| |
| |||||||
Log-Analyse und Auswertung: Phonzy:B!ml ausgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
01.08.2023, 19:56
| #1 |
 |  Phonzy:B!ml ausgeführt  Ich hab Malwarebytes und Adware ausgeführt. Scheint alles ok zu sein Ich bin mir jetzt unsichter weil ich die Daten ausgeführt habe Habe Defender vollständig wieder aktiviert (voller Schutz) Wegen den Threat https://www.trojaner-board.de/207182-kryptowehrmann-com.html Log Malwarebytes Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 01.08.23
Scan-Zeit: 20:49
Protokolldatei: 1cb22838-309c-11ee-aba7-00d861b0058d.json
-Softwaredaten-
Version: 4.5.32.271
Komponentenversion: 1.0.2051
Version des Aktualisierungspakets: 1.0.73315
Lizenz: Kostenlos
-Systemdaten-
Betriebssystem: Windows 10 (Build 19045.3208)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-B5S8RAE\Lifel
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 274457
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 1 Min., 0 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-01-2023
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.3208)
# Cleaned: 17
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Browser Files
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\Lifel\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Lifel\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
Deleted C:\Users\Lifel\AppData\Roaming\Mozilla\Firefox\Profiles\jyhxu1dp.default-release\invalidprefs.js
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\GIMP Updater
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1C52413C-D93C-4502-B061-054E7DACF914}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C95F92CE-BB2B-466B-9683-1F7F04AAC156}
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [4036 octets] - [01/08/2023 20:16:22]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-01-2023
# Duration: 00:00:10
# OS: Windows 10 (Build 19045.3208)
# Scanned: 32093
# Detected: 27
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Lifel\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Lifel\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
PUP.Optional.WebsucheDE C:\Program Files (x86)\Browser Files
***** [ Files ] *****
PUP.Optional.Legacy C:\Users\Lifel\AppData\Roaming\Mozilla\Firefox\Profiles\jyhxu1dp.default-release\invalidprefs.js
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1C52413C-D93C-4502-B061-054E7DACF914}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C95F92CE-BB2B-466B-9683-1F7F04AAC156}
PUP.Optional.StartFenster HKCU\Software\GIMP Updater
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\Lifel\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Preinstalled.LenovoServiceBridge Folder C:\Users\Lifel\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE
Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08}
Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Geändert von cosinus (01.08.2023 um 21:41 Uhr) Grund: code tags |
|
01.08.2023, 20:28
| #2 |
| /// TB-Ausbilder   | Phonzy:B!ml ausgeführt Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen. Bitte beachte unsere Regeln Was war/ist denn das für eine Datei, die du ausgeführt hast?  Schritt 1 Bitte lade dir die passende Version von Farbar Recovery Scan Tool (FRST) auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
|
|
01.08.2023, 20:35
| #3 |
| | Phonzy:B!ml ausgeführtCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-08-2023
durchgeführt von Lifel (Administrator) auf DESKTOP-B5S8RAE (LENOVO 90LW0023GE) (01-08-2023 21:30:35)
Gestartet von C:\Users\Lifel\Desktop\FRST64.exe
Geladene Profile: Lifel
Plattform: Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() [Datei ist nicht signiert] C:\ProgramData\mdvbapi\oscam_win\oscam.exe <2>
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Users\Lifel\Desktop\adwcleaner.exe
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files (x86)\Sticky Password\stpass.exe ->) (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spUIAManager.exe
(C:\Users\Lifel\Desktop\adwcleaner.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(cmd.exe ->) (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Lifel\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(explorer.exe ->) (Christian Hackbart -> CM&V Hackbart) C:\Program Files (x86)\DVBViewer\DVBViewer.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\78.0.1.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <49>
(explorer.exe ->) (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
(explorer.exe ->) (LITE-ON TECHNOLOGY CORP. -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <3>
(explorer.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(explorer.exe ->) (Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\Lifel\AppData\Roaming\Telegram Desktop\Telegram.exe
(explorer.exe ->) (VideoLAN -> VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler64.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(services.exe ->) (IDRIX SARL -> IDRIX) C:\Windows\System32\VeraCrypt.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c98d5e0dfc88ac2f\RstMwService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe
(services.exe ->) (Navimatics LLC) [Datei ist nicht signiert] C:\Program Files (x86)\WinFsp\bin\launcher-x64.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvle.inf_amd64_82ff39a34b899b1d\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_6950f2f8eeecf7e1\RtkAudUService64.exe <2>
(services.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Vodafone Group Plc -> Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Lenovo Fundamental USB Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe [2644472 2017-04-10] (LITE-ON TECHNOLOGY CORP. -> Lenovo)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_6950f2f8eeecf7e1\RtkAudUService64.exe [1592704 2022-09-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [590640 2022-05-03] (geek software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [M17A] => C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [94752 2019-08-06] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [VmbNotifierRouter] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [818232 2015-10-09] (Vodafone Group Plc -> Vodafone)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [72760 2015-10-09] (Vodafone Group Plc -> Vodafone)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Lifel\AppData\Local\Microsoft\Teams\Update.exe [2324624 2020-04-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Keine Datei)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe [146495256 2023-07-14] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe [146495256 2023-07-14] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [71584 2023-06-16] (Lamantine Software a.s. -> Lamantine Software a.s.)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [pCloud] => [X]
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [Windscribe] => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart (Keine Datei)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe [146495256 2023-07-14] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [com.messenger] => "C:\Users\Lifel\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (Keine Datei)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [OVPN] => "C:\Program Files (x86)\OVPN\OVPN.exe" (Keine Datei)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [14760136 2023-07-05] (Surfshark B.V. -> Surfshark)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\Lifel\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2023-06-01] (Now.gg, INC -> now.gg, Inc.)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [Opera Browser Assistant] => C:\Users\Lifel\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3955608 2023-06-20] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [Proxifier] => C:\Program Files (x86)\Proxifier\Proxifier.exe [6683784 2022-12-16] (İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ. -> Initex)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe [146495256 2023-07-14] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\115.0.5790.110\Installer\chrmstp.exe [2023-07-26] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdsPower.lnk [2023-06-19]
ShortcutTarget: AdsPower.lnk -> C:\Program Files\AdsPower Global\AdsPower.exe (Keine Datei)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\oscam_script.bat [2019-07-01] () [Datei ist nicht signiert]
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {EDB49537-B5BD-439E-B391-4A13D802B629} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {0EDB2862-DFDC-452C-BDCD-C8464A2EB55E} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-06-13] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {7A65C3BF-311A-42F1-BDC5-1A6571E6BB48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {06248979-2626-4DE6-A1A0-6DA89DB8CE3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {A295AD8B-59DF-4ED3-BCE7-F4ED00ED685D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {9287884E-2AC1-49EA-8824-C38747ED23DB} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {F47665A1-861F-48A3-B2BA-708CF6757589} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {5A3E68E5-EDC4-4891-9B47-E2F5F88FD9E5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\34138505-7c2d-4689-8302-ff3224fbdcd7 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {21434C59-CBFA-438E-B898-12009DEBCAFB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\56e34f0e-5e27-4ead-ab9c-6f028179c508 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {10083700-4604-4389-B861-53485E86AABB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\82fba9b2-4e0a-4c05-8157-71263315ae42 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {9D7D347C-BAE0-4903-8599-195A9042F040} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a6314cce-8ddd-4510-a7a8-5cd81b1b409c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {766AF665-10A1-4B8C-9436-13A09863F745} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2847683332-1929870010-1653967692-1001 => C:\Users\Lifel\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [89096 2023-04-10] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {84DA9AC2-E31B-4C7E-A338-5D0C289C593A} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {FC2EF204-0070-443F-AAEE-1F98D38E09D7} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EBA1BF43-8DE2-4935-A7E4-7EF842980063} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {D832DAD9-8794-4BA3-ACCE-72CF26838E5C} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {C5EEAF8E-F73C-400B-AB1E-FFBD91A42C40} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {3F912774-9B7C-4D9A-93FF-4A718D6879F6} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {154E5C42-EC89-4E53-89AE-EEBC7CC664F9} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {ECAA731F-856E-4CFA-A421-FF717F632D3C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {DBF3D934-8136-46EA-A029-E23B650BB98C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1C0B1FA-420F-4563-B0D1-523DBBBFF1A7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FB22F84-924A-446F-9B1C-28EEDC5A2242} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EE23DEA-80EA-443C-A294-BC3874581446} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7E467DED-77B3-4940-94B1-4D9612DC950B} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DAD707F-EEF3-4746-A0B1-E6091F41A16A} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4394600 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {1FAF9EC0-D2C7-4546-942A-32E53391E8E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2780E41C-84B7-4FA3-89CC-E864E421B168} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B128824D-EB79-40A6-AD6F-08CAA24D66BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7B64D406-030B-4F82-A687-C33AF1F9A437} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {502E53B6-FB6B-491A-89EC-F513C8B2DA92} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-01] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {DFE8E364-DC55-45EE-9515-EEB6BDBD3215} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-08-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {7AC3B857-931E-45FA-8688-0292C80F14EF} - System32\Tasks\Opera scheduled assistant Autoupdate 1586031815 => C:\Users\Lifel\AppData\Local\Programs\Opera\launcher.exe [2717592 2023-07-17] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Lifel\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {1EFB3E16-3096-4717-B8D0-9C4629F06B4D} - System32\Tasks\Opera scheduled Autoupdate 1586031813 => C:\Users\Lifel\AppData\Local\Programs\Opera\launcher.exe [2717592 2023-07-17] (Opera Norway AS -> Opera Software)
Task: {DD55F3A2-6A1C-4E33-A6EC-D69C09F8EC3D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1900320 2023-01-19] (Lenovo -> )
Task: {65A1BC97-E4DA-4BD8-8D2F-748A535A3618} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1900320 2023-01-19] (Lenovo -> )
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
ProxyServer: [S-1-5-21-2847683332-1929870010-1653967692-1001] => 34.225.80.189:31112
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{659c713f-8a74-40a3-b321-3af0b80832e6}: [DhcpNameServer] 192.168.110.167
Tcpip\..\Interfaces\{80bef8df-6bba-47ee-a8e5-f3ef9a8085d4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{80bef8df-6bba-47ee-a8e5-f3ef9a8085d4}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge Profile: C:\Users\Lifel\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-13]
Edge Extension: (Edge relevant text changes) - C:\Users\Lifel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-13]
FireFox:
========
FF DefaultProfile: 9cfxz2dk.default
FF ProfilePath: C:\Users\Lifel\AppData\Roaming\Mozilla\Firefox\Profiles\cuim2kic.default-default [2023-06-23]
FF ProfilePath: C:\Users\Lifel\AppData\Roaming\Mozilla\Firefox\Profiles\9cfxz2dk.default [2020-04-10]
FF ProfilePath: C:\Users\Lifel\AppData\Roaming\Mozilla\Firefox\Profiles\jyhxu1dp.default-release [2023-08-01]
FF Notifications: Mozilla\Firefox\Profiles\jyhxu1dp.default-release -> hxxps://app.wirexapp.com
FF Extension: (SaveFrom.net Helfer) - C:\Program Files\Mozilla Firefox\distribution\extensions\helper@savefrom.net.xpi [2021-02-05]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-07-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [Keine Datei]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2847683332-1929870010-1653967692-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2847683332-1929870010-1653967692-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2847683332-1929870010-1653967692-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Default [2023-08-01]
CHR Notifications: Default -> hxxps://24548711174149.eu.webpush.freshchat.com; hxxps://a.codingcaptcha.com; hxxps://android.imyfone.com; hxxps://app.wirexapp.com; hxxps://badoo.com; hxxps://best.aliexpress.com; hxxps://business.facebook.com; hxxps://ch.push-free.com; hxxps://community.curve.app; hxxps://community.curve.com; hxxps://community.wirexapp.com; hxxps://forum.tarnkappe.info; hxxps://hartz.info; hxxps://id.wirexapp.com; hxxps://kundenbereich.check24.de; hxxps://latest-news-90b08gha6ho16dz149.gate5.xyz; hxxps://my.bonify.de; hxxps://my.pcloud.com; hxxps://myvip.avatrade.de; hxxps://nd.push-free.com; hxxps://status.networkoverview.vodafone.de; hxxps://tinder.com; hxxps://twitter.com; hxxps://web.whatsapp.com; hxxps://www.android-hilfe.de; hxxps://www.binance.com; hxxps://www.cloudbet.com; hxxps://www.dealdoktor.de; hxxps://www.elo-forum.org; hxxps://www.hardwareluxx.de; hxxps://www.lieferando.de; hxxps://www.markt.de; hxxps://www.mydealz.de; hxxps://www.nachtfalke.biz; hxxps://www.offshorecorptalk.com; hxxps://www.opena.tv; hxxps://www.quoka.de; hxxps://www.unitymediaforum.de; hxxps://www.wetter.com; hxxps://www.wetteronline.de
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Extension: (Rabby Wallet) - C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmacodkjbdgmoleebolmdjonilkdbch [2023-08-01]
CHR Extension: (Sticky Password - sicherer Passwortmanager) - C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfdmghkeppfadphbnkjcicejfepnbfe [2023-07-05]
CHR Extension: (0) - C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbebcjgcmobigpeffafkodonchffocl [2023-04-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Bypass Paywalls Clean) - C:\bypass-paywalls-chrome-clean-master [2023-04-13] [UpdateUrl:hxxps://gitlab.com/magnolia1234/bypass-paywalls-chrome-clean/-/raw/master/updates.xml] <==== ACHTUNG
CHR Profile: C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-08-12]
CHR Profile: C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-22]
CHR HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [fjoaledfpmneenckfbpdfhkmimnjocfa]
Opera:
=======
OPR Profile: C:\Users\Lifel\AppData\Roaming\Opera Software\Opera Stable [2023-08-01]
OPR Notifications: Opera Stable -> hxxps://app.wirexapp.com; hxxps://nd.push-free.com
OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera&ie={inputEncoding}&oe={outputEncoding}
OPR DefaultSearchKeyword: Opera Stable -> g
OPR Extension: (Rich Hints Agent) - C:\Users\Lifel\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-05]
OPR Extension: (Opera Wallet) - C:\Users\Lifel\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-07-06]
OPR Extension: (Aria) - C:\Users\Lifel\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-07-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Lifel\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-14]
OPR Extension: (opera-intro) - C:\Users\Lifel\AppData\Local\Programs\Opera\100.0.4815.76\resources\opera_intro_extension [2023-07-26]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 agent_ovpnconnect; C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe [3196928 2022-03-17] () [Datei ist nicht signiert]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.72.0\LenovoVantageService.exe [34176 ] (Lenovo -> Lenovo)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9266864 2023-07-10] (Malwarebytes Inc. -> Malwarebytes)
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [310136 2021-06-11] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-02-07] (Microsoft Windows -> Microsoft Corporation)
R2 ovpnhelper_service; C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe [3021824 2022-03-17] () [Datei ist nicht signiert]
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [590640 2022-05-03] (geek software GmbH -> geek software GmbH)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Surfshark.Service.exe [6265544 2023-07-05] (Surfshark B.V. -> Surfshark)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13255184 2020-05-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VeraCryptSystemFavorites; C:\WINDOWS\system32\VeraCrypt.exe [5928728 2021-09-06] (IDRIX SARL -> IDRIX)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinFsp.Launcher; C:\Program Files (x86)\WinFsp\bin\launcher-x64.exe [26112 2022-01-06] (Navimatics LLC) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvle.inf_amd64_82ff39a34b899b1d\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvle.inf_amd64_82ff39a34b899b1d\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310688 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R1 cbfs20; C:\WINDOWS\System32\drivers\cbfs20.sys [449080 2022-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc. - www.callback.com)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [385528 2021-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Dokan Project)
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-07-10] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl2eb56043; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BB9DE82-8234-43BA-9FAA-8EEFF6DEDECB}\MpKslDrv.sys [221480 2023-08-01] (Microsoft Windows -> Microsoft Corporation)
R2 NDivert; C:\Program Files\NordVPN\7.10.4.0\Drivers\NDivert.sys [131472 2023-05-24] (nordvpn s.a. -> Nordvpn S.A.)
R3 ovpn-dco; C:\WINDOWS\System32\drivers\ovpn-dco.sys [90568 2023-06-23] (WDKTestCert lev,132435948852968539 -> OpenVPN, Inc)
R2 ProxifierDrv; C:\WINDOWS\system32\DRIVERS\ProxifierDrv.sys [58392 2022-12-15] (İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ. -> Initex)
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2022-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2020-01-21] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapivpn; C:\WINDOWS\System32\drivers\tapivpn.sys [36344 2022-03-07] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapmullvad0901; C:\WINDOWS\System32\drivers\tapmullvad0901.sys [39616 2020-11-17] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2021-09-19] (Windscribe Limited -> The OpenVPN Project)
R3 tap_ovpnconnect; C:\WINDOWS\System32\drivers\tap_ovpnconnect.sys [40128 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 USB28xxBGA; C:\WINDOWS\system32\DRIVERS\emBDA64.sys [980344 2020-05-15] (HAUPPAUGE COMPUTER WORKS, INC. -> eMPIA Technology Corp.)
R3 USB28xxOEM; C:\WINDOWS\system32\DRIVERS\emOEM64.sys [1589624 2020-05-15] (HAUPPAUGE COMPUTER WORKS, INC. -> eMPIA Technology Corp.)
R0 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [831616 2021-09-06] (IDRIX SARL -> IDRIX)
R3 vodafone_K3805-z_dc_enum; C:\WINDOWS\System32\drivers\vodafone_K3805-z_dc_enum.sys [75776 2010-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Vodafone)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-07-25] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-07-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-25] (Microsoft Windows -> Microsoft Corporation)
S3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2021-09-19] (Windscribe Limited -> WireGuard LLC)
S3 WinFsp; C:\Program Files (x86)\WinFsp\bin\winfsp-x64.sys [173840 2022-01-06] (NAVIMATICS LLC -> Navimatics LLC)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2022-10-18] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 wintunshark; C:\WINDOWS\system32\DRIVERS\wintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-01-13] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 nordlwf; \SystemRoot\system32\DRIVERS\nordlwf.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-08-01 21:30 - 2023-08-01 21:31 - 000039468 _____ C:\Users\Lifel\Desktop\FRST.txt
2023-08-01 21:30 - 2023-08-01 21:31 - 000000000 ____D C:\FRST
2023-08-01 21:30 - 2023-08-01 21:30 - 002700800 _____ (Farbar) C:\Users\Lifel\Desktop\FRST64.exe
2023-08-01 20:53 - 2023-08-01 20:54 - 008791352 _____ (Malwarebytes) C:\Users\Lifel\Desktop\adwcleaner.exe
2023-08-01 20:15 - 2023-08-01 20:17 - 000000000 ____D C:\AdwCleaner
2023-08-01 18:49 - 2023-08-01 20:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-01 14:01 - 2023-08-01 14:01 - 000000000 ____D C:\Users\Lifel\AppData\Local\DBG
2023-08-01 14:00 - 2023-08-01 14:00 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2023-08-01 13:59 - 2023-06-19 10:36 - 001487912 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2023-08-01 13:59 - 2023-06-19 10:36 - 001227304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2023-08-01 13:59 - 2023-06-19 10:36 - 000848992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-08-01 13:59 - 2023-06-19 10:36 - 000848992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-08-01 13:59 - 2023-06-19 10:36 - 000713824 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-08-01 13:59 - 2023-06-19 10:36 - 000713824 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-08-01 13:59 - 2023-06-19 10:36 - 000653408 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-08-01 13:59 - 2023-06-19 10:36 - 000653408 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-08-01 13:59 - 2023-06-19 10:36 - 000637024 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-08-01 13:59 - 2023-06-19 10:36 - 000637024 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-08-01 13:58 - 2023-06-19 10:32 - 000668696 _____ C:\WINDOWS\system32\nvofapi64.dll
2023-08-01 13:58 - 2023-06-19 10:32 - 000504360 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2023-08-01 13:58 - 2023-06-19 10:31 - 001537560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2023-08-01 13:58 - 2023-06-19 10:31 - 001195032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2023-08-01 13:58 - 2023-06-19 10:31 - 000933912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2023-08-01 13:58 - 2023-06-19 10:31 - 000777256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2023-08-01 13:58 - 2023-06-19 10:30 - 002167832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2023-08-01 13:58 - 2023-06-19 10:30 - 001621528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2023-08-01 13:58 - 2023-06-19 10:30 - 000992280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2023-08-01 13:58 - 2023-06-19 10:30 - 000768496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2023-08-01 13:58 - 2023-06-19 10:30 - 000459776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2023-08-01 13:58 - 2023-06-19 10:29 - 014520304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 012066816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 006190064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 005844504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 005550632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 003482608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 000853544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2023-08-01 13:58 - 2023-06-19 10:27 - 006736944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2023-08-01 13:58 - 2023-06-09 12:38 - 000107938 _____ C:\WINDOWS\system32\nvinfo.pb
2023-07-31 20:33 - 2023-07-31 20:33 - 000330000 _____ C:\Users\Lifel\Desktop\THumpert.pdf
2023-07-26 23:20 - 2023-07-26 23:20 - 000136958 _____ C:\Users\Lifel\Desktop\Offbug.m3u
2023-07-24 12:53 - 2023-07-24 12:54 - 000000000 ____D C:\Users\Lifel\Desktop\WilliamHill
2023-07-23 19:02 - 2023-07-23 19:14 - 000000000 ____D C:\ProgramData\Xepg
2023-07-23 19:02 - 2023-07-23 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xepg
2023-07-23 19:02 - 2023-07-23 19:02 - 000000000 ____D C:\Program Files (x86)\Xepg
2023-07-23 18:49 - 2023-07-23 19:14 - 000000000 ____D C:\Program Files (x86)\EPG-Buddy
2023-07-23 18:49 - 2023-07-23 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPG-Buddy
2023-07-21 13:54 - 2023-07-21 13:54 - 000053886 _____ C:\Users\Lifel\Desktop\Lopoca.xlsx
2023-07-20 15:07 - 2023-07-20 15:15 - 000242170 _____ C:\Users\Lifel\Desktop\BetwayKlage.pdf
2023-07-18 11:25 - 2023-07-18 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2023-07-18 11:09 - 2023-07-18 17:40 - 000000000 ____D C:\Users\Lifel\Desktop\BWIN
2023-07-17 11:45 - 2023-07-17 11:45 - 046073528 _____ C:\Users\Lifel\Desktop\electrum-4.4.5.exe
2023-07-16 17:38 - 2023-07-16 17:38 - 000002094 _____ C:\Users\Lifel\Desktop\Bisq.lnk
2023-07-16 17:38 - 2023-07-16 17:38 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unknown
2023-07-16 17:38 - 2023-07-16 17:38 - 000000000 ____D C:\Users\Lifel\AppData\Local\Bisq
2023-07-16 17:37 - 2023-07-16 17:37 - 273844224 _____ C:\Users\Lifel\Bisq-64bit-1.9.12.exe
2023-07-16 17:37 - 2023-07-16 17:37 - 000003219 _____ C:\Users\Lifel\E222AA02.asc-local
2023-07-16 17:37 - 2023-07-16 17:37 - 000003211 _____ C:\Users\Lifel\4A133008.asc-local
2023-07-16 17:37 - 2023-07-16 17:37 - 000003167 _____ C:\Users\Lifel\E222AA02.asc
2023-07-16 17:37 - 2023-07-16 17:37 - 000003159 _____ C:\Users\Lifel\4A133008.asc
2023-07-16 17:37 - 2023-07-16 17:37 - 000000874 _____ C:\Users\Lifel\Bisq-64bit-1.9.12.exe.asc.backup
2023-07-16 17:37 - 2023-07-16 17:37 - 000000874 _____ C:\Users\Lifel\Bisq-64bit-1.9.12.exe.asc
2023-07-16 17:37 - 2023-07-16 17:37 - 000000196 _____ C:\Users\Lifel\Bisq-1.9.12.jar.txt
2023-07-16 17:37 - 2023-07-16 17:37 - 000000009 _____ C:\Users\Lifel\signingkey.asc
2023-07-14 09:47 - 2023-07-14 09:47 - 000000000 ___HD C:\$WinREAgent
2023-07-13 15:50 - 2023-07-13 15:50 - 000000000 ____D C:\Users\Lifel\AppData\Local\rabby-desktop-updater
2023-07-12 13:30 - 2023-07-12 13:30 - 000167453 _____ C:\Users\Lifel\Desktop\UnibetKlage.pdf
2023-07-10 09:42 - 2023-08-01 20:48 - 000000000 ____D C:\Users\Lifel\AppData\Local\Malwarebytes
2023-07-07 22:59 - 2023-07-09 10:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2023-07-07 12:09 - 2023-07-07 12:09 - 000000985 _____ C:\Users\Public\Desktop\Surfshark.lnk
2023-07-07 12:09 - 2023-07-07 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surfshark
2023-07-04 13:58 - 2023-06-15 18:03 - 000678960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2023-07-04 13:58 - 2023-06-15 18:03 - 000567344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2023-07-04 13:45 - 2023-07-04 13:45 - 000000880 _____ C:\Users\Lifel\AppData\Local\recently-used.xbel
2023-07-02 16:14 - 2023-07-02 16:15 - 000000000 ____D C:\Program Files (x86)\PassFab for Excel
2023-07-02 16:14 - 2023-07-02 16:14 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\PassFab for Excel
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-08-01 20:34 - 2022-02-09 18:42 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-08-01 20:34 - 2021-02-07 20:49 - 001740336 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-01 20:34 - 2019-12-07 16:50 - 000751066 _____ C:\WINDOWS\system32\perfh007.dat
2023-08-01 20:34 - 2019-12-07 16:50 - 000152376 _____ C:\WINDOWS\system32\perfc007.dat
2023-08-01 20:34 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-08-01 20:33 - 2021-12-18 00:51 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-01 20:33 - 2020-04-04 22:08 - 000000000 ____D C:\Users\Lifel\AppData\LocalLow\Mozilla
2023-08-01 20:33 - 2020-04-04 21:47 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-01 20:28 - 2020-04-04 22:42 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Telegram Desktop
2023-08-01 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-01 20:27 - 2021-09-11 22:23 - 000000000 ____D C:\Users\Lifel\Documents\Sticky Passwords
2023-08-01 20:27 - 2021-02-07 20:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-01 20:27 - 2021-02-07 20:41 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-01 20:27 - 2020-06-03 21:20 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-08-01 20:27 - 2020-04-05 15:02 - 000000000 ____D C:\ProgramData\NVIDIA
2023-08-01 20:27 - 2020-04-04 23:33 - 000000000 ____D C:\WINDOWS\TempInst
2023-08-01 20:27 - 2020-04-04 22:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-01 20:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-08-01 20:26 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-08-01 20:17 - 2021-07-03 11:39 - 000000000 ____D C:\Users\Lifel\AppData\LocalLow\IObit
2023-08-01 20:17 - 2021-07-03 11:38 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\IObit
2023-08-01 20:17 - 2021-07-03 11:38 - 000000000 ____D C:\ProgramData\IObit
2023-08-01 19:57 - 2020-04-09 14:41 - 000000000 ____D C:\Users\Lifel\AppData\Local\CrashDumps
2023-08-01 19:40 - 2021-05-06 09:19 - 000000000 ____D C:\Users\Lifel\AppData\Local\ElevatedDiagnostics
2023-08-01 19:27 - 2023-01-07 23:26 - 000000000 ____D C:\Users\Lifel\AppData\Local\NordVPN
2023-08-01 18:59 - 2020-04-04 22:08 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-01 18:33 - 2021-02-07 20:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-01 14:00 - 2020-04-05 15:03 - 000000000 ____D C:\Users\Lifel\AppData\Local\NVIDIA
2023-08-01 14:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-01 14:00 - 2019-11-11 03:18 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-08-01 12:00 - 2021-08-09 09:46 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-01 11:36 - 2020-04-04 22:25 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\vlc
2023-08-01 10:36 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2023-08-01 00:19 - 2022-06-16 21:15 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\discord
2023-07-31 23:30 - 2022-06-16 21:15 - 000000000 ____D C:\Users\Lifel\AppData\Local\Discord
2023-07-31 12:35 - 2020-04-05 00:37 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Microsoft\Excel
2023-07-31 11:39 - 2020-04-04 21:35 - 000000000 ____D C:\Users\Lifel\AppData\Local\Packages
2023-07-31 11:31 - 2020-04-05 00:36 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Microsoft\Word
2023-07-30 23:07 - 2020-04-04 22:03 - 000044071 _____ C:\Users\Lifel\Desktop\Projekte und Anbieter.txt
2023-07-29 20:40 - 2020-06-22 08:59 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-29 20:40 - 2020-06-22 08:59 - 000002241 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-07-29 20:40 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-27 10:21 - 2020-04-04 22:55 - 000918960 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-26 09:35 - 2020-04-04 21:47 - 000002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-07-26 09:35 - 2020-04-04 21:47 - 000002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-07-26 08:58 - 2021-02-07 20:44 - 000004228 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1586031813
2023-07-26 08:58 - 2020-04-04 22:23 - 000001416 _____ C:\Users\Lifel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2023-07-25 09:42 - 2019-04-19 07:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-07-23 19:06 - 2023-06-17 15:25 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2023-07-23 18:55 - 2023-06-17 15:26 - 000000000 ____D C:\Users\Lifel\AppData\Local\BlueStacks X
2023-07-23 18:55 - 2023-06-17 15:25 - 000000000 ____D C:\ProgramData\boost_interprocess
2023-07-22 09:32 - 2021-05-23 21:09 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Surfshark
2023-07-20 00:03 - 2022-04-08 14:22 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Ledger Live
2023-07-19 23:52 - 2022-04-08 14:21 - 000000000 ____D C:\Program Files\Ledger Live
2023-07-19 10:37 - 2020-12-18 14:38 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Electrum
2023-07-19 09:34 - 2021-10-02 13:30 - 000000000 ____D C:\Program Files\7-Zip
2023-07-17 21:09 - 2020-04-08 14:25 - 000000000 ____D C:\Users\Lifel\AppData\Local\D3DSCache
2023-07-17 13:46 - 2020-05-20 12:10 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Exodus
2023-07-16 17:39 - 2021-02-07 11:08 - 000000000 ____D C:\Users\Lifel
2023-07-16 17:37 - 2022-08-22 20:24 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Bisq
2023-07-15 09:15 - 2021-02-07 20:41 - 000444304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-14 15:41 - 2021-09-20 11:27 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-07-14 15:41 - 2021-09-20 11:27 - 000001870 _____ C:\Users\Lifel\Desktop\Google Drive.lnk
2023-07-14 09:54 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-14 09:51 - 2021-02-07 20:42 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-14 09:47 - 2020-04-04 22:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-14 09:44 - 2020-04-04 22:57 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-13 19:13 - 2021-05-23 21:09 - 000000000 ____D C:\ProgramData\Surfshark
2023-07-12 23:16 - 2023-01-11 21:41 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-07-12 23:16 - 2022-10-13 20:01 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-07-12 23:16 - 2021-02-07 20:44 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-07-10 19:34 - 2021-02-07 20:44 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-10 19:34 - 2021-02-07 20:44 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-10 11:21 - 2023-06-27 19:45 - 000001059 _____ C:\Users\Lifel\Desktop\Proxifier.lnk
2023-07-10 11:21 - 2023-06-23 15:51 - 000002130 _____ C:\Users\Lifel\Desktop\Firefox.lnk
2023-07-10 11:21 - 2023-06-19 15:07 - 000001132 _____ C:\Users\Lifel\Desktop\Pia S5 Proxy.lnk
2023-07-10 11:21 - 2023-01-07 23:26 - 000001986 _____ C:\Users\Lifel\Desktop\NordVPN.lnk
2023-07-10 11:21 - 2022-12-30 14:35 - 000002007 _____ C:\Users\Lifel\Desktop\E-Channelizer.lnk
2023-07-10 11:21 - 2022-05-08 08:26 - 000002068 _____ C:\Users\Lifel\Desktop\Adobe Acrobat DC.lnk
2023-07-10 11:21 - 2022-02-21 00:34 - 000001947 _____ C:\Users\Lifel\Desktop\Cryptomator.lnk
2023-07-10 11:21 - 2021-12-24 18:41 - 000002180 _____ C:\Users\Lifel\Desktop\Knuddels.lnk
2023-07-10 11:21 - 2020-05-20 12:10 - 000002232 _____ C:\Users\Lifel\Desktop\Exodus.lnk
2023-07-10 11:21 - 2020-04-05 00:37 - 000002536 _____ C:\Users\Lifel\Desktop\Word.lnk
2023-07-10 11:21 - 2020-04-05 00:37 - 000002532 _____ C:\Users\Lifel\Desktop\Excel.lnk
2023-07-10 11:21 - 2020-04-04 22:23 - 000001420 _____ C:\Users\Lifel\Desktop\Opera-Browser.lnk
2023-07-10 09:46 - 2021-08-05 14:07 - 000000000 ____D C:\Program Files (x86)\iProVPN
2023-07-10 09:42 - 2021-12-05 14:45 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2023-07-10 09:42 - 2021-12-05 14:45 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2023-07-10 09:42 - 2021-12-05 14:45 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2023-07-10 09:42 - 2021-12-05 14:45 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-07-10 09:42 - 2021-12-05 14:45 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-07-10 09:41 - 2021-12-05 14:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-07-10 09:41 - 2021-12-05 14:44 - 000000000 ____D C:\Program Files\Malwarebytes
2023-07-08 10:22 - 2020-04-04 22:15 - 000001289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-07-07 12:09 - 2021-05-23 21:09 - 000000000 ____D C:\Program Files (x86)\Surfshark
2023-07-05 20:07 - 2020-09-21 17:48 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\.purple
2023-07-04 13:45 - 2020-09-29 11:38 - 000000000 ____D C:\Users\Lifel\AppData\Local\gtk-2.0
2023-07-04 13:45 - 2020-09-29 11:36 - 000000000 ____D C:\Users\Lifel\AppData\Local\babl-0.1
2023-07-04 09:03 - 2022-07-30 12:38 - 000000000 ____D C:\Users\Lifel\Desktop\Szene
2023-07-03 09:45 - 2022-08-07 15:10 - 000002342 ____H C:\Users\Lifel\Documents\Default.rdp
2023-07-02 14:16 - 2019-12-07 16:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-07-02 00:09 - 2023-06-19 17:37 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\adspower_global
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2023-07-16 17:37 - 2023-07-16 17:37 - 273844224 _____ () C:\Users\Lifel\Bisq-64bit-1.9.12.exe
2022-12-26 22:45 - 2022-12-26 22:45 - 011615744 _____ (Sayyid A.) C:\Users\Lifel\E-Channelizer Installer (1).exe
2020-10-10 20:24 - 2020-10-10 20:24 - 000000048 ____H () C:\Program Files (x86)\qp61skxpce.dat
2022-12-26 23:56 - 2023-03-14 16:43 - 000000128 _____ () C:\Users\Lifel\AppData\Roaming\winscp.rnd
2022-11-21 22:04 - 2022-11-27 10:48 - 010841264 _____ (Ebay-Kleinanzeigen.de Suite) C:\Users\Lifel\AppData\Local\3A7B7290-77EA-45DC-888A-509CDAC02094.exe
2022-11-26 18:45 - 2022-11-26 18:45 - 006809600 _____ () C:\Users\Lifel\AppData\Local\4690239A-8279-4C25-999E-7872366B0731.exe
2022-12-04 20:23 - 2022-12-17 20:47 - 010861744 _____ (Ebay-Kleinanzeigen.de Suite) C:\Users\Lifel\AppData\Local\E175A901-9EC8-4A37-8235-CBA4860000D3.exe
2022-11-21 22:03 - 2022-12-18 13:57 - 000000028 _____ () C:\Users\Lifel\AppData\Local\fraudware.credentials
2023-01-07 19:05 - 2023-01-07 19:05 - 000000000 _____ () C:\Users\Lifel\AppData\Local\OVPN-WG-Default
2023-07-04 13:45 - 2023-07-04 13:45 - 000000880 _____ () C:\Users\Lifel\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
01.08.2023, 20:36
| #4 |
| | Phonzy:B!ml ausgeführtCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-08-2023
durchgeführt von Lifel (01-08-2023 21:34:49)
Gestartet von C:\Users\Lifel\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2021-02-07 18:44:13)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-2847683332-1929870010-1653967692-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2847683332-1929870010-1653967692-503 - Limited - Disabled)
Gast (S-1-5-21-2847683332-1929870010-1653967692-501 - Limited - Disabled)
Lifel (S-1-5-21-2847683332-1929870010-1653967692-1001 - Administrator - Enabled) => C:\Users\Lifel
WDAGUtilityAccount (S-1-5-21-2847683332-1929870010-1653967692-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 23.003.20244 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AdsPower Global 5.4.20 (HKLM\...\db821d47-7b3f-5a6f-afe8-6a107e22d1c8) (Version: 5.4.20 - AdsPower)
AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.1.0.1822 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bisq (HKLM\...\{41CF9B13-6AE4-33B6-85B4-A6A9ADA02208}) (Version: 1.9.12 - Bisq)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.12.3.1001 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\BlueStacksServices) (Version: 2.0.3 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\BlueStacks X) (Version: 10.2.0.1012 - now.gg, Inc.)
Breitbandmessung 3.1.0 (HKLM\...\14607473-30db-509f-94f0-bb7c085c619e) (Version: 3.1.0 - zafaco GmbH)
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{42B7DE8A-B2BF-41E3-9F0C-F3C10DAB9189}) (Version: 1.0.5.1 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{DFDF4BFA-1551-47EC-93BF-EBC1C305CD47}) (Version: 1.6.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{49F15DD6-D83B-4756-BB57-66E00570C186}) (Version: 1.0.22.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
Cryptomator (HKLM\...\{B64AF181-543A-33B3-96C8-C95D766D9C08}) (Version: 1.6.17 - Skymatic GmbH) Hidden
Cryptomator (HKLM-x32\...\{f7355d94-f45a-450c-b58f-49b2275c8389}) (Version: 1.6.17.4104 - Skymatic GmbH)
Discord (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Discord) (Version: 1.0.9005 - Discord Inc.)
Dokan Library 1.5.0.3000 (x64) (HKLM\...\{65A3A964-3DC3-0105-0000-210531145800}) (Version: 1.5.0.3000 - Dokany Project)
Dokan Library 1.5.0.3000 Bundle (HKLM-x32\...\{397bbe7f-d02b-4f1c-805f-57e0040e21dc}) (Version: 1.5.0.3000 - Dokany Project)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version: - )
DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 7.2.4.0 - CM&V)
E-Channelizer (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\E-Channelizer) (Version: 23.0.0.410 - Sayyid A.)
EPG-Buddy Version 0.7.1.12 (HKLM-x32\...\{DA4678F4-E46C-4739-8683-0B2D5C304BC3}_is1) (Version: 0.7.1.12 - Lehmden)
E-POST (HKLM-x32\...\{a8309492-4ff6-4911-a05a-ab9450075a3f}) (Version: 4.2.9.4209 - Deutsche Post AG)
Exodus (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\exodus) (Version: 23.6.9 - Exodus Movement Inc)
FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.4.0.3970 - OpenSight Software LLC)
GIMP 2.10.28 (HKLM\...\GIMP-2_is1) (Version: 2.10.28 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.110 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 78.0.1.0 - Google LLC)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
IPTVSmartersPro 1.1.1 (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\f6c4a7ae-abcb-5b7e-ac53-6c20f026dd0e) (Version: 1.1.1 - WHMCS Smarters)
Knuddels Standalone App (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Knuddels App ) (Version: "2015.12.6.0" - "Knuddels App")
LAV Filters 0.77.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.77.2 - Hendrik Leppkes)
Ledger Live 2.64.1 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.64.1 - Ledger Live Team)
Lenovo Calliope USB Keyboard (HKLM\...\{520AA862-0064-4B41-B777-1FAFC1AD1293}) (Version: 1.12 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.14 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.08.01.0009 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
Malwarebytes version 4.5.32.271 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.32.271 - Malwarebytes)
Messenger (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 142.0.353127249 - Facebook, Inc.)
Microsoft .NET Host - 6.0.10 (x64) (HKLM\...\{0222FFF1-57A3-48A6-9AD2-0D6B5D0172B3}) (Version: 48.43.48869 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.11 (x86) (HKLM-x32\...\{B87AB233-E9C5-4459-8E4A-952EACECCFC4}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.10 (x64) (HKLM\...\{A93C4E12-1BAB-4CFB-ADBC-9CE0B93176FF}) (Version: 48.43.48869 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x86) (HKLM-x32\...\{4CA4F71B-58C3-42ED-83FA-AD7AC9E9C0CB}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.10 (x64) (HKLM\...\{A2A39CB9-677D-4299-8537-C00B99F3D4A4}) (Version: 48.43.48869 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x86) (HKLM-x32\...\{94EE74AD-4205-4038-8748-000D966FA407}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.16626.20134 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.10 (x64) (HKLM\...\{3EC7701F-54F2-491D-AFD1-0395F465BC5A}) (Version: 48.43.48870 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.10 (x64) (HKLM-x32\...\{ff748137-9c9a-4056-be0a-48c7e465453c}) (Version: 6.0.10.31726 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x86) (HKLM-x32\...\{b9cfa33e-ace4-49f4-8bb4-82ded940990a}) (Version: 6.0.11.31823 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x86) (HKLM-x32\...\{E414058D-38CD-42D0-9050-C8C13E7EE911}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 115.0.3 (x64 de)) (Version: 115.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.6.0 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 102.13.0 (x86 de)) (Version: 102.13.0 - Mozilla)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.59 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.10.4.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA Grafiktreiber 536.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
OpenVPN Connect (HKLM\...\{45C65CE3-C105-4C48-B334-3E22FDCF4AD0}) (Version: 3.3.6 - OpenVPN Technologies)
Opera Stable 100.0.4815.76 (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Opera 100.0.4815.76) (Version: 100.0.4815.76 - Opera Software)
oscam_for_dvbviewer version 11715_mdvbapi (HKLM\...\{D5BC4941-02C5-4734-A0D2-51D0CD7E1F1D}_is1) (Version: 11715_mdvbapi - Clemens)
pCloud Drive (HKLM\...\{08357C8D-F4AB-4BEB-8C47-53DCBA373825}) (Version: 4.0.1.0 - pCloud AG) Hidden
pCloud Drive (HKLM-x32\...\{b5410ab9-fcac-4428-a244-bd26f7b2fa7d}) (Version: 4.0.1.0 - pCloud AG)
PDF24 Creator 11.1.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.1.0 - PDF24.org)
Pia S5 Proxy (HKLM-x32\...\Pia S5 Proxy) (Version: 1.5.5 - )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.14.1 - )
pidgin-otr 4.0.2 (HKLM-x32\...\pidgin-otr) (Version: 4.0.2 - Cypherpunks CA)
ProgDVB (HKLM-x32\...\ProgDVB) (Version: 7.x - Prog)
Proxifier version 4.11 (HKLM-x32\...\{187182AF-79AD-4717-85E9-2508E3F4775B}_is1) (Version: 4.11 - Initex)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9403.1 - Realtek Semiconductor Corp.)
Rimassoft IPTV m3u editor (HKLM-x32\...\ST6UNST #1) (Version: - )
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Sky Go 22.10.2.0 (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\com.bskyb.skygoplayer_is1) (Version: 22.10.2.0 - Sky)
Skype Version 8.97 (HKLM-x32\...\Skype_is1) (Version: 8.97 - Skype Technologies S.A.)
SoftwareUpdateNotification (HKLM-x32\...\{34F12379-C924-41E6-921D-51C71217F58C}) (Version: 1.0.9.0 - Brother Industries, Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
Sticky Password 8.6.5.1476 (HKLM-x32\...\Sticky Password_is1) (Version: 8.6.5.1476 - Lamantine Software)
Surfshark (HKLM-x32\...\{F18B06AF-152D-488E-B629-54F9CED6D7E4}) (Version: 5.0.0999 - Surfshark) Hidden
Surfshark (HKLM-x32\...\Surfshark 5.0.0999) (Version: 5.0.0999 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{1BE56F4D-46EC-4372-B4B2-A397E417102E}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{364DA2C2-3C50-468A-A1BD-93E5B8502B40}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{496353C1-D75A-4A57-B14C-2A56049564D6}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{5B2D9FDF-9C17-4D36-B2BE-C7030183A9BD}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{8DBE7558-4D5C-4D06-BA1C-D328129574C9}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{A270BA60-BE4B-44CE-A208-1028297B65C1}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{B017EE3F-1000-44BD-9EE4-93748B09CFC2}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{DDAC9A61-90BD-4C63-ABB6-036D58573122}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{FEC509A9-2CC6-4DF5-A189-DC121FBC23C0}) (Version: 1.0.1 - Surfshark)
Surfshark TUN Driver Windows (HKLM\...\{3C2ACC86-5F46-4E83-9D5B-EFA95D74CBA5}) (Version: 1.0 - Surfshark)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.5.6 - TeamViewer)
Telegram Desktop (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.8.10 - Telegram FZ-LLC)
threema-web (HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\threema_web) (Version: 1.2.27 - Threema GmbH)
TomTom MyDrive Connect 4.3.0.5005 (HKLM-x32\...\MyDriveConnect) (Version: 4.3.0.5005 - TomTom)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Update7 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Vodafone Mobile Broadband (HKLM-x32\...\{6BD14859-6B50-4283-99DA-E172B2F2D1B7}) (Version: 11.1.1.52318 - Vodafone)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
WinFsp 2022 (HKLM-x32\...\{6E315DCA-F396-4536-9FA8-616E64440FC0}) (Version: 1.10.22006 - Navimatics LLC)
WinSCP 5.21.6 (HKLM-x32\...\winscp3_is1) (Version: 5.21.6 - Martin Prikryl)
Xepg 0.7.4.4 (HKLM-x32\...\{897FB137-0451-47D1-B7BD-86672B9CC5B1}_is1) (Version: - a123)
Packages:
=========
Best Player -> C:\Program Files\WindowsApps\2949193320E78.BestPlayer8.1_7.6.4.0_x64__pg6a145mvhp7p [2023-07-07] (marios g.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.21.0_neutral__8xx8rvfyw5nnt [2023-07-20] (Instagram)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-07-07] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-01-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-01-02] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-01] (NVIDIA Corp.)
Simple IPTV Player -> C:\Program Files\WindowsApps\2841abhijith94.SimpleIPTVPlayer_3.0.2.0_x64__07z1dxn0ba6s6 [2023-05-27] (abhijith94)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2847683332-1929870010-1653967692-1001_Classes\CLSID\{48dff0e5-1627-41ee-b9e3-34bd819f54f9}\InprocServer32 -> C:\Users\Lifel\Desktop\Szene\FirefoxPortable\App\Firefox64\notificationserver.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2847683332-1929870010-1653967692-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> TEFINCOM S.A.)
CustomCLSID: HKU\S-1-5-21-2847683332-1929870010-1653967692-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\Lifel\AppData\Local\Google\Update\1.3.36.91\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2847683332-1929870010-1653967692-1001_Classes\CLSID\{be0606fa-d88d-42a5-b733-adb1f66373c8}\InprocServer32 -> C:\Users\Lifel\AppData\Roaming\adspower_global\cwd_global\flower_107\notificationserver.dll (Jun Tai Company Limited -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-2847683332-1929870010-1653967692-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\Lifel\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2847683332-1929870010-1653967692-1001_Classes\CLSID\{e2b16efe-d98c-437a-9f67-3fd6ace9b2ed}\InprocServer32 -> C:\Users\Lifel\Desktop\FirefoxPortableBasis1\App\Firefox64\notificationserver.dll => Keine Datei
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Lifel\AppData\Local\MEGAsync\ShellExtX64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Lifel\AppData\Local\MEGAsync\ShellExtX64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Lifel\AppData\Local\MEGAsync\ShellExtX64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\78.0.1.0\drivefsext.dll [2023-07-14] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\78.0.1.0\drivefsext.dll [2023-07-14] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\78.0.1.0\drivefsext.dll [2023-07-14] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\78.0.1.0\drivefsext.dll [2023-07-14] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ pCloudINPROGRESS] -> {D8BFAFBD-B670-4252-9C17-9CF1C64C2BAF} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [Datei ist nicht signiert]
ShellIconOverlayIdentifiers: [ pCloudINSYNC] -> {8D0C0582-552A-4A6B-9455-DA63E1F329C0} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [Datei ist nicht signiert]
ShellIconOverlayIdentifiers: [ pCloudNOSYNC] -> {3858ED1B-8F1C-42ED-A8A9-FDBF591E3C6B} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [Datei ist nicht signiert]
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_1] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => -> Keine Datei
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_2] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_3] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_4] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_5] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_6] -> {8009C378-F2BE-42A6-8ADD-083AAFBDC4EB} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_7] -> {057E631A-726E-4193-BB37-377DBD42812A} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_8] -> {86627476-D173-4FBC-B206-3A19447FF8CC} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_1] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_2] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_3] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_4] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_5] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_6] -> {8009C378-F2BE-42A6-8ADD-083AAFBDC4EB} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_7] -> {057E631A-726E-4193-BB37-377DBD42812A} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_8] -> {86627476-D173-4FBC-B206-3A19447FF8CC} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll -> Keine Datei
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files\pCloud Drive\ContextMenuHandler64.dll [2022-01-24] (pCloud AG) [Datei ist nicht signiert] [Datei wird verwendet]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\78.0.1.0\drivefsext.dll [2023-07-14] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lifel\AppData\Local\MEGAsync\ShellExtX64.dll -> Keine Datei
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lifel\AppData\Local\MEGAsync\ShellExtX64.dll -> Keine Datei
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-07-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lifel\AppData\Local\MEGAsync\ShellExtX64.dll -> Keine Datei
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files\pCloud Drive\ContextMenuHandler64.dll [2022-01-24] (pCloud AG) [Datei ist nicht signiert] [Datei wird verwendet]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\78.0.1.0\drivefsext.dll [2023-07-14] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Lifel\AppData\Local\MEGAsync\ShellExtX64.dll -> Keine Datei
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\78.0.1.0\drivefsext.dll [2023-07-14] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvle.inf_amd64_82ff39a34b899b1d\nvshext.dll [2023-06-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-07-10] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Lifel\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()
ShortcutWithArgument: C:\Users\Lifel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\SaveFrom.net.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aipaodhmfophiocehnmljpipnkdfagan
ShortcutWithArgument: C:\Users\Lifel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Sky - Mein Sky.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jkhgblndjefpjkajkchcgdklnmehofkg
ShortcutWithArgument: C:\Users\Lifel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\TikTok.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-03-22 17:21 - 2018-01-18 15:39 - 000519168 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrMonitor.dll
2016-10-04 14:25 - 2018-01-18 15:39 - 001720832 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2023-06-23 14:05 - 2023-06-23 14:05 - 000281088 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Surfshark\Resources\x64\Surfshark.Firewall.dll
2021-10-27 14:41 - 2021-10-27 14:41 - 001601536 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Surfshark\runtimes\win-x64\native\e_sqlite3.dll
2022-12-29 20:33 - 2019-07-01 18:25 - 000085011 _____ () [Datei ist nicht signiert] C:\ProgramData\mdvbapi\oscam_win\cygz.dll
2022-12-29 20:33 - 2019-07-01 18:25 - 000126483 _____ (libusb.info) [Datei ist nicht signiert] C:\ProgramData\mdvbapi\oscam_win\cygusb-1.0.dll
2022-01-06 13:54 - 2022-01-06 13:54 - 000173056 _____ (Navimatics LLC) [Datei ist nicht signiert] C:\Program Files (x86)\WinFsp\bin\winfsp-x64.dll
2022-12-29 20:33 - 2019-07-01 18:25 - 003339661 _____ (Red Hat) [Datei ist nicht signiert] C:\ProgramData\mdvbapi\oscam_win\cygwin1.dll
2022-12-29 20:33 - 2019-07-01 18:18 - 000222720 _____ (schwa226) [Datei ist nicht signiert] C:\Program Files (x86)\DVBViewer\Plugins\mdvbapi.dll
2021-08-08 23:13 - 2021-11-27 17:08 - 001089862 _____ (SQLite Development Team) [Datei ist nicht signiert] C:\Program Files (x86)\DVBViewer\sqlite3.dll
2022-12-29 20:33 - 2019-07-01 18:25 - 002401811 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\ProgramData\mdvbapi\oscam_win\cygcrypto-1.0.0.dll
2022-12-29 20:33 - 2019-07-01 18:25 - 000415763 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\ProgramData\mdvbapi\oscam_win\cygssl-1.0.0.dll
2017-10-23 18:28 - 2017-10-23 18:28 - 000342016 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\Program Files\pCloud Drive\OverlayIcon64.dll
2015-10-02 16:38 - 2015-10-02 16:38 - 000200192 _____ (Vodafone) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Base.CppInternals.dll
2023-07-15 10:38 - 2023-07-15 10:38 - 000042496 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.Ba2353987a#\5d0b3d0fec03bc0ce4246fcdf4180564\Vodafone.Base.Factory.ni.dll
2023-07-15 10:38 - 2023-07-15 10:38 - 000785408 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.Ba30e8727a#\f31f26713d91bea59cc2523716a8128a\Vodafone.Base.Internals.ni.dll
2023-07-15 10:38 - 2023-07-15 10:38 - 000010240 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.Ba4e8765b8#\86fb82f8768d2edd79dc8d39c8c87f80\Vodafone.Base.Interfaces.ni.dll
2023-07-15 10:38 - 2023-07-15 10:38 - 000168960 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.Ba959b92cf#\e21765db6d312a8ea4718e2bf5e35402\Vodafone.Base.Contracts.ni.dll
2023-07-15 10:38 - 2023-07-15 10:38 - 000514048 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.Bae4fb4d59#\c4c60dac14a6a30f93ec73e9ec6c74c5\Vodafone.Base.CppInternals.ni.dll
2023-07-15 10:37 - 2023-07-15 10:37 - 000236544 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.Data\05e5a720e573cfc67bc8861cc2a30d91\Vodafone.Data.ni.dll
2023-07-15 10:38 - 2023-07-15 10:38 - 000031232 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.De4673f193#\ffb40f4fa01d02d3463894e951ce2024\Vodafone.DeviceAccess.Factory.ni.dll
2023-07-15 10:38 - 2023-07-15 10:38 - 000281600 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.Deaf021953#\9b3489050451606df537fd213c507616\Vodafone.DeviceAccess.Internals.ni.dll
2023-07-15 10:38 - 2023-07-15 10:38 - 000561152 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.Deb7e84807#\8cd2e1b41ae82111050a4280ce0c0768\Vodafone.DeviceAccess.Dali.ni.dll
2023-07-15 10:38 - 2023-07-15 10:38 - 000060928 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.Defd646566#\371bd9c542ceb028d395adb8013288ac\Vodafone.DeviceAccess.Contracts.ni.dll
2023-07-15 10:38 - 2023-07-15 10:38 - 000116736 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.LogEngine\61ad9809d8159925edd2f69b0daacb35\Vodafone.LogEngine.ni.dll
2023-07-15 10:37 - 2023-07-15 10:37 - 001893888 _____ (Vodafone) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Vodafone.Platform\de22a3541fd64c4f1cb1bd57008f6963\Vodafone.Platform.ni.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VeraCryptSystemFavorites => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VeraCryptSystemFavorites => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-2847683332-1929870010-1653967692-1001 -> DefaultScope {AA81C503-148B-4249-8CAD-0E6D7F1487D0} URL =
SearchScopes: HKU\S-1-5-21-2847683332-1929870010-1653967692-1001 -> {AA81C503-148B-4249-8CAD-0E6D7F1487D0} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\sharepoint.com -> hxxps://moecode-files.sharepoint.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 06:49 - 2022-07-04 11:44 - 000000993 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 cryptomator-vault
138.199.19.192 de-fra.prod.surfshark.com #Temporary Surfshark mapping
138.199.19.169 de-fra.prod.surfshark.com #Temporary Surfshark mapping
2022-01-21 11:21 - 2022-01-21 11:26 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
ist aktiviert.
Network Binding:
=============
OVPN: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
WLAN: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled)
LAN-Verbindung: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run32: => "MobileBroadband"
HKLM\...\StartupApproved\Run32: => "VmbNotifierRouter"
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\StartupApproved\Run: => "electron.app.BlueStacks Services"
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\StartupApproved\Run: => "Proxifier"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{53F1510F-B214-464E-8C4F-FECCDEF4E2A4}] => (Allow) C:\Users\Lifel\AppData\Local\Temp\pft36BD.tmp\fsetup.exe => Keine Datei
FirewallRules: [{7C172AFE-1C1B-4CC8-B0C1-01968BD9876F}] => (Allow) C:\Users\Lifel\AppData\Local\Temp\pft36BD.tmp\fsetup.exe => Keine Datei
FirewallRules: [{A8CAB249-692E-4AA6-BB93-B6D4115D9970}] => (Allow) C:\Users\Lifel\AppData\Local\Temp\pft5B7A.tmp\fsetup.exe => Keine Datei
FirewallRules: [{C03FAC7E-2533-4500-B082-E53E35DD5351}] => (Allow) C:\Users\Lifel\AppData\Local\Temp\pft5B7A.tmp\fsetup.exe => Keine Datei
FirewallRules: [{1A671FD6-1484-4D73-8543-0344F061DCD8}] => (Block) C:\users\lifel\desktop\opml\opml\opml.exe => Keine Datei
FirewallRules: [{FCE6FA17-0CF0-4FB5-937A-9BCDDFC1A696}] => (Block) C:\users\lifel\desktop\opml\opml\opml.exe => Keine Datei
FirewallRules: [UDP Query User{76150D80-BA23-453F-A3A4-AA56B900423A}C:\users\lifel\desktop\opml\opml\opml.exe] => (Allow) C:\users\lifel\desktop\opml\opml\opml.exe => Keine Datei
FirewallRules: [TCP Query User{455ADBE9-24A8-492E-8C15-189A4617F194}C:\users\lifel\desktop\opml\opml\opml.exe] => (Allow) C:\users\lifel\desktop\opml\opml\opml.exe => Keine Datei
FirewallRules: [UDP Query User{D02F3A65-DA08-4429-8B73-ACA5154B854E}C:\users\lifel\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Block) C:\users\lifel\appdata\local\programs\opera\72.0.3815.400\opera.exe => Keine Datei
FirewallRules: [TCP Query User{DE908D94-EC1A-4A23-A08A-9109FB8958E0}C:\users\lifel\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Block) C:\users\lifel\appdata\local\programs\opera\72.0.3815.400\opera.exe => Keine Datei
FirewallRules: [UDP Query User{95E7CEDE-4A87-4E41-89AA-5455A457393E}C:\users\lifel\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\72.0.3815.320\opera.exe => Keine Datei
FirewallRules: [TCP Query User{747D78D1-69CE-4CC0-BC49-ED81E4019CBE}C:\users\lifel\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\72.0.3815.320\opera.exe => Keine Datei
FirewallRules: [UDP Query User{1C50885A-B988-4B78-8880-045797FB3CDA}C:\users\lifel\appdata\local\programs\opera\68.0.3618.173\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\68.0.3618.173\opera.exe => Keine Datei
FirewallRules: [TCP Query User{D5034D86-1990-4603-A0C4-25BB5E6C8F70}C:\users\lifel\appdata\local\programs\opera\68.0.3618.173\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\68.0.3618.173\opera.exe => Keine Datei
FirewallRules: [UDP Query User{405DF38D-7397-4143-B3BD-1F25E1E59621}C:\users\lifel\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\68.0.3618.125\opera.exe => Keine Datei
FirewallRules: [TCP Query User{0E4F90D0-F119-4FDA-A9EA-6113BDF84AAC}C:\users\lifel\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\68.0.3618.125\opera.exe => Keine Datei
FirewallRules: [{E3C28938-8F25-4823-8321-F05473D4C0EF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DDE74415-9331-4C2C-B8F5-FA74B315EA8F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{37C121BA-8733-42BC-86F8-162B0699ECEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7624CE59-E17B-4F3C-81CB-0416FBD113D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{E6BD5039-3A97-445E-9183-8058E8486B33}C:\users\lifel\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\lifel\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
FirewallRules: [TCP Query User{D8E0A48F-4D5E-4FF5-9C88-F8AB354AF9AB}C:\users\lifel\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\lifel\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
FirewallRules: [UDP Query User{9AAFCC25-CD1F-4A1E-B6C5-7B7E3FE31B38}C:\users\lifel\appdata\local\programs\opera\68.0.3618.104\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\68.0.3618.104\opera.exe => Keine Datei
FirewallRules: [TCP Query User{840B82E8-563A-4DD6-9663-AEE6D7DDD2F8}C:\users\lifel\appdata\local\programs\opera\68.0.3618.104\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\68.0.3618.104\opera.exe => Keine Datei
FirewallRules: [UDP Query User{BA5E74F7-1795-43F3-B5F2-8149D6D7A176}C:\users\lifel\appdata\local\programs\opera\68.0.3618.63\opera.exe] => (Block) C:\users\lifel\appdata\local\programs\opera\68.0.3618.63\opera.exe => Keine Datei
FirewallRules: [TCP Query User{D3349F5A-27D2-4005-8D5E-CEF751B40574}C:\users\lifel\appdata\local\programs\opera\68.0.3618.63\opera.exe] => (Block) C:\users\lifel\appdata\local\programs\opera\68.0.3618.63\opera.exe => Keine Datei
FirewallRules: [UDP Query User{93F5A45C-D3C4-4A3E-9446-9EA6409C03D5}C:\users\lifel\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\67.0.3575.137\opera.exe => Keine Datei
FirewallRules: [TCP Query User{F9199A0D-4569-49D3-90F2-DABCA60C56A8}C:\users\lifel\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\67.0.3575.137\opera.exe => Keine Datei
FirewallRules: [{24FE1CDB-C379-4F4C-8ABF-15669C516498}] => (Allow) C:\Users\Lifel\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{2BFEAB87-F624-4068-A611-6617D4686FA8}] => (Allow) C:\Users\Lifel\AppData\Roaming\Zoom\bin\Zoom.exe => Keine Datei
FirewallRules: [UDP Query User{80A7DD72-B5C4-4715-8855-A1C62670FD7A}D:\spiele\warthunder\win64\aces.exe] => (Allow) D:\spiele\warthunder\win64\aces.exe => Keine Datei
FirewallRules: [TCP Query User{C9A5A4A1-DF3E-4C50-9D1C-EDAD4A68A985}D:\spiele\warthunder\win64\aces.exe] => (Allow) D:\spiele\warthunder\win64\aces.exe => Keine Datei
FirewallRules: [UDP Query User{EA9C47F8-7BD6-4F73-B2C6-DD65AD07B024}D:\spiele\warthunder\launcher.exe] => (Allow) D:\spiele\warthunder\launcher.exe => Keine Datei
FirewallRules: [TCP Query User{78926FBB-8BF4-4B2E-8FD9-BCFB7CB52EC6}D:\spiele\warthunder\launcher.exe] => (Allow) D:\spiele\warthunder\launcher.exe => Keine Datei
FirewallRules: [UDP Query User{2DBFBCA4-C6FE-484C-8675-AAC090DB5D35}C:\users\lifel\appdata\local\programs\opera\67.0.3575.121\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\67.0.3575.121\opera.exe => Keine Datei
FirewallRules: [TCP Query User{51B8C1A4-FADD-4AD0-BE50-BB7260A78729}C:\users\lifel\appdata\local\programs\opera\67.0.3575.121\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\67.0.3575.121\opera.exe => Keine Datei
FirewallRules: [{504366DD-2028-4B21-BB3C-58624A06E71F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5F0F3086-E156-4629-A6D6-0FF4B632FEBC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EC912123-6A53-47D3-99CE-70D2651A768F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{1E76AE75-58BC-4B22-B6BF-03B8C3112838}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [TCP Query User{4719D880-64CF-490A-89B3-2D45E91A14A9}C:\users\lifel\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\74.0.3911.107\opera.exe => Keine Datei
FirewallRules: [UDP Query User{C1347FFC-9325-49CA-A7E1-97CE3E6D083C}C:\users\lifel\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\74.0.3911.107\opera.exe => Keine Datei
FirewallRules: [TCP Query User{6E073D30-E2E3-4EFD-A256-C9FBA09CF707}C:\users\lifel\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\74.0.3911.218\opera.exe => Keine Datei
FirewallRules: [UDP Query User{1B59B1CB-648E-4EB6-8371-DEFDC0579F32}C:\users\lifel\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\74.0.3911.218\opera.exe => Keine Datei
FirewallRules: [TCP Query User{89087697-EB4F-49F9-BF98-46EA0B70A308}C:\users\lifel\appdata\local\jxbrowser\7.14\chromium.exe] => (Block) C:\users\lifel\appdata\local\jxbrowser\7.14\chromium.exe (TEAMDEV LTD. -> The Chromium Authors)
FirewallRules: [UDP Query User{E433AA15-D1BF-4639-8E39-0D7002813D72}C:\users\lifel\appdata\local\jxbrowser\7.14\chromium.exe] => (Block) C:\users\lifel\appdata\local\jxbrowser\7.14\chromium.exe (TEAMDEV LTD. -> The Chromium Authors)
FirewallRules: [{6C32FE57-123B-43D2-BECF-A716BD39D589}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9529BC9E-D2D6-45F8-B628-E217577C4079}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{DF66DF40-E949-4DF4-80F8-EC927133CB26}C:\users\lifel\appdata\local\programs\opera\76.0.4017.123\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\76.0.4017.123\opera.exe => Keine Datei
FirewallRules: [UDP Query User{238514CE-553A-42C0-A54E-A4F2C5B79893}C:\users\lifel\appdata\local\programs\opera\76.0.4017.123\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\76.0.4017.123\opera.exe => Keine Datei
FirewallRules: [TCP Query User{F0122F39-FA70-4DCF-9492-2075790E8537}C:\users\lifel\desktop\spanien1\app\chrome-bin\chrome.exe] => (Allow) C:\users\lifel\desktop\spanien1\app\chrome-bin\chrome.exe => Keine Datei
FirewallRules: [UDP Query User{A8819C20-DA9D-4D5C-BAAD-F84C1B437292}C:\users\lifel\desktop\spanien1\app\chrome-bin\chrome.exe] => (Allow) C:\users\lifel\desktop\spanien1\app\chrome-bin\chrome.exe => Keine Datei
FirewallRules: [{084DC050-BF93-41C4-8702-63EE8E06A656}] => (Block) C:\users\lifel\desktop\spanien1\app\chrome-bin\chrome.exe => Keine Datei
FirewallRules: [{C36810AF-E36B-4EA4-8C3D-72D9F9BAF1DF}] => (Block) C:\users\lifel\desktop\spanien1\app\chrome-bin\chrome.exe => Keine Datei
FirewallRules: [TCP Query User{3650CDDE-FB19-423A-BC43-99AC88B066E9}C:\users\lifel\desktop\frankreich\app\chrome-bin\chrome.exe] => (Allow) C:\users\lifel\desktop\frankreich\app\chrome-bin\chrome.exe => Keine Datei
FirewallRules: [UDP Query User{FE2A0B7C-CC78-4470-AA2E-80E83DA95BC3}C:\users\lifel\desktop\frankreich\app\chrome-bin\chrome.exe] => (Allow) C:\users\lifel\desktop\frankreich\app\chrome-bin\chrome.exe => Keine Datei
FirewallRules: [{D20BE374-F771-4E6D-ABF5-B49092C1E82F}] => (Block) C:\users\lifel\desktop\frankreich\app\chrome-bin\chrome.exe => Keine Datei
FirewallRules: [{3F6A3C52-6EF6-454B-964C-94711D82AABE}] => (Block) C:\users\lifel\desktop\frankreich\app\chrome-bin\chrome.exe => Keine Datei
FirewallRules: [TCP Query User{B7BC9947-2711-458D-B89E-42E23869E22E}C:\users\lifel\appdata\local\jxbrowser\7.15\chromium.exe] => (Block) C:\users\lifel\appdata\local\jxbrowser\7.15\chromium.exe (TEAMDEV LTD. -> The Chromium Authors)
FirewallRules: [UDP Query User{7D8119E4-0CC4-4B1C-BA0B-A6331B66EC6F}C:\users\lifel\appdata\local\jxbrowser\7.15\chromium.exe] => (Block) C:\users\lifel\appdata\local\jxbrowser\7.15\chromium.exe (TEAMDEV LTD. -> The Chromium Authors)
FirewallRules: [TCP Query User{541A14BD-29B5-4C01-9A30-F9DEB57CE0AC}C:\users\lifel\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Block) C:\users\lifel\appdata\local\programs\opera\77.0.4054.277\opera.exe => Keine Datei
FirewallRules: [UDP Query User{3B71E42E-0D81-4864-A0E4-156ED0F0CCB9}C:\users\lifel\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Block) C:\users\lifel\appdata\local\programs\opera\77.0.4054.277\opera.exe => Keine Datei
FirewallRules: [TCP Query User{E43A5626-79D9-4CA2-982F-6530233A88A6}C:\program files (x86)\rescue and smart assistant\rescue and smart assistant.exe] => (Allow) C:\program files (x86)\rescue and smart assistant\rescue and smart assistant.exe => Keine Datei
FirewallRules: [UDP Query User{AF6393A0-B80D-4BDA-818B-15A5F233256B}C:\program files (x86)\rescue and smart assistant\rescue and smart assistant.exe] => (Allow) C:\program files (x86)\rescue and smart assistant\rescue and smart assistant.exe => Keine Datei
FirewallRules: [TCP Query User{6B9A054F-35A6-49BF-8D25-F0C3132BD154}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{35C5E162-33FB-48BE-B79A-719226F31F0B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{2E9F8982-91C5-4F65-901F-602E0C6B3D24}] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{1EDF7047-C243-4C28-A13A-6AAACB4A6144}] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{B50AA071-A213-410F-9C45-A928870BC959}] => (Allow) C:\Program Files (x86)\DVBViewer\DVBVservice.exe => Keine Datei
FirewallRules: [{212610CD-E8C9-4C21-9A57-9E0D5FFA0083}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe => Keine Datei
FirewallRules: [{B1334A4A-8D03-4911-878E-0E170552099C}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe => Keine Datei
FirewallRules: [{E8AD66F5-AC6A-42B8-8FD3-5856256E50EC}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe => Keine Datei
FirewallRules: [{48E544BD-4AA2-4D43-9957-81F9C03138AD}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe => Keine Datei
FirewallRules: [TCP Query User{F37EB4CA-5692-4E5E-8D64-91757F94071A}C:\users\lifel\desktop\dcc e2 v 1.50\dcc_e2.exe] => (Allow) C:\users\lifel\desktop\dcc e2 v 1.50\dcc_e2.exe => Keine Datei
FirewallRules: [UDP Query User{1DF59FB9-FFAF-49AF-9416-F62F5769A37D}C:\users\lifel\desktop\dcc e2 v 1.50\dcc_e2.exe] => (Allow) C:\users\lifel\desktop\dcc e2 v 1.50\dcc_e2.exe => Keine Datei
FirewallRules: [TCP Query User{4F5F2242-F666-41F2-B3E5-660C6153F50E}C:\users\lifel\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\78.0.4093.147\opera.exe => Keine Datei
FirewallRules: [UDP Query User{1C41E522-F716-47D3-AA54-F28BC962C8BB}C:\users\lifel\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\78.0.4093.147\opera.exe => Keine Datei
FirewallRules: [TCP Query User{862EAD51-C583-4916-A677-251B3B4782A4}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> )
FirewallRules: [UDP Query User{F6A30662-5D83-4349-B15D-6248497C0894}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> )
FirewallRules: [TCP Query User{16B0CDA0-63AE-4CAB-9AFD-450901B360F5}C:\users\lifel\appdata\local\programs\opera\opera.exe] => (Block) C:\users\lifel\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{63479C4B-DB06-45AB-81B2-F59BB4CA6A54}C:\users\lifel\appdata\local\programs\opera\opera.exe] => (Block) C:\users\lifel\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{405B1B56-86E7-4DAB-B37B-D42A4287D377}] => (Allow) LPort=26822
FirewallRules: [TCP Query User{9C21FF90-9383-47CB-B25E-A9A62ECD45B9}C:\users\lifel\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{5829E4AC-AFC4-442D-9AB8-62E740A4721D}C:\users\lifel\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{5ACF3BA5-8B0B-44E7-9117-E9168AD2B844}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2187C8EE-50F0-426E-B18F-07CEE5B2CA24}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{CB26A5E2-7363-42E1-A173-391964A626A6}C:\users\lifel\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\lifel\appdata\local\discord\app-1.0.9005\discord.exe => Keine Datei
FirewallRules: [UDP Query User{A827589C-6F10-4BC4-92F2-D1F3C49644B4}C:\users\lifel\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\lifel\appdata\local\discord\app-1.0.9005\discord.exe => Keine Datei
FirewallRules: [{50A928AA-2A18-45AC-AE8C-EC9CC1A78B5B}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International B.V. -> TomTom)
FirewallRules: [TCP Query User{FAEAAF1F-55C6-4627-9293-9964C7700E3D}C:\users\lifel\desktop\acamd_v0.6.2.0\acamdmonitor.exe] => (Allow) C:\users\lifel\desktop\acamd_v0.6.2.0\acamdmonitor.exe => Keine Datei
FirewallRules: [UDP Query User{94139FFF-797B-419C-BD35-5568614F027D}C:\users\lifel\desktop\acamd_v0.6.2.0\acamdmonitor.exe] => (Allow) C:\users\lifel\desktop\acamd_v0.6.2.0\acamdmonitor.exe => Keine Datei
FirewallRules: [TCP Query User{153C858E-FF34-4D58-95BA-D4170367ACD9}C:\program files\monero gui wallet\monero-wallet-gui.exe] => (Allow) C:\program files\monero gui wallet\monero-wallet-gui.exe => Keine Datei
FirewallRules: [UDP Query User{2D070C28-F610-4A51-A457-CFB7E7ECAE97}C:\program files\monero gui wallet\monero-wallet-gui.exe] => (Allow) C:\program files\monero gui wallet\monero-wallet-gui.exe => Keine Datei
FirewallRules: [{B4A68511-43ED-4679-B58B-C75F7686E6C6}] => (Block) C:\program files\monero gui wallet\monero-wallet-gui.exe => Keine Datei
FirewallRules: [{C481ADFC-05DB-4ABB-8F2B-3D786381E4B9}] => (Block) C:\program files\monero gui wallet\monero-wallet-gui.exe => Keine Datei
FirewallRules: [TCP Query User{B1BEBB18-A6C2-40C4-BFEE-956458EB7355}C:\users\lifel\appdata\local\bisq\bisq.exe] => (Allow) C:\users\lifel\appdata\local\bisq\bisq.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{8D6CCE4E-BAC0-49DE-AD8B-D306C91F3162}C:\users\lifel\appdata\local\bisq\bisq.exe] => (Allow) C:\users\lifel\appdata\local\bisq\bisq.exe () [Datei ist nicht signiert]
FirewallRules: [{228F9194-F99C-4D59-94AC-3A8921A02A85}] => (Block) C:\users\lifel\appdata\local\bisq\bisq.exe () [Datei ist nicht signiert]
FirewallRules: [{5B866837-AA57-4AC4-B5BB-F960CC7F3E19}] => (Block) C:\users\lifel\appdata\local\bisq\bisq.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{42A7B8B3-A112-41EB-980B-AE7AE0598DCD}C:\program files\ledger live\ledger live.exe] => (Allow) C:\program files\ledger live\ledger live.exe (Ledger SAS -> Ledger Live Team)
FirewallRules: [UDP Query User{55087D70-2965-4E26-A4C4-C4327A95FFD9}C:\program files\ledger live\ledger live.exe] => (Allow) C:\program files\ledger live\ledger live.exe (Ledger SAS -> Ledger Live Team)
FirewallRules: [{64F19862-5584-499B-838E-93713A61760E}] => (Block) C:\program files\ledger live\ledger live.exe (Ledger SAS -> Ledger Live Team)
FirewallRules: [{8A29BE45-617F-4AA8-BD47-38DC1F72CE46}] => (Block) C:\program files\ledger live\ledger live.exe (Ledger SAS -> Ledger Live Team)
FirewallRules: [TCP Query User{B805A37F-E869-4338-80F8-C28BB9AC264B}C:\programdata\mdvbapi\oscam_win\oscam.exe] => (Allow) C:\programdata\mdvbapi\oscam_win\oscam.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{B786F642-9C04-4137-B7BF-8B88BB150B57}C:\programdata\mdvbapi\oscam_win\oscam.exe] => (Allow) C:\programdata\mdvbapi\oscam_win\oscam.exe () [Datei ist nicht signiert]
FirewallRules: [{76066837-449A-4BC1-9408-F711CB1E3DEA}] => (Block) C:\programdata\mdvbapi\oscam_win\oscam.exe () [Datei ist nicht signiert]
FirewallRules: [{CCF28C7B-5833-449A-B6EF-38AF346611C3}] => (Block) C:\programdata\mdvbapi\oscam_win\oscam.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{CD4E88EC-7DBA-4B48-B863-56C10E88546D}C:\users\lifel\appdata\local\programs\opera beta\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera beta\opera.exe => Keine Datei
FirewallRules: [UDP Query User{6EC2552D-0E48-406A-B494-012EA8B634B5}C:\users\lifel\appdata\local\programs\opera beta\opera.exe] => (Allow) C:\users\lifel\appdata\local\programs\opera beta\opera.exe => Keine Datei
FirewallRules: [{4DC98FD2-F0C1-449E-92BA-D50D990D0954}] => (Block) C:\users\lifel\appdata\local\programs\opera beta\opera.exe => Keine Datei
FirewallRules: [{44280840-9A84-475D-A64E-CFCA53CD576C}] => (Block) C:\users\lifel\appdata\local\programs\opera beta\opera.exe => Keine Datei
FirewallRules: [TCP Query User{D810D10E-0E66-43D5-8D94-18CA1C67BD0C}C:\users\lifel\desktop\szene\operaportable\app\opera\opera.exe] => (Allow) C:\users\lifel\desktop\szene\operaportable\app\opera\opera.exe => Keine Datei
FirewallRules: [UDP Query User{9EE3C7E0-F708-4BB0-8F05-A0E2768986F5}C:\users\lifel\desktop\szene\operaportable\app\opera\opera.exe] => (Allow) C:\users\lifel\desktop\szene\operaportable\app\opera\opera.exe => Keine Datei
FirewallRules: [{E8038180-E9BA-449F-8A7C-1505EC8F2AA5}] => (Block) C:\users\lifel\desktop\szene\operaportable\app\opera\opera.exe => Keine Datei
FirewallRules: [{BFF72007-4A99-4E33-9E28-53DF52EDD2BD}] => (Block) C:\users\lifel\desktop\szene\operaportable\app\opera\opera.exe => Keine Datei
FirewallRules: [TCP Query User{F8811443-4365-409B-BB12-0A18BA574840}C:\program files (x86)\ovpn\ovpn.exe] => (Allow) C:\program files (x86)\ovpn\ovpn.exe => Keine Datei
FirewallRules: [UDP Query User{411F3D61-9FB0-4361-BF8F-10BAAF8166A8}C:\program files (x86)\ovpn\ovpn.exe] => (Allow) C:\program files (x86)\ovpn\ovpn.exe => Keine Datei
FirewallRules: [{6000C9C6-666A-4138-AAA3-7FB9CF31EA9A}] => (Block) C:\program files (x86)\ovpn\ovpn.exe => Keine Datei
FirewallRules: [{D03D405A-6AEE-4D2C-B425-7FE7C9F0D3E8}] => (Block) C:\program files (x86)\ovpn\ovpn.exe => Keine Datei
FirewallRules: [{5E83612F-F938-43DC-B46A-CEB97B16A4B7}] => (Allow) C:\Program Files\pCloud Drive\pCloud.exe () [Datei ist nicht signiert]
FirewallRules: [{6BD5FBBE-FF31-4ECB-A2B2-7FDE2DE7D4D3}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{930175FD-D2F1-459F-9262-58AAE9EFAF45}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{634FDE6C-B192-4519-8E1C-C50588EA430B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{48DF1C6D-0DC0-4854-912B-9FA843A9BFC2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13059312-7941-4897-BF2E-2A80D03B3474}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{37ACF9C4-3316-46FB-9AB9-03E24F6B9A2E}] => (Allow) C:\Program Files (x86)\DVBViewer\DVBViewer.exe (Christian Hackbart -> CM&V Hackbart)
FirewallRules: [TCP Query User{E16C5535-5FC2-4A48-9294-B192D22FF831}C:\users\lifel\desktop\opera\opera.exe] => (Allow) C:\users\lifel\desktop\opera\opera.exe => Keine Datei
FirewallRules: [UDP Query User{D6DD79B8-FA89-4F3A-A5BA-09AEB67DB4C3}C:\users\lifel\desktop\opera\opera.exe] => (Allow) C:\users\lifel\desktop\opera\opera.exe => Keine Datei
FirewallRules: [{BB36A0BA-48DA-45A6-8CA7-7FE6E4C50833}] => (Block) C:\users\lifel\desktop\opera\opera.exe => Keine Datei
FirewallRules: [{F36BBE7D-3E36-427D-98D0-C9E7B365034C}] => (Block) C:\users\lifel\desktop\opera\opera.exe => Keine Datei
FirewallRules: [TCP Query User{BD1595AF-D460-47F3-804A-BE322BB0F2BE}C:\users\lifel\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\lifel\appdata\local\discord\app-1.0.9013\discord.exe => Keine Datei
FirewallRules: [UDP Query User{1D315571-E54F-4767-8DB6-7E97CF242914}C:\users\lifel\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\lifel\appdata\local\discord\app-1.0.9013\discord.exe => Keine Datei
FirewallRules: [{E430D9CF-FD9D-413B-89F0-C49A16C28376}] => (Block) C:\users\lifel\appdata\local\discord\app-1.0.9013\discord.exe => Keine Datei
FirewallRules: [{897754B1-9E7E-4A13-89D6-44C2AE78EC1C}] => (Block) C:\users\lifel\appdata\local\discord\app-1.0.9013\discord.exe => Keine Datei
FirewallRules: [{61661C02-B2D7-46E1-B9FA-823992BDED47}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{30E6B56B-3FFE-4B3C-A556-BFCB55A79BAB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8ACCD87A-3EA9-49F0-A723-B5E707D0D160}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D123BD5F-629C-41ED-A41A-2F268E7E7756}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{4209134F-CF17-466F-B498-F0FE44F2CEC2}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{B3E3EF6F-E894-4AC6-964A-CB5300B146D3}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{05E77DE0-F2EB-428C-813A-E2059798E265}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [TCP Query User{97F8B827-7C0E-4CBA-B5A5-E5B3F6204490}C:\program files (x86)\pia_s5_proxy_cata\run\piaproxy.exe] => (Allow) C:\program files (x86)\pia_s5_proxy_cata\run\piaproxy.exe (MARS BROTHERS LIMITED -> )
FirewallRules: [UDP Query User{D7011331-97D4-4E4D-AD00-99B5DD9BA5E0}C:\program files (x86)\pia_s5_proxy_cata\run\piaproxy.exe] => (Allow) C:\program files (x86)\pia_s5_proxy_cata\run\piaproxy.exe (MARS BROTHERS LIMITED -> )
FirewallRules: [{BA41BDB9-BE3B-47B1-9FDB-6D6AB2A42B03}] => (Block) C:\program files (x86)\pia_s5_proxy_cata\run\piaproxy.exe (MARS BROTHERS LIMITED -> )
FirewallRules: [{D5A68812-1D7D-4017-B991-B7AE16E4712D}] => (Block) C:\program files (x86)\pia_s5_proxy_cata\run\piaproxy.exe (MARS BROTHERS LIMITED -> )
FirewallRules: [TCP Query User{B00EE349-FD59-4551-8348-61330173176B}C:\program files\adspower global\adspower global.exe] => (Allow) C:\program files\adspower global\adspower global.exe (Jun Tai Company Limited -> AdsPower)
FirewallRules: [UDP Query User{E4DFC748-57C9-4B52-A882-0AF33394D384}C:\program files\adspower global\adspower global.exe] => (Allow) C:\program files\adspower global\adspower global.exe (Jun Tai Company Limited -> AdsPower)
FirewallRules: [{5F2AEA62-417F-4D12-874E-686A50BCE0D8}] => (Block) C:\program files\adspower global\adspower global.exe (Jun Tai Company Limited -> AdsPower)
FirewallRules: [{E7717E07-45E2-4EB1-9A9E-CAEBECB67CCA}] => (Block) C:\program files\adspower global\adspower global.exe (Jun Tai Company Limited -> AdsPower)
FirewallRules: [TCP Query User{717D8C42-F7EE-48A3-A791-15DB9D59E6F6}C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_112\sunbrowser.exe] => (Allow) C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_112\sunbrowser.exe (Jun Tai Company Limited -> The AccZing Authors)
FirewallRules: [UDP Query User{AC80945B-9E52-48A5-9538-5017D01A3EE5}C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_112\sunbrowser.exe] => (Allow) C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_112\sunbrowser.exe (Jun Tai Company Limited -> The AccZing Authors)
FirewallRules: [{0ACCCD6F-B8E4-4A7D-A244-77B3ECA56BBF}] => (Block) C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_112\sunbrowser.exe (Jun Tai Company Limited -> The AccZing Authors)
FirewallRules: [{D58F64B0-9179-4A8B-89F4-B44669D8BD23}] => (Block) C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_112\sunbrowser.exe (Jun Tai Company Limited -> The AccZing Authors)
FirewallRules: [TCP Query User{04CD8A7F-8D45-4F79-9221-E1FA4C53323A}C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_111\sunbrowser.exe] => (Allow) C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_111\sunbrowser.exe (Jun Tai Company Limited -> The AccZing Authors)
FirewallRules: [UDP Query User{1A1D0FDA-008E-4296-8C5E-4D23C42CC0CF}C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_111\sunbrowser.exe] => (Allow) C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_111\sunbrowser.exe (Jun Tai Company Limited -> The AccZing Authors)
FirewallRules: [{23A5014C-866C-4499-AAA7-C058737C8FCE}] => (Block) C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_111\sunbrowser.exe (Jun Tai Company Limited -> The AccZing Authors)
FirewallRules: [{60686418-95D6-49ED-AC70-81D2A6FCE21D}] => (Block) C:\users\lifel\appdata\roaming\adspower_global\cwd_global\chrome_111\sunbrowser.exe (Jun Tai Company Limited -> The AccZing Authors)
FirewallRules: [{1FE47269-FA61-4AB1-BF3B-7CBFD77CEF53}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe (Lamantine Software a.s. -> Lamantine Software a.s.)
FirewallRules: [{1333820B-F231-4B26-BFB5-50E1E3252ADF}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe (Lamantine Software a.s. -> Lamantine Software a.s.)
FirewallRules: [TCP Query User{32B99207-91CB-40C0-997D-1D9EA96A49EF}C:\program files\bitbrowser global\bitbrowser global.exe] => (Allow) C:\program files\bitbrowser global\bitbrowser global.exe => Keine Datei
FirewallRules: [UDP Query User{5654B10E-DF58-4613-BE8E-6D731A83C002}C:\program files\bitbrowser global\bitbrowser global.exe] => (Allow) C:\program files\bitbrowser global\bitbrowser global.exe => Keine Datei
FirewallRules: [{CB050747-8F3E-4427-B305-651D21765D10}] => (Block) C:\program files\bitbrowser global\bitbrowser global.exe => Keine Datei
FirewallRules: [{5E17A60F-35A2-4617-943F-14E360B6BF78}] => (Block) C:\program files\bitbrowser global\bitbrowser global.exe => Keine Datei
FirewallRules: [TCP Query User{70730394-9256-4B24-BE29-8E4A2275CE0A}C:\users\lifel\appdata\roaming\bitbrowser\chrome-bin\112\1.0.4\bitbrowser.exe] => (Allow) C:\users\lifel\appdata\roaming\bitbrowser\chrome-bin\112\1.0.4\bitbrowser.exe => Keine Datei
FirewallRules: [UDP Query User{E7A55E77-5BC3-488C-ADE6-9FC57993F0D8}C:\users\lifel\appdata\roaming\bitbrowser\chrome-bin\112\1.0.4\bitbrowser.exe] => (Allow) C:\users\lifel\appdata\roaming\bitbrowser\chrome-bin\112\1.0.4\bitbrowser.exe => Keine Datei
FirewallRules: [{573A4D54-90A8-482A-B4C7-5D75DA18C7BA}] => (Block) C:\users\lifel\appdata\roaming\bitbrowser\chrome-bin\112\1.0.4\bitbrowser.exe => Keine Datei
FirewallRules: [{010F71C7-5816-401A-9AA8-4C5D83FE3DD9}] => (Block) C:\users\lifel\appdata\roaming\bitbrowser\chrome-bin\112\1.0.4\bitbrowser.exe => Keine Datei
FirewallRules: [TCP Query User{A1352733-D175-470D-AB32-84B299487B1A}C:\users\lifel\desktop\szene\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\lifel\desktop\szene\googlechromeportable\app\chrome-bin\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{C3661FE6-DF8A-4627-8F51-116912B24E3F}C:\users\lifel\desktop\szene\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) C:\users\lifel\desktop\szene\googlechromeportable\app\chrome-bin\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6705FA87-CC7E-4C4A-AFED-3859E13F5950}] => (Block) C:\users\lifel\desktop\szene\googlechromeportable\app\chrome-bin\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{10FF64B6-8D7C-416B-9CB7-4E04AFDF4B4B}] => (Block) C:\users\lifel\desktop\szene\googlechromeportable\app\chrome-bin\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{D383743A-711B-4F41-95CE-47F5818426CB}C:\program files (x86)\pia_s5_proxy_cata\socks5\pias5proxydivert.exe] => (Allow) C:\program files (x86)\pia_s5_proxy_cata\socks5\pias5proxydivert.exe (MARS BROTHERS LIMITED -> )
FirewallRules: [UDP Query User{9CB369E0-CAB3-4814-9015-DBEA6494AED9}C:\program files (x86)\pia_s5_proxy_cata\socks5\pias5proxydivert.exe] => (Allow) C:\program files (x86)\pia_s5_proxy_cata\socks5\pias5proxydivert.exe (MARS BROTHERS LIMITED -> )
FirewallRules: [{0A671565-C96A-4AF5-A954-D6EDF0F2A76B}] => (Block) C:\program files (x86)\pia_s5_proxy_cata\socks5\pias5proxydivert.exe (MARS BROTHERS LIMITED -> )
FirewallRules: [{8E558706-082A-4BA0-9F11-BDE6C2F6B7D1}] => (Block) C:\program files (x86)\pia_s5_proxy_cata\socks5\pias5proxydivert.exe (MARS BROTHERS LIMITED -> )
FirewallRules: [{FCDA4619-9B9D-475D-A884-8BCA49620F3D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D1A6EC32-9C57-4545-A5CD-670DF230ED93}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
25-07-2023 18:03:17 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: Intel(R) Dual Band Wireless-AC 3165
Description: Intel(R) Dual Band Wireless-AC 3165
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (08/01/2023 07:57:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KW-SECURE-KEY_TimoHu.exe, Version: 0.0.0.0, Zeitstempel: 0x64c7f173
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x34f0
Startzeit der fehlerhaften Anwendung: 0x01d9c4a192eb6bf4
Pfad der fehlerhaften Anwendung: C:\Users\Lifel\Desktop\KW-SECURE-KEY_TimoHu.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: aac58eda-901c-444e-98f7-7e0e14f1c2a2
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/01/2023 07:56:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KW-SECURE-KEY_TimoHu.exe, Version: 0.0.0.0, Zeitstempel: 0x64c7f173
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x39f8
Startzeit der fehlerhaften Anwendung: 0x01d9c4a170db5be8
Pfad der fehlerhaften Anwendung: C:\Users\Lifel\Desktop\KW-SECURE-KEY_TimoHu.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 4274c8d1-21bc-400d-86b7-9cfd7ab9b6ba
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/01/2023 07:55:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KW-SECURE-KEY_TimoHu.exe, Version: 0.0.0.0, Zeitstempel: 0x64c7f173
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x29b4
Startzeit der fehlerhaften Anwendung: 0x01d9c4a15d0590a5
Pfad der fehlerhaften Anwendung: C:\Users\Lifel\Desktop\KW-SECURE-KEY_TimoHu.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 300920c9-da94-4681-8fcc-d9ebe6123666
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/01/2023 07:40:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KW-SECURE-KEY_TimoHu.exe, Version: 0.0.0.0, Zeitstempel: 0x64c7f173
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1a14
Startzeit der fehlerhaften Anwendung: 0x01d9c49f455c8064
Pfad der fehlerhaften Anwendung: C:\Users\Lifel\Desktop\KW-SECURE-KEY_TimoHu.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: b11baf8e-0a85-435d-88ef-8a08e888c544
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/01/2023 07:40:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KW-SECURE-KEY_TimoHu.exe, Version: 0.0.0.0, Zeitstempel: 0x64c7f173
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x42a4
Startzeit der fehlerhaften Anwendung: 0x01d9c49f37e2e129
Pfad der fehlerhaften Anwendung: C:\Users\Lifel\Desktop\KW-SECURE-KEY_TimoHu.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 13a965b1-9943-4111-9750-b7fc0de8c75a
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/01/2023 07:36:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KW-SECURE-KEY_TimoHu.exe, Version: 0.0.0.0, Zeitstempel: 0x64c7f173
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x42c
Startzeit der fehlerhaften Anwendung: 0x01d9c49ea447743b
Pfad der fehlerhaften Anwendung: C:\Users\Lifel\Desktop\KW-SECURE-KEY_TimoHu.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: fd843b89-af15-4c39-82d0-6fa81ad05b9c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/01/2023 07:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KW-SECURE-KEY_TimoHu.exe, Version: 0.0.0.0, Zeitstempel: 0x64c7f173
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x2970
Startzeit der fehlerhaften Anwendung: 0x01d9c49e8e3c40ca
Pfad der fehlerhaften Anwendung: C:\Users\Lifel\Desktop\KW-SECURE-KEY_TimoHu.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 0ac14162-8a3c-4e76-b355-d1fed2b70a83
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (08/01/2023 07:32:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KW-SECURE-KEY_TimoHu.exe, Version: 0.0.0.0, Zeitstempel: 0x64c7f173
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x269c
Startzeit der fehlerhaften Anwendung: 0x01d9c49e191c0098
Pfad der fehlerhaften Anwendung: C:\Users\Lifel\Desktop\KW-SECURE-KEY_TimoHu.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 7204387c-1a3e-4a11-9660-6d17c503c75f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (08/01/2023 08:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "System Interface Foundation Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2023 08:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2023 08:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NordSec Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2023 08:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Surfshark Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2023 08:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "nordvpn-service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2023 08:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Vodafone-Mobile-Broadband-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/01/2023 08:17:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office Click-to-Run Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/01/2023 08:17:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Display Container LS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Windows Defender:
================
Date: 2023-08-01 20:02:31
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.H!ml&threatid=2147814523&enterprise=0
Name: Trojan:Win32/Wacatac.H!ml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Lifel\Desktop\KW-SECURE-KEY_TimoHu.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-B5S8RAE\Lifel
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.393.1972.0, AS: 1.393.1972.0, NIS: 1.393.1972.0
Modulversion: AM: 1.1.23060.1005, NIS: 1.1.23060.1005
Date: 2023-08-01 19:18:17
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Phonzy.B!ml&threatid=2147772963&enterprise=0
Name: Trojan:Win32/Phonzy.B!ml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Lifel\Desktop\KW_Humpert.rar; webfile:_C:\Users\Lifel\Desktop\KW_Humpert.rar|https://uce118bce28bffb1f2d2e880b8fe.dl.dropboxusercontent.com/cd/0/get/CA8MA8ccmK-A7fVS8hgISU8cR7FRvyrM21sRmPy7vFrlM2PAEIeecb3MeqxfmC1IAKJ-LosNgm55YeRUPR-RoXV9rXHnZ2erTTA75LIFpMJQxvcx89epKotRPKpckpi-wdD1nhlrkIf2AwcSNxX7SrAh/file?dl=1#|pid:13472,ProcessStart:133353838975323777
Erkennungsursprung: Internet
Erkennungstype: FastPath
Erkennungsquelle: Downloads und Anlagen
Benutzer: DESKTOP-B5S8RAE\Lifel
Prozessname: Unknown
Sicherheitsversion: AV: 1.393.1972.0, AS: 1.393.1972.0, NIS: 1.393.1972.0
Modulversion: AM: 1.1.23060.1005, NIS: 1.1.23060.1005
Date: 2023-08-01 19:11:06
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Phonzy.B!ml&threatid=2147772963&enterprise=0
Name: Trojan:Win32/Phonzy.B!ml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Lifel\Desktop\KW_Humpert.rar; webfile:_C:\Users\Lifel\Desktop\KW_Humpert.rar|https://uc11880e454dbed9ebd0ae4973b0.dl.dropboxusercontent.com/cd/0/get/CA933isORmsjw4UMinxNR7MjtMDpYf43Rtt-l03FBX8Ea0KwrFK4Xn99RAI8CUnyOdurvj-evk7V29pyrWnByocHvJ_Sj7xhJg_ZyimzjXB9mkX3XbpD4gdneNigBI9uD6k8Hz33KNs8zDsvqd89Lp1d/file?dl=1#|pid:14760,ProcessStart:133353834667964298
Erkennungsursprung: Internet
Erkennungstype: FastPath
Erkennungsquelle: Downloads und Anlagen
Benutzer: DESKTOP-B5S8RAE\Lifel
Prozessname: Unknown
Sicherheitsversion: AV: 1.393.1972.0, AS: 1.393.1972.0, NIS: 1.393.1972.0
Modulversion: AM: 1.1.23060.1005, NIS: 1.1.23060.1005
Date: 2023-08-01 19:06:42
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Phonzy.B!ml&threatid=2147772963&enterprise=0
Name: Trojan:Win32/Phonzy.B!ml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Lifel\Desktop\KW_Humpert.rar; webfile:_C:\Users\Lifel\Desktop\KW_Humpert.rar|https://uc7c2ec7658d6653b67603c0c856.dl.dropboxusercontent.com/cd/0/get/CA8Rd2BlDIKnsiohxcOkJO5CiW1mcRtdT-E5GO2mgvVBl8skkS_iPEc3dXfDEPR08xAs3HupAiFU-hTKgSDSG6IDExrenyGcRRLGGL_rSgRaGDHT61_kPebaM9T8Tk8OsIRwM7X25pRTTbB_uXSJO8B3/file?dl=1#|pid:16460,ProcessStart:133353832019537069
Erkennungsursprung: Internet
Erkennungstype: FastPath
Erkennungsquelle: Downloads und Anlagen
Benutzer: DESKTOP-B5S8RAE\Lifel
Prozessname: Unknown
Sicherheitsversion: AV: 1.393.1972.0, AS: 1.393.1972.0, NIS: 1.393.1972.0
Modulversion: AM: 1.1.23060.1005, NIS: 1.1.23060.1005
Date: 2023-08-01 19:04:38
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Phonzy.B!ml&threatid=2147772963&enterprise=0
Name: Trojan:Win32/Phonzy.B!ml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Lifel\Desktop\KW_Humpert.rar; webfile:_C:\Users\Lifel\Desktop\KW_Humpert.rar|https://uc93af6226aeddfc4be33708a4dd.dl.dropboxusercontent.com/cd/0/get/CA9gqJtuwIyZ7hYZe2dtM_OlWkT3cQAp4qVWJRsOabvK464rlugFTHtx8RrjufpRnVzmFvjTH7sAHwiJ9chbP9BUTa0ebtaVi4ue_P6K2LRxjLsDUcbwJr1JnDpB231D_XuDYiP4DKpodHwBilXfd5Q-/file?dl=1#|pid:9160,ProcessStart:133353830786015156
Erkennungsursprung: Internet
Erkennungstype: FastPath
Erkennungsquelle: Downloads und Anlagen
Benutzer: DESKTOP-B5S8RAE\Lifel
Prozessname: Unknown
Sicherheitsversion: AV: 1.393.1972.0, AS: 1.393.1972.0, NIS: 1.393.1972.0
Modulversion: AM: 1.1.23060.1005, NIS: 1.1.23060.1005
CodeIntegrity:
===============
Date: 2023-08-01 20:49:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dokannp1.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-08-01 20:49:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\WinFsp\bin\winfsp-x64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-08-01 18:50:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume5\Program Files\Google\Drive File Stream\78.0.1.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements.
Date: 2023-08-01 11:58:04
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: LENOVO O4KKT0DA 08/14/2019
Hauptplatine: LENOVO 3714
Prozessor: Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz
Prozentuale Nutzung des RAM: 86%
Installierter physikalischer RAM: 8123.52 MB
Verfügbarer physikalischer RAM: 1130.29 MB
Summe virtueller Speicher: 15803.52 MB
Verfügbarer virtueller Speicher: 4026.53 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:72.58 GB) (Model: SAMSUNG MZVLB256HBHQ-000L7) NTFS
Drive d: (Daten) (Fixed) (Total:931.39 GB) (Free:928.83 GB) (Model: ST1000DM003-1SB102) NTFS
\\?\Volume{14be47a7-38e3-4395-8cc4-e316ad689fd3}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{4e3dbcef-78ba-4fea-ac6d-f5ffd7433a8c}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: AEC5200E)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: AEC5207D)
Partition: GPT.
==================== Ende von Addition.txt =======================
Geändert von cosinus (01.08.2023 um 21:41 Uhr) Grund: code tags |
|
01.08.2023, 20:50
| #5 |
| /// TB-Ausbilder | Phonzy:B!ml ausgeführt Servus, lade mal bitte diese beiden Dateien nacheinander bei VirusTotal hoch: KW-SECURE-KEY_xxxxxxx.exe KW_xxxxxxxt.rar Klicke dazu auf "Choose File". Wähle die entsprechende Datei aus und klicke auf "Öffnen". Sobald die Analyse beendet ist, kopiere mir bitte den Link aus der Adressleiste hier ins Thema rein, z. B.: https://www.virustotal.com/gui/file/...a398dcf2270d1a Geändert von M-K-D-B (03.08.2023 um 15:00 Uhr) |
|
01.08.2023, 20:57
| #6 |
| | Phonzy:B!ml ausgeführt Die rar datei: https://www.virustotal.com/gui/file/cfd0f94dfa0599900abc5dfa465870c15a2121244ed98934570e82527aa618d0/detection Die exe: https://www.virustotal.com/gui/file-analysis/NzE0MjMxZjViNjRjNzBkN2RhODQ4MmMyMjM2MGJlMjU6MTY5MDkxOTc3MA== |
|
01.08.2023, 21:20
| #7 | |
| /// TB-Ausbilder | Phonzy:B!ml ausgeführt Die .exe sieht nach Malware aus, die Zugangsdaten abgreift, eventuell Redline-Stealer. Bitte sofort löschen und nie wieder verwenden! Du hattest aber scheinbar Glück, weil die .exe bei dir aufgrund eines Fehlers nicht startet: Zitat:
Wenn du einverstanden bist, würde ich ein paar Kontrollen und Bereinigungsschritte ausführen. |
|
01.08.2023, 21:29
| #8 |
| | Phonzy:B!ml ausgeführt Ja habe allesentfernt Hochgeladen haben Sie es bei Drobox wo ich die ratr Datei downloaden sollte |
|
01.08.2023, 21:31
| #9 |
| /// TB-Ausbilder | Phonzy:B!ml ausgeführt Ok, ist in Quarantäne. Windows Defender nennt die Malware auch "Redline". Greift Zugangsdaten & Co ab. Du hattest vielleicht Glück im Unglück. Lass mal bitte als Erstes ESET umd EEK zur Kontrolle laufen. Morgen gehts dann weiter. Schritt 1 Führe ESET Online Scanner (EOS) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 2 Führe Emsisoft Emergency Kit (EEK) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Bitte poste mit deiner nächsten Antwort:
|
|
01.08.2023, 23:53
| #10 |
| | Phonzy:B!ml ausgeführtCode:
ATTFilter 02.08.2023 00:32:49
Geprüfte Dateien: 785374
Erkannte Dateien: 1
Gesäuberte Dateien: 1
Prüfdauer gesamt 01:40:47
Prüfstatus: Abgeschlossen
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe eine Variante von Win32/IObit.AG potenziell unerwünschte Anwendung,eine Variante von Win32/IObit.AN potenziell unerwünschte Anwendung,eine Variante von Win32/IObit.AH potenziell unerwünschte Anwendung,eine Variante von Win32/IObit.M potenziell unerwünschte Anwendung,eine Variante von Win32/IObit.AD potenziell unerwünschte Anwendung,Win32/IObit.D potenziell unerwünschte Anwendung,eine Variante von Win32/IObit.D potenziell unerwünschte Anwendung durch Löschen gesäubert
Eset |
|
02.08.2023, 08:36
| #11 |
| /// TB-Ausbilder | Phonzy:B!ml ausgeführt Sehr gut. Bitte noch EEK ausführen und die Logdatei dazu posten. |
|
02.08.2023, 08:44
| #12 |
| | Phonzy:B!ml ausgeführtHTML-Code: Emsisoft Emergency Kit – Version 2023.6 Letztes Update: 02.08.2023 09:39:08 Eigene DESKTOP-B5S8RAE\Lifel DESKTOP-B5S8RAE Windows 10x64 Scan-Einstellungen: Scan-Methode: Malware-Scan Objekte: Speicher, Spuren, Dateien PUPs-Erkennung: An Archive scannen: Aus E-Mail-Archive scannen: Aus ADS-Scan: An Scan-Beginn: 02.08.2023 09:39:30 Gescannt: 86911 Gefunden 0 Speicher wird gescannt... Spuren werden gescannt... Dateien werden gescannt... Scan-Ende: 02.08.2023 09:42:45 Scan-Zeit: 0:03:15 |
|
02.08.2023, 08:52
| #13 |
| /// TB-Ausbilder | Phonzy:B!ml ausgeführt Sehr schön.  Kontrolle mit FRST bitte. Schritt 1
|
|
02.08.2023, 09:03
| #14 |
| | Phonzy:B!ml ausgeführt Log FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-08-2023
durchgeführt von Lifel (Administrator) auf DESKTOP-B5S8RAE (LENOVO 90LW0023GE) (02-08-2023 09:57:50)
Gestartet von C:\Users\Lifel\Desktop\FRST64.exe
Geladene Profile: Lifel
Plattform: Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() [Datei ist nicht signiert] C:\ProgramData\mdvbapi\oscam_win\oscam.exe <2>
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files (x86)\Sticky Password\stpass.exe ->) (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spUIAManager.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(cmd.exe ->) (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Lifel\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\78.0.1.0\crashpad_handler.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <47>
(explorer.exe ->) (Lamantine Software a.s. -> Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
(explorer.exe ->) (LITE-ON TECHNOLOGY CORP. -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <3>
(explorer.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(explorer.exe ->) (Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\Lifel\AppData\Roaming\Telegram Desktop\Telegram.exe
(explorer.exe ->) (VideoLAN -> VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(services.exe ->) (IDRIX SARL -> IDRIX) C:\Windows\System32\VeraCrypt.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c98d5e0dfc88ac2f\RstMwService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe
(services.exe ->) (Navimatics LLC) [Datei ist nicht signiert] C:\Program Files (x86)\WinFsp\bin\launcher-x64.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvle.inf_amd64_82ff39a34b899b1d\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_6950f2f8eeecf7e1\RtkAudUService64.exe <2>
(services.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Vodafone Group Plc -> Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Lenovo Fundamental USB Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe [2644472 2017-04-10] (LITE-ON TECHNOLOGY CORP. -> Lenovo)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_6950f2f8eeecf7e1\RtkAudUService64.exe [1592704 2022-09-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [590640 2022-05-03] (geek software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [M17A] => C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [94752 2019-08-06] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [VmbNotifierRouter] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [818232 2015-10-09] (Vodafone Group Plc -> Vodafone)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [72760 2015-10-09] (Vodafone Group Plc -> Vodafone)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Lifel\AppData\Local\Microsoft\Teams\Update.exe [2324624 2020-04-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Keine Datei)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe [146495256 2023-07-14] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe [146495256 2023-07-14] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [71584 2023-06-16] (Lamantine Software a.s. -> Lamantine Software a.s.)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [pCloud] => [X]
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [Windscribe] => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart (Keine Datei)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe [146495256 2023-07-14] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [com.messenger] => "C:\Users\Lifel\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (Keine Datei)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [OVPN] => "C:\Program Files (x86)\OVPN\OVPN.exe" (Keine Datei)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [14760136 2023-07-05] (Surfshark B.V. -> Surfshark)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\Lifel\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2023-06-01] (Now.gg, INC -> now.gg, Inc.)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [Opera Browser Assistant] => C:\Users\Lifel\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3955608 2023-06-20] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\...\Run: [Proxifier] => C:\Program Files (x86)\Proxifier\Proxifier.exe [6683784 2022-12-16] (İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ. -> Initex)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe [146495256 2023-07-14] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\115.0.5790.110\Installer\chrmstp.exe [2023-07-26] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdsPower.lnk [2023-06-19]
ShortcutTarget: AdsPower.lnk -> C:\Program Files\AdsPower Global\AdsPower.exe (Keine Datei)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\oscam_script.bat [2019-07-01] () [Datei ist nicht signiert]
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {EDB49537-B5BD-439E-B391-4A13D802B629} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {0EDB2862-DFDC-452C-BDCD-C8464A2EB55E} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-06-13] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {7A65C3BF-311A-42F1-BDC5-1A6571E6BB48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {06248979-2626-4DE6-A1A0-6DA89DB8CE3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {A295AD8B-59DF-4ED3-BCE7-F4ED00ED685D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {9287884E-2AC1-49EA-8824-C38747ED23DB} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {F47665A1-861F-48A3-B2BA-708CF6757589} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {5A3E68E5-EDC4-4891-9B47-E2F5F88FD9E5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\34138505-7c2d-4689-8302-ff3224fbdcd7 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {21434C59-CBFA-438E-B898-12009DEBCAFB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\56e34f0e-5e27-4ead-ab9c-6f028179c508 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {10083700-4604-4389-B861-53485E86AABB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\82fba9b2-4e0a-4c05-8157-71263315ae42 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {9D7D347C-BAE0-4903-8599-195A9042F040} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a6314cce-8ddd-4510-a7a8-5cd81b1b409c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {766AF665-10A1-4B8C-9436-13A09863F745} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2847683332-1929870010-1653967692-1001 => C:\Users\Lifel\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [89096 2023-04-10] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {84DA9AC2-E31B-4C7E-A338-5D0C289C593A} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {FC2EF204-0070-443F-AAEE-1F98D38E09D7} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EBA1BF43-8DE2-4935-A7E4-7EF842980063} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {D832DAD9-8794-4BA3-ACCE-72CF26838E5C} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {C5EEAF8E-F73C-400B-AB1E-FFBD91A42C40} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {3F912774-9B7C-4D9A-93FF-4A718D6879F6} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {154E5C42-EC89-4E53-89AE-EEBC7CC664F9} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {ECAA731F-856E-4CFA-A421-FF717F632D3C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {DBF3D934-8136-46EA-A029-E23B650BB98C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1C0B1FA-420F-4563-B0D1-523DBBBFF1A7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FB22F84-924A-446F-9B1C-28EEDC5A2242} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EE23DEA-80EA-443C-A294-BC3874581446} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7E467DED-77B3-4940-94B1-4D9612DC950B} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {9CA8DD23-369B-42BC-A68B-553B5ECCCF3E} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4394600 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {1FAF9EC0-D2C7-4546-942A-32E53391E8E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2780E41C-84B7-4FA3-89CC-E864E421B168} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B128824D-EB79-40A6-AD6F-08CAA24D66BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7B64D406-030B-4F82-A687-C33AF1F9A437} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {502E53B6-FB6B-491A-89EC-F513C8B2DA92} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-01] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {DFE8E364-DC55-45EE-9515-EEB6BDBD3215} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-08-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {7AC3B857-931E-45FA-8688-0292C80F14EF} - System32\Tasks\Opera scheduled assistant Autoupdate 1586031815 => C:\Users\Lifel\AppData\Local\Programs\Opera\launcher.exe [2717592 2023-07-17] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Lifel\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {1EFB3E16-3096-4717-B8D0-9C4629F06B4D} - System32\Tasks\Opera scheduled Autoupdate 1586031813 => C:\Users\Lifel\AppData\Local\Programs\Opera\launcher.exe [2717592 2023-07-17] (Opera Norway AS -> Opera Software)
Task: {DD55F3A2-6A1C-4E33-A6EC-D69C09F8EC3D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1900320 2023-01-19] (Lenovo -> )
Task: {65A1BC97-E4DA-4BD8-8D2F-748A535A3618} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1900320 2023-01-19] (Lenovo -> )
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
ProxyServer: [S-1-5-21-2847683332-1929870010-1653967692-1001] => 34.225.80.189:31112
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{659c713f-8a74-40a3-b321-3af0b80832e6}: [DhcpNameServer] 192.168.110.167
Tcpip\..\Interfaces\{80bef8df-6bba-47ee-a8e5-f3ef9a8085d4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{80bef8df-6bba-47ee-a8e5-f3ef9a8085d4}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge Profile: C:\Users\Lifel\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-13]
Edge Extension: (Edge relevant text changes) - C:\Users\Lifel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-13]
FireFox:
========
FF DefaultProfile: 9cfxz2dk.default
FF ProfilePath: C:\Users\Lifel\AppData\Roaming\Mozilla\Firefox\Profiles\cuim2kic.default-default [2023-06-23]
FF ProfilePath: C:\Users\Lifel\AppData\Roaming\Mozilla\Firefox\Profiles\9cfxz2dk.default [2020-04-10]
FF ProfilePath: C:\Users\Lifel\AppData\Roaming\Mozilla\Firefox\Profiles\jyhxu1dp.default-release [2023-08-01]
FF Notifications: Mozilla\Firefox\Profiles\jyhxu1dp.default-release -> hxxps://app.wirexapp.com
FF Extension: (SaveFrom.net Helfer) - C:\Program Files\Mozilla Firefox\distribution\extensions\helper@savefrom.net.xpi [2021-02-05]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-07-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [Keine Datei]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2847683332-1929870010-1653967692-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2847683332-1929870010-1653967692-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2847683332-1929870010-1653967692-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Default [2023-08-02]
CHR Notifications: Default -> hxxps://24548711174149.eu.webpush.freshchat.com; hxxps://a.codingcaptcha.com; hxxps://android.imyfone.com; hxxps://app.wirexapp.com; hxxps://badoo.com; hxxps://best.aliexpress.com; hxxps://business.facebook.com; hxxps://ch.push-free.com; hxxps://community.curve.app; hxxps://community.curve.com; hxxps://community.wirexapp.com; hxxps://forum.tarnkappe.info; hxxps://hartz.info; hxxps://id.wirexapp.com; hxxps://kundenbereich.check24.de; hxxps://latest-news-90b08gha6ho16dz149.gate5.xyz; hxxps://my.bonify.de; hxxps://my.pcloud.com; hxxps://myvip.avatrade.de; hxxps://nd.push-free.com; hxxps://status.networkoverview.vodafone.de; hxxps://tinder.com; hxxps://twitter.com; hxxps://web.whatsapp.com; hxxps://www.android-hilfe.de; hxxps://www.binance.com; hxxps://www.cloudbet.com; hxxps://www.dealdoktor.de; hxxps://www.elo-forum.org; hxxps://www.hardwareluxx.de; hxxps://www.lieferando.de; hxxps://www.markt.de; hxxps://www.mydealz.de; hxxps://www.nachtfalke.biz; hxxps://www.offshorecorptalk.com; hxxps://www.opena.tv; hxxps://www.quoka.de; hxxps://www.unitymediaforum.de; hxxps://www.wetter.com; hxxps://www.wetteronline.de
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Extension: (Rabby Wallet) - C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmacodkjbdgmoleebolmdjonilkdbch [2023-08-01]
CHR Extension: (Sticky Password - sicherer Passwortmanager) - C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfdmghkeppfadphbnkjcicejfepnbfe [2023-07-05]
CHR Extension: (0) - C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbebcjgcmobigpeffafkodonchffocl [2023-04-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Bypass Paywalls Clean) - C:\bypass-paywalls-chrome-clean-master [2023-04-13] [UpdateUrl:hxxps://gitlab.com/magnolia1234/bypass-paywalls-chrome-clean/-/raw/master/updates.xml] <==== ACHTUNG
CHR Profile: C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-08-12]
CHR Profile: C:\Users\Lifel\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-22]
CHR HKU\S-1-5-21-2847683332-1929870010-1653967692-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [fjoaledfpmneenckfbpdfhkmimnjocfa]
Opera:
=======
OPR Profile: C:\Users\Lifel\AppData\Roaming\Opera Software\Opera Stable [2023-08-02]
OPR Notifications: Opera Stable -> hxxps://app.wirexapp.com; hxxps://nd.push-free.com
OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera&ie={inputEncoding}&oe={outputEncoding}
OPR DefaultSearchKeyword: Opera Stable -> g
OPR Extension: (Rich Hints Agent) - C:\Users\Lifel\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-05]
OPR Extension: (Opera Wallet) - C:\Users\Lifel\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-07-06]
OPR Extension: (Aria) - C:\Users\Lifel\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-07-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Lifel\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-14]
OPR Extension: (opera-intro) - C:\Users\Lifel\AppData\Local\Programs\Opera\100.0.4815.76\resources\opera_intro_extension [2023-07-26]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 agent_ovpnconnect; C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe [3196928 2022-03-17] () [Datei ist nicht signiert]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.72.0\LenovoVantageService.exe [34176 ] (Lenovo -> Lenovo)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9266864 2023-07-10] (Malwarebytes Inc. -> Malwarebytes)
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [310136 2021-06-11] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-02-07] (Microsoft Windows -> Microsoft Corporation)
R2 ovpnhelper_service; C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe [3021824 2022-03-17] () [Datei ist nicht signiert]
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [590640 2022-05-03] (geek software GmbH -> geek software GmbH)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Surfshark.Service.exe [6265544 2023-07-05] (Surfshark B.V. -> Surfshark)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13255184 2020-05-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VeraCryptSystemFavorites; C:\WINDOWS\system32\VeraCrypt.exe [5928728 2021-09-06] (IDRIX SARL -> IDRIX)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinFsp.Launcher; C:\Program Files (x86)\WinFsp\bin\launcher-x64.exe [26112 2022-01-06] (Navimatics LLC) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvle.inf_amd64_82ff39a34b899b1d\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvle.inf_amd64_82ff39a34b899b1d\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310688 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R1 cbfs20; C:\WINDOWS\System32\drivers\cbfs20.sys [449080 2022-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc. - www.callback.com)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [385528 2021-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Dokan Project)
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-07-10] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl5367d8a3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D11CFE02-EEB7-48AD-A31D-019359046FFF}\MpKslDrv.sys [221480 2023-08-02] (Microsoft Windows -> Microsoft Corporation)
R2 NDivert; C:\Program Files\NordVPN\7.10.4.0\Drivers\NDivert.sys [131472 2023-05-24] (nordvpn s.a. -> Nordvpn S.A.)
R3 ovpn-dco; C:\WINDOWS\System32\drivers\ovpn-dco.sys [90568 2023-06-23] (WDKTestCert lev,132435948852968539 -> OpenVPN, Inc)
R2 ProxifierDrv; C:\WINDOWS\system32\DRIVERS\ProxifierDrv.sys [58392 2022-12-15] (İNİTEX SOFTWARE DANIŞMANLIK LTD.ŞTİ. -> Initex)
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2022-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2020-01-21] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapivpn; C:\WINDOWS\System32\drivers\tapivpn.sys [36344 2022-03-07] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapmullvad0901; C:\WINDOWS\System32\drivers\tapmullvad0901.sys [39616 2020-11-17] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2021-09-19] (Windscribe Limited -> The OpenVPN Project)
R3 tap_ovpnconnect; C:\WINDOWS\System32\drivers\tap_ovpnconnect.sys [40128 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 USB28xxBGA; C:\WINDOWS\system32\DRIVERS\emBDA64.sys [980344 2020-05-15] (HAUPPAUGE COMPUTER WORKS, INC. -> eMPIA Technology Corp.)
R3 USB28xxOEM; C:\WINDOWS\system32\DRIVERS\emOEM64.sys [1589624 2020-05-15] (HAUPPAUGE COMPUTER WORKS, INC. -> eMPIA Technology Corp.)
R0 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [831616 2021-09-06] (IDRIX SARL -> IDRIX)
R3 vodafone_K3805-z_dc_enum; C:\WINDOWS\System32\drivers\vodafone_K3805-z_dc_enum.sys [75776 2010-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Vodafone)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-07-25] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-07-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-25] (Microsoft Windows -> Microsoft Corporation)
S3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2021-09-19] (Windscribe Limited -> WireGuard LLC)
S3 WinFsp; C:\Program Files (x86)\WinFsp\bin\winfsp-x64.sys [173840 2022-01-06] (NAVIMATICS LLC -> Navimatics LLC)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2022-10-18] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 wintunshark; C:\WINDOWS\system32\DRIVERS\wintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-01-13] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
S1 nordlwf; \SystemRoot\system32\DRIVERS\nordlwf.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-08-02 09:57 - 2023-08-02 09:58 - 000039180 _____ C:\Users\Lifel\Desktop\FRST.txt
2023-08-02 09:57 - 2023-08-02 09:57 - 002700800 _____ (Farbar) C:\Users\Lifel\Desktop\FRST64.exe
2023-08-02 09:38 - 2023-08-02 09:52 - 000000000 ____D C:\EEK
2023-08-02 09:38 - 2023-08-02 09:38 - 000000000 ____D C:\ProgramData\Emsisoft
2023-08-02 00:32 - 2023-08-02 00:32 - 000001338 _____ C:\Users\Lifel\Desktop\ESET.txt
2023-08-01 22:52 - 2023-08-01 22:53 - 352170984 _____ C:\Users\Lifel\Desktop\EmsisoftEmergencyKit.exe
2023-08-01 22:37 - 2023-08-01 22:37 - 000001389 _____ C:\Users\Lifel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-08-01 22:37 - 2023-08-01 22:37 - 000001283 _____ C:\Users\Lifel\Desktop\ESET Online Scanner.lnk
2023-08-01 22:37 - 2023-08-01 22:37 - 000000000 ____D C:\Users\Lifel\AppData\Local\ESET
2023-08-01 21:30 - 2023-08-02 09:58 - 000000000 ____D C:\FRST
2023-08-01 20:15 - 2023-08-01 20:17 - 000000000 ____D C:\AdwCleaner
2023-08-01 18:49 - 2023-08-01 20:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-01 14:01 - 2023-08-01 14:01 - 000000000 ____D C:\Users\Lifel\AppData\Local\DBG
2023-08-01 14:00 - 2023-08-01 14:00 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2023-08-01 13:59 - 2023-06-19 10:36 - 001487912 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2023-08-01 13:59 - 2023-06-19 10:36 - 001227304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2023-08-01 13:59 - 2023-06-19 10:36 - 000848992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-08-01 13:59 - 2023-06-19 10:36 - 000848992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-08-01 13:59 - 2023-06-19 10:36 - 000713824 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-08-01 13:59 - 2023-06-19 10:36 - 000713824 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-08-01 13:59 - 2023-06-19 10:36 - 000653408 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-08-01 13:59 - 2023-06-19 10:36 - 000653408 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-08-01 13:59 - 2023-06-19 10:36 - 000637024 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-08-01 13:59 - 2023-06-19 10:36 - 000637024 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-08-01 13:58 - 2023-06-19 10:32 - 000668696 _____ C:\WINDOWS\system32\nvofapi64.dll
2023-08-01 13:58 - 2023-06-19 10:32 - 000504360 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2023-08-01 13:58 - 2023-06-19 10:31 - 001537560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2023-08-01 13:58 - 2023-06-19 10:31 - 001195032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2023-08-01 13:58 - 2023-06-19 10:31 - 000933912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2023-08-01 13:58 - 2023-06-19 10:31 - 000777256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2023-08-01 13:58 - 2023-06-19 10:30 - 002167832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2023-08-01 13:58 - 2023-06-19 10:30 - 001621528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2023-08-01 13:58 - 2023-06-19 10:30 - 000992280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2023-08-01 13:58 - 2023-06-19 10:30 - 000768496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2023-08-01 13:58 - 2023-06-19 10:30 - 000459776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2023-08-01 13:58 - 2023-06-19 10:29 - 014520304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 012066816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 006190064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 005844504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 005550632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 003482608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2023-08-01 13:58 - 2023-06-19 10:29 - 000853544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2023-08-01 13:58 - 2023-06-19 10:27 - 006736944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2023-08-01 13:58 - 2023-06-09 12:38 - 000107938 _____ C:\WINDOWS\system32\nvinfo.pb
2023-07-31 20:33 - 2023-07-31 20:33 - 000330000 _____ C:\Users\Lifel\Desktop\THumpert.pdf
2023-07-26 23:20 - 2023-07-26 23:20 - 000136958 _____ C:\Users\Lifel\Desktop\Offbug.m3u
2023-07-24 12:53 - 2023-07-24 12:54 - 000000000 ____D C:\Users\Lifel\Desktop\WilliamHill
2023-07-23 19:02 - 2023-07-23 19:14 - 000000000 ____D C:\ProgramData\Xepg
2023-07-23 19:02 - 2023-07-23 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xepg
2023-07-23 19:02 - 2023-07-23 19:02 - 000000000 ____D C:\Program Files (x86)\Xepg
2023-07-23 18:49 - 2023-07-23 19:14 - 000000000 ____D C:\Program Files (x86)\EPG-Buddy
2023-07-23 18:49 - 2023-07-23 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPG-Buddy
2023-07-21 13:54 - 2023-07-21 13:54 - 000053886 _____ C:\Users\Lifel\Desktop\Lopoca.xlsx
2023-07-20 15:07 - 2023-07-20 15:15 - 000242170 _____ C:\Users\Lifel\Desktop\BetwayKlage.pdf
2023-07-18 11:25 - 2023-07-18 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2023-07-18 11:09 - 2023-07-18 17:40 - 000000000 ____D C:\Users\Lifel\Desktop\BWIN
2023-07-17 11:45 - 2023-07-17 11:45 - 046073528 _____ C:\Users\Lifel\Desktop\electrum-4.4.5.exe
2023-07-16 17:38 - 2023-07-16 17:38 - 000002094 _____ C:\Users\Lifel\Desktop\Bisq.lnk
2023-07-16 17:38 - 2023-07-16 17:38 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unknown
2023-07-16 17:38 - 2023-07-16 17:38 - 000000000 ____D C:\Users\Lifel\AppData\Local\Bisq
2023-07-16 17:37 - 2023-07-16 17:37 - 273844224 _____ C:\Users\Lifel\Bisq-64bit-1.9.12.exe
2023-07-16 17:37 - 2023-07-16 17:37 - 000003219 _____ C:\Users\Lifel\E222AA02.asc-local
2023-07-16 17:37 - 2023-07-16 17:37 - 000003211 _____ C:\Users\Lifel\4A133008.asc-local
2023-07-16 17:37 - 2023-07-16 17:37 - 000003167 _____ C:\Users\Lifel\E222AA02.asc
2023-07-16 17:37 - 2023-07-16 17:37 - 000003159 _____ C:\Users\Lifel\4A133008.asc
2023-07-16 17:37 - 2023-07-16 17:37 - 000000874 _____ C:\Users\Lifel\Bisq-64bit-1.9.12.exe.asc.backup
2023-07-16 17:37 - 2023-07-16 17:37 - 000000874 _____ C:\Users\Lifel\Bisq-64bit-1.9.12.exe.asc
2023-07-16 17:37 - 2023-07-16 17:37 - 000000196 _____ C:\Users\Lifel\Bisq-1.9.12.jar.txt
2023-07-16 17:37 - 2023-07-16 17:37 - 000000009 _____ C:\Users\Lifel\signingkey.asc
2023-07-14 09:47 - 2023-07-14 09:47 - 000000000 ___HD C:\$WinREAgent
2023-07-13 15:50 - 2023-07-13 15:50 - 000000000 ____D C:\Users\Lifel\AppData\Local\rabby-desktop-updater
2023-07-12 13:30 - 2023-07-12 13:30 - 000167453 _____ C:\Users\Lifel\Desktop\UnibetKlage.pdf
2023-07-10 09:42 - 2023-08-01 20:48 - 000000000 ____D C:\Users\Lifel\AppData\Local\Malwarebytes
2023-07-07 22:59 - 2023-07-09 10:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2023-07-07 12:09 - 2023-07-07 12:09 - 000000985 _____ C:\Users\Public\Desktop\Surfshark.lnk
2023-07-07 12:09 - 2023-07-07 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surfshark
2023-07-04 13:58 - 2023-06-15 18:03 - 000678960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2023-07-04 13:58 - 2023-06-15 18:03 - 000567344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2023-07-04 13:45 - 2023-07-04 13:45 - 000000880 _____ C:\Users\Lifel\AppData\Local\recently-used.xbel
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-08-02 09:52 - 2021-09-11 22:23 - 000000000 ____D C:\Users\Lifel\Documents\Sticky Passwords
2023-08-02 09:46 - 2022-02-09 18:42 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-08-02 09:45 - 2020-04-04 22:08 - 000000000 ____D C:\Users\Lifel\AppData\LocalLow\Mozilla
2023-08-02 09:40 - 2021-02-07 20:49 - 001740336 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-02 09:40 - 2019-12-07 16:50 - 000751066 _____ C:\WINDOWS\system32\perfh007.dat
2023-08-02 09:40 - 2019-12-07 16:50 - 000152376 _____ C:\WINDOWS\system32\perfc007.dat
2023-08-02 09:40 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-08-02 09:35 - 2021-12-18 00:51 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-02 09:35 - 2020-04-04 22:42 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Telegram Desktop
2023-08-02 09:35 - 2020-04-04 22:25 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\vlc
2023-08-02 09:35 - 2020-04-04 21:47 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-02 09:34 - 2021-05-23 21:09 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Surfshark
2023-08-02 09:34 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-02 09:33 - 2021-02-07 20:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-02 09:33 - 2021-02-07 20:41 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-02 09:33 - 2020-06-03 21:20 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-08-02 09:33 - 2020-04-05 15:02 - 000000000 ____D C:\ProgramData\NVIDIA
2023-08-02 09:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-08-02 00:58 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-08-02 00:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2023-08-01 22:47 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-08-01 20:27 - 2020-04-04 23:33 - 000000000 ____D C:\WINDOWS\TempInst
2023-08-01 20:27 - 2020-04-04 22:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-01 20:17 - 2021-07-03 11:39 - 000000000 ____D C:\Users\Lifel\AppData\LocalLow\IObit
2023-08-01 20:17 - 2021-07-03 11:38 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\IObit
2023-08-01 20:17 - 2021-07-03 11:38 - 000000000 ____D C:\ProgramData\IObit
2023-08-01 19:57 - 2020-04-09 14:41 - 000000000 ____D C:\Users\Lifel\AppData\Local\CrashDumps
2023-08-01 19:40 - 2021-05-06 09:19 - 000000000 ____D C:\Users\Lifel\AppData\Local\ElevatedDiagnostics
2023-08-01 19:27 - 2023-01-07 23:26 - 000000000 ____D C:\Users\Lifel\AppData\Local\NordVPN
2023-08-01 18:59 - 2020-04-04 22:08 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-01 18:33 - 2021-02-07 20:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-01 14:00 - 2020-04-05 15:03 - 000000000 ____D C:\Users\Lifel\AppData\Local\NVIDIA
2023-08-01 14:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-01 14:00 - 2019-11-11 03:18 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-08-01 12:00 - 2021-08-09 09:46 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-01 00:19 - 2022-06-16 21:15 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\discord
2023-07-31 23:30 - 2022-06-16 21:15 - 000000000 ____D C:\Users\Lifel\AppData\Local\Discord
2023-07-31 12:35 - 2020-04-05 00:37 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Microsoft\Excel
2023-07-31 11:39 - 2020-04-04 21:35 - 000000000 ____D C:\Users\Lifel\AppData\Local\Packages
2023-07-31 11:31 - 2020-04-05 00:36 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Microsoft\Word
2023-07-30 23:07 - 2020-04-04 22:03 - 000044071 _____ C:\Users\Lifel\Desktop\Projekte und Anbieter.txt
2023-07-29 20:40 - 2020-06-22 08:59 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-29 20:40 - 2020-06-22 08:59 - 000002241 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-07-29 20:40 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-27 10:21 - 2020-04-04 22:55 - 000918960 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-26 09:35 - 2020-04-04 21:47 - 000002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-07-26 09:35 - 2020-04-04 21:47 - 000002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-07-26 08:58 - 2021-02-07 20:44 - 000004228 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1586031813
2023-07-26 08:58 - 2020-04-04 22:23 - 000001416 _____ C:\Users\Lifel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2023-07-25 09:42 - 2019-04-19 07:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-07-23 19:06 - 2023-06-17 15:25 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2023-07-23 18:55 - 2023-06-17 15:26 - 000000000 ____D C:\Users\Lifel\AppData\Local\BlueStacks X
2023-07-23 18:55 - 2023-06-17 15:25 - 000000000 ____D C:\ProgramData\boost_interprocess
2023-07-20 00:03 - 2022-04-08 14:22 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Ledger Live
2023-07-19 23:52 - 2022-04-08 14:21 - 000000000 ____D C:\Program Files\Ledger Live
2023-07-19 10:37 - 2020-12-18 14:38 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Electrum
2023-07-19 09:34 - 2021-10-02 13:30 - 000000000 ____D C:\Program Files\7-Zip
2023-07-17 21:09 - 2020-04-08 14:25 - 000000000 ____D C:\Users\Lifel\AppData\Local\D3DSCache
2023-07-17 13:46 - 2020-05-20 12:10 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Exodus
2023-07-16 17:39 - 2021-02-07 11:08 - 000000000 ____D C:\Users\Lifel
2023-07-16 17:37 - 2022-08-22 20:24 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\Bisq
2023-07-15 09:15 - 2021-02-07 20:41 - 000444304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-14 23:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-14 15:41 - 2021-09-20 11:27 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-07-14 15:41 - 2021-09-20 11:27 - 000001870 _____ C:\Users\Lifel\Desktop\Google Drive.lnk
2023-07-14 09:54 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-14 09:51 - 2021-02-07 20:42 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-14 09:47 - 2020-04-04 22:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-14 09:44 - 2020-04-04 22:57 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-13 19:13 - 2021-05-23 21:09 - 000000000 ____D C:\ProgramData\Surfshark
2023-07-12 23:16 - 2023-01-11 21:41 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-07-12 23:16 - 2022-10-13 20:01 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-07-12 23:16 - 2021-02-07 20:44 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-07-10 19:34 - 2021-02-07 20:44 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-10 19:34 - 2021-02-07 20:44 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-10 11:21 - 2023-06-27 19:45 - 000001059 _____ C:\Users\Lifel\Desktop\Proxifier.lnk
2023-07-10 11:21 - 2023-06-23 15:51 - 000002130 _____ C:\Users\Lifel\Desktop\Firefox.lnk
2023-07-10 11:21 - 2023-06-19 15:07 - 000001132 _____ C:\Users\Lifel\Desktop\Pia S5 Proxy.lnk
2023-07-10 11:21 - 2023-01-07 23:26 - 000001986 _____ C:\Users\Lifel\Desktop\NordVPN.lnk
2023-07-10 11:21 - 2022-12-30 14:35 - 000002007 _____ C:\Users\Lifel\Desktop\E-Channelizer.lnk
2023-07-10 11:21 - 2022-05-08 08:26 - 000002068 _____ C:\Users\Lifel\Desktop\Adobe Acrobat DC.lnk
2023-07-10 11:21 - 2022-02-21 00:34 - 000001947 _____ C:\Users\Lifel\Desktop\Cryptomator.lnk
2023-07-10 11:21 - 2021-12-24 18:41 - 000002180 _____ C:\Users\Lifel\Desktop\Knuddels.lnk
2023-07-10 11:21 - 2020-05-20 12:10 - 000002232 _____ C:\Users\Lifel\Desktop\Exodus.lnk
2023-07-10 11:21 - 2020-04-05 00:37 - 000002536 _____ C:\Users\Lifel\Desktop\Word.lnk
2023-07-10 11:21 - 2020-04-05 00:37 - 000002532 _____ C:\Users\Lifel\Desktop\Excel.lnk
2023-07-10 11:21 - 2020-04-04 22:23 - 000001420 _____ C:\Users\Lifel\Desktop\Opera-Browser.lnk
2023-07-10 09:46 - 2021-08-05 14:07 - 000000000 ____D C:\Program Files (x86)\iProVPN
2023-07-10 09:42 - 2021-12-05 14:45 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2023-07-10 09:42 - 2021-12-05 14:45 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2023-07-10 09:42 - 2021-12-05 14:45 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2023-07-10 09:42 - 2021-12-05 14:45 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-07-10 09:42 - 2021-12-05 14:45 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-07-10 09:41 - 2021-12-05 14:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-07-10 09:41 - 2021-12-05 14:44 - 000000000 ____D C:\Program Files\Malwarebytes
2023-07-08 10:22 - 2020-04-04 22:15 - 000001289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-07-07 12:09 - 2021-05-23 21:09 - 000000000 ____D C:\Program Files (x86)\Surfshark
2023-07-05 20:07 - 2020-09-21 17:48 - 000000000 ____D C:\Users\Lifel\AppData\Roaming\.purple
2023-07-04 13:45 - 2020-09-29 11:38 - 000000000 ____D C:\Users\Lifel\AppData\Local\gtk-2.0
2023-07-04 13:45 - 2020-09-29 11:36 - 000000000 ____D C:\Users\Lifel\AppData\Local\babl-0.1
2023-07-04 09:03 - 2022-07-30 12:38 - 000000000 ____D C:\Users\Lifel\Desktop\Szene
2023-07-03 09:45 - 2022-08-07 15:10 - 000002342 ____H C:\Users\Lifel\Documents\Default.rdp
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2023-07-16 17:37 - 2023-07-16 17:37 - 273844224 _____ () C:\Users\Lifel\Bisq-64bit-1.9.12.exe
2022-12-26 22:45 - 2022-12-26 22:45 - 011615744 _____ (Sayyid A.) C:\Users\Lifel\E-Channelizer Installer (1).exe
2020-10-10 20:24 - 2020-10-10 20:24 - 000000048 ____H () C:\Program Files (x86)\qp61skxpce.dat
2022-12-26 23:56 - 2023-03-14 16:43 - 000000128 _____ () C:\Users\Lifel\AppData\Roaming\winscp.rnd
2022-11-21 22:04 - 2022-11-27 10:48 - 010841264 _____ (Ebay-Kleinanzeigen.de Suite) C:\Users\Lifel\AppData\Local\3A7B7290-77EA-45DC-888A-509CDAC02094.exe
2022-11-26 18:45 - 2022-11-26 18:45 - 006809600 _____ () C:\Users\Lifel\AppData\Local\4690239A-8279-4C25-999E-7872366B0731.exe
2022-12-04 20:23 - 2022-12-17 20:47 - 010861744 _____ (Ebay-Kleinanzeigen.de Suite) C:\Users\Lifel\AppData\Local\E175A901-9EC8-4A37-8235-CBA4860000D3.exe
2022-11-21 22:03 - 2022-12-18 13:57 - 000000028 _____ () C:\Users\Lifel\AppData\Local\fraudware.credentials
2023-01-07 19:05 - 2023-01-07 19:05 - 000000000 _____ () C:\Users\Lifel\AppData\Local\OVPN-WG-Default
2023-07-04 13:45 - 2023-07-04 13:45 - 000000880 _____ () C:\Users\Lifel\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
Linear-Darstellung
