-02-12 15:21 - 000003394 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-03-14 14:53 - 2021-01-18 14:28 - 000003494 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e8fa71357fd0 2021-03-14 14:53 - 2021-01-12 18:06 - 000003688 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-03-12 17:19 - 2021-01-13 15:16 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\WhatsApp 2021-03-10 12:15 - 2021-01-01 15:39 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-03-10 12:01 - 2021-01-01 15:39 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-03-08 20:58 - 2021-01-13 15:16 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2021-03-08 20:58 - 2021-01-13 15:14 - 000000000 ____D C:\Users\Phillip\AppData\Local\SquirrelTemp ==================== Files in the root of some directories ======== 2021-02-10 21:50 - 2021-02-10 21:50 - 000013000 _____ () C:\Users\Phillip\AppData\Roaming\Comma Separated Values.CAL 2021-04-04 13:22 - 2021-04-04 13:22 - 000135069 _____ () C:\Users\Phillip\AppData\Roaming\TNod-10963.log 2021-02-04 18:41 - 2021-02-04 18:41 - 000000000 _____ () C:\Users\Phillip\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by Phillip (06-04-2021 16:48:49)
Running from C:\Users\Phillip\Desktop
Windows 10 Pro Version 20H2 19042.906 (X64) (2021-01-12 16:07:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1307152980-782841198-2650162068-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1307152980-782841198-2650162068-503 - Limited - Disabled)
Gast (S-1-5-21-1307152980-782841198-2650162068-501 - Limited - Disabled)
Phillip (S-1-5-21-1307152980-782841198-2650162068-1001 - Administrator - Enabled) => C:\Users\Phillip
WDAGUtilityAccount (S-1-5-21-1307152980-782841198-2650162068-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky Total Security (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 14.2.0 - IObit)
AusweisApp2 (HKLM-x32\...\{F3E22721-7F7E-472F-BBBA-6B5572E15A58}) (Version: 1.22.0 - Governikus GmbH & Co. KG)
Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2103.2082 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.2.28955 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.46.16549 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden
BitTorrent (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\BitTorrent) (Version: 7.10.5.45967 - BitTorrent Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.22.71 - Die Brave-Autoren)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Driver Booster 8 (HKLM-x32\...\Driver Booster_is1) (Version: 8.3.0 - IObit)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5166 - Intel Corporation)
IObit Uninstaller 10 (HKLM-x32\...\IObitUninstall) (Version: 10.4.0.12 - IObit)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.13801.20360 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 87.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 87.0 (x86 en-US)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 85.0 - Mozilla)
Mozilla Thunderbird 78.7.1 (x86 de) (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Mozilla Thunderbird 78.7.1 (x86 de)) (Version: 78.7.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20360 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 75.0.3969.93 (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Opera 75.0.3969.93) (Version: 75.0.3969.93 - Opera Software)
PS Remote Play (HKLM-x32\...\{E536EB8F-03EF-4EBA-B3FF-C5A544604841}) (Version: 4.0.0.09240 - Ihr Firmenname)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Sky Go 21.1.2.0 (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\com.bskyb.skygoplayer_is1) (Version: 21.1.2.0 - Sky)
Sky Ticket 8.3.0.0 (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\com.bskyb.skyticket_is1) (Version: 8.3.0.0 - Sky Ticket)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20113.5 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20113.5 - Samsung Electronics Co., Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
WhatsApp (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\WhatsApp) (Version: 2.2106.10 - WhatsApp)
Wondershare Dr.Fone (Version 11.0.9) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 11.0.9.412 - Wondershare Technology Co.,Ltd.)
Packages:
=========
Google Maps -> C:\Program Files\WindowsApps\www.google.com-D64B4CD1_1.0.0.0_neutral__2ffpm8sm5xkm2 [2021-04-05] (www.google.com)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2021-02-02] (Apple Inc.) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-02-07] (Microsoft Corporation) [MS Ad]
YouPorn -> C:\Program Files\WindowsApps\www.youporn.com-A4D02D72_1.0.0.0_neutral__kqrg6ysfhm7aw [2021-03-24] (www.youporn.com)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2020-12-24] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2020-12-24] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2020-12-24] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2021-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-01-13 23:46 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-02-13 21:38 - 2021-02-13 21:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Client\AppVIsvSubsystems32.dll
2021-02-13 21:39 - 2021-02-13 21:39 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2021-02-13 21:39 - 2021-02-13 21:39 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=U220DHP&pc=U220
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2020-12-24] (IObit Information Technology -> IObit)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2020-12-12 18:08 - 2021-03-24 17:29 - 000001091 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 16.217.0.0
127.0.0.1 rosettastone.com
127.0.0.1 launch.rosettastone.com
127.0.0.1 amp.rosettastone.com
127.0.0.1 resources.rosettastone.com
127.0.0.1 updates.rosettastone.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "AusweisApp2"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "kpm.exe"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{CD1AFE80-23C7-4855-9A71-E5B0E8263F43}] => (Allow) C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [UDP Query User{E59E6A11-1D0B-4F48-B65E-5020567B9BA2}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc)
FirewallRules: [TCP Query User{2C52D78D-E30B-4F53-B0FF-E3EB5E7FD478}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc)
FirewallRules: [{CBEB928E-8713-421A-98D5-7E5652A63273}] => (Allow) C:\Users\Phillip\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{91497513-6D76-44B3-96D3-880B83E4CFAF}] => (Allow) C:\Users\Phillip\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{06AB54E3-554E-47CB-A342-396E710A44BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{189C3A8B-D9E3-4CAF-A742-8B788EDE4673}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B2D9A89A-4033-4A5E-A807-7416367A17C4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68853000-CBFE-48EE-804A-380DAE9FD62F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A2E9938-E69D-4D4F-B104-A4EC2B2C2189}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F76D715C-9F81-42D8-95CD-D6B3D78CFB89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D6BD67F1-DD16-466E-9547-F2EB2EC58511}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{07A3C0D8-D001-46AF-9833-BE1C1A892C0F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1D25FEA-3D1C-491C-ADC4-A702B45793D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7DB00ED5-0BAD-48A1-B738-62FFD06EF4F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3B020F23-6484-4178-84B0-37AB742341DB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1F866C13-2D1F-4EB1-A8BB-E2396C209FBE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3EF0E2D3-1BB0-4AB0-A825-9005C1A967A8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13FA26B1-62B5-4BDA-911B-F04A889E4C5B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1070EC36-58F1-4374-AEA3-E41365B77D21}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D279502E-207A-453B-BE1C-9063D89A9136}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C7438E5E-363B-4049-85A9-35F28BAF72D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{241F23CF-7289-4874-9315-ECE058BA0669}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C0C1E09-F4BC-41C9-AA5F-3C0EAD9F01F5}] => (Allow) C:\Program Files (x86)\Sony\PS Remote Play\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive Entertainment Inc.)
FirewallRules: [TCP Query User{1DE9CCA3-64D5-45B8-853B-6CF14CAAD3AE}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc)
FirewallRules: [UDP Query User{1B4ACEF2-0A22-4CA7-A309-13418CD69822}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc)
FirewallRules: [{77891BA2-795F-41F4-9FE9-0ACB40F12688}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{2E9A7CF9-FE7A-40E3-8326-7A7297CBC4AD}] => (Allow) C:\Users\Phillip\AppData\Local\Programs\Opera\75.0.3969.93\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{38D6FCC7-C642-4ABD-8B5D-17A10D83801E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{66AA99E8-B735-44A2-AF6A-1A48C0A4A319}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{3DC330A5-21FD-4908-99AE-534275856E31}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{5AE8F5D5-C72C-4E90-BFB6-778CAF26D2AA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
==================== Restore Points =========================
05-04-2021 19:12:16 Geplanter Prüfpunkt
==================== Faulty Device Manager Devices ============
Name: Camera Sensor OV2680
Description: Camera Sensor OV2680
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: OV2680 Camera Sensor
Service: ov2680
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Kaspersky Security Data Escort Adapter #2
Description: Kaspersky Security Data Escort Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Kaspersky Security Data Escort Provider
Service: kltap
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/05/2021 07:12:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (04/04/2021 07:05:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (04/04/2021 01:54:16 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (04/04/2021 01:16:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.19041.546, time stamp: 0x5da7ab91
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80131623
Fault offset: 0x00007ff7a96525ad
Faulting process id: 0x17a8
Faulting application start time: 0x01d72943e2c427d1
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: unknown
Report Id: 60e4107d-99ff-400b-b512-c3cbfe7bb64a
Faulting package full name:
Faulting package-relative application ID:
Error: (04/04/2021 01:16:01 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Unerwartete Anbieterausnahme:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()
Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)
Error: (04/04/2021 01:15:56 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (04/04/2021 01:15:56 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
Error: (04/04/2021 01:15:56 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
System errors:
=============
Error: (04/05/2021 01:41:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126
Error: (04/05/2021 12:57:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126
Error: (04/04/2021 10:32:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126
Error: (04/04/2021 10:27:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E3LPO85)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Error: (04/04/2021 07:26:31 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (04/04/2021 02:14:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126
Error: (04/04/2021 01:46:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (04/04/2021 12:51:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126
Windows Defender:
================
Date: 2021-04-04 13:36:47
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Ymacco.AAA5&threatid=274880&enterprise=0
Name: Program:Win32/Ymacco.AAA5
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\eav_nt32.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0
Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5
Date: 2021-04-04 13:32:46
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0
Name: Trojan:Win32/Bomitag.C!rfn
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-E3LPO85\Phillip
Prozessname: C:\Windows\System32\cmd.exe
Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0
Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5
Date: 2021-04-04 13:32:20
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0
Name: Trojan:Win32/Bomitag.C!rfn
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-E3LPO85\Phillip
Prozessname: C:\Windows\System32\cmd.exe
Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0
Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5
Date: 2021-04-04 13:32:13
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0
Name: Trojan:Win32/Bomitag.C!rfn
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-E3LPO85\Phillip
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0
Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5
Date: 2021-04-04 13:32:03
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0
Name: Trojan:Win32/Bomitag.C!rfn
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-E3LPO85\Phillip
Prozessname: C:\Windows\System32\cmd.exe
Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0
Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5
CodeIntegrity:
===============
Date: 2021-04-04 13:05:45
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-04-04 06:13:33
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 1HCN31WW 06/02/2016
Motherboard: LENOVO Cavalli
Processor: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz
Percentage of memory in use: 81%
Total physical RAM: 1912.2 MB
Available physical RAM: 361.68 MB
Total Virtual: 4819.22 MB
Available Virtual: 683.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:57.64 GB) (Free:5.64 GB) NTFS
\\?\Volume{2828e363-b8b6-4826-a1ae-d7bc943b6061}\ () (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{29f1cd0b-bd27-4372-8d54-aa737819eb4d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 5E390987)
Partition: GPT.
==================== End of Addition.txt =======================
|
|
06.04.2021, 16:33
| #4 | |
| /// TB-Ausbilder | Kein Ton durch VirusZitat:
Du solltest deine privaten Daten extern sichern und eine saubere Neuinstallation (Anleitung siehe Link) durchführen. Das ist das einzig sinnvolle hier. Software wie Avira, Kaspersky, Iobit und CCleaner zukünftig bitte weglassen. Empfehlungen für die Zeit nach der Neuinstallation findest du hier: Maßnahmen zum Absichern des Systems. Ich verschiebe nach Windows, da das System beschädigt ist, eine Malware-Analyse und ggf. Bereinigung ist in so einem Fall nicht zielführend. |
|
06.04.2021, 17:53
| #5 | |
 | Kein Ton durch VirusZitat:
 Viel Spaß bei der Neuinstallation. Der Support endet hier.
__________________ "Consider again that dot. That's here. That's home. That's us. On it everyone you love, everyone you know, everyone you ever heard of, every human being who ever was, lived out their lives."— Carl Sagan |
|
06.04.2021, 18:04
| #6 |
| /// Helfer-Team   | Kein Ton durch Virus Ob sich hier noch eine Neuinstallation lohnt, wage ich zu bezweifeln: BIOS: LENOVO 1HCN31WW 06/02/2016 Motherboard: LENOVO Cavalli Processor: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz Percentage of memory in use: 81% Total physical RAM: 1912.2 MB HD von ca. 60 GB Da haben auch viele Linux-Distris ihre Probleme. Zumal, ohne dass ich jetzt mal nachgesehen habe, das Gerät nicht erweiterbar sein dürfte. Korrektur: Speicher sollte erweiterbar sein, gleiches gilt für die speicherkarte Aber ob sich das bei der CPU noch lohnt?
__________________ --> Kein Ton durch Virus Geändert von felix1 (06.04.2021 um 18:16 Uhr) |
| Themen zu Kein Ton durch Virus |
| abgelaufen, avira, deinstalliert, funktionier, funktioniert, hoffe, kaspersky, kein ton, leicht, lizenz, programm, schrift, schutz, security, troja, trojaner-board, virus, ähnliches |
Linear-Darstellung
