| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf befall von TrojanernWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.08.2021, 11:53
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Verdacht auf befall von Trojanern Warum reitest du so auf die Neuinstallation herum? Warum machst du hier überhaupt einen Thread auf, wenn du die Neuinstallation willst?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.08.2021, 12:01
| #17 |
 | Verdacht auf befall von Trojanern weil wir uns schon den ganzen Morgen über logs unterhalten die ich nicht habe bzw schon alle geliefert habe... ich bin kein geek wenns um infizierungen geht und sehr umgänglich bist Du ehrlich gesagt auch nicht (kein angriff), ich wollte dir nur mitteilen das ich die Skriptdateimeldung nach deinen änderungen und dem ersten Neustart nach mehreren Tagen erhalten habe und war mir unsicher und bevor wir uns hier lange über logs unterhalten die ich nicht habe reite ich halt einer schnelleren lösung entgegen.
__________________also, wie verfahren wir weiter nach deinem plan oder mal angenommen ich mache eine neuinstallation, scanne im vorfeld alle datenträger mit einem virenscanner, bin ich dann auf der sicheren seite ? hab ja eben keine ahnung und bin am überlegen ob es viren gibt die sich da trotzdem halten |
|
31.08.2021, 12:14
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf befall von TrojanernZitat:
adwCleaner Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner bitte wiederholen falls es Funde gab.
__________________ |
|
31.08.2021, 12:25
| #19 |
| | Verdacht auf befall von TrojanernCode:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-31-2021
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 2
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Update Plus Player
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.SamsungSmartSwitch Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1585 octets] - [31/08/2021 13:16:20]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
|
|
31.08.2021, 12:57
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf befall von Trojanern Was sollst du machen wenn adwCleaner fündig wurde?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.08.2021, 13:30
| #21 |
| | Verdacht auf befall von TrojanernCode:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-31-2021
# Duration: 00:00:26
# OS: Windows 10 Home
# Scanned: 31984
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [1585 octets] - [31/08/2021 13:16:20]
AdwCleaner[C00].txt - [1766 octets] - [31/08/2021 13:18:37]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
|
|
31.08.2021, 13:33
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf befall von Trojanern Dann jetzt bitte ne neue FRST.txt und Addition.txt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.08.2021, 14:06
| #23 |
| | Verdacht auf befall von TrojanernCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2021
durchgeführt von termi (Administrator) auf MISTERSUN (31-08-2021 14:49:58)
Gestartet von C:\Users\termi\Desktop
Geladene Profile: termi
Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Opera
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\termi\Desktop\adwcleaner_8.3.0.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\termi\AppData\Local\Programs\Opera GX\78.0.4093.186\opera.exe <45>
(Opera Software AS -> Opera Software) C:\Users\termi\AppData\Local\Programs\Opera GX\78.0.4093.186\opera_crashreporter.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\termi\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\termi\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\termi\AppData\Local\Temp\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\termi\AppData\Local\Temp\TeamViewer\tv_x64.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [835136 2018-11-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3180256 2021-08-17] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-09-14] (Adobe Inc. -> )
HKLM-x32\...\Run: [Avira Security startup helper] => "C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe" DelayedStartup
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Discord] => C:\Users\termi\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [vibranceGUI] => "C:\Users\termi\AppData\Local\Temp\Rar$EXa3644.19640\vibranceGUI.exe" -minimized <==== ACHTUNG
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1806680 2021-08-12] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\termi\AppData\Local\Microsoft\Teams\Update.exe [2455264 2021-08-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Spotify] => C:\Users\termi\AppData\Roaming\Spotify\Spotify.exe [24731784 2021-08-24] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [com.blitz.app] => C:\Users\termi\AppData\Local\Programs\Blitz\Blitz.exe [122577672 2021-08-28] (Swift Media Entertainment, Inc. -> Blitz, Inc.)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [8514512 2021-03-30] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3243784 2021-02-22] (Unified Intents AB -> Unified Intents AB)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\termi\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\MountPoints2: {80388fa7-1736-11e7-8a88-704d7b2db4bc} - "G:\setup.exe"
HKLM\...\Windows x64\Print Processors\Canon PIXMA iP4000 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD64.DLL [31744 2005-09-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor PIXMA iP4000: C:\WINDOWS\system32\CNMLM64.DLL [245248 2005-09-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2021-03-26]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [Datei ist nicht signiert]
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {05A2FEC2-1C2C-4773-AA3B-286113F6B073} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2483032 2021-08-12] (Overwolf Ltd -> Overwolf LTD)
Task: {5B2EBBF5-585C-4F1D-8324-84CED127CECC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5CBBA1E9-FE5D-46A7-839E-3E6D9FDD5F3D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-08-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D428151-ADD0-4928-9671-B53C9F3DDE1E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {699A37EB-0B9C-49FE-B6F1-7008A4CB3959} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {6CABE442-4B11-497F-AF46-25B4B91A4022} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {78772080-6D06-4E28-BDCE-184DE907ED35} - System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => Maintenance.vbs
Task: {79714970-3FA9-4706-9C99-C4C9EB1AC1BD} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1621345670 => C:\Users\termi\AppData\Local\Programs\Opera GX\launcher.exe [3774160 2021-08-25] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\termi\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {8557749A-35AD-4AC9-8403-1D2ADE4B865F} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {880A8237-7692-492D-A102-607F82FC5DEE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8980E3BC-3724-4DF9-968E-06A757235055} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B3FC8C4-24FF-44B1-8ABF-BB2F6D37409F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-08-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D2A07C3-B4D3-4167-B794-CAF2E8A2DB41} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {918DE258-52A7-47DD-86A1-15D2087AE07B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282280 2021-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {97418155-1665-434C-8D24-16EF744E4ECF} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97D8E99F-8F55-45E2-8E2F-7A7D059E5FF7} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {A0E1A034-6886-4730-8969-FDBF867B1BD1} - System32\Tasks\Opera GX scheduled Autoupdate 1619790436 => C:\Users\termi\AppData\Local\Programs\Opera GX\launcher.exe [3774160 2021-08-25] (Opera Software AS -> Opera Software)
Task: {CCC9DA24-2791-42CB-BC0A-7670923CFCC7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CF31B2BF-4704-45FE-A305-D904A65A3442} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D056125D-B444-4A2D-ABBB-BBC49CC1CBC8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282280 2021-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F69C8215-5B1F-44A5-ACB3-D040277B8B8D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 217.147.55.3 217.147.60.5
Tcpip\..\Interfaces\{fe70adbd-29a4-48d7-9244-369e6eea9ff0}: [DhcpNameServer] 217.147.55.3 217.147.60.5
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-31]
Edge HomePage: Default -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
Edge Extension: (Outlook) - C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-04-03]
Edge Extension: (Avira Safe Shopping) - C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2021-08-26]
Edge Extension: (Avira Password Manager) - C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2021-08-30]
Edge Extension: (Word) - C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-04-03]
Edge Extension: (Excel) - C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-04-03]
Edge Extension: (PowerPoint) - C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-04-03]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default [2021-07-26]
CHR Notifications: Default -> hxxps://www6.todhamilton.pro
CHR Extension: (Präsentationen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-23]
CHR Extension: (Docs) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-23]
CHR Extension: (Google Drive) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-23]
CHR Extension: (Earth View from Google Earth) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2021-03-23]
CHR Extension: (James White) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2021-03-23]
CHR Extension: (YouTube) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-23]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-20]
CHR Extension: (Adblock für Youtube™) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-05-20]
CHR Extension: (Tabellen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-23]
CHR Extension: (Google Docs Offline) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-03]
CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-07-03]
CHR Extension: (Tinder) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejiihbkifllpgdfndalmghiodgkefan [2021-03-23]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2021-03-23]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2021-03-23]
CHR Extension: (Fair AdBlocker) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2021-03-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-23]
CHR Extension: (Hover Zoom+) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2021-07-26]
CHR Extension: (Google Mail) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-23]
CHR Extension: (Chrome Media Router) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-11]
CHR Profile: C:\Users\termi\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-26]
CHR Profile: C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-07-14]
CHR Extension: (Präsentationen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-23]
CHR Extension: (Docs) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-23]
CHR Extension: (Google Drive) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-23]
CHR Extension: (YouTube) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-23]
CHR Extension: (Tabellen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-23]
CHR Extension: (Google Docs Offline) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-23]
CHR Extension: (Google Mail) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-23]
CHR Extension: (Chrome Media Router) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-14]
CHR Profile: C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-07-14]
CHR Extension: (Präsentationen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-14]
CHR Extension: (Docs) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-14]
CHR Extension: (Google Drive) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-14]
CHR Extension: (YouTube) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-14]
CHR Extension: (Tabellen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-14]
CHR Extension: (Google Mail) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-14]
CHR Profile: C:\Users\termi\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-26]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-3983815968-458737157-1999859390-1001) Opera GXStable - "C:\Users\termi\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8895512 2021-05-11] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142128 2021-08-05] (Microsoft Corporation -> Microsoft Corporation)
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-02-16] (Digital Wave Ltd -> Digital Wave Ltd.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-03-06] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EQU8_19; C:\ProgramData\EQU8\Totally Accurate Battlegrounds\bin\anticheat.x64.equ8.exe [5673048 2021-04-02] (Int3 Software AB -> Int3 Software AB)
S3 EQU8_36; C:\ProgramData\EQU8\Splitgate\bin\anticheat.x64.equ8.exe [6161552 2021-08-28] (Int3 Software AB -> Int3 Software AB)
S2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [145744 2021-05-05] (eVenture Limited -> eVenture Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7497336 2021-08-26] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeElevationService1d77dbb2c5be210; C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.84\elevation_service.exe [1640352 2021-08-26] (Microsoft Corporation -> Microsoft Corporation)
S2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [277688 2021-04-21] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2483032 2021-08-12] (Overwolf Ltd -> Overwolf LTD)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-06-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14676264 2021-07-01] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10112672 2021-08-17] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-07-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-07-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.70\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AsusVBus; C:\WINDOWS\System32\drivers\AsusVBus.sys [39704 2017-01-09] (ASUSTeK Computer Inc. -> Windows (R) Win 7 DDK provider)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [84472 2017-01-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
S3 BrSerIb; C:\WINDOWS\System32\drivers\BrSerIb.sys [95344 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\WINDOWS\System32\drivers\BrUsbSIb.sys [21872 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-12-14] (Microsoft Corporation) [Datei ist nicht signiert]
S3 Bulk; C:\WINDOWS\System32\Drivers\HDJBulk.sys [354824 2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> © Guillemot R&D, 2018. All rights reserved.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\System32\drivers\Dot4.sys [146856 2015-03-10] (BoiseTest -> Windows (R) Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\System32\drivers\dot4usb.sys [43944 2015-03-10] (BoiseTest -> Microsoft Corporation)
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 EQU8_HELPER_19; C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_19.sys [38032 2021-04-12] (Int3 Software AB -> )
S3 EQU8_HELPER_36; C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_36.sys [38032 2021-08-28] (Int3 Software AB -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 HDJAsioK; C:\WINDOWS\System32\Drivers\HDJAsioK.sys [334344 2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> © Guillemot R&D, 2018. All rights reserved.)
S3 HDJCtrl; C:\WINDOWS\System32\Drivers\HDJCtrl.sys [72712 2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> © Guillemot R&D, 2017. All rights reserved.)
S3 HDJMidi; C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [287240 2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> © Guillemot R&D, 2018. All rights reserved.)
R1 hideFirewall; C:\WINDOWS\System32\drivers\hideFirewall.sys [99824 2021-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [40960 2021-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 HWHandSet; C:\WINDOWS\System32\drivers\hw_quusbmdm.sys [226560 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\WINDOWS\System32\drivers\hw_cdcacm.sys [127360 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hw_usbdev; C:\WINDOWS\System32\drivers\hw_usbdev.sys [116864 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 MAUSBMIDI; C:\WINDOWS\System32\drivers\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio -> M-Audio)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-26] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-08-31] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [68528 2021-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-03-28] (TEFINCOM S.A. -> )
S3 niks4m2usb; C:\WINDOWS\System32\drivers\niks4m2usb.sys [104304 2015-09-04] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2021-05-13] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 RDID1117; C:\WINDOWS\system32\Drivers\RDWM1117.SYS [309888 2015-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Roland Corporation)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64880 2020-11-11] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43376 2020-06-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-06-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [28128 2020-04-21] (Unified Intents AB -> Windows (R) Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8232160 2021-08-17] (Riot Games, Inc. -> Riot Games, Inc.)
S3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2019-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2021-07-23] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [434424 2021-07-23] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-07-23] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [38176 2021-05-13] (WireGuard LLC -> WireGuard LLC)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-08-31 14:49 - 2021-08-31 14:50 - 000033724 ____C C:\Users\termi\Desktop\FRST.txt
2021-08-31 14:45 - 2021-08-31 14:45 - 000000000 ___DC C:\Users\termi\Desktop\FRST-OlderVersion
2021-08-31 13:15 - 2021-08-31 13:18 - 000000000 ____D C:\AdwCleaner
2021-08-31 13:15 - 2021-08-31 13:15 - 008553680 ____C (Malwarebytes) C:\Users\termi\Desktop\adwcleaner_8.3.0.exe
2021-08-31 09:52 - 2021-08-31 09:52 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-08-31 09:52 - 2021-08-31 09:52 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-08-31 09:52 - 2021-08-31 09:52 - 000068528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-08-30 22:31 - 2021-08-30 22:31 - 001483120 _____ (O&O Software GmbH) C:\Users\termi\Downloads\OOSU1023.exe
2021-08-30 22:31 - 2021-08-30 22:31 - 000000000 ____D C:\Users\termi\AppData\Local\OO Software
2021-08-28 16:07 - 2021-08-28 16:57 - 000038032 _____ C:\WINDOWS\system32\Drivers\EQU8_HELPER_36.sys
2021-08-28 16:07 - 2021-08-28 16:07 - 000000000 ____D C:\Users\termi\AppData\Local\PortalWars
2021-08-28 15:24 - 2021-08-28 15:24 - 000000222 ____C C:\Users\termi\Desktop\Splitgate.url
2021-08-26 19:50 - 2021-08-26 19:50 - 000007131 ____C C:\Users\termi\Desktop\malwarebytesscan.txt
2021-08-26 19:44 - 2021-08-31 14:50 - 000000000 ____D C:\FRST
2021-08-26 19:44 - 2021-08-31 14:45 - 002301440 _____ (Farbar) C:\Users\termi\Desktop\FRST64.exe
2021-08-26 18:50 - 2021-08-26 18:50 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-08-26 18:50 - 2021-08-26 18:50 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-08-26 18:50 - 2021-08-26 18:50 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-08-26 18:50 - 2021-08-26 18:50 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-08-26 18:50 - 2021-08-26 18:50 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-26 18:50 - 2021-08-26 18:50 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-26 18:50 - 2021-08-26 18:50 - 000000000 ____D C:\Users\termi\AppData\Local\mbam
2021-08-26 18:50 - 2021-08-26 18:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-08-26 18:50 - 2021-08-26 18:50 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-26 18:49 - 2021-08-26 18:49 - 002120496 _____ (Malwarebytes) C:\Users\termi\Downloads\MBSetup.exe
2021-08-26 18:35 - 2021-08-26 18:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-08-26 18:14 - 2021-08-26 18:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Ivanti
2021-08-26 18:10 - 2021-08-26 19:27 - 000000000 ____D C:\Users\Public\Security Sessions
2021-08-26 17:59 - 2021-08-26 17:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2021-08-26 17:58 - 2021-08-26 20:35 - 000000000 ____D C:\Program Files (x86)\Avira
2021-08-26 17:58 - 2021-08-26 20:28 - 000000000 ____D C:\ProgramData\Avira
2021-08-26 17:58 - 2021-08-26 18:10 - 000000000 ____D C:\Users\termi\AppData\Local\Avira
2021-08-26 17:58 - 2021-08-26 17:58 - 005901768 _____ (Avira Operations GmbH & Co. KG) C:\Users\termi\Downloads\avira_de_sptl1_1654573332-1629993478__adwg-spotlightprcupdate1-new2.exe
2021-08-26 00:20 - 2021-08-26 00:20 - 034499456 _____ (TeamViewer Germany GmbH) C:\Users\termi\Downloads\TeamViewer_Setup_x64.exe
2021-08-24 16:00 - 2021-08-24 16:00 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-08-20 18:50 - 2021-08-30 22:26 - 000000000 ____D C:\Users\termi\AppData\Roaming\Blitz
2021-08-20 18:50 - 2021-08-24 23:01 - 000000000 ____D C:\Users\termi\AppData\Local\blitz-updater
2021-08-20 18:49 - 2021-08-20 18:49 - 076770248 _____ (Blitz, Inc.) C:\Users\termi\Downloads\Blitz-1.15.32.exe
2021-08-19 17:09 - 2021-08-19 17:09 - 000000222 ____C C:\Users\termi\Desktop\The Forest.url
2021-08-18 03:00 - 2021-08-18 03:00 - 000000000 ___DC C:\Users\termi\Documents\u-he
2021-08-16 09:20 - 2021-08-16 09:20 - 000044775 _____ C:\Users\termi\Downloads\ACFrOgBSMEuoyDAfOx97hvj2vD_EvhaZTeghQaTzxERCgiyQSDH2IHCJf0eSIJX5lV3pnJPruJjZA_I4Gkyy4dQSttBm59AF1nvAUWRIMzuaKkLTju_8NDnZHsLI8EQ=.pdf
2021-08-15 20:13 - 2021-08-22 00:08 - 000000000 ___DC C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-08-15 20:13 - 2021-08-15 21:14 - 000000000 ____D C:\Users\termi\AppData\Local\Roblox
2021-08-15 20:13 - 2021-08-15 20:25 - 000000256 ____C C:\Users\termi\AppData\LocalLow\rbxcsettings.rbx
2021-08-15 20:13 - 2021-08-15 20:13 - 001666008 _____ (Roblox Corporation) C:\Users\termi\Downloads\RobloxPlayerLauncher.exe
2021-08-14 00:22 - 2021-08-14 00:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-14 00:22 - 2021-08-14 00:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-14 00:22 - 2021-08-14 00:22 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-14 00:22 - 2021-08-14 00:22 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-14 00:21 - 2021-08-14 00:21 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-14 00:21 - 2021-08-14 00:21 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-14 00:21 - 2021-08-14 00:21 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-14 00:16 - 2021-08-14 00:16 - 000000000 ___HD C:\$WinREAgent
2021-08-12 08:15 - 2021-08-12 08:26 - 000000000 ___DC C:\Users\termi\Desktop\Dokumente
2021-08-09 08:55 - 2021-08-09 08:57 - 000000000 ___DC C:\Users\termi\Desktop\Schulfremdenprüfung Leony
2021-08-05 15:37 - 2021-08-05 15:37 - 000000000 ___DC C:\Users\termi\Desktop\efi
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-08-31 14:46 - 2021-04-05 13:29 - 000000000 ____D C:\Users\termi\AppData\Local\CrashDumps
2021-08-31 14:29 - 2021-03-23 17:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-31 14:22 - 2021-03-23 18:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-31 13:18 - 2021-03-23 18:03 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-31 13:18 - 2017-12-21 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2021-08-31 09:58 - 2021-03-23 18:19 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-31 09:58 - 2021-03-23 17:53 - 000743546 _____ C:\WINDOWS\system32\perfh007.dat
2021-08-31 09:58 - 2021-03-23 17:53 - 000149968 _____ C:\WINDOWS\system32\perfc007.dat
2021-08-31 09:58 - 2021-03-23 17:51 - 000000000 ____D C:\WINDOWS\INF
2021-08-31 09:55 - 2021-05-12 22:34 - 000000000 ____D C:\Users\termi\AppData\Roaming\TeamViewer
2021-08-31 09:55 - 2021-04-20 22:59 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2021-08-31 09:52 - 2021-07-07 12:34 - 000000000 ____D C:\Program Files\TeamViewer
2021-08-31 09:52 - 2021-03-23 18:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-31 09:52 - 2020-12-14 14:23 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-31 09:52 - 2017-03-02 15:47 - 000000000 __SHD C:\Users\termi\IntelGraphicsProfiles
2021-08-31 09:52 - 2017-03-02 15:44 - 000000000 ___DC C:\Intel
2021-08-31 09:35 - 2021-03-23 17:47 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-08-31 09:34 - 2020-06-13 22:10 - 000000000 ___DC C:\Users\termi\Documents\ShareX
2021-08-31 08:51 - 2021-03-23 18:49 - 000000000 ____D C:\ProgramData\Riot Games
2021-08-30 22:28 - 2021-05-12 00:37 - 000000000 ____D C:\ProgramData\Unified Remote
2021-08-30 22:26 - 2021-03-23 18:49 - 000000000 ____D C:\Program Files (x86)\Steam
2021-08-30 22:26 - 2021-03-23 18:44 - 000000000 ____D C:\Users\termi\AppData\Roaming\discord
2021-08-30 22:16 - 2021-03-23 18:44 - 000000000 ____D C:\Users\termi\AppData\Local\Discord
2021-08-29 17:13 - 2021-05-18 12:51 - 000000032 _____ C:\Users\termi\AppData\Roaming\.machineId
2021-08-28 16:07 - 2021-04-21 08:55 - 000000000 ____D C:\Users\termi\AppData\Local\UnrealEngine
2021-08-28 16:07 - 2021-04-02 19:57 - 000000000 ____D C:\ProgramData\EQU8
2021-08-28 16:07 - 2021-03-25 22:56 - 000000000 ____D C:\Users\termi\AppData\Local\NVIDIA Corporation
2021-08-28 15:30 - 2021-06-09 14:17 - 000000000 ____D C:\Users\termi\AppData\Local\Spotify
2021-08-28 15:24 - 2017-03-02 23:56 - 000000000 ___DC C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-08-28 14:45 - 2021-06-09 14:17 - 000000000 ____D C:\Users\termi\AppData\Roaming\Spotify
2021-08-28 11:45 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-08-28 02:12 - 2021-03-23 17:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-28 02:12 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-28 02:12 - 2020-06-28 11:22 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-27 11:41 - 2021-04-30 15:47 - 000004204 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1619790436
2021-08-27 11:41 - 2021-04-30 15:47 - 000001441 ____C C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2021-08-26 20:34 - 2021-03-23 18:02 - 000438288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-26 20:25 - 2021-04-21 20:22 - 000000000 ____D C:\Users\termi\AppData\Roaming\Disc-Soft
2021-08-26 20:25 - 2021-04-21 20:22 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-08-26 20:25 - 2021-04-03 11:16 - 000004420 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-26 20:25 - 2021-03-25 22:56 - 000004194 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-26 20:25 - 2021-03-25 22:56 - 000004020 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-26 20:25 - 2021-03-25 22:56 - 000003742 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-26 20:25 - 2021-03-23 18:29 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-26 20:24 - 2021-04-16 15:18 - 000000000 ____D C:\ProgramData\Adobe
2021-08-26 20:24 - 2021-03-23 17:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-26 20:22 - 2021-04-16 15:22 - 000000000 ____D C:\Users\termi\AppData\Local\Adobe
2021-08-26 19:33 - 2021-03-23 19:29 - 000000000 ____D C:\Program Files\WinRAR
2021-08-26 19:33 - 2017-03-03 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-08-26 19:19 - 2021-04-14 16:33 - 000000000 ____D C:\Program Files\Cheat Engine 7.2
2021-08-26 19:19 - 2021-01-06 08:40 - 000000000 ___DC C:\Users\termi\AppData\LocalLow\pF2qC1gG7yH8hI1o
2021-08-26 19:06 - 2019-03-08 10:08 - 002092776 _____ C:\UkLog.dat
2021-08-26 01:07 - 2021-05-27 15:05 - 000002371 ____C C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-08-26 00:16 - 2021-04-30 14:00 - 000000000 ____D C:\Users\termi\AppData\Roaming\TS3Client
2021-08-25 14:04 - 2021-05-04 18:04 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-08-23 06:25 - 2021-03-23 18:26 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3983815968-458737157-1999859390-1001
2021-08-23 06:25 - 2021-03-23 18:10 - 000002402 ____C C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-21 20:44 - 2021-03-23 18:03 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-08-21 20:42 - 2021-05-06 11:14 - 000000000 ____D C:\Users\termi\AppData\Local\ElevatedDiagnostics
2021-08-20 22:41 - 2021-04-17 21:26 - 000000000 ____D C:\Users\termi\AppData\Roaming\.minecraft
2021-08-20 21:48 - 2021-04-17 21:26 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-08-20 19:56 - 2021-03-23 19:25 - 000000000 ____D C:\Users\termi\AppData\Local\D3DSCache
2021-08-20 19:54 - 2021-04-20 22:55 - 000000000 ____D C:\Program Files\Riot Vanguard
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-20 19:53 - 2021-03-23 17:47 - 000000000 ____D C:\WINDOWS\servicing
2021-08-20 18:50 - 2021-05-18 12:51 - 000002244 ____C C:\Users\termi\Desktop\Blitz.lnk
2021-08-20 18:50 - 2021-03-23 18:51 - 000002252 ____C C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitz.lnk
2021-08-18 03:01 - 2018-02-27 16:54 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2021-08-18 03:00 - 2021-06-19 23:53 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-08-16 00:08 - 2021-03-25 22:48 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-14 15:23 - 2021-05-01 22:14 - 000000000 ___DC C:\Users\termi\Desktop\minecraft
2021-08-14 15:20 - 2021-07-31 07:38 - 000000000 ___DC C:\Users\termi\Desktop\Bilder von Mir
2021-08-14 09:14 - 2021-04-15 19:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-08-14 00:24 - 2021-03-23 17:48 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-14 00:15 - 2021-03-25 22:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-14 00:12 - 2021-03-25 22:46 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-13 08:06 - 2021-04-03 11:16 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-12 18:33 - 2021-03-23 18:24 - 000000000 ____D C:\Users\termi\AppData\Local\Packages
2021-08-09 10:06 - 2021-03-23 18:26 - 000000000 ____D C:\Users\termi\AppData\Local\PlaceholderTileLogoFolder
2021-08-09 04:37 - 2017-03-02 15:40 - 000000000 ___RD C:\Users\termi\OneDrive
2021-08-01 14:59 - 2021-05-04 18:03 - 000000000 ____D C:\Users\termi\AppData\Local\Overwolf
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-01-17 16:04 - 2021-01-17 16:04 - 001408808 _____ (Microsoft Corporation) C:\Users\termi\vs_community__1087382636.1580554586.exe
2021-05-18 12:51 - 2021-08-29 17:13 - 000000032 _____ () C:\Users\termi\AppData\Roaming\.machineId
2021-04-30 16:27 - 2021-04-30 16:28 - 000002400 _____ () C:\Users\termi\AppData\Roaming\vibranceGUI.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 28-08-2021
durchgeführt von termi (31-08-2021 14:51:17)
Gestartet von C:\Users\termi\Desktop
Windows 10 Home Version 21H1 19043.1165 (X64) (2021-03-23 16:23:58)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-3983815968-458737157-1999859390-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3983815968-458737157-1999859390-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3983815968-458737157-1999859390-1000 - Limited - Enabled) => C:\Users\defaultuser0
Gast (S-1-5-21-3983815968-458737157-1999859390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3983815968-458737157-1999859390-1004 - Limited - Enabled)
lulus (S-1-5-21-3983815968-458737157-1999859390-1002 - Limited - Disabled)
termi (S-1-5-21-3983815968-458737157-1999859390-1001 - Administrator - Enabled) => C:\Users\termi
WDAGUtilityAccount (S-1-5-21-3983815968-458737157-1999859390-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Ableton Live 11 Suite (HKLM\...\{FB6EECE6-87D2-4538-A1CE-61CCCA7C3DCE}) (Version: 11.0.0.0 - Ableton) Hidden
Ableton Live 11 Suite (HKLM-x32\...\{92d4040b-4cb4-4710-802b-a742c194a235}) (Version: 11.0.0.0 - Ableton)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_0_1) (Version: 22.0.1.73 - Adobe Inc.)
AutoHotkey 1.1.33.09 (HKLM\...\AutoHotkey) (Version: 1.1.33.09 - Lexikos)
balenaEtcher 1.5.120 (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.120 - Balena Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blitz (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\153f8ce0-b97a-575b-ba12-4ff8b1481894) (Version: 1.15.34 - Blitz, Inc.)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
Cheat Engine 7.2 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
CurseForge (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.178.2.1 - Overwolf app)
Danger Scavenger (HKLM-x32\...\Danger Scavenger_is1) (Version: - )
Dead Island Definitive Edition (HKLM-x32\...\Dead Island Definitive Edition_is1) (Version: - )
Discord (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.4.3 - DEV47APPS)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Excel (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FabFilter Total Bundle (HKLM\...\Total Bundle_is1) (Version: 2016.11.10 - FabFilter)
FileZilla Client 3.53.1 (HKLM-x32\...\FileZilla Client) (Version: 3.53.1 - Tim Kosse)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 5.1.0.0 - Comfort Software Group)
Free Audio Converter (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.1.7.215 - Digital Wave Ltd)
Frostpunk (HKLM-x32\...\Frostpunk_is1) (Version: - )
Harver System Checker 2.0.4 (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\57ba83c7-44cc-50c5-93e2-68092ebb1ce7) (Version: 2.0.4 - Harver)
hide.me VPN 3.8.3 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 3.8.3 - eVenture Limited)
hide.me Wintun (HKLM\...\{6A3B09CD-8B4A-4A66-9C90-833023E463E9}) (Version: 0.8 - hide.me) Hidden
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF}) (Version: 17.0.109 - Intel Corporation)
IntelliJ IDEA Community Edition 2021.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 2021.1) (Version: 211.6693.111 - JetBrains s.r.o.)
Malwarebytes version 4.4.5.130 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.5.130 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.84 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.14228.20250 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.14228.20250 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{911FBC64-4C64-4B8F-A637-B34832638C86}) (Version: 1.0.0.0 - Mojang)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.5.2.503 - Native Instruments)
Native Instruments Form (HKLM-x32\...\Native Instruments Form) (Version: 1.0.1.2 - Native Instruments)
Native Instruments Kontour (HKLM-x32\...\Native Instruments Kontour) (Version: 1.0.0.4 - Native Instruments)
Native Instruments Molekular (HKLM-x32\...\Native Instruments Molekular) (Version: 1.0.0.2 - Native Instruments)
Native Instruments Monark (HKLM-x32\...\Native Instruments Monark) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Passive EQ (HKLM-x32\...\Native Instruments Passive EQ) (Version: - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.0.4.23 - Native Instruments)
Native Instruments Rounds (HKLM-x32\...\Native Instruments Rounds) (Version: 1.2.0.1 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Traktor Pro 3 (HKLM-x32\...\Native Instruments Traktor Pro 3) (Version: 3.2.1.9 - Native Instruments)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.36.6.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Grafiktreiber 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.14228.20222 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera GX Stable 78.0.4093.186 (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Opera GX 78.0.4093.186) (Version: 78.0.4093.186 - Opera Software)
Outlook (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.178.0.16 - Overwolf Ltd.)
PC-Wecker 5.00 (HKLM-x32\...\PC-Wecker_is1) (Version: - Ben Kheder-Software)
Plitch 1.1.7 (HKLM\...\d45b2222-59a8-54dc-8e4a-f1dc396456dc) (Version: 1.1.7 - MegaDev GmbH)
PowerPoint (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
QUAD-CAPTURE Driver (HKLM\...\RolandRDID0117) (Version: - Roland Corporation)
r2modman 3.1.15 (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\ac231ef6-6414-5f8d-b36f-3b57705721dd) (Version: 3.1.15 - ebkr)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for termi (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\roblox-player) (Version: - Roblox Corporation)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.5.0 - ShareX Team)
Sidify Music Converter 2.2.5 (HKLM-x32\...\Sidify Music Converter) (Version: 2.2.5 - Sidify)
Spotify (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Spotify) (Version: 1.1.66.580.gbd43cbc9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surviving Mars (HKLM-x32\...\Surviving Mars_is1) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.19.5 - TeamViewer)
Telegram Desktop Version 2.7.1 (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.1 - Telegram FZ-LLC)
TuneFab Spotify Music Converter 2.23.0 (HKLM-x32\...\{9ff685d9-8f1e-59e1-a273-b7c9e7cf0c17}) (Version: 2.23.0 - TuneFab)
u-he Hive (HKLM-x32\...\u-he Hive) (Version: 1.1.0.3898 - u-he)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.10.0 - Unified Intents AB)
VALORANT (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.4.12 - Black Tree Gaming Ltd.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Waves Complete (HKLM\...\Complete_is1) (Version: 2016.11.14 - Waves)
WeMod (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\WeMod) (Version: 7.0.19 - WeMod)
WhatsApp (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\WhatsApp) (Version: 2.2126.10 - WhatsApp)
WinRAR 6.02 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\ZoomUMX) (Version: 5.6.6 (961) - Zoom Video Communications, Inc.)
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-06] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-24] (NVIDIA Corp.)
Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.2_neutral__jc2kecmnkxwqc [2021-06-06] (word.office.com)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3983815968-458737157-1999859390-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\termi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-10-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-10-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-10-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-10-07] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\nvshext.dll [2021-07-13] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-10-07] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\termi\Cookies:YUrEA9vCOWRzE2EzPMEq59br [2336]
AlternateDataStreams: C:\Users\termi\AppData\Local\un9cVOFCI:dm5YTZWWMaWHHfeyCnbLY [2500]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2021-03-23 17:52 - 2021-05-06 22:01 - 000002408 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%INTEL_DEV_REDIST%redist\ia32_win\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3983815968-458737157-1999859390-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 217.147.55.3 - 217.147.60.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
ist aktiviert.
Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "vibranceGUI"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{2069B03B-7FF1-4A96-982C-21C221A580A1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5D97FCB8-CB3B-479A-B27C-EA8EF9359DF5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A98D41C0-2014-45BA-9221-2A49A4382785}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{21E80ADB-9D1B-4B0A-B9C6-61E1B6BA4188}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9DEEDE42-5CD0-4E9B-8CB0-AAEB3D8CC95B}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{16CD6494-5C1B-4E3B-A747-5C46B089E736}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{076F1949-7E19-4D8D-B428-EAB391B29D8F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A1D989F5-3F2B-4A62-ABC4-B0428FD26B56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{83B785E6-1CD9-4417-AFFA-1C700E24B470}] => (Allow) R:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{9516645E-D8FE-494E-A247-29CD342BE83D}] => (Allow) R:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{22523582-58A1-48BB-BC3D-1ECABE7CD1E4}] => (Allow) R:\SteamLibrary\steamapps\common\Ironsight_wpg\launcher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{6308D54A-CD1E-4F1F-95DB-C6EFE1857EDB}] => (Allow) R:\SteamLibrary\steamapps\common\Ironsight_wpg\launcher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [TCP Query User{F68FFDE7-8A85-4FE5-BE24-7BF78727B86D}C:\users\termi\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\termi\appdata\local\programs\blitz\blitz.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.)
FirewallRules: [UDP Query User{EEDB1F01-849D-4129-8C99-99C386CE3766}C:\users\termi\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\termi\appdata\local\programs\blitz\blitz.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.)
FirewallRules: [{73AD105F-4A24-4201-9ADB-02361390FDCB}] => (Allow) R:\SteamLibrary\steamapps\common\Battlerite\Battlerite.exe (Stunlock Studios AB -> )
FirewallRules: [{C3843D3A-929D-49AD-86DF-5ACDBBE744AA}] => (Allow) R:\SteamLibrary\steamapps\common\Battlerite\Battlerite.exe (Stunlock Studios AB -> )
FirewallRules: [{36D4A14A-BC1B-45E3-85EA-FF38013797FC}] => (Allow) R:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{109DCB20-2449-4F55-B3FB-DDC29B0E18EE}] => (Allow) R:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{2DFCA3C1-59CB-4A21-81E4-A1B5C576966C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TotallyAccurateBattlegrounds\TABG_Launcher.exe (Int3 Software AB -> Int3 Software AB)
FirewallRules: [{8BABF5A3-533B-4027-B335-D2B6908102BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TotallyAccurateBattlegrounds\TABG_Launcher.exe (Int3 Software AB -> Int3 Software AB)
FirewallRules: [{B8E9048E-3CF7-4338-BC74-B145C49F9DA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe () [Datei ist nicht signiert]
FirewallRules: [{8A7AC861-C5BF-443D-AD2F-2A3D86866958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe () [Datei ist nicht signiert]
FirewallRules: [{F55011BC-B80D-4894-95A0-6A28575E62BA}] => (Allow) R:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{531EFBB1-5771-46F3-B3C2-7B99934B8DCB}] => (Allow) R:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{7CFC6846-2938-497E-B824-51056B9FC2CD}] => (Allow) R:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{AE5C0D22-F432-4BFE-A2DA-B53EB78BF693}] => (Allow) R:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{4D992528-308E-4FE8-8722-63D04A2DCDC4}] => (Allow) R:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{77DD4B0D-629A-480D-8ACC-5D8136A45202}] => (Allow) R:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{F3C63D17-2A76-40A6-8541-219B1E3001C5}] => (Allow) R:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{939105BC-94BB-4DEB-BA85-DC6AC58F2BA6}] => (Allow) R:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{26979859-D796-4469-9EFA-65EB3CDCE0AB}] => (Allow) R:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> )
FirewallRules: [{11003613-C716-4162-AF7F-71B778C56DD5}] => (Allow) R:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> )
FirewallRules: [TCP Query User{2863382C-B5AE-4AB7-A14A-443D8B2B548D}C:\program files\plitch\plitch.exe] => (Allow) C:\program files\plitch\plitch.exe (MegaDev GmbH -> MegaDev GmbH)
FirewallRules: [UDP Query User{04C7D106-916E-4020-B96D-0D2F1BFD12DA}C:\program files\plitch\plitch.exe] => (Allow) C:\program files\plitch\plitch.exe (MegaDev GmbH -> MegaDev GmbH)
FirewallRules: [{C1B581CD-81EA-48D7-8992-DF98DE98B076}] => (Allow) R:\SteamLibrary\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc)
FirewallRules: [{E151ED52-2C2B-4479-9BEB-F3AB1D2F2C30}] => (Allow) R:\SteamLibrary\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc)
FirewallRules: [{C1E52C12-5909-469D-B071-2153D6F19466}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4A5B4C25-C43B-4DAF-9F5C-B17F6FED46D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C6909221-4126-42E0-81CA-0489B4452320}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{F459FD49-1899-43ED-AF1C-F8F5E13833CB}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{0D3E8B49-202D-4E46-BE0E-2B759E5247B9}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [UDP Query User{4007462C-52AE-4FF5-BBA8-99DB8E36C68F}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{0AE71AFB-42AC-48D6-8A02-1DF367929AAE}R:\games\dead island definitive edition\deadislandgame.exe] => (Block) R:\games\dead island definitive edition\deadislandgame.exe (Techland) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{F81B7FF9-D624-47F9-BAA7-572B01E631E7}R:\games\dead island definitive edition\deadislandgame.exe] => (Block) R:\games\dead island definitive edition\deadislandgame.exe (Techland) [Datei ist nicht signiert]
FirewallRules: [{036D7647-F7D4-4A24-8F57-8A21E05EB2D6}] => (Allow) R:\SteamLibrary\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [{0710C979-9553-4147-84E4-9F1D3D3FE93A}] => (Allow) R:\SteamLibrary\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [{5EA217E9-65E8-4CD1-A054-F65130A2F549}] => (Allow) R:\SteamLibrary\steamapps\common\Spellbreak\Launch_Spellbreak.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{67B460F0-B740-4DEA-B09B-5A7B562D5E46}] => (Allow) R:\SteamLibrary\steamapps\common\Spellbreak\Launch_Spellbreak.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [TCP Query User{1B6517DA-C476-44D9-A8C1-14234E3FE4DC}C:\users\termi\appdata\local\jetbrains\codewithmeclientdist\jbr_jcef-11_0_10-b1341.35-wlauncher\jbr\bin\jcef_helper.exe] => (Allow) C:\users\termi\appdata\local\jetbrains\codewithmeclientdist\jbr_jcef-11_0_10-b1341.35-wlauncher\jbr\bin\jcef_helper.exe (JetBrains s.r.o. -> )
FirewallRules: [UDP Query User{361723C2-0109-4B42-91C0-B2C38EAEA0CD}C:\users\termi\appdata\local\jetbrains\codewithmeclientdist\jbr_jcef-11_0_10-b1341.35-wlauncher\jbr\bin\jcef_helper.exe] => (Allow) C:\users\termi\appdata\local\jetbrains\codewithmeclientdist\jbr_jcef-11_0_10-b1341.35-wlauncher\jbr\bin\jcef_helper.exe (JetBrains s.r.o. -> )
FirewallRules: [TCP Query User{EDAC31D8-CF7C-4EED-B03E-48B29F3137E0}R:\call of duty modern warfare\modernwarfare.exe] => (Allow) R:\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{F7CEE603-8720-4EBD-897D-D3611C1085E0}R:\call of duty modern warfare\modernwarfare.exe] => (Allow) R:\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{D81C936C-2E14-4C24-8319-9932D6A4124B}C:\users\termi\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\termi\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{BF893C84-62E8-491C-8CF9-0E051E865A62}C:\users\termi\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\termi\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{94C92A4F-3190-48B9-B96E-1091EDD2F84A}R:\hardspace shipbreaker\shipbreaker.exe] => (Block) R:\hardspace shipbreaker\shipbreaker.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{434FBAB9-86D1-4F9F-B2AB-B08FD2E6AEDC}R:\hardspace shipbreaker\shipbreaker.exe] => (Block) R:\hardspace shipbreaker\shipbreaker.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{7C584A75-1011-4AAF-9B9B-20CED606E645}R:\games\dayz\dayzlaunch.exe] => (Allow) R:\games\dayz\dayzlaunch.exe (ZombieManiya) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{F8C42BF4-83CA-433D-A87C-55AC0366D21C}R:\games\dayz\dayzlaunch.exe] => (Allow) R:\games\dayz\dayzlaunch.exe (ZombieManiya) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{DBCE5FF8-4F82-4616-9483-FCA64012442B}R:\games\dayz\dayz_x64.exe] => (Allow) R:\games\dayz\dayz_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [UDP Query User{4FD5ED33-F1A5-4F1F-A82C-88B392055C51}R:\games\dayz\dayz_x64.exe] => (Allow) R:\games\dayz\dayz_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{FF15260E-48DF-4EA6-AA8B-D1E1B01111B9}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{2AA59EA6-21EA-41F9-84A4-A381CB0B61FB}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{C7DB2040-EA34-4448-97B3-128961C33CC6}] => (Allow) R:\SteamLibrary\steamapps\common\Valheim\valheim.exe () [Datei ist nicht signiert]
FirewallRules: [{1087E516-71FD-4F98-A478-0B9D7923FC2E}] => (Allow) R:\SteamLibrary\steamapps\common\Valheim\valheim.exe () [Datei ist nicht signiert]
FirewallRules: [{F018BEE7-7D71-4B3A-90C6-83BCBD791235}] => (Allow) C:\Users\termi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{FC96FEDE-48D4-4B05-ADCE-7A51DE55D108}C:\users\termi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\termi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{9783B719-203C-491E-A44B-6E8189B9FE8C}C:\users\termi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\termi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B06BF6F-B558-4D2D-946E-FDC4E0F00931}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CEFE696E-431E-4BDD-8F4F-DF361FB24697}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9AF4F121-77A7-4116-A390-69775B085D95}] => (Block) R:\PRODUCING\ABLETON\AhABELETTON\Program\Ableton Live 11 Suite.exe (Ableton) [Datei ist nicht signiert]
FirewallRules: [{0396CA1F-4EB4-458D-84F2-B05B285E87B4}] => (Block) R:\PRODUCING\ABLETON\AhABELETTON\Program\Ableton Live 11 Suite.exe (Ableton) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{F6D32813-C4BC-4D74-BB10-63E976919D67}C:\users\termi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\termi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{5D23A78F-4030-4E4D-A667-AE77F797D802}C:\users\termi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\termi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{E4569016-1242-4869-AB55-3BCB6FCC4123}C:\users\termi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\termi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{C03E3819-1137-4B08-9F27-DA0721BD9B1B}C:\users\termi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\termi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2F47DE4-A68B-4887-A4D0-8D0A3E11DDD0}] => (Allow) R:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe () [Datei ist nicht signiert]
FirewallRules: [{00637B8A-1556-414D-835C-CAB1D29B7FCF}] => (Allow) R:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe () [Datei ist nicht signiert]
FirewallRules: [{7A5AF2FD-76C2-45C0-8C1E-C17CA99FA6D7}] => (Allow) R:\SteamLibrary\steamapps\common\Dig or Die\DigOrDie.exe () [Datei ist nicht signiert]
FirewallRules: [{833415B8-229D-470E-9A12-D9E9AB722EAA}] => (Allow) R:\SteamLibrary\steamapps\common\Dig or Die\DigOrDie.exe () [Datei ist nicht signiert]
FirewallRules: [{0DD2C45C-B6D3-495F-A18C-0E8A18256DA2}] => (Allow) R:\SteamLibrary\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{9083BAE3-A2C1-4C57-A8B5-3208785E59E4}] => (Allow) R:\SteamLibrary\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{B707AFF9-7B29-4D8C-BD33-DA0BA6248076}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{251B6695-3AC3-41F1-87C9-180E27DBBEAD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F78F8286-347A-4C72-A8D5-F9564964EACB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{48F3855A-8189-4BD1-AAB2-92DE5A982C8C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9DCB7068-7307-4B17-8F99-15908A3643DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D6E9F4B7-60B6-44E1-90DA-F06724639359}C:\users\termi\desktop\mini motorways\mini motorways.exe] => (Allow) C:\users\termi\desktop\mini motorways\mini motorways.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{5CBC935F-3319-4E75-8B28-CF87FC2ADAF4}C:\users\termi\desktop\mini motorways\mini motorways.exe] => (Allow) C:\users\termi\desktop\mini motorways\mini motorways.exe () [Datei ist nicht signiert]
FirewallRules: [{617955B4-F905-497B-83DE-9FFA02776413}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{21432F54-68DB-4B8C-84B7-0FB9FA207CCA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C8911B7B-5DFB-43C1-B54C-FBF30A06782F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9ADAB58-6FA4-4173-8EB9-EB3C61D41534}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{BF0E2EBF-59E4-4C75-BE99-11BFD843CA73}R:\riot games\riot client\riotclientservices.exe] => (Allow) R:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{A63940AB-49C2-45E3-B471-ECD1F06FFA07}R:\riot games\riot client\riotclientservices.exe] => (Allow) R:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{3A115758-A411-4EA2-B7DF-53DEF70E2F40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [Datei ist nicht signiert]
FirewallRules: [{73F00344-16FB-44F9-9EF9-73100841688C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [Datei ist nicht signiert]
FirewallRules: [{39B19084-BC27-4E7E-8FC9-5B48A30A8F96}] => (Allow) R:\SteamLibrary\steamapps\common\Battlerite\Battlerite.exe (Stunlock Studios AB -> )
FirewallRules: [{17B4BD42-FEFA-4312-A939-C6A7EF7CD9AC}] => (Allow) R:\SteamLibrary\steamapps\common\Battlerite\Battlerite.exe (Stunlock Studios AB -> )
FirewallRules: [{1F497FA9-B7F9-4965-BE6A-19A45E9A9425}] => (Allow) R:\SteamLibrary\steamapps\common\Dig or Die\DigOrDie.exe () [Datei ist nicht signiert]
FirewallRules: [{3BE11350-3FDE-4299-92A6-908FEEDCA29E}] => (Allow) R:\SteamLibrary\steamapps\common\Dig or Die\DigOrDie.exe () [Datei ist nicht signiert]
FirewallRules: [{58E5419B-3C45-495E-B75F-18216D91D537}] => (Allow) R:\SteamLibrary\steamapps\common\Ironsight_wpg\launcher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{B52D0AB7-E479-4CDB-8DAA-C16DD341BEFE}] => (Allow) R:\SteamLibrary\steamapps\common\Ironsight_wpg\launcher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{2446425D-EBB5-44BC-B78E-FEF66C12CAF5}] => (Allow) R:\SteamLibrary\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc)
FirewallRules: [{A603BE56-E7B2-4CFE-AB47-FA8149CD632C}] => (Allow) R:\SteamLibrary\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc)
FirewallRules: [{59E1806C-0DE5-4A7C-BD28-25D6CD02DFEF}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [TCP Query User{24C02AD2-5918-4068-8908-2EE61C113CDE}C:\users\termi\appdata\local\programs\opera gx\77.0.4054.298\opera.exe] => (Allow) C:\users\termi\appdata\local\programs\opera gx\77.0.4054.298\opera.exe => Keine Datei
FirewallRules: [UDP Query User{9860210B-0F17-416E-B02A-E973D62089AE}C:\users\termi\appdata\local\programs\opera gx\77.0.4054.298\opera.exe] => (Allow) C:\users\termi\appdata\local\programs\opera gx\77.0.4054.298\opera.exe => Keine Datei
FirewallRules: [{95AB9B25-C18C-4363-AB1F-8C1134E5AC95}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FF3D0E96-0A40-4EB6-8D2D-EBC720BB39FC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{502F6868-15F0-4371-B325-CAFF24B80714}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{42FF698F-551A-410E-9BCA-EFCFEBAC18DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{627D7FC1-31AB-4CDD-91E7-421D8E7F3F9C}] => (Allow) R:\SteamLibrary\steamapps\common\The Forest\TheForest.exe () [Datei ist nicht signiert]
FirewallRules: [{31DDDCAB-A8F4-4F4A-B3C9-61CDBABA5A19}] => (Allow) R:\SteamLibrary\steamapps\common\The Forest\TheForest.exe () [Datei ist nicht signiert]
FirewallRules: [{2C7A953A-876A-43AF-B370-8FF6D0EA99D8}] => (Allow) R:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe () [Datei ist nicht signiert]
FirewallRules: [{E7851C69-D198-4417-B50A-99091FC85EF1}] => (Allow) R:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{86FC4086-6663-4D4B-BB2D-AAF855E6C02F}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{5BA2789B-7E35-4D88-B23B-4A35A0C2E9BC}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{FDAC41D7-F1F6-4876-9125-5389D8A3EF39}] => (Allow) R:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [Datei ist nicht signiert]
FirewallRules: [{E169D981-7CD4-4503-ADFF-9A7F729A3504}] => (Allow) R:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe (Chucklefish LTD) [Datei ist nicht signiert]
FirewallRules: [{5B9561C7-8B35-41FE-94E2-362E946CC04E}] => (Allow) R:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe () [Datei ist nicht signiert]
FirewallRules: [{49D95CE2-F042-4D84-9084-6909F74B1966}] => (Allow) R:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe () [Datei ist nicht signiert]
FirewallRules: [{A78D3A6B-D0D5-4F64-975E-4FEECE234483}] => (Allow) R:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe () [Datei ist nicht signiert]
FirewallRules: [{08B5B3A5-35D2-431C-8BF4-C34D698962C2}] => (Allow) R:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe () [Datei ist nicht signiert]
FirewallRules: [{25F12664-9FE7-4991-A167-DA3BA1CFFDB5}] => (Allow) R:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [Datei ist nicht signiert]
FirewallRules: [{5B8E4D2F-A891-4AF8-A54F-B357990C1CC0}] => (Allow) R:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe (Chucklefish LTD) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{460C26BF-06D7-489F-9B15-93AB91C30EA3}C:\users\termi\appdata\local\programs\opera gx\78.0.4093.153\opera.exe] => (Allow) C:\users\termi\appdata\local\programs\opera gx\78.0.4093.153\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{7EA17992-29D1-4E45-88E7-E0AECA0DCB1E}C:\users\termi\appdata\local\programs\opera gx\78.0.4093.153\opera.exe] => (Allow) C:\users\termi\appdata\local\programs\opera gx\78.0.4093.153\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E71FDC67-E5A5-4C73-80E6-9EE37C60F310}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{DFCC5B23-D1A9-4706-831C-C4DD50BB3C21}] => (Allow) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{99420762-59AA-4893-80F9-1F5C9708D893}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{9FB7F7C2-5F23-4BAF-8F9E-891CA1E53963}] => (Allow) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{AD7BD40A-429C-4625-81D8-E26B3B4DEB2E}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{2ED1BC5C-E327-4636-85FD-E528B55474D9}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F11E50C2-5CFC-4E0C-906D-68243683D65E}] => (Block) C:\Program Files (x86)\Overwolf\0.178.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{CD53D11E-70F1-4941-8EEF-76DEB6B49EE8}] => (Block) C:\Program Files (x86)\Overwolf\0.178.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{A5831ED2-08D0-4C94-9830-CE43C21D601D}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{859ED231-E126-476D-A564-237DCB0C37BE}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{88A013B7-7A15-4205-A184-0D848CCB8D59}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{CF19A340-7C55-4726-B578-FA734349A90E}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{5AAE9512-73FB-42FF-92ED-74FA1CD62B52}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{CB348152-441E-46A7-9E48-DE933103162E}] => (Block) C:\Program Files (x86)\Overwolf\0.174.87.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{A549FF6B-DD48-4BE4-B04E-929AC293B789}] => (Allow) C:\Program Files (x86)\Overwolf\0.178.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F19BD356-A456-4FBC-AB15-45C39E5FB790}] => (Allow) C:\Program Files (x86)\Overwolf\0.178.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{BB508600-4D44-47E8-A08E-71084CEE17E3}] => (Block) C:\Program Files (x86)\Overwolf\0.178.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{2B7FB5D8-C0D3-4128-90B6-956D2E2AE188}] => (Block) C:\Program Files (x86)\Overwolf\0.178.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{3C519049-5953-4EF5-89F1-DBB6793AD1BF}] => (Block) C:\Program Files (x86)\Overwolf\0.178.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{8DAC4B14-68F9-4860-BA9A-FEC252FAD882}] => (Block) C:\Program Files (x86)\Overwolf\0.178.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{0FFBB512-0136-429A-AB0B-EF596AB1D6B8}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{38EC10A5-5384-4F70-888B-85ABA5F17639}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{CA69EDC7-3CE6-4097-9D2F-52F21C7A03CE}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{E89D8454-43EC-4264-BE23-EA648491C86C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Splitgate\equ8-launcher.exe (Int3 Software AB -> Int3 Software AB)
FirewallRules: [{265C0419-9E0F-4327-8B5C-0E8ECA9B3D72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Splitgate\equ8-launcher.exe (Int3 Software AB -> Int3 Software AB)
FirewallRules: [{291FDD4D-C3D0-4099-8BA9-FA0263199A44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Splitgate\PortalWars\Binaries\Win64\PortalWars-Win64-Shipping.exe (1047 Games, LLC -> Epic Games, Inc.)
FirewallRules: [{C3F54AB0-A0EC-44D3-9796-4C06D564FAB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Splitgate\PortalWars\Binaries\Win64\PortalWars-Win64-Shipping.exe (1047 Games, LLC -> Epic Games, Inc.)
==================== Wiederherstellungspunkte =========================
03-04-2021 04:06:35 Windows Modules Installer
21-08-2021 21:32:41 Geplanter Prüfpunkt
26-08-2021 18:26:43 Driver Update
26-08-2021 18:26:52 Windows Update
26-08-2021 18:37:08 Avira System Speedup Optimierung
30-08-2021 22:33:40 O&O ShutUp10
31-08-2021 13:18:24 AdwCleaner_BeforeCleaning_31/08/2021_13:18:21
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (08/31/2021 02:46:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamtray.exe, Version: 4.0.0.1089, Zeitstempel: 0x6109559e
Name des fehlerhaften Moduls: Qt5Core.dll, Version: 5.14.1.0, Zeitstempel: 0x603971ce
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000219dc5
ID des fehlerhaften Prozesses: 0x1a40
Startzeit der fehlerhaften Anwendung: 0x01d79e3d280c7eee
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Berichtskennung: 5aa3e91e-ddaa-4329-9f1f-8a22e075fd55
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/31/2021 09:52:29 AM) (Source: NIHardwareService) (EventID: 259) (User: )
Description: MIDIDevice: Unable to unlock BMIDI DLL/driver
Error: (08/30/2021 10:35:22 PM) (Source: NIHardwareService) (EventID: 259) (User: )
Description: MIDIDevice: Unable to unlock BMIDI DLL/driver
Error: (08/30/2021 10:34:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (08/30/2021 10:34:44 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (08/30/2021 10:27:50 PM) (Source: NIHardwareService) (EventID: 259) (User: )
Description: MIDIDevice: Unable to unlock BMIDI DLL/driver
Error: (08/30/2021 10:27:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (08/30/2021 10:27:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Systemfehler:
=============
Error: (08/31/2021 01:18:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "hide.me VPN Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/31/2021 01:18:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/31/2021 01:18:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Graphics Command Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/31/2021 01:18:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "nordvpn-service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/31/2021 01:18:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Digital Wave Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/31/2021 01:18:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office Click-to-Run Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/31/2021 01:18:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NIHardwareService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/31/2021 01:18:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Windows Defender:
================
Date: 2021-08-25 22:45:30
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {EBBDE743-DE5C-4201-9551-B66CE4A18AB1}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-08-24 21:52:00
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {FB54C865-41AB-4B45-BA94-1F57F96FE025}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-08-23 23:17:31
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {F9D4C809-9B1E-4262-8E59-BCD8B3EC1523}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-08-22 22:11:10
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {4CF2E328-B873-45C9-91C9-4F738685E51D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-08-21 21:55:19
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {09437ADC-A6A2-4470-A0F0-5CF6B7377833}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
CodeIntegrity:
===============
Date: 2021-08-31 09:52:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Users\termi\AppData\Local\Programs\Opera GX\78.0.4093.186\opera.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-08-26 20:24:32
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-08-26 18:51:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Users\termi\AppData\Local\Programs\Opera GX\78.0.4093.153\opera.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-08-26 01:54:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\WaaSMedicAgent.exe) attempted to load \Device\HarddiskVolume7\Windows\System32\acaptuser64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-08-03 18:05:18
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2021-07-13 13:19:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Users\termi\AppData\Local\WhatsApp\app-2.2126.10\WhatsApp.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Overwolf\0.173.0.16\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2021-07-12 20:31:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Users\termi\AppData\Local\WhatsApp\app-2.2123.8\WhatsApp.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Overwolf\0.173.0.16\OWExplorer.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 3016 12/27/2016
Hauptplatine: ASUSTeK COMPUTER INC. H110M-A/M.2
Prozessor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 16255.11 MB
Verfügbarer physikalischer RAM: 9624.59 MB
Summe virtueller Speicher: 20863.11 MB
Verfügbarer virtueller Speicher: 11947.56 MB
==================== Laufwerke ================================
Drive c: (WIN10_1) (Fixed) (Total:231.77 GB) (Free:49.72 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:869.32 GB) NTFS
Drive f: () (Fixed) (Total:100 GB) (Free:98.05 GB) NTFS
Drive r: (Volume) (Fixed) (Total:1763.01 GB) (Free:74.34 GB) NTFS
\\?\Volume{78269f4c-e660-11e7-8ac3-704d7b2db4bc}\ (Wiederherstellung) (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{dfb2431d-ec2f-4309-968a-fd41448ddd5a}\ () (Fixed) (Total:0.57 GB) (Free:0.07 GB) NTFS
\\?\Volume{c0dc1d43-3a10-4b0a-b850-705cab2dc9c8}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 9B424CEE)
Partition 1: (Not Active) - (Size=1763 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CE219331)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
31.08.2021, 14:53
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf befall von Trojanern Scripting/Repair mit FRST64 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.08.2021, 16:15
| #25 |
| | Verdacht auf befall von TrojanernCode:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 28-08-2021
durchgeführt von termi (31-08-2021 16:49:32) Run:1
Gestartet von C:\Users\termi\Desktop
Geladene Profile: defaultuser0 & termi
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
HKLM-x32\...\Run: [Avira Security startup helper] => "C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe" DelayedStartup
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [vibranceGUI] => "C:\Users\termi\AppData\Local\Temp\Rar$EXa3644.19640\vibranceGUI.exe" -minimized <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
Task: {78772080-6D06-4E28-BDCE-184DE907ED35} - System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => Maintenance.vbs
C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle
C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip
C:\windows\system32\Maintenance.vbs
C:\Program Files (x86)\Adobe\Acrobat 9.0
C:\Users\termi\AppData\LocalLow\pF2qC1gG7yH8hI1o
C:\ProgramData\Avira
C:\Program Files (x86)\Avira
C:\Users\ProgramData\AppData\Local\Avira
C:\Users\Default\AppData\Local\Avira
C:\Users\defaultuser0\AppData\Local\Avira
C:\Users\Public\AppData\Local\Avira
C:\Users\termi\AppData\Local\Avira
C:\WINDOWS\system32\Tasks\Avira
C:\WINDOWS\system32\Tasks\Avira_Security_Update
C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate
cmd: reg query "HKCU\Environment"
cmd: reg query "HKCU\Software"
cmd: netsh advfirewall reset
emptytemp:
*****************
Prozesse erfolgreich geschlossen.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Avira Security startup helper" => erfolgreich entfernt
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0" => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => erfolgreich entfernt
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\ProgramData\NTUSER.pol => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Microsoft\Edge => erfolgreich entfernt
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\SOFTWARE\Policies\Microsoft\Edge => erfolgreich entfernt
"HKU\S-1-5-21-3983815968-458737157-1999859390-1001\Software\Microsoft\Windows\CurrentVersion\Run\\vibranceGUI" => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78772080-6D06-4E28-BDCE-184DE907ED35}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78772080-6D06-4E28-BDCE-184DE907ED35}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\InstallWinSAT" => erfolgreich entfernt
C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle => erfolgreich verschoben
C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip => erfolgreich verschoben
"C:\windows\system32\Maintenance.vbs" => nicht gefunden
C:\Program Files (x86)\Adobe\Acrobat 9.0 => erfolgreich verschoben
C:\Users\termi\AppData\LocalLow\pF2qC1gG7yH8hI1o => erfolgreich verschoben
C:\ProgramData\Avira => erfolgreich verschoben
C:\Program Files (x86)\Avira => erfolgreich verschoben
"C:\Users\ProgramData\AppData\Local\Avira" => nicht gefunden
"C:\Users\Default\AppData\Local\Avira" => nicht gefunden
"C:\Users\defaultuser0\AppData\Local\Avira" => nicht gefunden
"C:\Users\Public\AppData\Local\Avira" => nicht gefunden
C:\Users\termi\AppData\Local\Avira => erfolgreich verschoben
C:\WINDOWS\system32\Tasks\Avira => erfolgreich verschoben
"C:\WINDOWS\system32\Tasks\Avira_Security_Update" => nicht gefunden
"C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate" => nicht gefunden
========= reg query "HKCU\Environment" =========
HKEY_CURRENT_USER\Environment
Path REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
TEMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
OneDrive REG_EXPAND_SZ C:\Users\termi\OneDrive
OneDriveConsumer REG_EXPAND_SZ C:\Users\termi\OneDrive
========= Ende von CMD: =========
========= reg query "HKCU\Software" =========
HKEY_CURRENT_USER\Software\153f8ce0-b97a-575b-ba12-4ff8b1481894
HKEY_CURRENT_USER\Software\57ba83c7-44cc-50c5-93e2-68092ebb1ce7
HKEY_CURRENT_USER\Software\Ableton
HKEY_CURRENT_USER\Software\ac231ef6-6414-5f8d-b36f-3b57705721dd
HKEY_CURRENT_USER\Software\Adobe
HKEY_CURRENT_USER\Software\Akeo Consulting
HKEY_CURRENT_USER\Software\AM
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\Asmodee
HKEY_CURRENT_USER\Software\Avira
HKEY_CURRENT_USER\Software\Azureus
HKEY_CURRENT_USER\Software\Blackbird Interactive
HKEY_CURRENT_USER\Software\Blizzard Entertainment
HKEY_CURRENT_USER\Software\Broken Arrow Games
HKEY_CURRENT_USER\Software\BugSplat
HKEY_CURRENT_USER\Software\Cheat Engine
HKEY_CURRENT_USER\Software\Chromium
HKEY_CURRENT_USER\Software\Clients
HKEY_CURRENT_USER\Software\Clock
HKEY_CURRENT_USER\Software\ComfortSoftware
HKEY_CURRENT_USER\Software\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b
HKEY_CURRENT_USER\Software\Digital Extremes
HKEY_CURRENT_USER\Software\Dinosaur Polo Club
HKEY_CURRENT_USER\Software\Disc Soft
HKEY_CURRENT_USER\Software\Discord
HKEY_CURRENT_USER\Software\DVDVideoSoft
HKEY_CURRENT_USER\Software\ej-technologies
HKEY_CURRENT_USER\Software\Epic Games
HKEY_CURRENT_USER\Software\EPSON
HKEY_CURRENT_USER\Software\FabFilter
HKEY_CURRENT_USER\Software\Gaddy Games
HKEY_CURRENT_USER\Software\GOG.com
HKEY_CURRENT_USER\Software\Google
HKEY_CURRENT_USER\Software\Haemimont Games
HKEY_CURRENT_USER\Software\IM Providers
HKEY_CURRENT_USER\Software\Intel
HKEY_CURRENT_USER\Software\IronGate
HKEY_CURRENT_USER\Software\iSkysoft
HKEY_CURRENT_USER\Software\iZotope
HKEY_CURRENT_USER\Software\KoeiTecmo
HKEY_CURRENT_USER\Software\Landfall Games
HKEY_CURRENT_USER\Software\LAV
HKEY_CURRENT_USER\Software\Licenses
HKEY_CURRENT_USER\Software\Logitech
HKEY_CURRENT_USER\Software\Ludeon Studios
HKEY_CURRENT_USER\Software\Madruga Works
HKEY_CURRENT_USER\Software\Magnet
HKEY_CURRENT_USER\Software\Malwarebytes
HKEY_CURRENT_USER\Software\MegaDev
HKEY_CURRENT_USER\Software\Microsoft
HKEY_CURRENT_USER\Software\Mojang
HKEY_CURRENT_USER\Software\MPC-HC
HKEY_CURRENT_USER\Software\Native Instruments
HKEY_CURRENT_USER\Software\Netscape
HKEY_CURRENT_USER\Software\NVIDIA Corporation
HKEY_CURRENT_USER\Software\ODBC
HKEY_CURRENT_USER\Software\Opera Software
HKEY_CURRENT_USER\Software\Overwolf
HKEY_CURRENT_USER\Software\PACE Anti-Piracy
HKEY_CURRENT_USER\Software\PhoenixPacs
HKEY_CURRENT_USER\Software\PocketPair
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software\QtProject
HKEY_CURRENT_USER\Software\Realtek
HKEY_CURRENT_USER\Software\RegisteredApplications
HKEY_CURRENT_USER\Software\ROBLOX Corporation
HKEY_CURRENT_USER\Software\Roland
HKEY_CURRENT_USER\Software\Spotify
HKEY_CURRENT_USER\Software\SPS
HKEY_CURRENT_USER\Software\Star Drifters
HKEY_CURRENT_USER\Software\SyncEngines
HKEY_CURRENT_USER\Software\TCP Optimizer
HKEY_CURRENT_USER\Software\TeamViewer
HKEY_CURRENT_USER\Software\TelegramDesktop
HKEY_CURRENT_USER\Software\Toukana Interactive
HKEY_CURRENT_USER\Software\TuneFab Spotify Music Converter
HKEY_CURRENT_USER\Software\U-HE
HKEY_CURRENT_USER\Software\Unity
HKEY_CURRENT_USER\Software\Valve
HKEY_CURRENT_USER\Software\WinRAR
HKEY_CURRENT_USER\Software\WinRAR SFX
HKEY_CURRENT_USER\Software\Wondershare
HKEY_CURRENT_USER\Software\WOW6432Node
HKEY_CURRENT_USER\Software\ZoomUMX
HKEY_CURRENT_USER\Software\{2F37A49C-3AFA-D13D-DF75-C7D820A7145F}
HKEY_CURRENT_USER\Software\{7DEA5C45-B1B9-BB60-C6ED-0095FBB3705F}
HKEY_CURRENT_USER\Software\{97B20F72-D896-AEED-5FA1-988DD7983EDB}
HKEY_CURRENT_USER\Software\Classes
========= Ende von CMD: =========
========= netsh advfirewall reset =========
OK.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53597098 B
Java, Flash, Steam htmlcache => 346553950 B
Windows/system/drivers => 8615609 B
Edge => 8118319 B
Chrome => 484028505 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 77308 B
NetworkService => 407102 B
defaultuser0 => 407102 B
termi => 197321696 B
RecycleBin => 270484 B
EmptyTemp: => 1 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 16:50:14 ====
|
|
31.08.2021, 21:16
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf befall von Trojanern Zur Kontrolle bitte nochmal Windows neu starten und wieder ne neue FRST.txt und Addition.txt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.09.2021, 08:11
| #27 |
| | Verdacht auf befall von Trojanern Schönen Guten Morgen :-) Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2021
durchgeführt von termi (Administrator) auf MISTERSUN (01-09-2021 09:07:25)
Gestartet von C:\Users\termi\Desktop
Geladene Profile: termi
Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Opera
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Comfort Software Group -> Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(eVenture Limited -> eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\GfxDownloadWrapper.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHeciSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\termi\AppData\Local\Programs\Opera GX\78.0.4093.186\opera.exe <19>
(Opera Software AS -> Opera Software) C:\Users\termi\AppData\Local\Programs\Opera GX\78.0.4093.186\opera_crashreporter.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(ShareX Team) [Datei ist nicht signiert] C:\Program Files\ShareX\ShareX.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(Unified Intents AB -> Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [835136 2018-11-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3180256 2021-08-17] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-09-14] (Adobe Inc. -> )
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Discord] => C:\Users\termi\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1806680 2021-08-12] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\termi\AppData\Local\Microsoft\Teams\Update.exe [2455264 2021-08-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Spotify] => C:\Users\termi\AppData\Roaming\Spotify\Spotify.exe [24731784 2021-08-24] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [com.blitz.app] => C:\Users\termi\AppData\Local\Programs\Blitz\Blitz.exe [122577672 2021-08-31] (Swift Media Entertainment, Inc. -> Blitz, Inc.)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [8514512 2021-03-30] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3243784 2021-02-22] (Unified Intents AB -> Unified Intents AB)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\termi\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\MountPoints2: {80388fa7-1736-11e7-8a88-704d7b2db4bc} - "G:\setup.exe"
HKLM\...\Windows x64\Print Processors\Canon PIXMA iP4000 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD64.DLL [31744 2005-09-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor PIXMA iP4000: C:\WINDOWS\system32\CNMLM64.DLL [245248 2005-09-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2021-03-26]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [Datei ist nicht signiert]
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {05A2FEC2-1C2C-4773-AA3B-286113F6B073} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2483032 2021-08-12] (Overwolf Ltd -> Overwolf LTD)
Task: {17752473-9109-4EA6-9FC3-BC432A5F0A2A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113496 2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B2EBBF5-585C-4F1D-8324-84CED127CECC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5D428151-ADD0-4928-9671-B53C9F3DDE1E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {699A37EB-0B9C-49FE-B6F1-7008A4CB3959} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {74A9055D-ABC6-4A96-BE7C-1085A4DBC692} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21858176 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {79714970-3FA9-4706-9C99-C4C9EB1AC1BD} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1621345670 => C:\Users\termi\AppData\Local\Programs\Opera GX\launcher.exe [3774160 2021-08-25] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\termi\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {797F3A86-3924-4981-9A1E-1AC4B75081E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [5439384 2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8557749A-35AD-4AC9-8403-1D2ADE4B865F} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {880A8237-7692-492D-A102-607F82FC5DEE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8980E3BC-3724-4DF9-968E-06A757235055} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97418155-1665-434C-8D24-16EF744E4ECF} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {974B6DF1-6BEE-4B68-A1C1-7E13C524D357} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21858176 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {97D8E99F-8F55-45E2-8E2F-7A7D059E5FF7} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {A0E1A034-6886-4730-8969-FDBF867B1BD1} - System32\Tasks\Opera GX scheduled Autoupdate 1619790436 => C:\Users\termi\AppData\Local\Programs\Opera GX\launcher.exe [3774160 2021-08-25] (Opera Software AS -> Opera Software)
Task: {B43F773F-A4A7-49E7-8630-178B7E6D5A0E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [5439384 2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCC9DA24-2791-42CB-BC0A-7670923CFCC7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CF31B2BF-4704-45FE-A305-D904A65A3442} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D713615F-9C01-439C-AEDE-D55D0E207756} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113496 2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F69C8215-5B1F-44A5-ACB3-D040277B8B8D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 217.147.55.3 217.147.60.5
Tcpip\..\Interfaces\{fe70adbd-29a4-48d7-9244-369e6eea9ff0}: [DhcpNameServer] 217.147.55.3 217.147.60.5
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-01]
Edge HomePage: Default -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
Edge Extension: (Outlook) - C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-04-03]
Edge Extension: (Word) - C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-04-03]
Edge Extension: (Excel) - C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-04-03]
Edge Extension: (PowerPoint) - C:\Users\termi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-04-03]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default [2021-08-31]
CHR Notifications: Default -> hxxps://www6.todhamilton.pro
CHR Extension: (Präsentationen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-23]
CHR Extension: (Docs) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-23]
CHR Extension: (Google Drive) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-23]
CHR Extension: (Earth View from Google Earth) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2021-03-23]
CHR Extension: (James White) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2021-03-23]
CHR Extension: (YouTube) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-23]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-20]
CHR Extension: (Adblock für Youtube™) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-05-20]
CHR Extension: (Tabellen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-23]
CHR Extension: (Google Docs Offline) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-03]
CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-07-03]
CHR Extension: (Tinder) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejiihbkifllpgdfndalmghiodgkefan [2021-03-23]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2021-03-23]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2021-03-23]
CHR Extension: (Fair AdBlocker) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2021-03-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-23]
CHR Extension: (Hover Zoom+) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2021-07-26]
CHR Extension: (Google Mail) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-23]
CHR Extension: (Chrome Media Router) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-11]
CHR Profile: C:\Users\termi\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-08-31]
CHR Profile: C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-08-31]
CHR Extension: (Präsentationen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-23]
CHR Extension: (Docs) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-23]
CHR Extension: (Google Drive) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-23]
CHR Extension: (YouTube) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-23]
CHR Extension: (Tabellen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-23]
CHR Extension: (Google Docs Offline) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-23]
CHR Extension: (Google Mail) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-23]
CHR Extension: (Chrome Media Router) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-14]
CHR Profile: C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-08-31]
CHR Extension: (Präsentationen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-14]
CHR Extension: (Docs) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-14]
CHR Extension: (Google Drive) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-14]
CHR Extension: (YouTube) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-14]
CHR Extension: (Tabellen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-14]
CHR Extension: (Google Mail) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\termi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-14]
CHR Profile: C:\Users\termi\AppData\Local\Google\Chrome\User Data\System Profile [2021-08-31]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-3983815968-458737157-1999859390-1001) Opera GXStable - "C:\Users\termi\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8895512 2021-05-11] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9166736 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-02-16] (Digital Wave Ltd -> Digital Wave Ltd.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-03-06] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EQU8_19; C:\ProgramData\EQU8\Totally Accurate Battlegrounds\bin\anticheat.x64.equ8.exe [5673048 2021-04-02] (Int3 Software AB -> Int3 Software AB)
S3 EQU8_36; C:\ProgramData\EQU8\Splitgate\bin\anticheat.x64.equ8.exe [6161552 2021-08-28] (Int3 Software AB -> Int3 Software AB)
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [145744 2021-05-05] (eVenture Limited -> eVenture Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7497336 2021-08-26] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeElevationService1d77dbb2c5be210; C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.84\elevation_service.exe [1640352 2021-08-26] (Microsoft Corporation -> Microsoft Corporation)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [277688 2021-04-21] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2483032 2021-08-12] (Overwolf Ltd -> Overwolf LTD)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-06-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14676264 2021-07-01] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10112672 2021-08-17] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-07-23] (Microsoft Windows Publisher -> Microsoft Corporation)
U2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-07-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.70\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AsusVBus; C:\WINDOWS\System32\drivers\AsusVBus.sys [39704 2017-01-09] (ASUSTeK Computer Inc. -> Windows (R) Win 7 DDK provider)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [84472 2017-01-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
S3 BrSerIb; C:\WINDOWS\System32\drivers\BrSerIb.sys [95344 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\WINDOWS\System32\drivers\BrUsbSIb.sys [21872 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-12-14] (Microsoft Corporation) [Datei ist nicht signiert]
S3 Bulk; C:\WINDOWS\System32\Drivers\HDJBulk.sys [354824 2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> © Guillemot R&D, 2018. All rights reserved.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\System32\drivers\Dot4.sys [146856 2015-03-10] (BoiseTest -> Windows (R) Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\System32\drivers\dot4usb.sys [43944 2015-03-10] (BoiseTest -> Microsoft Corporation)
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 EQU8_HELPER_19; C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_19.sys [38032 2021-04-12] (Int3 Software AB -> )
S3 EQU8_HELPER_36; C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_36.sys [38032 2021-08-28] (Int3 Software AB -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 HDJAsioK; C:\WINDOWS\System32\Drivers\HDJAsioK.sys [334344 2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> © Guillemot R&D, 2018. All rights reserved.)
S3 HDJCtrl; C:\WINDOWS\System32\Drivers\HDJCtrl.sys [72712 2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> © Guillemot R&D, 2017. All rights reserved.)
S3 HDJMidi; C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [287240 2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> © Guillemot R&D, 2018. All rights reserved.)
R1 hideFirewall; C:\WINDOWS\System32\drivers\hideFirewall.sys [99824 2021-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [40960 2021-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 HWHandSet; C:\WINDOWS\System32\drivers\hw_quusbmdm.sys [226560 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\WINDOWS\System32\drivers\hw_cdcacm.sys [127360 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hw_usbdev; C:\WINDOWS\System32\drivers\hw_usbdev.sys [116864 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 MAUSBMIDI; C:\WINDOWS\System32\drivers\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio -> M-Audio)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-26] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-09-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [68528 2021-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-03-28] (TEFINCOM S.A. -> )
S3 niks4m2usb; C:\WINDOWS\System32\drivers\niks4m2usb.sys [104304 2015-09-04] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2021-05-13] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 RDID1117; C:\WINDOWS\system32\Drivers\RDWM1117.SYS [309888 2015-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Roland Corporation)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64880 2020-11-11] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43376 2020-06-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-06-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [28128 2020-04-21] (Unified Intents AB -> Windows (R) Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8232160 2021-08-17] (Riot Games, Inc. -> Riot Games, Inc.)
S3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2019-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-07-23] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-07-23] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-07-23] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [38176 2021-05-13] (WireGuard LLC -> WireGuard LLC)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-09-01 09:07 - 2021-09-01 09:08 - 000033431 ____C C:\Users\termi\Desktop\FRST.txt
2021-09-01 09:06 - 2021-09-01 09:06 - 000068528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-09-01 09:06 - 2021-09-01 09:06 - 000000000 ___DC C:\Users\termi\AppData\LocalLow\IGDump
2021-09-01 09:05 - 2021-09-01 09:05 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-09-01 09:05 - 2021-09-01 09:05 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-08-31 17:08 - 2021-08-31 17:08 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-08-31 14:45 - 2021-08-31 14:45 - 000000000 ___DC C:\Users\termi\Desktop\FRST-OlderVersion
2021-08-31 13:15 - 2021-08-31 13:18 - 000000000 ____D C:\AdwCleaner
2021-08-31 13:15 - 2021-08-31 13:15 - 008553680 ____C (Malwarebytes) C:\Users\termi\Desktop\adwcleaner_8.3.0.exe
2021-08-30 22:31 - 2021-08-30 22:31 - 001483120 _____ (O&O Software GmbH) C:\Users\termi\Downloads\OOSU1023.exe
2021-08-30 22:31 - 2021-08-30 22:31 - 000000000 ____D C:\Users\termi\AppData\Local\OO Software
2021-08-28 16:07 - 2021-08-28 16:57 - 000038032 _____ C:\WINDOWS\system32\Drivers\EQU8_HELPER_36.sys
2021-08-28 16:07 - 2021-08-28 16:07 - 000000000 ____D C:\Users\termi\AppData\Local\PortalWars
2021-08-28 15:24 - 2021-08-28 15:24 - 000000222 ____C C:\Users\termi\Desktop\Splitgate.url
2021-08-26 19:44 - 2021-09-01 09:07 - 000000000 ____D C:\FRST
2021-08-26 19:44 - 2021-08-31 14:45 - 002301440 _____ (Farbar) C:\Users\termi\Desktop\FRST64.exe
2021-08-26 18:50 - 2021-08-26 18:50 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-08-26 18:50 - 2021-08-26 18:50 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-08-26 18:50 - 2021-08-26 18:50 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-08-26 18:50 - 2021-08-26 18:50 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-08-26 18:50 - 2021-08-26 18:50 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-26 18:50 - 2021-08-26 18:50 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-26 18:50 - 2021-08-26 18:50 - 000000000 ____D C:\Users\termi\AppData\Local\mbam
2021-08-26 18:50 - 2021-08-26 18:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-08-26 18:50 - 2021-08-26 18:50 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-26 18:49 - 2021-08-26 18:49 - 002120496 _____ (Malwarebytes) C:\Users\termi\Downloads\MBSetup.exe
2021-08-26 18:14 - 2021-08-26 18:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Ivanti
2021-08-26 18:10 - 2021-08-26 19:27 - 000000000 ____D C:\Users\Public\Security Sessions
2021-08-26 17:59 - 2021-08-26 17:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2021-08-26 17:58 - 2021-08-26 17:58 - 005901768 _____ (Avira Operations GmbH & Co. KG) C:\Users\termi\Downloads\avira_de_sptl1_1654573332-1629993478__adwg-spotlightprcupdate1-new2.exe
2021-08-26 00:20 - 2021-08-26 00:20 - 034499456 _____ (TeamViewer Germany GmbH) C:\Users\termi\Downloads\TeamViewer_Setup_x64.exe
2021-08-24 16:00 - 2021-08-24 16:00 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-08-20 18:50 - 2021-09-01 09:05 - 000000000 ____D C:\Users\termi\AppData\Roaming\Blitz
2021-08-20 18:50 - 2021-08-24 23:01 - 000000000 ____D C:\Users\termi\AppData\Local\blitz-updater
2021-08-20 18:49 - 2021-08-20 18:49 - 076770248 _____ (Blitz, Inc.) C:\Users\termi\Downloads\Blitz-1.15.32.exe
2021-08-19 17:09 - 2021-08-19 17:09 - 000000222 ____C C:\Users\termi\Desktop\The Forest.url
2021-08-18 03:00 - 2021-08-18 03:00 - 000000000 ___DC C:\Users\termi\Documents\u-he
2021-08-16 09:20 - 2021-08-16 09:20 - 000044775 _____ C:\Users\termi\Downloads\ACFrOgBSMEuoyDAfOx97hvj2vD_EvhaZTeghQaTzxERCgiyQSDH2IHCJf0eSIJX5lV3pnJPruJjZA_I4Gkyy4dQSttBm59AF1nvAUWRIMzuaKkLTju_8NDnZHsLI8EQ=.pdf
2021-08-15 20:13 - 2021-08-22 00:08 - 000000000 ___DC C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-08-15 20:13 - 2021-08-15 21:14 - 000000000 ____D C:\Users\termi\AppData\Local\Roblox
2021-08-15 20:13 - 2021-08-15 20:25 - 000000256 ____C C:\Users\termi\AppData\LocalLow\rbxcsettings.rbx
2021-08-15 20:13 - 2021-08-15 20:13 - 001666008 _____ (Roblox Corporation) C:\Users\termi\Downloads\RobloxPlayerLauncher.exe
2021-08-14 00:22 - 2021-08-14 00:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-14 00:22 - 2021-08-14 00:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-14 00:22 - 2021-08-14 00:22 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-14 00:22 - 2021-08-14 00:22 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-14 00:21 - 2021-08-14 00:21 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-14 00:21 - 2021-08-14 00:21 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-14 00:21 - 2021-08-14 00:21 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-14 00:16 - 2021-08-14 00:16 - 000000000 ___HD C:\$WinREAgent
2021-08-12 08:15 - 2021-08-12 08:26 - 000000000 ___DC C:\Users\termi\Desktop\Dokumente
2021-08-09 08:55 - 2021-08-09 08:57 - 000000000 ___DC C:\Users\termi\Desktop\Schulfremdenprüfung Leony
2021-08-05 15:37 - 2021-08-05 15:37 - 000000000 ___DC C:\Users\termi\Desktop\efi
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-09-01 09:08 - 2021-04-20 22:59 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2021-09-01 09:07 - 2021-03-23 18:03 - 000000000 ____D C:\ProgramData\NVIDIA
2021-09-01 09:05 - 2021-07-07 12:34 - 000000000 ____D C:\Program Files\TeamViewer
2021-09-01 09:05 - 2021-03-23 18:44 - 000000000 ____D C:\Users\termi\AppData\Roaming\discord
2021-09-01 09:05 - 2021-03-23 18:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-01 09:05 - 2021-03-23 17:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-01 09:05 - 2021-03-23 17:47 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-09-01 09:05 - 2020-12-14 14:23 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-01 09:05 - 2020-06-13 22:10 - 000000000 ___DC C:\Users\termi\Documents\ShareX
2021-09-01 09:05 - 2017-03-02 15:47 - 000000000 __SHD C:\Users\termi\IntelGraphicsProfiles
2021-09-01 09:05 - 2017-03-02 15:44 - 000000000 ___DC C:\Intel
2021-09-01 08:33 - 2021-03-23 18:49 - 000000000 ____D C:\ProgramData\Riot Games
2021-09-01 08:27 - 2021-06-09 14:17 - 000000000 ____D C:\Users\termi\AppData\Roaming\Spotify
2021-09-01 08:21 - 2021-03-23 18:44 - 000000000 ____D C:\Users\termi\AppData\Local\Discord
2021-09-01 08:00 - 2021-03-23 18:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-31 22:31 - 2021-05-12 00:37 - 000000000 ____D C:\ProgramData\Unified Remote
2021-08-31 21:30 - 2021-05-06 11:14 - 000000000 ____D C:\Users\termi\AppData\Local\ElevatedDiagnostics
2021-08-31 21:27 - 2021-06-09 14:17 - 000000000 ____D C:\Users\termi\AppData\Local\Spotify
2021-08-31 21:27 - 2021-05-18 12:51 - 000000032 _____ C:\Users\termi\AppData\Roaming\.machineId
2021-08-31 17:14 - 2021-03-23 18:19 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-31 17:14 - 2021-03-23 17:53 - 000743546 _____ C:\WINDOWS\system32\perfh007.dat
2021-08-31 17:14 - 2021-03-23 17:53 - 000149968 _____ C:\WINDOWS\system32\perfc007.dat
2021-08-31 17:14 - 2021-03-23 17:51 - 000000000 ____D C:\WINDOWS\INF
2021-08-31 16:49 - 2021-04-16 15:18 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-08-31 16:49 - 2021-03-23 17:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-08-31 16:49 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-08-31 16:49 - 2017-03-11 12:21 - 000000000 ___DC C:\Users\termi\AppData\LocalLow\Temp
2021-08-31 15:29 - 2021-04-15 19:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-08-31 14:46 - 2021-04-05 13:29 - 000000000 ____D C:\Users\termi\AppData\Local\CrashDumps
2021-08-31 13:18 - 2017-12-21 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2021-08-31 09:55 - 2021-05-12 22:34 - 000000000 ____D C:\Users\termi\AppData\Roaming\TeamViewer
2021-08-30 22:26 - 2021-03-23 18:49 - 000000000 ____D C:\Program Files (x86)\Steam
2021-08-28 16:07 - 2021-04-21 08:55 - 000000000 ____D C:\Users\termi\AppData\Local\UnrealEngine
2021-08-28 16:07 - 2021-04-02 19:57 - 000000000 ____D C:\ProgramData\EQU8
2021-08-28 16:07 - 2021-03-25 22:56 - 000000000 ____D C:\Users\termi\AppData\Local\NVIDIA Corporation
2021-08-28 15:24 - 2017-03-02 23:56 - 000000000 ___DC C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-08-28 11:45 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-08-28 02:12 - 2021-03-23 17:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-28 02:12 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-28 02:12 - 2020-06-28 11:22 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-27 11:41 - 2021-04-30 15:47 - 000004204 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1619790436
2021-08-27 11:41 - 2021-04-30 15:47 - 000001441 ____C C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2021-08-26 20:34 - 2021-03-23 18:02 - 000438288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-26 20:25 - 2021-04-21 20:22 - 000000000 ____D C:\Users\termi\AppData\Roaming\Disc-Soft
2021-08-26 20:25 - 2021-04-21 20:22 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-08-26 20:25 - 2021-04-03 11:16 - 000004420 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-26 20:25 - 2021-03-25 22:56 - 000004194 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-26 20:25 - 2021-03-25 22:56 - 000004020 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-26 20:25 - 2021-03-25 22:56 - 000003742 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-26 20:25 - 2021-03-23 18:29 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-26 20:24 - 2021-04-16 15:18 - 000000000 ____D C:\ProgramData\Adobe
2021-08-26 20:24 - 2021-03-23 17:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-26 20:22 - 2021-04-16 15:22 - 000000000 ____D C:\Users\termi\AppData\Local\Adobe
2021-08-26 19:33 - 2021-03-23 19:29 - 000000000 ____D C:\Program Files\WinRAR
2021-08-26 19:33 - 2017-03-03 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-08-26 19:19 - 2021-04-14 16:33 - 000000000 ____D C:\Program Files\Cheat Engine 7.2
2021-08-26 19:06 - 2019-03-08 10:08 - 002092776 _____ C:\UkLog.dat
2021-08-26 01:07 - 2021-05-27 15:05 - 000002371 ____C C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-08-26 00:16 - 2021-04-30 14:00 - 000000000 ____D C:\Users\termi\AppData\Roaming\TS3Client
2021-08-25 14:04 - 2021-05-04 18:04 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-08-23 06:25 - 2021-03-23 18:26 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3983815968-458737157-1999859390-1001
2021-08-23 06:25 - 2021-03-23 18:10 - 000002402 ____C C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-21 20:44 - 2021-03-23 18:03 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-08-20 22:41 - 2021-04-17 21:26 - 000000000 ____D C:\Users\termi\AppData\Roaming\.minecraft
2021-08-20 21:48 - 2021-04-17 21:26 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-08-20 19:56 - 2021-03-23 19:25 - 000000000 ____D C:\Users\termi\AppData\Local\D3DSCache
2021-08-20 19:54 - 2021-04-20 22:55 - 000000000 ____D C:\Program Files\Riot Vanguard
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-20 19:53 - 2021-03-23 17:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-20 19:53 - 2021-03-23 17:47 - 000000000 ____D C:\WINDOWS\servicing
2021-08-20 18:50 - 2021-05-18 12:51 - 000002244 ____C C:\Users\termi\Desktop\Blitz.lnk
2021-08-20 18:50 - 2021-03-23 18:51 - 000002252 ____C C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitz.lnk
2021-08-18 03:01 - 2018-02-27 16:54 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2021-08-18 03:00 - 2021-06-19 23:53 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-08-16 00:08 - 2021-03-25 22:48 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-14 15:23 - 2021-05-01 22:14 - 000000000 ___DC C:\Users\termi\Desktop\minecraft
2021-08-14 15:20 - 2021-07-31 07:38 - 000000000 ___DC C:\Users\termi\Desktop\Bilder von Mir
2021-08-14 00:24 - 2021-03-23 17:48 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-14 00:15 - 2021-03-25 22:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-14 00:12 - 2021-03-25 22:46 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-13 08:06 - 2021-04-03 11:16 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-12 18:33 - 2021-03-23 18:24 - 000000000 ____D C:\Users\termi\AppData\Local\Packages
2021-08-09 10:06 - 2021-03-23 18:26 - 000000000 ____D C:\Users\termi\AppData\Local\PlaceholderTileLogoFolder
2021-08-09 04:37 - 2017-03-02 15:40 - 000000000 ___RD C:\Users\termi\OneDrive
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-01-17 16:04 - 2021-01-17 16:04 - 001408808 _____ (Microsoft Corporation) C:\Users\termi\vs_community__1087382636.1580554586.exe
2021-05-18 12:51 - 2021-08-31 21:27 - 000000032 _____ () C:\Users\termi\AppData\Roaming\.machineId
2021-04-30 16:27 - 2021-04-30 16:28 - 000002400 _____ () C:\Users\termi\AppData\Roaming\vibranceGUI.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 28-08-2021
durchgeführt von termi (01-09-2021 09:09:03)
Gestartet von C:\Users\termi\Desktop
Windows 10 Home Version 21H1 19043.1165 (X64) (2021-03-23 16:23:58)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-3983815968-458737157-1999859390-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3983815968-458737157-1999859390-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3983815968-458737157-1999859390-1000 - Limited - Enabled) => C:\Users\defaultuser0
Gast (S-1-5-21-3983815968-458737157-1999859390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3983815968-458737157-1999859390-1004 - Limited - Enabled)
lulus (S-1-5-21-3983815968-458737157-1999859390-1002 - Limited - Disabled)
termi (S-1-5-21-3983815968-458737157-1999859390-1001 - Administrator - Enabled) => C:\Users\termi
WDAGUtilityAccount (S-1-5-21-3983815968-458737157-1999859390-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Ableton Live 11 Suite (HKLM\...\{FB6EECE6-87D2-4538-A1CE-61CCCA7C3DCE}) (Version: 11.0.0.0 - Ableton) Hidden
Ableton Live 11 Suite (HKLM-x32\...\{92d4040b-4cb4-4710-802b-a742c194a235}) (Version: 11.0.0.0 - Ableton)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_0_1) (Version: 22.0.1.73 - Adobe Inc.)
AutoHotkey 1.1.33.09 (HKLM\...\AutoHotkey) (Version: 1.1.33.09 - Lexikos)
balenaEtcher 1.5.120 (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.120 - Balena Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blitz (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\153f8ce0-b97a-575b-ba12-4ff8b1481894) (Version: 1.15.35 - Blitz, Inc.)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
Cheat Engine 7.2 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
CurseForge (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.178.2.1 - Overwolf app)
Danger Scavenger (HKLM-x32\...\Danger Scavenger_is1) (Version: - )
Dead Island Definitive Edition (HKLM-x32\...\Dead Island Definitive Edition_is1) (Version: - )
Discord (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.4.3 - DEV47APPS)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Excel (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FabFilter Total Bundle (HKLM\...\Total Bundle_is1) (Version: 2016.11.10 - FabFilter)
FileZilla Client 3.53.1 (HKLM-x32\...\FileZilla Client) (Version: 3.53.1 - Tim Kosse)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 5.1.0.0 - Comfort Software Group)
Free Audio Converter (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.1.7.215 - Digital Wave Ltd)
Frostpunk (HKLM-x32\...\Frostpunk_is1) (Version: - )
Harver System Checker 2.0.4 (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\57ba83c7-44cc-50c5-93e2-68092ebb1ce7) (Version: 2.0.4 - Harver)
hide.me VPN 3.8.3 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 3.8.3 - eVenture Limited)
hide.me Wintun (HKLM\...\{6A3B09CD-8B4A-4A66-9C90-833023E463E9}) (Version: 0.8 - hide.me) Hidden
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF}) (Version: 17.0.109 - Intel Corporation)
IntelliJ IDEA Community Edition 2021.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 2021.1) (Version: 211.6693.111 - JetBrains s.r.o.)
Malwarebytes version 4.4.5.130 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.5.130 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.84 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.14326.20238 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.14326.20238 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{911FBC64-4C64-4B8F-A637-B34832638C86}) (Version: 1.0.0.0 - Mojang)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.5.2.503 - Native Instruments)
Native Instruments Form (HKLM-x32\...\Native Instruments Form) (Version: 1.0.1.2 - Native Instruments)
Native Instruments Kontour (HKLM-x32\...\Native Instruments Kontour) (Version: 1.0.0.4 - Native Instruments)
Native Instruments Molekular (HKLM-x32\...\Native Instruments Molekular) (Version: 1.0.0.2 - Native Instruments)
Native Instruments Monark (HKLM-x32\...\Native Instruments Monark) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Passive EQ (HKLM-x32\...\Native Instruments Passive EQ) (Version: - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.0.4.23 - Native Instruments)
Native Instruments Rounds (HKLM-x32\...\Native Instruments Rounds) (Version: 1.2.0.1 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Traktor Pro 3 (HKLM-x32\...\Native Instruments Traktor Pro 3) (Version: 3.2.1.9 - Native Instruments)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.36.6.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Grafiktreiber 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera GX Stable 78.0.4093.186 (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Opera GX 78.0.4093.186) (Version: 78.0.4093.186 - Opera Software)
Outlook (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.178.0.16 - Overwolf Ltd.)
PC-Wecker 5.00 (HKLM-x32\...\PC-Wecker_is1) (Version: - Ben Kheder-Software)
Plitch 1.1.7 (HKLM\...\d45b2222-59a8-54dc-8e4a-f1dc396456dc) (Version: 1.1.7 - MegaDev GmbH)
PowerPoint (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
QUAD-CAPTURE Driver (HKLM\...\RolandRDID0117) (Version: - Roland Corporation)
r2modman 3.1.15 (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\ac231ef6-6414-5f8d-b36f-3b57705721dd) (Version: 3.1.15 - ebkr)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for termi (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\roblox-player) (Version: - Roblox Corporation)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.5.0 - ShareX Team)
Sidify Music Converter 2.2.5 (HKLM-x32\...\Sidify Music Converter) (Version: 2.2.5 - Sidify)
Spotify (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Spotify) (Version: 1.1.66.580.gbd43cbc9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surviving Mars (HKLM-x32\...\Surviving Mars_is1) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.19.5 - TeamViewer)
Telegram Desktop Version 2.7.1 (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.1 - Telegram FZ-LLC)
TuneFab Spotify Music Converter 2.23.0 (HKLM-x32\...\{9ff685d9-8f1e-59e1-a273-b7c9e7cf0c17}) (Version: 2.23.0 - TuneFab)
u-he Hive (HKLM-x32\...\u-he Hive) (Version: 1.1.0.3898 - u-he)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.10.0 - Unified Intents AB)
VALORANT (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.4.12 - Black Tree Gaming Ltd.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Waves Complete (HKLM\...\Complete_is1) (Version: 2016.11.14 - Waves)
WeMod (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\WeMod) (Version: 7.0.19 - WeMod)
WhatsApp (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\WhatsApp) (Version: 2.2126.10 - WhatsApp)
WinRAR 6.02 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\ZoomUMX) (Version: 5.6.6 (961) - Zoom Video Communications, Inc.)
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-06] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-24] (NVIDIA Corp.)
Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.2_neutral__jc2kecmnkxwqc [2021-06-06] (word.office.com)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3983815968-458737157-1999859390-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\termi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-10-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-10-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-10-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-10-07] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\nvshext.dll [2021-07-13] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-10-07] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\termi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2021-08-21 20:50 - 2021-08-21 20:50 - 003864576 _____ (Newtonsoft) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\7b8ab54038ddb56a6cb56f93d2867a79\Newtonsoft.Json.ni.dll
2021-05-12 00:37 - 2016-10-10 06:27 - 000556544 _____ (Soft Service Company) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\wcl.dll
2021-05-12 00:37 - 2017-05-29 04:55 - 001846272 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\libcryptoMD.dll
2021-05-12 00:37 - 2017-05-29 04:55 - 000382976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\libsslMD.dll
2021-04-13 05:33 - 2019-12-17 14:16 - 000128181 _____ (Un4seen Developments) [Datei ist nicht signiert] C:\Program Files (x86)\FreeAlarmClock\bass.dll
2021-04-13 05:33 - 2020-12-04 14:04 - 000029452 _____ (Un4seen Developments) [Datei ist nicht signiert] C:\Program Files (x86)\FreeAlarmClock\bassflac.dll
2021-04-13 05:33 - 2016-04-04 12:22 - 000017733 _____ (Un4seen Developments) [Datei ist nicht signiert] C:\Program Files (x86)\FreeAlarmClock\basswma.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\termi\Cookies:YUrEA9vCOWRzE2EzPMEq59br [2336]
AlternateDataStreams: C:\Users\termi\AppData\Local\un9cVOFCI:dm5YTZWWMaWHHfeyCnbLY [2500]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2021-03-23 17:52 - 2021-05-06 22:01 - 000002408 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%INTEL_DEV_REDIST%redist\ia32_win\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3983815968-458737157-1999859390-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 217.147.55.3 - 217.147.60.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
ist aktiviert.
Network Binding:
=============
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "vibranceGUI"
HKU\S-1-5-21-3983815968-458737157-1999859390-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{DE77C3E3-4A80-4C61-B072-D4CADA2B6661}C:\program files (x86)\unified remote 3\remoteserverwin.exe] => (Allow) C:\program files (x86)\unified remote 3\remoteserverwin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [UDP Query User{9208D921-E3EE-4863-9FA4-DC4F9BFDDC50}C:\program files (x86)\unified remote 3\remoteserverwin.exe] => (Allow) C:\program files (x86)\unified remote 3\remoteserverwin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [TCP Query User{C2EF960C-CF5F-4F7C-B469-4296EDC86DD0}C:\users\termi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\termi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{A61B78A7-1031-453E-AE31-BD9943706017}C:\users\termi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\termi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
==================== Wiederherstellungspunkte =========================
03-04-2021 04:06:35 Windows Modules Installer
21-08-2021 21:32:41 Geplanter Prüfpunkt
26-08-2021 18:26:43 Driver Update
26-08-2021 18:26:52 Windows Update
26-08-2021 18:37:08 Avira System Speedup Optimierung
30-08-2021 22:33:40 O&O ShutUp10
31-08-2021 13:18:24 AdwCleaner_BeforeCleaning_31/08/2021_13:18:21
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (09/01/2021 09:05:54 AM) (Source: NIHardwareService) (EventID: 259) (User: )
Description: MIDIDevice: Unable to unlock BMIDI DLL/driver
Error: (08/31/2021 05:08:50 PM) (Source: NIHardwareService) (EventID: 259) (User: )
Description: MIDIDevice: Unable to unlock BMIDI DLL/driver
Error: (08/31/2021 02:46:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamtray.exe, Version: 4.0.0.1089, Zeitstempel: 0x6109559e
Name des fehlerhaften Moduls: Qt5Core.dll, Version: 5.14.1.0, Zeitstempel: 0x603971ce
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000219dc5
ID des fehlerhaften Prozesses: 0x1a40
Startzeit der fehlerhaften Anwendung: 0x01d79e3d280c7eee
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Berichtskennung: 5aa3e91e-ddaa-4329-9f1f-8a22e075fd55
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/31/2021 09:52:29 AM) (Source: NIHardwareService) (EventID: 259) (User: )
Description: MIDIDevice: Unable to unlock BMIDI DLL/driver
Error: (08/30/2021 10:35:22 PM) (Source: NIHardwareService) (EventID: 259) (User: )
Description: MIDIDevice: Unable to unlock BMIDI DLL/driver
Error: (08/30/2021 10:34:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (08/30/2021 10:34:44 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (08/30/2021 10:27:50 PM) (Source: NIHardwareService) (EventID: 259) (User: )
Description: MIDIDevice: Unable to unlock BMIDI DLL/driver
Systemfehler:
=============
Error: (08/31/2021 05:09:00 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht erstellt werden konnte.
Verwenden Sie die Zeichenfolge "%2", um die Schnittstelle zu identifizieren, die nicht initialisiert werden
konnte. Sie stellt die MAC-Adresse der Schnittstelle mit dem Initialisierungsfehler oder die
GUID (Globally Unique Interface Identifier) dar, wenn NetBT keine Zuordnung
von der GUID zur MAC-Adresse herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar
waren, dann stellt die Zeichenfolge einen Clustergerätenamen dar.
Error: (08/31/2021 05:09:00 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht erstellt werden konnte.
Verwenden Sie die Zeichenfolge "%2", um die Schnittstelle zu identifizieren, die nicht initialisiert werden
konnte. Sie stellt die MAC-Adresse der Schnittstelle mit dem Initialisierungsfehler oder die
GUID (Globally Unique Interface Identifier) dar, wenn NetBT keine Zuordnung
von der GUID zur MAC-Adresse herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar
waren, dann stellt die Zeichenfolge einen Clustergerätenamen dar.
Error: (08/31/2021 05:08:03 PM) (Source: DCOM) (EventID: 10010) (User: MISTERSUN)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (08/31/2021 04:49:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/31/2021 04:49:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office Click-to-Run Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/31/2021 04:49:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/31/2021 04:49:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Display Container LS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/31/2021 04:49:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Windows Defender:
================
Date: 2021-08-25 22:45:30
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {EBBDE743-DE5C-4201-9551-B66CE4A18AB1}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-08-24 21:52:00
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {FB54C865-41AB-4B45-BA94-1F57F96FE025}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-08-23 23:17:31
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {F9D4C809-9B1E-4262-8E59-BCD8B3EC1523}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-08-22 22:11:10
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {4CF2E328-B873-45C9-91C9-4F738685E51D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-08-21 21:55:19
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {09437ADC-A6A2-4470-A0F0-5CF6B7377833}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
CodeIntegrity:
===============
Date: 2021-09-01 09:06:10
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Users\termi\AppData\Local\Programs\Opera GX\78.0.4093.186\opera.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-08-26 20:24:32
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-08-26 18:51:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Users\termi\AppData\Local\Programs\Opera GX\78.0.4093.153\opera.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-08-26 01:54:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\WaaSMedicAgent.exe) attempted to load \Device\HarddiskVolume7\Windows\System32\acaptuser64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-08-03 18:05:18
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 3016 12/27/2016
Hauptplatine: ASUSTeK COMPUTER INC. H110M-A/M.2
Prozessor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 16255.11 MB
Verfügbarer physikalischer RAM: 11233.09 MB
Summe virtueller Speicher: 18687.11 MB
Verfügbarer virtueller Speicher: 11839.01 MB
==================== Laufwerke ================================
Drive c: (WIN10_1) (Fixed) (Total:231.77 GB) (Free:50.23 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:869.32 GB) NTFS
Drive f: () (Fixed) (Total:100 GB) (Free:98.05 GB) NTFS
Drive r: (Volume) (Fixed) (Total:1763.01 GB) (Free:74.37 GB) NTFS
\\?\Volume{78269f4c-e660-11e7-8ac3-704d7b2db4bc}\ (Wiederherstellung) (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{dfb2431d-ec2f-4309-968a-fd41448ddd5a}\ () (Fixed) (Total:0.57 GB) (Free:0.07 GB) NTFS
\\?\Volume{c0dc1d43-3a10-4b0a-b850-705cab2dc9c8}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 9B424CEE)
Partition 1: (Not Active) - (Size=1763 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CE219331)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
01.09.2021, 09:20
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf befall von Trojanern Kontrollscans mit MBAM und RK Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.09.2021, 13:02
| #29 |
| | Verdacht auf befall von TrojanernCode:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 01.09.21
Scan-Zeit: 13:42
Protokolldatei: a7f7e9e6-0b19-11ec-a762-704d7b2db4bc.json
-Softwaredaten-
Version: 4.4.5.130
Komponentenversion: 1.0.1430
Version des Aktualisierungspakets: 1.0.44501
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19043.1165)
CPU: x64
Dateisystem: NTFS
Benutzer: MisterSun\termi
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 387623
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 2 Min., 5 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter RogueKiller Anti-Malware V15.0.9.0 (x64) [Aug 5 2021] (Free) von Adlice Software Mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Betriebssystem : Windows 10 (10.0.19043) 64-bit Gestartet in : Normaler Modus Benutzer : termi [Administrator] Gestartet von : C:\Users\termi\Desktop\RogueKiller_portable64.exe Signaturen : 20210830_093148, Treiber : Geladen Modus : Standard-Scan, Löschen -- Datum : 2021/09/01 14:00:03 (Dauer : 00:05:06) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Löschen ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUM.Policies (Potenziell bösartig)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Ersetzt (2) [PUP.AutoIt.Gen (Potenziell bösartig)] AutoClicker30.exe -- %USERPROFILE%\Desktop\AutoClicker30.exe -> Gelöscht [PUP.DownloadStudio (Potenziell bösartig)] Download Studio -- %programdata%\Microsoft\Windows\Start Menu\Programs\Download Studio -> Gelöscht [PUP.AutoIt.Gen (Potenziell bösartig)] AutoClicker30.exe -- %USERPROFILE%\Desktop\AutoClicker30.exe -> Gefunden |
|
01.09.2021, 13:14
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf befall von Trojanern Ah, fast hab ich es vergessen: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Verdacht auf befall von Trojanern |
| anleitung, appdata, befall, c:\windows, canon, clean, code, dateien, e-mail, email, gen, google, hardware, ip adresse, log, malware, malwarebytes, microsoft, neue, nvcontainer, nvcontainer.exe, quarantäne, scan, system32, trojaner, verdacht, web, windows |
Linear-Darstellung
