|
Log-Analyse und Auswertung: Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.01.2024, 14:58 | #1 |
| Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Hallo zusammen, mit großer Not bitte ich nach etwa 6 Jahren erneut um eure Hilfe. Damals habt ihr mir auch wunderbar helfen können. Vor einigen Wochen ist mir aufgefallen, dass mein Computer teilweise für eine Sekunde einfriert. Das habe ich direkt in Verbindung mit einem Virusverdacht gebracht, da ich irgendwo soetwas schonmal gehört hatte. Dann habe ich einen Scan des internen Defenders durchlaufen lassen. Dieser hat dann auch mehrere Trjaner und Keylogger gefunden. Diese habe ich dann durch das Tool entfernen lassen. Anmerken muss ich noch, dass ich eine ganze Zeit lang nicht auf den neusten Windows Updates gefahren bin.. In den letzten Wochen hat mich auch meine Mail mit einen passenden Passwort erreicht, welche Lösegeld per Bitcoin forderte. Darauf habe ich natürlich nicht reagiert, zumal dort mit Webcam-Aufnahmen meiner nicht vorhandenen Webcam gedroht wurde Trotzdem natürlich erschreckend. Ob das mit den eventuell vorhandenen Viren zutun hat oder aus einem Daten-Leak kam, wer weiß. Ich habe alle Passworter geändert und bekomme auch nun keine "Passwort zurücksetzten" Emails mehr (die Bösen wollten wohl meine Accounts klauen). Ich möchte nun also sichergehen, dass mein Computer virenfrei ist. Dazu habe ich hier die Logs von FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01.01.2024 durchgeführt von ichbi (Administrator) auf JULIAN-PC-STUDI (Micro-Star International Co., Ltd. MS-7C37) (04-01-2024 14:32:52) Gestartet von C:\Users\ichbi\Downloads\FRST64.exe Geladene Profile: ichbi Plattform: Microsoft Windows 10 Pro for Workstations Version 22H2 19045.3803 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: FF Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe (C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe (C:\Program Files\Logitech Gaming Software\LCore.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe (explorer.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (explorer.exe ->) (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering, Ltd.) C:\Program Files\Focusrite\Drivers\Focusrite Notifier.exe (explorer.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (explorer.exe ->) (Nextcloud GmbH -> Nextcloud GmbH) C:\Program Files\Nextcloud\nextcloud.exe (explorer.exe ->) (Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe (explorer.exe ->) (Phonic Corporation -> ) C:\Program Files\Phonic\1394AudioDriver_FireFly808\Phonic_Cpl.exe (explorer.exe ->) (VIA Technologies, Inc.) [Datei ist nicht signiert] C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WpcMon.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13> (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe (services.exe ->) (geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe (services.exe ->) (Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispsig.inf_amd64_2a8379cc1977656a\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (services.exe ->) (Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe (services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe (services.exe ->) (Realtek Semiconductor Corp -> Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_550508a90a3c9a47\RtkAudUService64.exe <2> (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (services.exe ->) (VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LEDKeeper2.exe (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\One Dragon Center\True Color\MSI.True Color.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.) [Datei ist nicht signiert] HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_550508a90a3c9a47\RtkAudUService64.exe [1618320 2022-11-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [142848 2021-04-11] (Avid Technology, Inc.) [Datei ist nicht signiert] HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.) HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [10686824 2022-03-01] (Palo Alto Networks -> Palo Alto Networks) HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [614584 2023-07-01] (geek software GmbH -> geek software GmbH) HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\Focusrite\Drivers\Focusrite Notifier.exe [767552 2022-05-20] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> ) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [119344 2020-06-05] (VMware, Inc. -> VMware, Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-12] (Google LLC -> Google, Inc.) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-12] (Google LLC -> Google, Inc.) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4386664 2023-12-08] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44486048 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [Discord] => C:\Users\ichbi\AppData\Local\Discord\Update.exe [1512040 2021-03-18] (Discord Inc. -> GitHub) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [13443008 2021-05-03] (Binary Fortress Software Ltd -> Binary Fortress Software) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\ichbi\AppData\Local\WebEx\WebexHost.exe [6976336 2021-12-31] (Cisco WebEx LLC -> Cisco Webex LLC) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [Spotify] => C:\Users\ichbi\AppData\Roaming\Spotify\Spotify.exe [30315848 2023-12-09] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [5126352 2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-12] (Google LLC -> Google, Inc.) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\ichbi\AppData\Local\Microsoft\Teams\Update.exe [2589872 2023-12-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [MicrosoftEdgeAutoLaunch_4D67C3CB7D15609F738713BBF52A3A48] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854280 2023-12-21] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\MountPoints2: {728efc9f-c9d4-11eb-912b-d8bbc1099828} - "F:\OnePlus_setup.exe" /s HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\MountPoints2: {ea960893-bd9e-11ec-9158-d8bbc1099828} - "F:\OnePlus_setup.exe" /s HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-12] (Google LLC -> Google, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\118.0.5993.89\Installer\chrmstp.exe [2023-10-20] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{25CA8579-1BD8-469c-B9FC-6AC45A161C18}] -> C:\Windows\system32\PanV2CredProv.dll [2022-03-01] (Palo Alto Networks -> ) Startup: C:\Users\ichbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2023-10-12] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\ichbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rekordboxAgent.lnk [2022-11-03] ShortcutTarget: rekordboxAgent.lnk -> C:\Program Files\Pioneer\rekordbox 6.6.5\rekordboxAgent-win32-x64\rekordboxAgent.exe (AlphaTheta Corporation -> AlphaTheta Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Panel.lnk [2021-05-28] ShortcutTarget: Control Panel.lnk -> C:\Program Files\Phonic\1394AudioDriver_FireFly808\Phonic_Cpl.exe (Phonic Corporation -> ) GroupPolicy: Beschränkung ? <==== ACHTUNG Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {93B6FE41-E102-4E7F-A947-FB35F1F32D23} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.) Task: {F546C58E-99C1-48C0-9660-4F0A9C7CB282} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {1815B76B-3713-44B7-8776-3904A330BBF6} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "46c9ee54-c4ab-4de2-a740-3c6cbf22912a" --version "6.19.10858" --silent Task: {7B9FFCED-F7A4-4742-83F8-7AB81F56092C} - System32\Tasks\CCleanerSkipUAC - ichbi => C:\Program Files\CCleaner\CCleaner.exe [37458848 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {476E1642-F7B7-4C01-8E7B-2CE87C030022} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-17] (Google LLC -> Google LLC) Task: {B781ACCF-11F6-486D-9DDE-1EDDF9448056} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-17] (Google LLC -> Google LLC) Task: {C4126C75-6A21-4E69-9864-E77051149789} - System32\Tasks\MATLAB R2021b Startup Accelerator => C:\Program Files\MATLAB\R2021b\bin\win64\MATLABStartupAccelerator.exe [50176 2021-05-15] () [Datei ist nicht signiert] Task: {D98A5B4A-53EC-4349-BDD3-80F55F61BBAA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23571032 2023-11-29] (Microsoft Corporation -> Microsoft Corporation) Task: {5A64DC16-F8C3-4559-9921-93ADAD4F2881} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23571032 2023-11-29] (Microsoft Corporation -> Microsoft Corporation) Task: {8D6E6A9C-BF0A-4D07-927C-53F97130C6FD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209272 2023-12-20] (Microsoft Corporation -> Microsoft Corporation) Task: {0217BDDF-A728-407F-AB52-7510F85C6F8A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209272 2023-12-20] (Microsoft Corporation -> Microsoft Corporation) Task: {F1F5A26C-EF15-422D-BF58-FC983F8227EB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513920 2023-12-20] (Microsoft Corporation -> Microsoft Corporation) Task: {AB0D4E06-6FDF-43BA-B6F4-704F52FEC67E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513920 2023-12-20] (Microsoft Corporation -> Microsoft Corporation) Task: {0B07A97F-D007-45FC-957F-91EE4F021E96} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6591C6F5-5B10-4A8E-B9FE-570E42C20996} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3D998901-7AFD-45A2-B21E-D4A06D4CEB43} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7E8636B3-0054-4019-90AA-66145559560E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {42CCCFBB-EC38-4953-A371-96D03949C4DD} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674208 2023-12-02] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {B9EB5106-6C1A-4106-9F00-82C8A5C1797B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-12-02] (Mozilla Corporation -> Mozilla Foundation) Task: {15456070-D5F7-484F-BE26-19C00ECE251A} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [78648 2021-04-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) Task: {3EA47929-2EBA-4038-8708-E9B1200F595C} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [78648 2021-04-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) Task: {5D305FAF-8C0E-4470-9171-4E98D246CC56} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LEDKeeper2.exe [1685328 2021-04-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) Task: {20069275-3E88-4E23-A832-4F260EE68D90} - System32\Tasks\MSI Task Host - MSI.True Color => C:\Program Files (x86)\MSI\One Dragon Center\True Color\MSI.True Color.exe [47416 2021-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) Task: {41ED8001-A23A-4D4F-A9CC-AAE1369F970D} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3203882355-2465378241-1904074028-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei) Task: {40021508-9061-41BC-AD3B-9C1E344D02C4} - System32\Tasks\update-S-1-5-21-3203882355-2465378241-1904074028-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {90A34D95-2050-45A2-B153-5B9937D2956E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe Task: C:\Windows\Tasks\MATLAB R2021b Startup Accelerator.job => C:\Program Files\MATLAB\R2021b\bin\win64\MATLABStartupAccelerator.exe C:\Program Files\MATLAB\R2021bJULIAN-PC-STUDI\ichbi.Sta Task: C:\Windows\Tasks\update-S-1-5-21-3203882355-2465378241-1904074028-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{23b271b8-daaa-4df3-b234-b1b53af3e70b}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{23b271b8-daaa-4df3-b234-b1b53af3e70b}: [DhcpDomain] fritz.box Tcpip\..\Interfaces\{4fd08595-b9e9-4e81-80a8-3292f0867e56}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{4fd08595-b9e9-4e81-80a8-3292f0867e56}: [DhcpDomain] fritz.box Tcpip\..\Interfaces\{4fd08595-b9e9-4e81-80a8-3292f0867e56}\145747F6A7577602E6163686023597C647: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{4fd08595-b9e9-4e81-80a8-3292f0867e56}\145747F6A7577602E6163686023597C647: [DhcpDomain] fritz.box Tcpip\..\Interfaces\{5b552e3d-0022-4b12-a317-3298326a495d}: [NameServer] 134.106.40.3,134.106.49.2 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\ichbi\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-13] Edge Extension: (Google Docs Offline) - C:\Users\ichbi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-01] Edge Extension: (Edge relevant text changes) - C:\Users\ichbi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-14] Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\ichbi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2023-08-18] FireFox: ======== FF DefaultProfile: nk31nrhe.default FF ProfilePath: C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\nk31nrhe.default [2021-05-16] FF ProfilePath: C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release [2024-01-04] FF DownloadDir: C:\Users\ichbi\Downloads FF Session Restore: Mozilla\Firefox\Profiles\cu7yum5m.default-release -> ist aktiviert. FF Notifications: Mozilla\Firefox\Profiles\cu7yum5m.default-release -> hxxps://www.faceit.com FF Extension: (YouTube mp3) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\320youtube@gmx.net.xpi [2022-11-14] FF Extension: (Facebook Container) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\@contain-facebook.xpi [2023-07-30] FF Extension: (Übersetzen Sie Websites in Ihrem Browser, ohne die Cloud zu verwenden.) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\firefox-translations-addon@mozilla.org.xpi [2023-07-30] FF Extension: (Honey) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2023-04-12] FF Extension: (Tab Session Manager) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\Tab-Session-Manager@sienori.xpi [2023-12-13] FF Extension: (eBay™ Popularity Sort) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\test@arunshah.co.uk.xpi [2021-05-16] FF Extension: (Dark Theme for Google™) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{026cca71-a2e2-4020-840d-f2759849d62e}.xpi [2023-03-08] FF Extension: (TWP - Translate Web Pages) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2023-09-20] FF Extension: (Moodle Buddy) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{29d2b673-83e5-4aca-a0b8-f9130b9b9cb7}.xpi [2022-08-21] FF Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{44df5123-f715-9146-bfaa-c6e8d4461d44}.xpi [2024-01-04] FF Extension: (__Cool Shade__) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{56b8b413-e19e-47c7-80c5-52a6795dfe78}.xpi [2021-05-16] FF Extension: (WebNowPlaying) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{64b2c525-24ed-4c05-aed1-95ff9e6cef70}.xpi [2024-01-04] FF Extension: (Return YouTube Dislike) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2023-12-17] FF Extension: (insta-download) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{7b21dc78-ddbd-44c8-8621-161bb293598d}.xpi [2021-05-16] FF Extension: (Tab Auto Refresh) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi [2022-07-12] FF Extension: (Markdown Viewer Webext) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{943b8007-a895-44af-a672-4f4ea548c95f}.xpi [2023-06-28] FF Extension: (Sauron - Dark mode for all websites) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{ac17338b-b900-4cd1-a34f-bd30ad5abab9}.xpi [2021-05-16] FF Extension: (Video DownloadHelper) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-26] FF Extension: (SoundCloud Downloader) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{c7a839e7-7086-4021-8176-1cfcb7f169ce}.xpi [2023-06-28] FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-21] FF Extension: (Trello Super Powers) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{e8a71c3b-3deb-4ab3-834a-5c0aee943847}.xpi [2021-12-26] FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-05-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-05-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-01-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-16] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default [2023-12-17] CHR Extension: (SoundCloud to Mp3 - SoundCloud Downloader) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglggfjiagajfmchbcjolbggghckfhgm [2023-06-28] CHR Extension: (Markdown Viewer) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckkdlimhmcjmikdlpkmbgfkaikojcbjk [2023-10-15] CHR Extension: (Music downloader) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmkmbhibddfjgokeipcjedbhphkmhied [2023-06-28] CHR Extension: (Google Docs Offline) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-17] CHR Extension: (Music downloader for SoundCloud™) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\imccchinfcnnpjoicclggnpdenhachco [2023-03-15] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-17] CHR Extension: (Smallpdf - PDF komprimieren und konvertieren) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfgljdgelakfkefopgklcohadegdpjf [2023-12-17] CHR Extension: (Dunkler Modus - Dunkler Leser für Chrome) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbgfifennfhnbkhoidkdchbflppjncb [2023-10-15] CHR HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.) S3 AvidHubService; C:\Program Files\Avid\Cloud Client Services\Hub.exe [2299208 2017-11-09] (Avid Technology, Inc. -> Avid Technology, Inc.) S3 AvidTransportClient; C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [7067464 2017-11-09] (Avid Technology, Inc. -> Avid Technology, Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901960 2022-01-13] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9497688 2023-11-29] (Microsoft Corporation -> Microsoft Corporation) S3 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [142848 2021-04-11] (Avid Technology, Inc.) [Datei ist nicht signiert] S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe [201728 2021-04-11] (Avid Technology, Inc.) [Datei ist nicht signiert] R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [11309520 2021-05-03] (Binary Fortress Software Ltd -> Binary Fortress Software) S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [588264 2022-01-31] (EasyAntiCheat Oy -> Epic Games, Inc.) S3 FACEITService; C:\Program Files\FACEIT AC\faceitservice.exe [65739656 2023-08-30] (FACE IT LIMITED -> ) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2023-11-14] (HP Inc. -> HP Inc.) S3 LightKeeperService; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LightKeeperService.exe [86776 2020-12-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.) S3 MSI_Central_Service; C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe [147088 2020-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) S3 MSI_Companion_Service; C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe [143160 2021-03-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) S3 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControl_Service.exe [32752 2021-02-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) S3 Mystic_Light_Service; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Mystic_Light_Service.exe [39760 2021-03-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [7509352 2022-03-01] (Palo Alto Networks -> Palo Alto Networks) R2 PDF24; C:\Program Files\PDF24\pdf24.exe [614584 2023-07-01] (geek software GmbH -> geek software GmbH) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2021-06-02] (Even Balance, Inc. -> ) R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [215128 2021-06-02] (Even Balance, Inc. -> ) R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek Semiconductor Corp -> Realtek) S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2579840 2022-09-13] (Rockstar Games, Inc. -> Rockstar Games) S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek Semiconductor Corp -> Realtek) R2 RunSwUSB; C:\Windows\runSW.exe [44760 2021-08-25] (Realtek Semiconductor Corp -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [17029944 2023-05-02] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7152880 2022-01-10] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15504600 2020-06-05] (VMware, Inc. -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [8631496 2022-01-10] (PUBG CORPORATION -> PUBG Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispsig.inf_amd64_2a8379cc1977656a\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispsig.inf_amd64_2a8379cc1977656a\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 61883; C:\Windows\System32\drivers\61883.sys [70144 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert] R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 FACEIT; C:\Program Files\FACEIT AC\FACEIT_AC.sys [68181560 2023-08-30] (Microsoft Windows Hardware Compatibility Publisher -> ) R3 FocusritePCIeSwRoot; C:\Windows\System32\drivers\FocusritePCIeSwRoot.sys [105192 2022-05-20] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) S3 FocusriteUsb; C:\Windows\System32\drivers\FocusriteUsb.sys [197280 2022-05-20] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.) S3 FocusriteUsbAudio; C:\Windows\System32\drivers\FocusriteUsbAudio.sys [97952 2022-05-20] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.) R3 FocusriteUsbSwRoot; C:\Windows\System32\drivers\FocusriteUsbSwRoot.sys [110864 2022-05-20] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) R1 googledrivefs31092; C:\Windows\System32\DRIVERS\googledrivefs31092.sys [384600 2023-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.) S3 gpfltdrv; C:\Windows\system32\DRIVERS\gpfltdrv.sys [91760 2022-03-01] (Palo Alto Networks -> Palo Alto Networks) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.) S3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200 2021-05-29] (Logitech Inc -> Logitech) S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928 2021-05-29] (Logitech Inc -> Logitech) S3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896 2021-05-29] (Logitech Inc -> Logitech) S3 MpKsl93a90454; C:\Windows\system32\MpEngineStore\MpKslDrv.sys [214280 2022-11-11] (Microsoft Windows -> Microsoft Corporation) R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd) S3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\One Dragon Center\Lib\SYS\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Lib\NTIOLib_X64.sys [14288 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 PanGpd; C:\Windows\system32\DRIVERS\pangpd.sys [71968 2022-03-01] (Palo Alto Networks -> Palo Alto Networks Inc.) R3 phonic_1394; C:\Windows\System32\Drivers\phonic_1394_x64.sys [197344 2021-05-28] (Phonic Corporation -> Archwave AG) R3 phonic_avs; C:\Windows\System32\Drivers\phonic_avs_x64.sys [72416 2021-05-28] (Phonic Corporation -> Archwave AG) S3 RDID1198; C:\Windows\system32\Drivers\RDWM1198.SYS [395272 2021-09-27] (Microsoft Windows Hardware Compatibility Publisher -> Roland Corporation) S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [66368 2020-06-05] (VMware, Inc. -> VMware, Inc.) R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation) S3 xhunter1; C:\Windows\xhunter1.sys [2522256 2022-01-13] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 netr28x; \SystemRoot\System32\drivers\netr28x.sys [X] U4 npcap_wifi; kein ImagePath S4 NvModuleTracker; \SystemRoot\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2024-01-04 14:32 - 2024-01-04 14:33 - 000040167 _____ C:\Users\ichbi\Downloads\FRST.txt 2024-01-04 14:32 - 2024-01-04 14:33 - 000000000 ____D C:\FRST 2024-01-04 14:32 - 2024-01-04 14:32 - 002387456 _____ (Farbar) C:\Users\ichbi\Downloads\FRST64.exe 2023-12-23 17:56 - 2023-12-23 17:56 - 000010644 _____ C:\Users\ichbi\AppData\Local\recently-used.xbel 2023-12-23 17:05 - 2023-12-23 17:05 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2023-12-18 16:56 - 2023-12-18 16:56 - 000066910 _____ C:\Users\ichbi\Downloads\Results_Julian_Härtel_2023-12-18.pdf 2023-12-18 11:11 - 2023-12-18 11:11 - 000346957 _____ C:\Users\ichbi\Downloads\Prolight_+_Sound_2024_Härtel_Julian_1764991320417.pdf 2023-12-18 10:32 - 2023-12-18 10:32 - 006141552 _____ C:\Users\ichbi\Downloads\2016-01_preisliste_jaguar_xf.pdf 2023-12-17 23:37 - 2023-12-17 23:37 - 011372958 _____ C:\Users\ichbi\Downloads\lecture_04_with_solutions.pptx 2023-12-17 13:31 - 2023-12-17 13:31 - 000000944 _____ C:\Users\Public\Desktop\Engine DJ.lnk 2023-12-17 13:31 - 2023-12-17 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Engine DJ 2023-12-17 13:30 - 2023-12-17 13:31 - 181527128 _____ (AIR Music Technology) C:\Users\ichbi\Downloads\Engine_DJ_3.3.0_7dcfbe5f8c_Setup.exe 2023-12-16 18:04 - 2023-12-16 18:04 - 000740274 _____ C:\Users\ichbi\Downloads\Lebenslauf Pauline Hillebrandt (Sopran)-1.pdf 2023-12-16 17:58 - 2023-12-16 17:58 - 000727676 _____ C:\Users\ichbi\Downloads\Lebenslauf Pauline Hillebrandt (Sopran).pdf 2023-12-16 11:39 - 2023-12-16 11:39 - 000409103 _____ C:\Users\ichbi\Downloads\Rechnung 306-2023 Vermietung IGS Delmenhorst 05.12.2023.pdf 2023-12-15 22:46 - 2023-12-15 22:53 - 000029119 _____ C:\Users\ichbi\Downloads\Bewerbung Despina Entwurf PDF.pdf 2023-12-15 22:45 - 2023-12-15 22:45 - 000257046 _____ C:\Users\ichbi\Downloads\Lebenslauf Pauline Hillebrandt (Sopran) 2024.pdf 2023-12-15 14:28 - 2023-12-15 22:44 - 000000000 ____D C:\Users\ichbi\Downloads\Studio Bilder Ja 2023-12-15 14:28 - 2023-12-15 14:28 - 033225542 _____ C:\Users\ichbi\Downloads\Studio Bilder Ja.zip 2023-12-13 16:07 - 2023-12-13 16:07 - 000000000 ____D C:\Windows\InboxApps 2023-12-13 15:59 - 2023-12-13 15:59 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2023-12-13 15:54 - 2023-12-13 15:54 - 000000000 ___HD C:\$WinREAgent 2023-12-13 15:49 - 2023-12-23 17:04 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2023-12-07 14:24 - 2023-12-07 14:24 - 000789123 _____ C:\Users\ichbi\Downloads\fos_tornado_pro.pdf 2023-12-06 14:23 - 2023-12-06 14:23 - 000188211 _____ C:\Users\ichbi\Downloads\Rettet_Most-common-IT-errors-on-Windows-computers.pdf 2023-12-06 14:22 - 2023-12-06 14:22 - 000558876 _____ C:\Users\ichbi\Downloads\Rettet_IT-support-foer-og-under-eksamen_AIT_vejledning_ENG_on-campus.pdf 2023-12-06 14:21 - 2023-12-06 14:21 - 000423159 _____ C:\Users\ichbi\Downloads\Vejledning-til-digital-eksamen-DE-DK-ENG-revideret-2023-.pdf 2023-12-05 19:37 - 2023-12-05 21:34 - 000161533 _____ C:\Users\ichbi\Downloads\Angebot 306-2023 Vermietung IGS Delmenhorst 05.12.2023.pdf ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2024-01-04 14:31 - 2023-03-16 21:00 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-01-04 14:31 - 2023-03-16 21:00 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2024-01-04 14:31 - 2022-02-12 13:07 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-01-04 14:31 - 2021-05-17 15:27 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2024-01-04 14:30 - 2023-12-02 01:50 - 000000000 ____D C:\Program Files\Mozilla Firefox 2024-01-04 14:28 - 2021-07-23 23:39 - 000000000 ____D C:\Users\ichbi\AppData\Local\Spotify 2024-01-04 14:28 - 2021-07-23 23:38 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Spotify 2024-01-04 14:28 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-01-04 14:27 - 2023-01-24 17:55 - 000000000 ___SD C:\Users\ichbi\Nextcloud 2024-01-04 14:27 - 2021-09-30 20:22 - 000000000 ____D C:\Users\Public\Logi 2023-12-24 00:21 - 2023-01-24 17:54 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Nextcloud 2023-12-24 00:21 - 2021-05-17 16:40 - 000000000 ____D C:\ProgramData\NVIDIA 2023-12-24 00:10 - 2020-11-18 23:50 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-12-24 00:09 - 2021-05-16 18:37 - 000000000 ____D C:\Program Files (x86)\Steam 2023-12-23 22:00 - 2023-08-26 22:56 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\GalaxyLife 2023-12-23 20:26 - 2023-11-28 14:49 - 000013626 _____ C:\Users\ichbi\Desktop\weihnachten.xlsx 2023-12-23 20:26 - 2021-05-31 08:40 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Microsoft\Excel 2023-12-23 20:25 - 2021-05-16 17:59 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Microsoft\Word 2023-12-23 20:21 - 2021-06-11 14:02 - 000000000 ____D C:\Users\ichbi\AppData\Local\babl-0.1 2023-12-23 18:02 - 2023-01-16 10:25 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-12-23 18:02 - 2021-05-16 16:21 - 000000000 ____D C:\Users\ichbi\AppData\Local\PlaceholderTileLogoFolder 2023-12-23 18:02 - 2020-11-19 00:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-12-23 18:02 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-12-23 18:02 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness 2023-12-23 17:56 - 2021-06-12 14:07 - 000000000 ____D C:\Users\ichbi\AppData\Local\gtk-2.0 2023-12-23 17:09 - 2021-05-29 01:38 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Microsoft\PowerPoint 2023-12-23 17:08 - 2021-05-16 16:11 - 001732070 _____ C:\Windows\system32\PerfStringBackup.INI 2023-12-23 17:08 - 2019-12-07 15:51 - 000746674 _____ C:\Windows\system32\perfh007.dat 2023-12-23 17:08 - 2019-12-07 15:51 - 000151622 _____ C:\Windows\system32\perfc007.dat 2023-12-23 17:08 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF 2023-12-23 17:07 - 2021-05-17 15:03 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update 2023-12-23 17:05 - 2021-05-31 20:08 - 000000000 ____D C:\Users\ichbi\AppData\Local\CrashDumps 2023-12-23 17:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2023-12-23 17:04 - 2022-11-08 12:09 - 000000666 _____ C:\Windows\Tasks\CCleanerCrashReporting.job 2023-12-23 17:04 - 2022-01-14 17:22 - 000000000 ____D C:\ProgramData\VMware 2023-12-23 17:04 - 2021-05-17 16:28 - 000000000 ____D C:\Program Files\TeamViewer 2023-12-23 17:04 - 2021-05-17 15:03 - 000000000 ____D C:\Program Files\CCleaner 2023-12-23 17:04 - 2021-05-16 18:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-12-23 17:04 - 2021-05-16 16:04 - 000008192 ___SH C:\DumpStack.log.tmp 2023-12-23 17:04 - 2020-11-19 00:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-12-23 17:04 - 2012-10-26 15:20 - 000001485 _____ C:\Windows\system32\Phonic1394_coinst.cfg 2023-12-20 12:16 - 2021-05-16 17:49 - 000000000 ____D C:\Program Files\Microsoft Office 2023-12-19 17:36 - 2021-05-30 18:03 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\vlc 2023-12-19 14:05 - 2023-10-07 11:57 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\CurseForge 2023-12-19 13:54 - 2021-08-22 20:47 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\.minecraft 2023-12-18 23:08 - 2021-05-17 16:25 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\discord 2023-12-18 22:24 - 2021-05-17 16:25 - 000000000 ____D C:\Users\ichbi\AppData\Local\Discord 2023-12-18 14:09 - 2021-05-16 17:59 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Microsoft\Office 2023-12-17 23:37 - 2021-05-16 16:19 - 000000000 ____D C:\Users\ichbi\AppData\Local\Packages 2023-12-17 13:32 - 2021-05-17 16:12 - 000000000 ____D C:\ProgramData\Package Cache 2023-12-17 13:31 - 2023-06-24 11:15 - 000000000 ____D C:\Program Files\Engine DJ 2023-12-17 01:08 - 2021-05-16 16:16 - 000000000 ____D C:\Users\ichbi 2023-12-16 11:40 - 2022-11-08 12:09 - 000003382 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting 2023-12-15 17:24 - 2021-05-16 16:19 - 000000000 ____D C:\Users\ichbi\AppData\Local\D3DSCache 2023-12-14 23:38 - 2021-06-21 19:30 - 000000000 ____D C:\Users\ichbi\AppData\Local\ElevatedDiagnostics 2023-12-14 18:33 - 2021-05-28 23:49 - 000001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2023-12-13 23:01 - 2021-05-17 16:25 - 000002235 _____ C:\Users\ichbi\Desktop\Discord.lnk 2023-12-13 16:10 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-12-13 16:08 - 2020-11-18 23:50 - 000481128 _____ C:\Windows\system32\FNTCACHE.DAT 2023-12-13 16:07 - 2019-12-07 15:54 - 000000000 ___SD C:\Windows\system32\AppV 2023-12-13 16:07 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2023-12-13 16:07 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2023-12-13 16:07 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2023-12-13 16:07 - 2019-12-07 15:51 - 000000000 ____D C:\Windows\SysWOW64\de 2023-12-13 16:07 - 2019-12-07 15:51 - 000000000 ____D C:\Windows\system32\de 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2023-12-13 16:07 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI 2023-12-13 16:07 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing 2023-12-13 16:03 - 2019-12-07 15:54 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll 2023-12-13 16:03 - 2019-12-07 15:54 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml 2023-12-13 16:03 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2023-12-13 16:03 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll 2023-12-13 16:03 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp 2023-12-13 15:59 - 2020-11-19 00:53 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-12-13 15:54 - 2021-05-16 16:26 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-12-13 15:21 - 2021-05-16 16:26 - 000000000 ____D C:\Windows\system32\MRT 2023-12-13 15:19 - 2021-05-16 16:26 - 182871392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-12-13 15:18 - 2021-05-16 18:01 - 000002525 _____ C:\Users\ichbi\Desktop\Excel.lnk 2023-12-11 11:48 - 2021-11-07 20:31 - 000000576 ____H C:\Windows\Tasks\MATLAB R2021b Startup Accelerator.job 2023-12-06 19:08 - 2020-11-19 00:51 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-12-05 00:19 - 2023-08-27 14:58 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Microsoft\Teams ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2021-05-28 23:28 - 2021-05-28 23:31 - 000018544 _____ () C:\Users\ichbi\AppData\Roaming\Avid_CCS_Service_Stop.log 2022-01-16 14:36 - 2022-01-17 08:38 - 000000016 _____ () C:\Users\ichbi\AppData\Roaming\obs-virtualcam.txt 2021-09-25 11:31 - 2022-06-27 18:26 - 000000128 _____ () C:\Users\ichbi\AppData\Local\PUTTY.RND 2023-12-23 17:56 - 2023-12-23 17:56 - 000010644 _____ () C:\Users\ichbi\AppData\Local\recently-used.xbel 2021-07-26 22:42 - 2023-06-24 20:37 - 000007638 _____ () C:\Users\ichbi\AppData\Local\Resmon.ResmonCfg 2021-05-17 16:05 - 2021-05-17 16:05 - 000000003 _____ () C:\Users\ichbi\AppData\Local\updater.log 2021-05-17 16:05 - 2021-05-17 16:05 - 000000424 _____ () C:\Users\ichbi\AppData\Local\UserProducts.xml ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== In der Windows Sicherheit habe ich ja vier Datein gefunden und entfernen lassen. Die Logs kann ich leider nicht kopieren - aber ich habe sie mit einem Image2Text tool umwandeln lassen: Code:
ATTFilter Bedrohung blockiert 23.12.2023 22:45 Schwerwiegend Erkannt: Trojan:HTML/CryptoExtortBTC Status: Entfernt Eine Bedrohung oder App wurde von diesem Gerät entfernt. Datum: 24.12.2023 00:16 Details: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus. Betroffene Elemente: containerfile: E:\Backups\Equi-Trend.com\backup_equi- trend.com_2109251227.tar file: E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar- >backup_domainmail_2109251227.tgz->(GZip)->info/Maildir/ new/1631216929.M296629P18582.mailsrv.web-beta.de,S=2876,W=2921 Code:
ATTFilter Bedrohung blockiert 23.12.2023 22:45 Schwerwiegend Erkannt: Trojan:HTML/Phish Status: Entfernt Eine Bedrohung oder App wurde von diesem Gerät entfernt. Datum: 24.12.2023 00:16 Details: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus. Betroffene Elemente: containerfile: E:\Backups\Equi-Trend.com\backup_equi- trend.com_2109251227.tar file: E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar- >backup_domainmail_2109251227.tgz->(GZip)->info/Maildir/ new/1538777135.M782738P8140V000000000000090210000000004120FB7.s rv.web-alpha.de,S=2158 file: E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar- >backup_domainmail_2109251227.tgz->(GZip)->inhaber/Maildir/ new/1538777136.M302278P8157V000000000000090210000000004120FB8.5 rv.web-alpha.de,S=2374 file: E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar- >backup_domainmail_2109251227.tgz->(GZip)->inhaber/Maildir/ new/1538913208.M471140P25230V000000000000090210000000004120FBC srv.web-alpha.de,S=2397 Code:
ATTFilter Bedrohung blockiert 23.12.2023 22:45 Schwerwiegend Erkannt: Trojan:Script/Wacatac.H!ml Status: Entfernt Eine Bedrohung oder App wurde von diesem Gerät entfernt. Datum: 24.12.2023 00:16 Details: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus. Betroffene Elemente: file: C:\Users\ichbi\Downloads\Chapter-File-1.rar Weitere Informationen Aktionen Code:
ATTFilter Bedrohung blockiert 23.12.2023 22:45 Schwerwiegend Erkannt: Trojan:Win32/Zusy.EC!MTB Status: Entfernt Eine Bedrohung oder App wurde von diesem Gerät entfernt. Datum: 24.12.2023 00:16 Details: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus. Betroffene Elemente: containerfile: C:\$Recycle.Bin \S-1-5-21-3203882355-2465378241-1904074028-1001\$R0F09Q3.zip file: C:\$Recycle.Bin\S-1-5-21-3203882355-2465378241-1904074028-1001\ $ROF09Q3.zip->aclui.dll Weitere Informationen Aktionen Vielen Dank im Vorraus! |
04.01.2024, 14:59 | #2 |
| Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Addition.txt:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01.01.2024 durchgeführt von ichbi (04-01-2024 14:34:41) Gestartet von C:\Users\ichbi\Downloads Microsoft Windows 10 Pro for Workstations Version 22H2 19045.3803 (X64) (2021-05-16 15:07:12) Start-Modus: Normal ========================================================== ==================== Konten: ============================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) Administrator (S-1-5-21-3203882355-2465378241-1904074028-500 - Administrator - Disabled) B02C33EEFEF34FAEA538 (S-1-5-21-3203882355-2465378241-1904074028-1004 - Limited - Enabled) DefaultAccount (S-1-5-21-3203882355-2465378241-1904074028-503 - Limited - Disabled) Gast (S-1-5-21-3203882355-2465378241-1904074028-501 - Limited - Disabled) haert (S-1-5-21-3203882355-2465378241-1904074028-1002 - Limited - Disabled) ichbi (S-1-5-21-3203882355-2465378241-1904074028-1001 - Administrator - Enabled) => C:\Users\ichbi WDAGUtilityAccount (S-1-5-21-3203882355-2465378241-1904074028-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov) Adesso Cybertrack Driver version 1.00 (HKLM-x32\...\{BCAB7D40-5D74-4C2A-8B76-D13389AB63BC}_is1) (Version: 1.00 - ) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 23.008.20458 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Amazon Games (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.3.8425.2 - Amazon.com Services, Inc.) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.07.21.306 - Advanced Micro Devices, Inc.) AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.80 - Advanced Micro Devices, Inc.) Hidden AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 6.0.0.3 - Advanced Micro Devices, Inc.) Hidden AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.7.0.1725 - Advanced Micro Devices, Inc.) AMD SBxxx SMBus Driver Alpha (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD_Chipset_Drivers (HKLM-x32\...\{7598e74a-915c-4911-918c-ca4b2c296122}) (Version: 2.07.21.306 - Advanced Micro Devices, Inc.) Hidden ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15_Beta2 - tippach engineering) Audacity 3.0.0 (HKLM-x32\...\Audacity_is1) (Version: 3.0.0 - Audacity Team) Audacity 3.1.2 (64 Bit) (HKLM\...\Audacity_is1) (Version: 3.1.2 - Audacity Team) Avid Cloud Client Services (HKLM\...\{66E7D4F4-F044-428D-A734-59138A626A52}) (Version: 2.4.0.15 - Avid Technology, Inc.) Avid Effects (HKLM\...\{19DE6A9D-DAF1-4CCD-8641-98AF7F7A3DC2}) (Version: 20.9.0.119 - Avid Technology, Inc.) Blackmagic RAW Common Components (HKLM\...\{35D9A1FC-10E0-4825-B2D2-3B15EB9B2232}) (Version: 2.4.0.1 - Blackmagic Design) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CamScanner 1.1.3 (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\03fc796f-ccca-5cd2-9de8-e077585adf0b) (Version: 1.1.3 - intsig) CCleaner (HKLM\...\CCleaner) (Version: 6.19 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP) ChamSys MagicQ (HKLM-x32\...\MagicQ) (Version: 1.9.1.6 - ChamSys Limited) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Cisco Webex Meetings (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\ActiveTouchMeetingClient) (Version: 42.1.3 - Cisco Webex LLC) CPUID CPU-Z 1.96 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.96 - CPUID, Inc.) CPUID HWMonitor 1.44 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.44 - CPUID, Inc.) CurseForge 0.240.3-15191 (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\ca0e291c-abd4-5fc3-b6a0-3d4333eccbd7) (Version: 0.240.3-15191 - Overwolf) darktable (HKLM\...\darktable) (Version: 3.8.0 - the darktable project) DaVinci Resolve (HKLM\...\{0DE05B8E-6889-4616-8428-850274AB0700}) (Version: 17.4.60004 - Blackmagic Design) DaVinci Resolve Control Panels (HKLM\...\{7667C543-084F-47F7-BC60-175FC25E9D6F}) (Version: 2.0.1.0 - Blackmagic Design) DDFCreator 2.2.1 (HKLM-x32\...\DDFCreator_2.2.1) (Version: 2.2.1 - DMXControl Projects e.V.) Discord (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Discord) (Version: 1.0.9001 - Discord Inc.) DisplayFusion 9.8 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.8.0.0 - Binary Fortress Software) DMXControl 2.12.2 (HKLM-x32\...\DMXControl) (Version: 2.12.2 - PopSoft) ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.2.2 - Ene Tech.) Hidden ENE_DRAM_RGB_AIO (HKLM-x32\...\{c0cc7253-fa06-46c2-9ceb-f8641408262f}) (Version: 1.0.2.2 - Ene Tech.) Hidden ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\...\{54d3d2b5-db16-446d-b6dd-f4964b166b3b}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden Engine DJ (HKLM\...\{1D6DD610-418A-4FC3-91C2-CE1B88C14B20}) (Version: 3.3.0.70 - AIR Music Technology) Hidden Engine DJ (HKLM-x32\...\{0c9736f4-2a1e-4177-844e-823e11a9cc30}) (Version: 3.3.0.70 - AIR Music Technology) FACEIT Anti-Cheat (HKLM\...\{1419E44C-0EF4-4822-9194-9F1A4D43973D}_is1) (Version: 2.1 - FACEIT LTD) FileZilla Client 3.54.1 (HKLM-x32\...\FileZilla Client) (Version: 3.54.1 - Tim Kosse) FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Focusrite Audio Drivers 4.102.4.735 (HKLM\...\Focusrite Audio Drivers_is1) (Version: 4.102.4.735 - Focusrite Audio Engineering, Ltd.) GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team) Git version 2.32.0 (HKLM\...\Git_is1) (Version: 2.32.0 - The Git Development Community) GlobalProtect (HKLM\...\{8221047A-6727-47A0-AF10-C5F89CAA56A6}) (Version: 5.2.11 - Palo Alto Networks) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 118.0.5993.89 - Google LLC) Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 82.0.1.0 - Google LLC) Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2545.0 - Rockstar Games) grandMA3 onPC 1.6.3.7 (HKLM-x32\...\MA Lighting Technology GmbH grandMA3 onPC 1.6.3.7) (Version: - "MA Lighting Technology GmbH") Inkscape (HKLM-x32\...\Inkscape) (Version: 1.1.2- - Inkscape) ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com) Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation) Java(TM) SE Development Kit 16.0.1 (64-bit) (HKLM\...\{75CDB88B-F917-5456-AB2D-5504DE7F43DE}) (Version: 16.0.1.0 - Oracle Corporation) Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains) Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.) MATLAB R2021b (HKLM\...\Matlab R2021b) (Version: 9.11 - MathWorks) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.91 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.91 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Volume - de-de) (Version: 16.0.10405.20015 - Microsoft Corporation) Microsoft Teams classic (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Teams) (Version: 1.6.00.29964 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing) Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang) MIXO 0.61.0 (HKLM\...\d55b2c77-de3d-571c-b37e-a566ff87822a) (Version: 0.61.0 - MIXO) Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 120.0.1 (x64 de)) (Version: 120.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.1.2 - Mozilla) Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 115.5.2 (x64 de)) (Version: 115.5.2 - Mozilla) MSI SDK (HKLM-x32\...\{EE7D557C-3AE7-4348-8DCA-3A89790D0002}}_is1) (Version: 2.2021.0428.01 - MSI) MSYS2 64bit (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\{73df107e-2385-4feb-924e-ecf18a2366cb}) (Version: 20220603 - The MSYS2 Developers) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.6.2.547 - Native Instruments) Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.14.1.156 - Native Instruments) Native Instruments Traktor Pro 3 (HKLM-x32\...\Native Instruments Traktor Pro 3) (Version: 3.5.1.277 - Native Instruments) Nextcloud (HKLM\...\{235C8899-32EF-44CF-9E58-3E182ABEFDC6}) (Version: 3.7.4.20230309 - Nextcloud GmbH) Nicepage 5.2.4 (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\c9e6a573-2a17-5f23-a9b7-1d442c8e5de0) (Version: 5.2.4 - Artisteer Limited) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.8 - Notepad++ Team) Nullsoft Install System (HKLM-x32\...\NSIS) (Version: 3.08 - Nullsoft and Contributors) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA Grafiktreiber 537.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 537.58 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.1 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10405.20015 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10405.20015 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.10405.20015 - Microsoft Corporation) Hidden OpenIV (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\OpenIV) (Version: 4.1.1502 - .black/OpenIV Team) Outlook (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook) PACE License Support Win64 (HKLM\...\{5AC4321F-FCD1-4a37-BFCB-E1EB0047CDA4}) (Version: 5.4.1.3706 - PACE Anti-Piracy, Inc.) Hidden PACE License Support Win64 (HKLM-x32\...\InstallShield_{5AC4321F-FCD1-4a37-BFCB-E1EB0047CDA4}) (Version: 5.4.1.3706 - PACE Anti-Piracy, Inc.) PDF24 Creator 11.13.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.13.1 - PDF24.org) Phonic FireFly 808 & 808U Firewire Driver v6.11.0.0 (HKLM-x32\...\Phonic FireFly 808 & 808U Firewire Driver v6.11.0.0) (Version: 6.11.0.0 - Phonic) PowerPoint (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.) PuTTY release 0.75 (64-bit) (HKLM\...\{06DB09EC-52D5-47FA-A0F3-D70ED6407481}) (Version: 0.75.0.0 - Simon Tatham) Python 3.10.7 (64-bit) (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\{c62ef944-a7c9-4646-9fc7-d9e658defc1f}) (Version: 3.10.7150.0 - Python Software Foundation) Python 3.10.7 Core Interpreter (64-bit) (HKLM\...\{D4C83865-A602-4834-8390-B094CAF22F71}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Development Libraries (64-bit) (HKLM\...\{C9D65557-5B19-4B9B-860E-4E5477F9B10A}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Documentation (64-bit) (HKLM\...\{51EC70CA-6E66-499A-B7F7-94912F3EA381}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Executables (64-bit) (HKLM\...\{CE8E4C24-9C7B-447B-B974-CD8236BE09B9}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 pip Bootstrap (64-bit) (HKLM\...\{30C9588C-5E1D-479E-988A-DA38CADFA384}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Standard Library (64-bit) (HKLM\...\{08D7A4E8-F704-409B-A676-457432DA3248}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Tcl/Tk Support (64-bit) (HKLM\...\{7BB23EC2-FD76-4BDB-813C-3EEFBB7FD3D9}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Test Suite (64-bit) (HKLM\...\{099B73AD-9E34-4ADF-B982-7E3A75610CA6}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Utility Scripts (64-bit) (HKLM\...\{E1A1200C-5CC4-404B-BF93-E33C463963CD}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{96BFBDD2-78C9-42B5-9893-FABA2BB527C4}) (Version: 3.10.7917.0 - Python Software Foundation) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9013.1 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.46.1231.2020 - Realtek) Realtek USB Wireless LAN Driver (HKLM-x32\...\InstallShield_{DBCC4C27-F949-482b-B786-7B3B67587CD2}) (Version: Drv_3.00.0018 - REALTEK Semiconductor Corp.) Realtek USB Wireless LAN Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: UI_1.00.0287 - REALTEK Semiconductor Corp.) rekordbox 5.8.7 64bit (HKLM\...\Pioneer rekordbox 5.8.7) (Version: 5.8.7.0006 - AlphaTheta) rekordbox 6.6.5 64bit (HKLM\...\Pioneer rekordbox 6.6.5) (Version: 6.6.5.0041 - AlphaTheta) REW 5.20.9 (HKLM\...\4549-9647-2313-4375) (Version: 5.20.9 - John Mulcahy) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.63.962 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.5.1 - Rockstar Games) Sena 30K Updater 1.0.3 (HKLM\...\09cac4af-f108-5ae0-8a45-6335da525e88) (Version: 1.0.3 - Sena Technologies, Inc.) Sena Bluetooth Device Manager 4.3.3 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 4.3.3 - Copyright (C) 2012 ~ 2022 Sena Technologies Inc.) Sidify Music Converter 2.5.0 (HKLM-x32\...\Sidify Music Converter) (Version: 2.5.0 - Sidify) SiudiDriver Version 2.3 (HKLM\...\SiudiDriver_is1) (Version: 2.3 - LightingSoft AG) SoundSwitch 2.5.0.416 (HKLM\...\{BD01C6BB-0A08-4D41-8FD3-CB5280B5AAB8}_is1) (Version: 2.5.0.416 - onesixone Ltd) Spotify (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Spotify) (Version: 1.2.26.1187.g36b715a1 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH) TeamViewer (HKLM\...\TeamViewer) (Version: 15.41.9 - TeamViewer) the t.racks FIR DSP 408 Processor Editor V1.1 (HKLM-x32\...\{4CC7B455-8C3D-4D79-AE0E-0CA76A27C448}_is1) (Version: - ) TR-8S Driver (HKLM\...\RolandRDID0198) (Version: - Roland Corporation) TuneFab Spotify Music Converter 3.1.24 (HKLM\...\9ff685d9-8f1e-59e1-a273-b7c9e7cf0c17) (Version: 3.1.24 - TuneFab) Two Point Hospital (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\AmazonGames/Two Point Hospital) (Version: - SEGA) VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden Webex (HKLM\...\{611AD18D-000D-4ABB-84FD-CC503FDE8EC6}) (Version: 41.5.0.18911 - Cisco Systems, Inc) Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA) Windows-Treiberpaket - Cambridge Silicon Radio Ltd. (CSRBC) USB (11/27/2020 2.5.5.9) (HKLM\...\6A50C99E75CE49370D2FB6BD3959E25A02A0751A) (Version: 11/27/2020 2.5.5.9 - Cambridge Silicon Radio Ltd.) WTOOLS (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\WTOOLS) (Version: 1.3.1 - Nicolaudie Group Inc.) Xournal++ (HKLM\...\Xournal++) (Version: - The Xournal++ Team) Zoom (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\ZoomUMX) (Version: 5.16.2 (22807) - Zoom Video Communications, Inc.) Packages: ========= Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-01-04] () AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-12] (Microsoft Corporation) DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.121.0_x64__kzh8wxbdkxb8p [2021-12-10] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task] Excel -> C:\Program Files\WindowsApps\excel.office.com-72EAE3D_1.0.0.0_neutral__2vp2pd36ganw2 [2023-12-13] (excel.office.com) Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-25] (Microsoft Corporation) HEVC-Videoerweiterungen -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2023-08-13] (Microsoft Corporation) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-14] (HP Inc.) Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-17] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-10-16] (NVIDIA Corp.) Python 3.10 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.3056.0_x64__qbz5n2kfra8p0 [2023-04-06] (Python Software Foundation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.38.277.0_x64__dt26b99r8h8gj [2023-08-31] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11210.0_x64__8wekyb3d8bbwe [2023-11-30] (Microsoft Studios) [MS Ad] Word -> C:\Program Files\WindowsApps\word.office.com-51E922F2_1.0.0.1_neutral__jc2kecmnkxwqc [2023-09-01] (word.office.com) Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.0_neutral__jc2kecmnkxwqc [2022-12-03] (word.office.com) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\ichbi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23270.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{1E62D59A-6EA4-476C-B707-4A32E88ED822}\InprocServer32 -> C:\Program Files\Nextcloud\CfApiShellExtensions.dll () [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\Users\ichbi\AppData\Local\WebEx\WebEx64\Meetings\atucfobj.dll (Cisco WebEx LLC -> Cisco WebEx LLC) CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{3ebb2ee6-b94d-405e-aafd-3256b99908fc} -> [Nextcloud] => C:\Users\ichbi\Nextcloud [2023-01-24 17:55] CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{6FF9B5B6-389F-444A-9FDD-A286C36EA079}\InprocServer32 -> C:\Program Files\Nextcloud\CfApiShellExtensions.dll () [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{993c1522-cb84-4df3-94f5-975ea4f69dbf}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\ichbi\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ NextcloudError] -> {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\NCOverlays.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ NextcloudOK] -> {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\NCOverlays.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ NextcloudOKShared] -> {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\NCOverlays.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ NextcloudSync] -> {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\NCOverlays.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ NextcloudWarning] -> {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\NCOverlays.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> ) ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2020-06-05] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2020-06-05] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers3: [NextcloudContextMenuHandler] -> {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\NCContextMenu.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispsig.inf_amd64_2a8379cc1977656a\nvshext.dll [2023-10-05] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [Datei ist nicht signiert] ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\ichbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb ShortcutWithArgument: C:\Users\ichbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2021-05-17 16:50 - 2019-08-15 17:13 - 001265664 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\DisplayFusion\runtimes\win-x64\native\e_sqlite3.dll 2021-05-17 16:12 - 2017-08-03 04:48 - 000237568 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LEDControl.dll 2018-10-05 09:13 - 2018-10-05 09:13 - 000144896 _____ () [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll 2018-10-05 09:13 - 2018-10-05 09:13 - 000077824 _____ () [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll 2023-02-23 19:28 - 2023-02-23 19:28 - 000146432 _____ () [Datei ist nicht signiert] C:\Program Files\Nextcloud\KF5Archive.dll 2023-03-09 15:19 - 2023-03-09 15:19 - 000129024 _____ () [Datei ist nicht signiert] C:\Program Files\Nextcloud\nextcloudsync_vfs_cfapi.dll 2023-03-09 15:27 - 2023-03-09 15:27 - 000032768 _____ () [Datei ist nicht signiert] C:\Program Files\Nextcloud\nextcloudsync_vfs_suffix.dll 2021-05-17 16:12 - 2018-11-15 13:08 - 002200784 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\IcMSIDll.dll 2021-05-17 16:12 - 2018-08-31 06:26 - 000053760 _____ (MS) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\MsIo32_Galax.dll 2018-10-05 09:13 - 2018-10-05 09:13 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\LAClient\LIBCURL.dll 2018-10-05 09:13 - 2018-10-05 09:13 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\LAClient\LIBEAY32.dll 2018-10-05 09:13 - 2018-10-05 09:13 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\LAClient\SSLEAY32.dll 2018-04-06 19:29 - 2018-04-06 19:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll 2018-04-06 19:29 - 2018-04-06 19:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\ssleay32.dll 2021-05-17 16:12 - 2016-10-04 03:43 - 000399872 _____ (TODO: <公司名稱>) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Lib\SDKDLL.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\ichbi\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\ichbi\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-16] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-05-17] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-05-17] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-16] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\sharepoint.com -> hxxps://dtudk-files.sharepoint.com ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\Program Files\Git\cmd;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\MATLAB\R2021b\bin; HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ichbi\Pictures\Saved Pictures\hd-wallpaper-3519309(1).jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ist aktiviert. Network Binding: ============= VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled) VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKLM\...\StartupApproved\StartupFolder: => "Avid Application Manager.lnk" HKLM\...\StartupApproved\Run: => "PDF24" HKLM\...\StartupApproved\Run: => "DigidesignMMERefresh" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\StartupFolder: => "rekordboxAgent.lnk" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "CiscoSpark" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_4D67C3CB7D15609F738713BBF52A3A48" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{B0F7A8B0-742F-4122-B8A3-D088453E9334}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{95DE6847-2DF0-47EB-9BEF-F9141EB68D98}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{742BDAB2-59CB-429B-B8FA-D83336DCCAF2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{95C6F058-C7C8-4896-BCA1-F5644A1FA279}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8D3D2C69-7A73-41D0-BB40-95C0E3FDA997}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{92282828-0611-4788-8229-DC7CF8DDAC51}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{85FA02CE-5F40-4B74-A538-44D905B1A418}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1093ED26-AE6D-46B5-839D-CBA774FCED2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{40704FC3-B77C-4CE5-A6D4-770F5ABA4CA4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{B92DF34A-EB05-4A66-99FE-E19B5DEF377A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{295C6CE7-7412-44A8-AF57-DA679936E62D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{5E159A1F-85F5-4409-AA79-0A29830D6DD6}] => (Allow) LPort=32682 FirewallRules: [{88A723FD-2EC9-4D34-AC2C-3A86B198C814}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{11FB3506-1E8D-43A0-BEF6-A43F2D29F8B5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{70AE0C66-590A-48EF-84BE-05921365C3CD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{36254BEA-AD6B-451A-A424-F371EC13CC99}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{CD23AB14-32A4-4521-9278-6D401FC80DCA}] => (Allow) D:\Programme\Steam\steamapps\common\Battlefield Bad Company 2\BFBC2Game.exe (EA Digital Illusions CE AB -> EA Digital Illusions CE AB) FirewallRules: [{B8991E9B-DC6F-4F9F-BFD7-D7FAC98926E4}] => (Allow) D:\Programme\Steam\steamapps\common\Battlefield Bad Company 2\BFBC2Game.exe (EA Digital Illusions CE AB -> EA Digital Illusions CE AB) FirewallRules: [{95FB7026-B5A9-4B10-8A0D-898A5831FFD0}] => (Allow) D:\Programme\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe (UBISOFT ENTERTAINMENT INC. -> Blue Mammoth Games) FirewallRules: [{3B75BFED-2159-4024-9AED-1DC71A073F32}] => (Allow) D:\Programme\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe (UBISOFT ENTERTAINMENT INC. -> Blue Mammoth Games) FirewallRules: [{BBE27F17-2D0B-4409-BC83-F8E479B8A169}] => (Allow) D:\Programme\Steam\steamapps\common\Business Tour\BusinessTour.exe () [Datei ist nicht signiert] FirewallRules: [{F9EBFE0D-C363-4CC1-A6F3-3D4D9BAC5887}] => (Allow) D:\Programme\Steam\steamapps\common\Business Tour\BusinessTour.exe () [Datei ist nicht signiert] FirewallRules: [{A051E65C-B58A-4EDE-A8CA-C9E480F100E5}] => (Allow) D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => Keine Datei FirewallRules: [{E1360204-6D48-4C00-87E0-B87F8BF77119}] => (Allow) D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => Keine Datei FirewallRules: [{46C7D13A-43B7-4230-B7F6-B5BC7B7C78B5}] => (Allow) D:\Programme\Steam\steamapps\common\Human Fall Flat\Human.exe () [Datei ist nicht signiert] FirewallRules: [{8D98A846-E0A9-4744-9EAD-113AEB33D970}] => (Allow) D:\Programme\Steam\steamapps\common\Human Fall Flat\Human.exe () [Datei ist nicht signiert] FirewallRules: [{9F7A774E-AB60-49E4-8341-B665C14398E9}] => (Allow) D:\Programme\Steam\steamapps\common\Poly Bridge\polybridge.exe () [Datei ist nicht signiert] FirewallRules: [{3E14E871-4F66-4381-B1F8-2FD5CC1092BF}] => (Allow) D:\Programme\Steam\steamapps\common\Poly Bridge\polybridge.exe () [Datei ist nicht signiert] FirewallRules: [{96DA8933-5D2C-407A-87D2-83D028E6DCD2}] => (Allow) D:\Programme\Steam\steamapps\common\Stigmat\Stigmat.exe () [Datei ist nicht signiert] FirewallRules: [{47BD320C-76DE-406A-BB60-3EB8364E9382}] => (Allow) D:\Programme\Steam\steamapps\common\Stigmat\Stigmat.exe () [Datei ist nicht signiert] FirewallRules: [{E12B3C2B-A8AB-4950-98A1-56E40548F74A}] => (Allow) D:\Programme\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [Datei ist nicht signiert] FirewallRules: [{32925F97-E4F9-4A6E-B035-4D1E18D3A2BA}] => (Allow) D:\Programme\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [Datei ist nicht signiert] FirewallRules: [{C47CA2D5-518A-4DA9-B868-728BE2B52B58}] => (Allow) D:\Programme\Steam\steamapps\common\TRIP\trip.exe () [Datei ist nicht signiert] FirewallRules: [{F9CA3290-8088-4478-86E8-CA1290D633B0}] => (Allow) D:\Programme\Steam\steamapps\common\TRIP\trip.exe () [Datei ist nicht signiert] FirewallRules: [{7765A5DF-3DE8-48A1-A81F-0CC79A7A2FC7}] => (Allow) D:\Programme\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [Datei ist nicht signiert] FirewallRules: [{C4F65A04-192C-4DA8-92BC-CB67801F8EE7}] => (Allow) D:\Programme\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [Datei ist nicht signiert] FirewallRules: [{F04FFBAC-BF43-401F-AEC8-A4379BC0405D}] => (Allow) D:\Programme\Steam\steamapps\common\Ben and Ed - Blood Party\BaEBloodParty.exe () [Datei ist nicht signiert] FirewallRules: [{C2C23592-85B3-40BD-8927-38277119BA68}] => (Allow) D:\Programme\Steam\steamapps\common\Ben and Ed - Blood Party\BaEBloodParty.exe () [Datei ist nicht signiert] FirewallRules: [{5A22AC9F-2EE1-44D7-9C85-96EF3DB8EC16}] => (Allow) D:\Programme\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe (Haemimont Games) [Datei ist nicht signiert] FirewallRules: [{DEBFF066-D7ED-4E36-B435-8E8B59E0A1A0}] => (Allow) D:\Programme\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe (Haemimont Games) [Datei ist nicht signiert] FirewallRules: [{ECF581ED-9FA1-4CAF-A7E7-6B658B28F639}] => (Allow) C:\Users\ichbi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{EE9CDDA4-6010-4976-93E5-B2B9769023AB}] => (Allow) C:\Users\ichbi\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{8F481034-9422-4A5B-ABD1-1019C730B929}] => (Allow) C:\Users\ichbi\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{698DD5BB-309F-414F-AE93-13D2C56581B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{85A3CDE6-2499-4504-99FA-AB9826CA249B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{05097074-1493-48EF-AD9B-F765D37B2747}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6093BB38-E05A-4612-9CDA-B6E1FFB0273F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E91EA20F-7E0C-4B61-8155-211B3A118E47}] => (Allow) C:\Program Files\Avid\Cloud Client Services\Hub.exe (Avid Technology, Inc. -> Avid Technology, Inc.) FirewallRules: [{0FB5BFB4-D01A-4F67-B20E-4359CB2418F6}] => (Allow) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe (Avid Technology, Inc. -> Avid Technology, Inc.) FirewallRules: [{D5DD9903-A84C-4FCD-B224-62B32F915722}] => (Allow) C:\Program Files\Avid\Avid Link\jre\bin\java.exe => Keine Datei FirewallRules: [{7F052D66-EB4D-465C-BF94-545F94D58325}] => (Allow) C:\Program Files\Avid\Avid Link\Avid Link.exe => Keine Datei FirewallRules: [{31D62179-368A-4BF3-A351-9208DD232D3B}] => (Allow) C:\Program Files\Avid\Avid Link\AvidAppManHelper.exe => Keine Datei FirewallRules: [{3631C4B7-5200-4A66-91A5-6596F9900D0C}] => (Allow) D:\Programme\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (KRAFTON, Inc. -> KRAFTON, Inc.) FirewallRules: [{830C12D3-1A9F-4FA9-A8F8-19950593A9C3}] => (Allow) D:\Programme\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (KRAFTON, Inc. -> KRAFTON, Inc.) FirewallRules: [{6D46D3F3-8271-4E93-8D95-F7496560D969}] => (Allow) C:\Program Files\Avid\Pro Tools FirstProToolsFirst.exe => Keine Datei FirewallRules: [TCP Query User{54638ADB-8D0A-48AE-A917-0E07EE5F39E2}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => Keine Datei FirewallRules: [UDP Query User{1A6138DB-AC6F-41F8-9A06-B5C6BF4EF915}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => Keine Datei FirewallRules: [TCP Query User{7FDBB71B-D166-4F69-AF85-D69671A36023}D:\programme\gta5\grand theft auto v\gta5.exe] => (Allow) D:\programme\gta5\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{E692F718-035B-47FA-8C50-A5864531A509}D:\programme\gta5\grand theft auto v\gta5.exe] => (Allow) D:\programme\gta5\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{15F0CB0C-C722-4BD6-9A45-38D08669016C}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => Keine Datei FirewallRules: [UDP Query User{3DAAA096-EE19-481D-A213-8297E9BDA2CF}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => Keine Datei FirewallRules: [{5C099345-F44F-40EE-ABEB-443138F2B070}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{415CFEAE-60E7-4709-AC47-DFBEF0B3D14B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{F5934923-D33E-491B-AF66-808660737E5A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{6651349D-8367-4BC6-8ABC-C3A43A563E6A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [TCP Query User{F3C5B21C-2E57-4956-B591-0ED06F620995}C:\users\ichbi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ichbi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{C280454A-A011-48F0-8C35-DCA9677431B4}C:\users\ichbi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ichbi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AE50AEA7-4C6A-4570-B47D-F91C30A78436}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{60067F71-F890-46BF-B0D2-A6A3AAC4B148}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{FE4432A8-A73F-4CE6-9D02-8688CB2A6948}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{C2D9597D-3A0F-43E7-9B58-C8BE818F5DCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{8B93FA1B-D066-40E8-894A-2A9411C3496E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{871CF4E8-B398-47D9-87BB-38D0D120F899}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{2518094A-AC98-41FA-B8C5-DBBD5B32561B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{6BB64CEA-788C-4878-93FE-AE098E948A10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [TCP Query User{0F5DCF46-9885-4C55-A693-CA0F99D92F2F}C:\users\ichbi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ichbi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{D6C02BC9-AA0B-4867-AAA7-8E77F2EE9DE9}C:\users\ichbi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ichbi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A19B1C4D-ABE2-44E0-886D-AA9C940265F4}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe => Keine Datei FirewallRules: [{7992D638-601B-4BB5-A224-0E10B0062D70}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe => Keine Datei FirewallRules: [TCP Query User{B8E8807C-D99A-45EA-BC8B-ADBB8BA083EE}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe FirewallRules: [UDP Query User{D1FFB670-BAD0-4F2A-ACF0-8276EC743ED6}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe FirewallRules: [{7271F8DD-576F-42A3-BC3A-FD5D9025B82D}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) FirewallRules: [{E1380A33-0EBC-4ED1-BC81-640A65AC32C1}] => (Allow) LPort=1542 FirewallRules: [{C49C792E-2A12-4334-9C12-BBFB31AA38B0}] => (Allow) LPort=1542 FirewallRules: [{22B6582F-CDC8-402C-84A2-DB276DAEBB3C}] => (Allow) LPort=53 FirewallRules: [{9132FED8-8A09-4AAB-B5E6-C3B2FB270F76}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{34FA8617-09E5-4846-B27F-82EC5FEDD9EE}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{A14FF5E4-CFF5-404F-B2C6-6EF34A600E61}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{CE224003-4E2C-4D4A-B202-A23D61F8F14B}] => (Allow) LPort=53 FirewallRules: [{C0FC1DEB-91BB-4A22-9AD7-82AB7BBC69AD}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{9AC907C3-7C29-4FEB-A74C-6186F1D4EF9B}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{22D20951-604C-4F91-BBEC-79940A34C168}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{A332EBD2-6094-4307-8522-5598CC38432F}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [TCP Query User{2A0DE262-92D3-4167-AA7C-55741094346A}D:\programme\steam\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe] => (Allow) D:\programme\steam\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe (Epic Games, Inc.) [Datei ist nicht signiert] FirewallRules: [UDP Query User{35E1A64F-92EE-432B-A95B-37C8F7365CC8}D:\programme\steam\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe] => (Allow) D:\programme\steam\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe (Epic Games, Inc.) [Datei ist nicht signiert] FirewallRules: [TCP Query User{298FF566-C6AD-4F2D-9213-44C20875F095}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{CE128228-330B-4D40-9E09-CA0D1594E405}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [{421212DF-F44C-49B4-A014-3F27C1C03110}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA) FirewallRules: [{AB2F84C2-9F8D-4F35-928C-538512CED97D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA) FirewallRules: [TCP Query User{8202C236-541F-4A7E-9D31-F84EBF510D72}C:\program files\teamspeak 3 client\ts3client_win64.exe] => (Allow) C:\program files\teamspeak 3 client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH) FirewallRules: [UDP Query User{4E04F0E0-4381-4BEF-8A84-7F6E91448868}C:\program files\teamspeak 3 client\ts3client_win64.exe] => (Allow) C:\program files\teamspeak 3 client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH) FirewallRules: [{6EC8EBC8-C4AE-4060-BB8D-90EDC311F56C}] => (Allow) D:\Programme\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH) FirewallRules: [{4A06503D-87BE-441D-81E8-A2B8FF1B8939}] => (Allow) D:\Programme\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH) FirewallRules: [TCP Query User{27E8C48E-80B0-45CF-9F7F-4ECC15338866}C:\program files\soundswitch\soundswitch.exe] => (Allow) C:\program files\soundswitch\soundswitch.exe (inMusic New Zealand Limited -> Onesixone) FirewallRules: [UDP Query User{4C445716-4DC1-48E4-8192-C495FAC1C569}C:\program files\soundswitch\soundswitch.exe] => (Allow) C:\program files\soundswitch\soundswitch.exe (inMusic New Zealand Limited -> Onesixone) FirewallRules: [TCP Query User{846B90C7-4163-4CD9-A42B-166F5EC89030}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe (DMXControl Projects e. V. -> PopSoft) [Datei ist nicht signiert] FirewallRules: [UDP Query User{B1EFC2E0-2456-47F8-87D7-E0C1C25986B8}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe (DMXControl Projects e. V. -> PopSoft) [Datei ist nicht signiert] FirewallRules: [TCP Query User{D2044C2D-12F1-42E5-841B-18CE131ACECA}D:\programme\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programme\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (KRAFTON, Inc. -> KRAFTON, Inc.) FirewallRules: [UDP Query User{90D8489E-24F4-439F-9792-684443C0FE61}D:\programme\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programme\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (KRAFTON, Inc. -> KRAFTON, Inc.) FirewallRules: [TCP Query User{47F86A28-8DAC-4F5B-A010-7CA8CDE7A63A}C:\program files (x86)\chamsys ltd\magicq pc\mqqt.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqqt.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{6E915E32-18C0-4FAB-B502-543B26929A2C}C:\program files (x86)\chamsys ltd\magicq pc\mqqt.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqqt.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{15FBCB82-2D1A-453B-91CD-469BA8C3283D}C:\program files (x86)\chamsys ltd\magicq pc\mqhd.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqhd.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{4779BFB5-8EE1-415A-8B99-07EDEB19D724}C:\program files (x86)\chamsys ltd\magicq pc\mqhd.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqhd.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{4D34AAE5-D22C-4494-BC1D-28F8ED4D4C7E}C:\program files (x86)\chamsys ltd\magicq pc\mqvis.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqvis.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{DF4D2E36-8D31-4740-9761-09CB42ACBED9}C:\program files (x86)\chamsys ltd\magicq pc\mqvis.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqvis.exe () [Datei ist nicht signiert] FirewallRules: [{209964DC-45DA-4557-9581-5E8AD818AA13}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.6.3\bin\app_system.exe (MA Lighting Technology GmbH. -> MA Lighting Technology) FirewallRules: [{F23FC923-CD12-40FA-B3D3-053788239B81}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.6.3\bin\app_gma3.exe (MA Lighting Technology GmbH. -> MA Lighting Technology) FirewallRules: [{7F4C126F-5FC3-4450-A0A6-444D1CFFAB9E}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.6.3\bin\app_updater.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [{5EB89E3E-499D-47EC-BDC0-CB66F4CE3FB0}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.6.3\bin\app_terminal.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [{0B49B177-E589-46DE-8C5D-75831329ACEB}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{5DEEA7C4-8295-429C-9A94-165C81C0251E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{2BF8500B-6703-4D2B-9309-3F6F9B4B62D3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> ) FirewallRules: [{0B16A5A2-33CB-4FA1-B71A-0BAD9FBDEA80}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> ) FirewallRules: [{B82115B8-EEC8-4988-99EC-3AF102D91403}] => (Allow) D:\Programme\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{D62FEDEB-CBBC-4842-B4F9-64C5993CA2B7}] => (Allow) D:\Programme\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{06D7853D-258F-404A-A63D-8DFDABED638D}D:\programme\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\programme\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{3750B706-27CA-40B1-989D-4C45F9D2DC25}D:\programme\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\programme\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{196BF6AF-7522-4C90-91A5-ED7CB6B98880}C:\programdata\ichbi\wtools\app-1.2.1\wtools.exe] => (Allow) C:\programdata\ichbi\wtools\app-1.2.1\wtools.exe (LightingSoft AG -> Nicolaudie Group Inc.) FirewallRules: [UDP Query User{6F3044D3-7F94-4ABB-81CA-3FD2286AB48D}C:\programdata\ichbi\wtools\app-1.2.1\wtools.exe] => (Allow) C:\programdata\ichbi\wtools\app-1.2.1\wtools.exe (LightingSoft AG -> Nicolaudie Group Inc.) FirewallRules: [TCP Query User{CA5358B8-53B6-4BEF-B164-E1CCEE34F8B0}C:\users\ichbi\appdata\local\wtools\app-1.2.1\wtools.exe] => (Allow) C:\users\ichbi\appdata\local\wtools\app-1.2.1\wtools.exe (LightingSoft AG -> Nicolaudie Group Inc.) FirewallRules: [UDP Query User{6CCEC559-DEC4-427E-B5A0-CFE2A65ACC1D}C:\users\ichbi\appdata\local\wtools\app-1.2.1\wtools.exe] => (Allow) C:\users\ichbi\appdata\local\wtools\app-1.2.1\wtools.exe (LightingSoft AG -> Nicolaudie Group Inc.) FirewallRules: [TCP Query User{26B00AC8-815B-4050-AADE-BA25146CBDBD}C:\program files\matlab\r2021b\bin\win64\_temp_supportsoftwaredownloader_r2022a_win64\bin\win64\supportsoftwareinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\_temp_supportsoftwaredownloader_r2022a_win64\bin\win64\supportsoftwareinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [UDP Query User{F26EB670-3AAA-4804-AEF1-DD333F9C522E}C:\program files\matlab\r2021b\bin\win64\_temp_supportsoftwaredownloader_r2022a_win64\bin\win64\supportsoftwareinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\_temp_supportsoftwaredownloader_r2022a_win64\bin\win64\supportsoftwareinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [TCP Query User{07BC7897-6B76-465C-BFA2-9B260CE860AB}C:\program files\matlab\r2021b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\matlab.exe (The MathWorks, Inc. -> The MathWorks Inc.) FirewallRules: [UDP Query User{44334CEA-8AAF-4AA3-A8F3-365B8A758E02}C:\program files\matlab\r2021b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\matlab.exe (The MathWorks, Inc. -> The MathWorks Inc.) FirewallRules: [TCP Query User{E0BF3854-1654-44B3-AEC7-07ADE6070D9F}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe (DMXControl Projects e. V. -> PopSoft) [Datei ist nicht signiert] FirewallRules: [UDP Query User{E74E8248-E22C-451F-90B9-A3DAFE5DA197}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe (DMXControl Projects e. V. -> PopSoft) [Datei ist nicht signiert] FirewallRules: [{36BDEFAA-AEB0-402E-A339-3CFFA93FEDEF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{7D0798BF-12F9-43AB-9CE9-B6EF02CF4E24}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{A3485A3C-0C30-45AE-96EB-15CF8C877569}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{4D90C065-C1AF-41CC-A788-E97E93FC1A4F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{913753A8-2331-4E42-84E5-FF36FFA0BBC9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{3A7EFEBE-5992-4784-9F5D-FC0CA859C2B8}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{58F44218-D96A-4238-B960-20AF731D50DA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => Keine Datei FirewallRules: [{F972CA2B-5A8B-407F-B53C-D9DBDA10D812}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{F970A519-8C2C-4A91-AE66-D210F8C04511}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C086083F-11C9-45BC-917D-E1D8AD5832E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A8BD563C-2C87-4746-9003-A343A29FBCA8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{91C5865B-41FC-40BB-B8DB-C1C82AC39EEE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{8B55B662-EC8B-4982-A7D3-883B85DFDC70}C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [UDP Query User{17FF7001-D56A-467D-BC41-4E1C19B487F9}C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [TCP Query User{853B8257-A28E-49F4-88A0-4E5B74F14810}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{5AD9B704-B2EA-40EA-B727-BD99BD14C80D}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{66936BB7-2C76-44D6-AE2A-9E865AE2D9EF}C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [UDP Query User{9400B343-9976-466F-B1B8-356D185309BB}C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [{41411A05-8AF8-477B-B3E4-B8E12BC61B08}] => (Allow) D:\Programme\Steam\steamapps\common\Poly Bridge 2\Poly Bridge 2.exe () [Datei ist nicht signiert] FirewallRules: [{39797DF0-8291-498B-8209-9FC440C51412}] => (Allow) D:\Programme\Steam\steamapps\common\Poly Bridge 2\Poly Bridge 2.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{5192F18A-FE9A-42CE-B9FC-A652AA2D7254}C:\users\ichbi\appdata\local\wtools\app-1.3.1\wtools.exe] => (Allow) C:\users\ichbi\appdata\local\wtools\app-1.3.1\wtools.exe (Nicolaudie America, Inc. -> Nicolaudie Group Inc.) FirewallRules: [UDP Query User{6D696B6C-E016-4EE3-9788-E93AA2547048}C:\users\ichbi\appdata\local\wtools\app-1.3.1\wtools.exe] => (Allow) C:\users\ichbi\appdata\local\wtools\app-1.3.1\wtools.exe (Nicolaudie America, Inc. -> Nicolaudie Group Inc.) FirewallRules: [TCP Query User{82509882-027A-4AD5-85DC-85331334874B}C:\slmev\easyview.exe] => (Allow) C:\slmev\easyview.exe => Keine Datei FirewallRules: [UDP Query User{8C0000D6-E413-4930-8F41-87C5BBCEFB9A}C:\slmev\easyview.exe] => (Allow) C:\slmev\easyview.exe => Keine Datei FirewallRules: [{5C79924A-DA3E-4D30-861B-661736EFF82D}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\rekordbox.exe (AlphaTheta Corporation -> AlphaTheta Corporation) FirewallRules: [{DB418B63-0756-4B42-9C7A-4B25EA3ADCA3}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\psvnfsd.exe (AlphaTheta Corporation -> AlphaTheta Corporation) FirewallRules: [{6817FB9D-4BC6-4613-9B90-524F0C7366C5}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\psvlinksysmgr.exe (AlphaTheta Corporation -> AlphaTheta Corporation) FirewallRules: [{E1C6B6A3-1517-476A-9DEC-8D59B018A5A7}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\edb_streamd.exe (AlphaTheta Corporation -> ) FirewallRules: [{7BCC20EF-F379-4E31-8C44-BE1951EF3F54}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\ls-unity-rekordbox-win-64bit.exe (AlphaTheta Corporation -> ) FirewallRules: [{8142F0FD-C6B8-41BE-9977-DDCD6F8332E4}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\rbHttpServer.exe (AlphaTheta Corporation -> ) FirewallRules: [{8DF0DBBC-2C79-49A5-A89E-57C5E846E9CE}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\rekordboxAgent-win32-x64\rekordboxAgent.exe (AlphaTheta Corporation -> AlphaTheta Corporation) FirewallRules: [{2C7F95BC-A010-4587-BCF5-CD5ECB472F57}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\rekordbox.exe (AlphaTheta Corporation -> AlphaTheta Corporation) FirewallRules: [{435E3049-627F-42BF-9244-2993CD6EFF65}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\psvnfsd.exe (AlphaTheta Corporation -> Pioneer DJ Corporation.) FirewallRules: [{EEF1B5BF-CF35-4786-9E50-60C0CC9ACF53}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\psvlinksysmgr.exe (AlphaTheta Corporation -> Pioneer DJ Corporation.) FirewallRules: [{C6C52502-8B12-4742-A37A-06DEBCCAE348}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\edb_streamd.exe (AlphaTheta Corporation -> ) FirewallRules: [{DC6677E7-0905-41C8-9FBA-CEB5B44C27D7}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\ls-unity-rekordbox-win-64bit.exe (AlphaTheta Corporation -> ) FirewallRules: [{916D74EF-83EA-456A-A417-FB1992BE5708}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\rbHttpServer.exe (AlphaTheta Corporation -> ) FirewallRules: [{E05669DB-864E-4260-94F9-337F38F5BEEA}] => (Allow) D:\Programme\Steam\steamapps\common\Galaxy Life\Galaxy Life.exe => Keine Datei FirewallRules: [{B6148BC4-430A-4DF9-93BC-42598B9B5107}] => (Allow) D:\Programme\Steam\steamapps\common\Galaxy Life\Galaxy Life.exe => Keine Datei FirewallRules: [{E569B051-DD70-41F3-862A-F6FD6A5CBCDF}] => (Allow) D:\Programme\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{E08D4857-5A29-4D0B-AEDE-1B51D9F1DCCE}] => (Allow) D:\Programme\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{2A09DE71-F547-4502-99EB-87FE0AFD931A}] => (Allow) D:\Programme\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{778F20A8-0A95-4DBE-BA4C-568700FF969F}] => (Allow) D:\Programme\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{6D8CD427-FC49-449C-8429-591815B42E35}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B60DD0A4-007C-4781-9A7C-B6726585CBDC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{7FBD8017-7D39-4E6B-A496-D2EFFD97DC09}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{304A9476-9153-4778-8DFF-E1EBE19FF75B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [TCP Query User{C3B9F1F0-4281-4DFE-B658-4ADCD6D6E33A}C:\program files\engine dj\engine dj.exe] => (Allow) C:\program files\engine dj\engine dj.exe (inMusic Brands, Inc. -> AIR Music Technology) FirewallRules: [UDP Query User{B29F8ED8-C00D-4C89-BB63-64F55E6A6E07}C:\program files\engine dj\engine dj.exe] => (Allow) C:\program files\engine dj\engine dj.exe (inMusic Brands, Inc. -> AIR Music Technology) FirewallRules: [TCP Query User{0EC46D3C-0AFC-4662-A66A-56FE928526F5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{6F7825AD-6CDD-4214-86F5-81B8E6EEE1A1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [TCP Query User{7A7B07CF-FA17-45D6-BDD5-A0506108A63F}C:\program files\engine dj\engine dj.exe] => (Allow) C:\program files\engine dj\engine dj.exe (inMusic Brands, Inc. -> AIR Music Technology) FirewallRules: [UDP Query User{40585C1B-A4C7-41E9-A793-8B2B81406061}C:\program files\engine dj\engine dj.exe] => (Allow) C:\program files\engine dj\engine dj.exe (inMusic Brands, Inc. -> AIR Music Technology) FirewallRules: [{9DAE8B49-9222-4050-BBB9-078BEDEF8F55}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{73B57914-2EB7-46F2-95A4-C49036D526BE}C:\users\ichbi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\ichbi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{CE1222EA-F448-4AD4-8EA0-4D95BA8E1216}C:\users\ichbi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\ichbi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{41555CD2-0F77-48EE-AEB8-EC8F0A3E8E72}C:\users\ichbi\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\ichbi\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [UDP Query User{D809FF12-1E98-4748-9CD5-BB56B04A56AE}C:\users\ichbi\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\ichbi\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [TCP Query User{D35390B7-8F41-4D35-8369-222F5AA69FC6}C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [UDP Query User{9B3F6935-56B7-4014-A863-836D95D0E386}C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [TCP Query User{B36BB949-8E06-4EFC-87E1-8891E3FB108D}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{69BDE64E-AA0D-481B-9C50-34CFAD897D1E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{00075C33-9180-4FDC-8F75-E29D436FDF85}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Wiederherstellungspunkte ========================= 17-12-2023 13:31:39 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: PANGP Virtual Ethernet Adapter Description: PANGP Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: PaloAltoNetworks Service: PanGpd Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (01/04/2024 02:29:49 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (12/23/2023 07:23:16 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (12/23/2023 06:01:50 PM) (Source: Universal Print) (EventID: 1) (User: ) Description: Failed to get auth header with 0x80090036mcpmanagementservice.dll Error: (12/23/2023 06:01:17 PM) (Source: Universal Print) (EventID: 1) (User: ) Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll Error: (12/23/2023 06:01:17 PM) (Source: Universal Print) (EventID: 1) (User: ) Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS70043: The refresh token has expired or is invalid due to sign-in frequency checks by conditional access. The token was issued on 2023-11-28T09:07:38.1332768Z and the maximum allowed lifetime for this request is 1209600. Trace ID: d5bf3598-995d-4312-82f2-29c02e01e000 Correlation ID: b9a1d0e8-b8cf-45ba-b572-ae9e864dc3e6 Timestamp: 2023-12-23 17:01:13Zmcpmanagementservice.dll Error: (12/23/2023 06:01:15 PM) (Source: Universal Print) (EventID: 1) (User: ) Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll Error: (12/23/2023 06:01:15 PM) (Source: Universal Print) (EventID: 1) (User: ) Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS70043: The refresh token has expired or is invalid due to sign-in frequency checks by conditional access. The token was issued on 2023-11-28T09:07:38.1332768Z and the maximum allowed lifetime for this request is 1209600. Trace ID: d5bf3598-995d-4312-82f2-29c02e01e000 Correlation ID: b9a1d0e8-b8cf-45ba-b572-ae9e864dc3e6 Timestamp: 2023-12-23 17:01:13Zmcpmanagementservice.dll Error: (12/23/2023 06:01:14 PM) (Source: Universal Print) (EventID: 1) (User: ) Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll Systemfehler: ============= Error: (12/24/2023 12:21:15 AM) (Source: DCOM) (EventID: 10010) (User: JULIAN-PC-STUDI) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/24/2023 12:21:15 AM) (Source: DCOM) (EventID: 10010) (User: JULIAN-PC-STUDI) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/24/2023 12:21:15 AM) (Source: DCOM) (EventID: 10010) (User: JULIAN-PC-STUDI) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/24/2023 12:21:15 AM) (Source: DCOM) (EventID: 10010) (User: JULIAN-PC-STUDI) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/24/2023 12:21:15 AM) (Source: DCOM) (EventID: 10010) (User: JULIAN-PC-STUDI) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/24/2023 12:21:15 AM) (Source: DCOM) (EventID: 10010) (User: JULIAN-PC-STUDI) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/24/2023 12:21:15 AM) (Source: DCOM) (EventID: 10010) (User: JULIAN-PC-STUDI) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (12/24/2023 12:21:15 AM) (Source: DCOM) (EventID: 10010) (User: JULIAN-PC-STUDI) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Windows Defender: ================ Date: 2023-12-23 22:45:01 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish&threatid=2147678587&enterprise=0 Name: Trojan:HTML/Phish Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: containerfile:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar; file:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar->backup_domainmail_2109251227.tgz->(GZip)->info/Maildir/new/1538777135.M782738P8140V0000000000000902I0000000004120FB7.srv.web-alpha.de,S=2158; file:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar->backup_domainmail_2109251227.tgz->(GZip)->inhaber/Maildir/new/1538777136.M302278P8157V0000000000000902I0000000004120FB8.srv.web-alpha.de,S=2374; file:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar->backup_domainmail_2109251227.tgz->(GZip)->inhaber/Maildir/new/1538913208.M471140P25230V0000000000000902I0000000004120FBC.srv.web-alpha.de,S=2397 Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Benutzer Benutzer: JULIAN-PC-STUDI\ichbi Prozessname: Unknown Sicherheitsversion: AV: 1.403.693.0, AS: 1.403.693.0, NIS: 1.403.693.0 Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2 Date: 2023-12-23 22:45:01 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_C:\Users\ichbi\Downloads\Chapter-File-1.rar Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Benutzer Benutzer: JULIAN-PC-STUDI\ichbi Prozessname: Unknown Sicherheitsversion: AV: 1.403.693.0, AS: 1.403.693.0, NIS: 1.403.693.0 Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2 Date: 2023-12-23 22:45:01 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Zusy.EC!MTB&threatid=2147842708&enterprise=0 Name: Trojan:Win32/Zusy.EC!MTB Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: containerfile:_C:\$Recycle.Bin\S-1-5-21-3203882355-2465378241-1904074028-1001\$R0F09Q3.zip; file:_C:\$Recycle.Bin\S-1-5-21-3203882355-2465378241-1904074028-1001\$R0F09Q3.zip->aclui.dll Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Benutzer Benutzer: JULIAN-PC-STUDI\ichbi Prozessname: Unknown Sicherheitsversion: AV: 1.403.693.0, AS: 1.403.693.0, NIS: 1.403.693.0 Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2 Date: 2023-12-23 22:45:01 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/CryptoExtortBTC&threatid=2147830595&enterprise=0 Name: Trojan:HTML/CryptoExtortBTC Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: containerfile:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar; file:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar->backup_domainmail_2109251227.tgz->(GZip)->info/Maildir/new/1631216929.M296629P18582.mailsrv.web-beta.de,S=2876,W=2921 Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Benutzer Benutzer: JULIAN-PC-STUDI\ichbi Prozessname: Unknown Sicherheitsversion: AV: 1.403.693.0, AS: 1.403.693.0, NIS: 1.403.693.0 Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2 Date: 2023-12-23 20:31:06 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {CA2124FA-BE8D-4A92-8EF6-D29663E7854A} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM CodeIntegrity: =============== Date: 2024-01-04 14:34:53 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2024-01-04 14:32:54 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Speicherinformationen =========================== BIOS: American Megatrends International, LLC. H.F1 08/04/2021 Hauptplatine: Micro-Star International Co., Ltd. X570-A PRO (MS-7C37) Prozessor: AMD Ryzen 9 3900X 12-Core Processor Prozentuale Nutzung des RAM: 25% Installierter physikalischer RAM: 32689.02 MB Verfügbarer physikalischer RAM: 24464.05 MB Summe virtueller Speicher: 37553.02 MB Verfügbarer virtueller Speicher: 27573.37 MB ==================== Laufwerke ================================ Drive c: (Boot) (Fixed) (Total:476.38 GB) (Free:93.16 GB) (Model: SAMSUNG MZVL2512HCJQ-00B00) NTFS Drive d: (Daten) (Fixed) (Total:953.87 GB) (Free:161.42 GB) (Model: SAMSUNG MZVL21T0HCLR-00B00) NTFS Drive e: (DatenII) (Fixed) (Total:931.51 GB) (Free:645.51 GB) (Model: ST1000DM003-1ER162) NTFS \\?\Volume{2ef37091-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS \\?\Volume{2ef37091-0000-0000-0000-d01b77000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F38A4BF1) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 2EF37091) Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=476.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=515 MB) - (Type=27) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 953.9 GB) (Disk ID: C78726A4) Partition 1: (Not Active) - (Size=953.9 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ======================= |
04.01.2024, 20:35 | #3 |
/// TB-Ausbilder | Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails.Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen. Schritt 1 Führe Malwarebytes' AntiMalware (MBAM) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 2 Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 3 Führe ESET Online Scanner (EOS) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Bitte poste mit deiner nächsten Antwort:
|
05.01.2024, 18:44 | #4 |
| Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Vielen Dank für die Antwort. Anbei die Logs von Malwarebytes und adwcleaner. der ESET Scanner hat sich stets von selbst geschlossen bevor ich eine erste Auswahl starten konnte. Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 05.01.24 Scan-Zeit: 18:34 Protokolldatei: a31c22d2-abf0-11ee-aeba-d8bbc1099828.json -Softwaredaten- Version: 4.6.8.311 Komponentenversion: 1.0.2235 Version des Aktualisierungspakets: 1.0.79285 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 10 (Build 19045.3803) CPU: x64 Dateisystem: NTFS Benutzer: Julian-PC-Studio\ichbi -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 331744 Erkannte Bedrohungen: 2 In die Quarantäne verschobene Bedrohungen: 2 Abgelaufene Zeit: 3 Min., 51 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.eSupportUndeletePlus, HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\SOFTWARE\ESUPPORT.COM\UndeletePlus, In Quarantäne, 5691, 355410, 1.0.79285, , ame, , , Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 1 Malware.Sandbox.54, C:\USERS\ICHBI\DOWNLOADS\CYBERLINK_POWERDIRECTOR_DOWNLOADER.EXE, In Quarantäne, 54, 0, 1.0.79285, 54, dds, 02636083, EE316C000F35DED71B98A88B5A5E1153, 75F678C9B1608B0A2BEEF758CBB05DB1B66D869C562B91BBDBC11DD3DE6FD9BB Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2023-07-19.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 01-05-2024 # Duration: 00:00:00 # OS: Windows 10 (Build 19045.3803) # Cleaned: 4 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\ProgramData\Packer Deleted C:\Users\ichbi\AppData\Local\WTools Deleted C:\Users\ichbi\AppData\Roaming\WTools ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WTools ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** Not Deleted Honey - jid1-93CWPmRbVPjRQA@jetpack ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1677 octets] - [05/01/2024 18:41:18] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## |
05.01.2024, 19:13 | #5 |
/// TB-Ausbilder | Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Gut gemacht. Nun bitte eine Kontrolle mit FRST ausführen. Schritt 1
|
05.01.2024, 20:06 | #6 |
| Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Besten Dank. Aufgeteilt in zwei Antworten: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05.01.2024 01 durchgeführt von ichbi (Administrator) auf JULIAN-PC-STUDI (Micro-Star International Co., Ltd. MS-7C37) (05-01-2024 20:00:18) Gestartet von C:\Users\ichbi\Downloads\FRST64.exe Geladene Profile: ichbi Plattform: Microsoft Windows 10 Pro for Workstations Version 22H2 19045.3803 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: FF Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2> (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe ->) (Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe (explorer.exe ->) (Notepad++ -> Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe (explorer.exe ->) (Spotify AB -> Spotify Ltd) C:\Users\ichbi\AppData\Roaming\Spotify\Spotify.exe <6> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WpcMon.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <22> (services.exe ->) (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (services.exe ->) (geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispsig.inf_amd64_2a8379cc1977656a\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (services.exe ->) (Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_550508a90a3c9a47\RtkAudUService64.exe (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (services.exe ->) (VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.) [Datei ist nicht signiert] HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_550508a90a3c9a47\RtkAudUService64.exe [1618320 2022-11-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [142848 2021-04-11] (Avid Technology, Inc.) [Datei ist nicht signiert] HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.) HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [10686824 2022-03-01] (Palo Alto Networks -> Palo Alto Networks) HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [614584 2023-07-01] (geek software GmbH -> geek software GmbH) HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\Focusrite\Drivers\Focusrite Notifier.exe [767552 2022-05-20] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> ) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [119344 2020-06-05] (VMware, Inc. -> VMware, Inc.) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-12] (Google LLC -> Google, Inc.) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-12] (Google LLC -> Google, Inc.) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4386664 2023-12-08] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44486048 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [Discord] => C:\Users\ichbi\AppData\Local\Discord\Update.exe [1512040 2021-03-18] (Discord Inc. -> GitHub) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [13443008 2021-05-03] (Binary Fortress Software Ltd -> Binary Fortress Software) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\ichbi\AppData\Local\WebEx\WebexHost.exe [6976336 2021-12-31] (Cisco WebEx LLC -> Cisco Webex LLC) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [Spotify] => C:\Users\ichbi\AppData\Roaming\Spotify\Spotify.exe [30315848 2023-12-09] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [5126352 2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-12] (Google LLC -> Google, Inc.) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\ichbi\AppData\Local\Microsoft\Teams\Update.exe [2589872 2023-12-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Run: [MicrosoftEdgeAutoLaunch_4D67C3CB7D15609F738713BBF52A3A48] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854280 2023-12-21] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\MountPoints2: {728efc9f-c9d4-11eb-912b-d8bbc1099828} - "F:\OnePlus_setup.exe" /s HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\MountPoints2: {ea960893-bd9e-11ec-9158-d8bbc1099828} - "F:\OnePlus_setup.exe" /s HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\82.0.1.0\GoogleDriveFS.exe [55189280 2023-10-12] (Google LLC -> Google, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\118.0.5993.89\Installer\chrmstp.exe [2023-10-20] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{25CA8579-1BD8-469c-B9FC-6AC45A161C18}] -> C:\Windows\system32\PanV2CredProv.dll [2022-03-01] (Palo Alto Networks -> ) Startup: C:\Users\ichbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2023-10-12] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\ichbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rekordboxAgent.lnk [2022-11-03] ShortcutTarget: rekordboxAgent.lnk -> C:\Program Files\Pioneer\rekordbox 6.6.5\rekordboxAgent-win32-x64\rekordboxAgent.exe (AlphaTheta Corporation -> AlphaTheta Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Panel.lnk [2021-05-28] ShortcutTarget: Control Panel.lnk -> C:\Program Files\Phonic\1394AudioDriver_FireFly808\Phonic_Cpl.exe (Phonic Corporation -> ) GroupPolicy: Beschränkung ? <==== ACHTUNG Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {93B6FE41-E102-4E7F-A947-FB35F1F32D23} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.) Task: {F546C58E-99C1-48C0-9660-4F0A9C7CB282} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {1815B76B-3713-44B7-8776-3904A330BBF6} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "46c9ee54-c4ab-4de2-a740-3c6cbf22912a" --version "6.19.10858" --silent Task: {7B9FFCED-F7A4-4742-83F8-7AB81F56092C} - System32\Tasks\CCleanerSkipUAC - ichbi => C:\Program Files\CCleaner\CCleaner.exe [37458848 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {476E1642-F7B7-4C01-8E7B-2CE87C030022} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-17] (Google LLC -> Google LLC) Task: {B781ACCF-11F6-486D-9DDE-1EDDF9448056} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-17] (Google LLC -> Google LLC) Task: {C4126C75-6A21-4E69-9864-E77051149789} - System32\Tasks\MATLAB R2021b Startup Accelerator => C:\Program Files\MATLAB\R2021b\bin\win64\MATLABStartupAccelerator.exe [50176 2021-05-15] () [Datei ist nicht signiert] Task: {D98A5B4A-53EC-4349-BDD3-80F55F61BBAA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23571032 2023-11-29] (Microsoft Corporation -> Microsoft Corporation) Task: {5A64DC16-F8C3-4559-9921-93ADAD4F2881} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23571032 2023-11-29] (Microsoft Corporation -> Microsoft Corporation) Task: {8D6E6A9C-BF0A-4D07-927C-53F97130C6FD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209272 2023-12-20] (Microsoft Corporation -> Microsoft Corporation) Task: {0217BDDF-A728-407F-AB52-7510F85C6F8A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209272 2023-12-20] (Microsoft Corporation -> Microsoft Corporation) Task: {F1F5A26C-EF15-422D-BF58-FC983F8227EB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513920 2023-12-20] (Microsoft Corporation -> Microsoft Corporation) Task: {AB0D4E06-6FDF-43BA-B6F4-704F52FEC67E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513920 2023-12-20] (Microsoft Corporation -> Microsoft Corporation) Task: {42CCCFBB-EC38-4953-A371-96D03949C4DD} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2024-01-04] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {B9EB5106-6C1A-4106-9F00-82C8A5C1797B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2024-01-04] (Mozilla Corporation -> Mozilla Foundation) Task: {15456070-D5F7-484F-BE26-19C00ECE251A} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [78648 2021-04-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) Task: {3EA47929-2EBA-4038-8708-E9B1200F595C} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [78648 2021-04-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) Task: {5D305FAF-8C0E-4470-9171-4E98D246CC56} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LEDKeeper2.exe [1685328 2021-04-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) Task: {20069275-3E88-4E23-A832-4F260EE68D90} - System32\Tasks\MSI Task Host - MSI.True Color => C:\Program Files (x86)\MSI\One Dragon Center\True Color\MSI.True Color.exe [47416 2021-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) Task: {41ED8001-A23A-4D4F-A9CC-AAE1369F970D} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3203882355-2465378241-1904074028-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei) Task: {40021508-9061-41BC-AD3B-9C1E344D02C4} - System32\Tasks\update-S-1-5-21-3203882355-2465378241-1904074028-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) Task: {90A34D95-2050-45A2-B153-5B9937D2956E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe Task: C:\Windows\Tasks\MATLAB R2021b Startup Accelerator.job => C:\Program Files\MATLAB\R2021b\bin\win64\MATLABStartupAccelerator.exe C:\Program Files\MATLAB\R2021bJULIAN-PC-STUDI\ichbi.Sta Task: C:\Windows\Tasks\update-S-1-5-21-3203882355-2465378241-1904074028-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.) Tcpip\..\Interfaces\{23b271b8-daaa-4df3-b234-b1b53af3e70b}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{23b271b8-daaa-4df3-b234-b1b53af3e70b}: [DhcpDomain] fritz.box Tcpip\..\Interfaces\{4fd08595-b9e9-4e81-80a8-3292f0867e56}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{4fd08595-b9e9-4e81-80a8-3292f0867e56}: [DhcpDomain] fritz.box Tcpip\..\Interfaces\{4fd08595-b9e9-4e81-80a8-3292f0867e56}\145747F6A7577602E6163686023597C647: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{4fd08595-b9e9-4e81-80a8-3292f0867e56}\145747F6A7577602E6163686023597C647: [DhcpDomain] fritz.box Tcpip\..\Interfaces\{5b552e3d-0022-4b12-a317-3298326a495d}: [NameServer] 134.106.40.3,134.106.49.2 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\ichbi\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-04] Edge Extension: (Google Docs Offline) - C:\Users\ichbi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-01] Edge Extension: (Edge relevant text changes) - C:\Users\ichbi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-14] Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\ichbi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2023-08-18] FireFox: ======== FF DefaultProfile: nk31nrhe.default FF ProfilePath: C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\nk31nrhe.default [2021-05-16] FF ProfilePath: C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release [2024-01-05] FF DownloadDir: C:\Users\ichbi\Downloads FF Session Restore: Mozilla\Firefox\Profiles\cu7yum5m.default-release -> ist aktiviert. FF Notifications: Mozilla\Firefox\Profiles\cu7yum5m.default-release -> hxxps://www.faceit.com FF Extension: (YouTube mp3) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\320youtube@gmx.net.xpi [2022-11-14] FF Extension: (Facebook Container) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\@contain-facebook.xpi [2023-07-30] FF Extension: (Übersetzen Sie Websites in Ihrem Browser, ohne die Cloud zu verwenden.) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\firefox-translations-addon@mozilla.org.xpi [2023-07-30] FF Extension: (Honey) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2023-04-12] FF Extension: (Tab Session Manager) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\Tab-Session-Manager@sienori.xpi [2023-12-13] FF Extension: (eBay™ Popularity Sort) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\test@arunshah.co.uk.xpi [2021-05-16] FF Extension: (Dark Theme for Google™) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{026cca71-a2e2-4020-840d-f2759849d62e}.xpi [2023-03-08] FF Extension: (TWP - Translate Web Pages) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2023-09-20] FF Extension: (Moodle Buddy) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{29d2b673-83e5-4aca-a0b8-f9130b9b9cb7}.xpi [2022-08-21] FF Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{44df5123-f715-9146-bfaa-c6e8d4461d44}.xpi [2024-01-04] FF Extension: (__Cool Shade__) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{56b8b413-e19e-47c7-80c5-52a6795dfe78}.xpi [2021-05-16] FF Extension: (WebNowPlaying) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{64b2c525-24ed-4c05-aed1-95ff9e6cef70}.xpi [2024-01-04] FF Extension: (Return YouTube Dislike) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2023-12-17] FF Extension: (insta-download) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{7b21dc78-ddbd-44c8-8621-161bb293598d}.xpi [2021-05-16] FF Extension: (Tab Auto Refresh) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi [2022-07-12] FF Extension: (Markdown Viewer Webext) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{943b8007-a895-44af-a672-4f4ea548c95f}.xpi [2023-06-28] FF Extension: (Sauron - Dark mode for all websites) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{ac17338b-b900-4cd1-a34f-bd30ad5abab9}.xpi [2021-05-16] FF Extension: (Video DownloadHelper) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-26] FF Extension: (SoundCloud Downloader) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{c7a839e7-7086-4021-8176-1cfcb7f169ce}.xpi [2023-06-28] FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-21] FF Extension: (Trello Super Powers) - C:\Users\ichbi\AppData\Roaming\Mozilla\Firefox\Profiles\cu7yum5m.default-release\Extensions\{e8a71c3b-3deb-4ab3-834a-5c0aee943847}.xpi [2021-12-26] FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-05-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-05-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-01-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-16] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default [2023-12-17] CHR Extension: (SoundCloud to Mp3 - SoundCloud Downloader) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglggfjiagajfmchbcjolbggghckfhgm [2023-06-28] CHR Extension: (Markdown Viewer) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckkdlimhmcjmikdlpkmbgfkaikojcbjk [2023-10-15] CHR Extension: (Music downloader) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmkmbhibddfjgokeipcjedbhphkmhied [2023-06-28] CHR Extension: (Google Docs Offline) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-17] CHR Extension: (Music downloader for SoundCloud™) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\imccchinfcnnpjoicclggnpdenhachco [2023-03-15] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-17] CHR Extension: (Smallpdf - PDF komprimieren und konvertieren) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfgljdgelakfkefopgklcohadegdpjf [2023-12-17] CHR Extension: (Dunkler Modus - Dunkler Leser für Chrome) - C:\Users\ichbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbgfifennfhnbkhoidkdchbflppjncb [2023-10-15] CHR HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.) S3 AvidHubService; C:\Program Files\Avid\Cloud Client Services\Hub.exe [2299208 2017-11-09] (Avid Technology, Inc. -> Avid Technology, Inc.) S3 AvidTransportClient; C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [7067464 2017-11-09] (Avid Technology, Inc. -> Avid Technology, Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901960 2022-01-13] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9497688 2023-11-29] (Microsoft Corporation -> Microsoft Corporation) S3 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [142848 2021-04-11] (Avid Technology, Inc.) [Datei ist nicht signiert] S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe [201728 2021-04-11] (Avid Technology, Inc.) [Datei ist nicht signiert] R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [11309520 2021-05-03] (Binary Fortress Software Ltd -> Binary Fortress Software) S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [588264 2022-01-31] (EasyAntiCheat Oy -> Epic Games, Inc.) S3 FACEITService; C:\Program Files\FACEIT AC\faceitservice.exe [65739656 2023-08-30] (FACE IT LIMITED -> ) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2023-11-14] (HP Inc. -> HP Inc.) S3 LightKeeperService; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LightKeeperService.exe [86776 2020-12-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-05] (Malwarebytes Inc. -> Malwarebytes) S3 MSI_Central_Service; C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe [147088 2020-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) S3 MSI_Companion_Service; C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe [143160 2021-03-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) S3 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControl_Service.exe [32752 2021-02-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) S3 Mystic_Light_Service; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Mystic_Light_Service.exe [39760 2021-03-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [7509352 2022-03-01] (Palo Alto Networks -> Palo Alto Networks) R2 PDF24; C:\Program Files\PDF24\pdf24.exe [614584 2023-07-01] (geek software GmbH -> geek software GmbH) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2021-06-02] (Even Balance, Inc. -> ) S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [215128 2021-06-02] (Even Balance, Inc. -> ) S2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek Semiconductor Corp -> Realtek) S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2579840 2022-09-13] (Rockstar Games, Inc. -> Rockstar Games) S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek Semiconductor Corp -> Realtek) S2 RunSwUSB; C:\Windows\runSW.exe [44760 2021-08-25] (Realtek Semiconductor Corp -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [17029944 2023-05-02] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7152880 2022-01-10] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15504600 2020-06-05] (VMware, Inc. -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [8631496 2022-01-10] (PUBG CORPORATION -> PUBG Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispsig.inf_amd64_2a8379cc1977656a\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispsig.inf_amd64_2a8379cc1977656a\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 61883; C:\Windows\System32\drivers\61883.sys [70144 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert] R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R1 FACEIT; C:\Program Files\FACEIT AC\FACEIT_AC.sys [68181560 2023-08-30] (Microsoft Windows Hardware Compatibility Publisher -> ) R3 FocusritePCIeSwRoot; C:\Windows\System32\drivers\FocusritePCIeSwRoot.sys [105192 2022-05-20] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) S3 FocusriteUsb; C:\Windows\System32\drivers\FocusriteUsb.sys [197280 2022-05-20] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.) S3 FocusriteUsbAudio; C:\Windows\System32\drivers\FocusriteUsbAudio.sys [97952 2022-05-20] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.) R3 FocusriteUsbSwRoot; C:\Windows\System32\drivers\FocusriteUsbSwRoot.sys [110864 2022-05-20] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.) R1 googledrivefs31092; C:\Windows\System32\DRIVERS\googledrivefs31092.sys [384600 2023-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.) S3 gpfltdrv; C:\Windows\system32\DRIVERS\gpfltdrv.sys [91760 2022-03-01] (Palo Alto Networks -> Palo Alto Networks) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.) S3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200 2021-05-29] (Logitech Inc -> Logitech) S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928 2021-05-29] (Logitech Inc -> Logitech) S3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896 2021-05-29] (Logitech Inc -> Logitech) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222784 2024-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-01-05] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2024-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188008 2024-01-05] (Malwarebytes Inc. -> Malwarebytes) S3 MpKsl93a90454; C:\Windows\system32\MpEngineStore\MpKslDrv.sys [214280 2022-11-11] (Microsoft Windows -> Microsoft Corporation) R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd) S3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\One Dragon Center\Lib\SYS\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Lib\NTIOLib_X64.sys [14288 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) S3 PanGpd; C:\Windows\system32\DRIVERS\pangpd.sys [71968 2022-03-01] (Palo Alto Networks -> Palo Alto Networks Inc.) R3 phonic_1394; C:\Windows\System32\Drivers\phonic_1394_x64.sys [197344 2021-05-28] (Phonic Corporation -> Archwave AG) R3 phonic_avs; C:\Windows\System32\Drivers\phonic_avs_x64.sys [72416 2021-05-28] (Phonic Corporation -> Archwave AG) S3 RDID1198; C:\Windows\system32\Drivers\RDWM1198.SYS [395272 2021-09-27] (Microsoft Windows Hardware Compatibility Publisher -> Roland Corporation) S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [66368 2020-06-05] (VMware, Inc. -> VMware, Inc.) R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation) S3 xhunter1; C:\Windows\xhunter1.sys [2522256 2022-01-13] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 netr28x; \SystemRoot\System32\drivers\netr28x.sys [X] U4 npcap_wifi; kein ImagePath S4 NvModuleTracker; \SystemRoot\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2024-01-05 20:00 - 2024-01-05 20:00 - 000000000 ____D C:\Users\ichbi\Downloads\FRST-OlderVersion 2024-01-05 18:42 - 2024-01-05 18:43 - 000001386 _____ C:\Users\ichbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2024-01-05 18:42 - 2024-01-05 18:42 - 015274968 _____ (ESET) C:\Users\ichbi\Downloads\esetonlinescanner.exe 2024-01-05 18:42 - 2024-01-05 18:42 - 015274968 _____ (ESET) C:\Users\ichbi\Downloads\esetonlinescanner(1).exe 2024-01-05 18:42 - 2024-01-05 18:42 - 000000000 ____D C:\Users\ichbi\AppData\Local\ESET 2024-01-05 18:40 - 2024-01-05 18:41 - 000000000 ____D C:\AdwCleaner 2024-01-05 18:40 - 2024-01-05 18:40 - 008791352 _____ (Malwarebytes) C:\Users\ichbi\Downloads\adwcleaner.exe 2024-01-05 18:39 - 2024-01-05 18:39 - 000188008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2024-01-05 18:33 - 2024-01-05 18:40 - 000000000 ____D C:\Users\ichbi\AppData\Local\Malwarebytes 2024-01-05 18:33 - 2024-01-05 18:33 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2024-01-05 18:33 - 2024-01-05 18:33 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2024-01-05 18:33 - 2024-01-05 18:33 - 000000000 ____D C:\Users\ichbi\AppData\Local\mbam 2024-01-05 18:32 - 2024-01-05 18:32 - 002606880 _____ (Malwarebytes) C:\Users\ichbi\Downloads\MBSetup.exe 2024-01-05 18:32 - 2024-01-05 18:32 - 000000000 ____D C:\ProgramData\Malwarebytes 2024-01-05 18:32 - 2024-01-05 18:32 - 000000000 ____D C:\Program Files\Malwarebytes 2024-01-04 16:46 - 2024-01-04 16:47 - 091309689 _____ C:\Users\ichbi\Downloads\KK300_Juleshow_5.K-aKUAGX.mp4.part 2024-01-04 16:46 - 2024-01-04 16:46 - 000000000 _____ C:\Users\ichbi\Downloads\KK300_Juleshow_5.mp4 2024-01-04 16:45 - 2024-01-04 16:47 - 874251105 _____ C:\Users\ichbi\Downloads\KK300_Juleshow_(1-4).OYndQzsD.mp4.part 2024-01-04 16:45 - 2024-01-04 16:45 - 000000000 _____ C:\Users\ichbi\Downloads\KK300_Juleshow_(1-4).mp4 2024-01-04 15:05 - 2024-01-04 15:05 - 000130897 _____ C:\Users\ichbi\Downloads\HUK-COBURG_Police KFZ_529_729148-V_27_12_2023.pdf 2024-01-04 14:44 - 2024-01-05 18:40 - 000000000 ____D C:\Users\ichbi\Desktop\trjoanerboard 2024-01-04 14:34 - 2024-01-04 14:35 - 000091854 _____ C:\Users\ichbi\Downloads\Addition.txt 2024-01-04 14:32 - 2024-01-05 20:00 - 002388992 _____ (Farbar) C:\Users\ichbi\Downloads\FRST64.exe 2024-01-04 14:32 - 2024-01-05 20:00 - 000037815 _____ C:\Users\ichbi\Downloads\FRST.txt 2024-01-04 14:32 - 2024-01-05 20:00 - 000000000 ____D C:\FRST 2024-01-04 14:30 - 2024-01-05 18:39 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-12-23 17:56 - 2023-12-23 17:56 - 000010644 _____ C:\Users\ichbi\AppData\Local\recently-used.xbel 2023-12-23 17:05 - 2023-12-23 17:05 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2023-12-18 16:56 - 2023-12-18 16:56 - 000066910 _____ C:\Users\ichbi\Downloads\Results_Julian_Härtel_2023-12-18.pdf 2023-12-18 11:11 - 2023-12-18 11:11 - 000346957 _____ C:\Users\ichbi\Downloads\Prolight_+_Sound_2024_Härtel_Julian_1764991320417.pdf 2023-12-18 10:32 - 2023-12-18 10:32 - 006141552 _____ C:\Users\ichbi\Downloads\2016-01_preisliste_jaguar_xf.pdf 2023-12-17 23:37 - 2023-12-17 23:37 - 011372958 _____ C:\Users\ichbi\Downloads\lecture_04_with_solutions.pptx 2023-12-17 13:31 - 2023-12-17 13:31 - 000000944 _____ C:\Users\Public\Desktop\Engine DJ.lnk 2023-12-17 13:31 - 2023-12-17 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Engine DJ 2023-12-17 13:30 - 2023-12-17 13:31 - 181527128 _____ (AIR Music Technology) C:\Users\ichbi\Downloads\Engine_DJ_3.3.0_7dcfbe5f8c_Setup.exe 2023-12-16 18:04 - 2023-12-16 18:04 - 000740274 _____ C:\Users\ichbi\Downloads\Lebenslauf Pauline Hillebrandt (Sopran)-1.pdf 2023-12-16 17:58 - 2023-12-16 17:58 - 000727676 _____ C:\Users\ichbi\Downloads\Lebenslauf Pauline Hillebrandt (Sopran).pdf 2023-12-16 11:39 - 2023-12-16 11:39 - 000409103 _____ C:\Users\ichbi\Downloads\Rechnung 306-2023 Vermietung IGS Delmenhorst 05.12.2023.pdf 2023-12-15 22:46 - 2023-12-15 22:53 - 000029119 _____ C:\Users\ichbi\Downloads\Bewerbung Despina Entwurf PDF.pdf 2023-12-15 22:45 - 2023-12-15 22:45 - 000257046 _____ C:\Users\ichbi\Downloads\Lebenslauf Pauline Hillebrandt (Sopran) 2024.pdf 2023-12-15 14:28 - 2023-12-15 22:44 - 000000000 ____D C:\Users\ichbi\Downloads\Studio Bilder Ja 2023-12-15 14:28 - 2023-12-15 14:28 - 033225542 _____ C:\Users\ichbi\Downloads\Studio Bilder Ja.zip 2023-12-13 16:07 - 2023-12-13 16:07 - 000000000 ____D C:\Windows\InboxApps 2023-12-13 15:59 - 2023-12-13 15:59 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2023-12-13 15:54 - 2023-12-13 15:54 - 000000000 ___HD C:\$WinREAgent 2023-12-13 15:49 - 2024-01-04 16:25 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2023-12-07 14:24 - 2023-12-07 14:24 - 000789123 _____ C:\Users\ichbi\Downloads\fos_tornado_pro.pdf 2023-12-06 14:23 - 2023-12-06 14:23 - 000188211 _____ C:\Users\ichbi\Downloads\Rettet_Most-common-IT-errors-on-Windows-computers.pdf 2023-12-06 14:22 - 2023-12-06 14:22 - 000558876 _____ C:\Users\ichbi\Downloads\Rettet_IT-support-foer-og-under-eksamen_AIT_vejledning_ENG_on-campus.pdf 2023-12-06 14:21 - 2023-12-06 14:21 - 000423159 _____ C:\Users\ichbi\Downloads\Vejledning-til-digital-eksamen-DE-DK-ENG-revideret-2023-.pdf ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2024-01-05 19:59 - 2021-07-23 23:39 - 000000000 ____D C:\Users\ichbi\AppData\Local\Spotify 2024-01-05 19:58 - 2021-07-23 23:38 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Spotify 2024-01-05 19:57 - 2020-11-18 23:50 - 000000000 ____D C:\Windows\system32\SleepStudy 2024-01-05 19:09 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-01-05 18:49 - 2021-05-16 16:19 - 000000000 ____D C:\Users\ichbi\AppData\Local\D3DSCache 2024-01-05 18:46 - 2021-05-16 16:11 - 001732070 _____ C:\Windows\system32\PerfStringBackup.INI 2024-01-05 18:46 - 2019-12-07 15:51 - 000746674 _____ C:\Windows\system32\perfh007.dat 2024-01-05 18:46 - 2019-12-07 15:51 - 000151622 _____ C:\Windows\system32\perfc007.dat 2024-01-05 18:46 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF 2024-01-05 18:43 - 2021-05-31 20:08 - 000000000 ____D C:\Users\ichbi\AppData\Local\CrashDumps 2024-01-05 18:42 - 2022-02-12 13:07 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-01-05 18:41 - 2021-05-17 16:40 - 000000000 ____D C:\ProgramData\NVIDIA 2024-01-05 18:40 - 2023-01-24 17:55 - 000000000 ___SD C:\Users\ichbi\Nextcloud 2024-01-05 18:39 - 2022-01-14 17:22 - 000000000 ____D C:\ProgramData\VMware 2024-01-05 18:39 - 2021-05-17 16:28 - 000000000 ____D C:\Program Files\TeamViewer 2024-01-05 18:39 - 2021-05-16 18:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2024-01-05 18:39 - 2021-05-16 16:04 - 000008192 ___SH C:\DumpStack.log.tmp 2024-01-05 18:39 - 2020-11-19 00:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2024-01-05 18:38 - 2023-01-24 17:54 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Nextcloud 2024-01-05 18:33 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2024-01-05 18:27 - 2021-05-17 15:27 - 000000000 ____D C:\Users\ichbi\AppData\LocalLow\Adobe 2024-01-05 18:25 - 2021-05-16 18:31 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2024-01-05 18:24 - 2021-09-30 20:22 - 000000000 ____D C:\Users\Public\Logi 2024-01-04 19:49 - 2021-05-16 16:16 - 000000000 ____D C:\Users\ichbi 2024-01-04 17:10 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2024-01-04 17:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness 2024-01-04 14:31 - 2023-03-16 21:00 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-01-04 14:31 - 2023-03-16 21:00 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2024-01-04 14:31 - 2021-05-17 15:27 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2023-12-24 00:09 - 2021-05-16 18:37 - 000000000 ____D C:\Program Files (x86)\Steam 2023-12-23 22:00 - 2023-08-26 22:56 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\GalaxyLife 2023-12-23 20:26 - 2023-11-28 14:49 - 000013626 _____ C:\Users\ichbi\Desktop\weihnachten.xlsx 2023-12-23 20:26 - 2021-05-31 08:40 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Microsoft\Excel 2023-12-23 20:25 - 2021-05-16 17:59 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Microsoft\Word 2023-12-23 20:21 - 2021-06-11 14:02 - 000000000 ____D C:\Users\ichbi\AppData\Local\babl-0.1 2023-12-23 18:02 - 2023-01-16 10:25 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-12-23 18:02 - 2021-05-16 16:21 - 000000000 ____D C:\Users\ichbi\AppData\Local\PlaceholderTileLogoFolder 2023-12-23 18:02 - 2020-11-19 00:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-12-23 17:56 - 2021-06-12 14:07 - 000000000 ____D C:\Users\ichbi\AppData\Local\gtk-2.0 2023-12-23 17:09 - 2021-05-29 01:38 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Microsoft\PowerPoint 2023-12-23 17:07 - 2021-05-17 15:03 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update 2023-12-23 17:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2023-12-23 17:04 - 2022-11-08 12:09 - 000000666 _____ C:\Windows\Tasks\CCleanerCrashReporting.job 2023-12-23 17:04 - 2021-05-17 15:03 - 000000000 ____D C:\Program Files\CCleaner 2023-12-23 17:04 - 2012-10-26 15:20 - 000001485 _____ C:\Windows\system32\Phonic1394_coinst.cfg 2023-12-20 12:16 - 2021-05-16 17:49 - 000000000 ____D C:\Program Files\Microsoft Office 2023-12-19 17:36 - 2021-05-30 18:03 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\vlc 2023-12-19 14:05 - 2023-10-07 11:57 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\CurseForge 2023-12-19 13:54 - 2021-08-22 20:47 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\.minecraft 2023-12-18 23:08 - 2021-05-17 16:25 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\discord 2023-12-18 22:24 - 2021-05-17 16:25 - 000000000 ____D C:\Users\ichbi\AppData\Local\Discord 2023-12-18 14:09 - 2021-05-16 17:59 - 000000000 ____D C:\Users\ichbi\AppData\Roaming\Microsoft\Office 2023-12-17 23:37 - 2021-05-16 16:19 - 000000000 ____D C:\Users\ichbi\AppData\Local\Packages 2023-12-17 13:32 - 2021-05-17 16:12 - 000000000 ____D C:\ProgramData\Package Cache 2023-12-17 13:31 - 2023-06-24 11:15 - 000000000 ____D C:\Program Files\Engine DJ 2023-12-16 11:40 - 2022-11-08 12:09 - 000003382 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting 2023-12-14 23:38 - 2021-06-21 19:30 - 000000000 ____D C:\Users\ichbi\AppData\Local\ElevatedDiagnostics 2023-12-14 18:33 - 2021-05-28 23:49 - 000001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2023-12-13 23:01 - 2021-05-17 16:25 - 000002235 _____ C:\Users\ichbi\Desktop\Discord.lnk 2023-12-13 16:10 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-12-13 16:08 - 2020-11-18 23:50 - 000481128 _____ C:\Windows\system32\FNTCACHE.DAT 2023-12-13 16:07 - 2019-12-07 15:54 - 000000000 ___SD C:\Windows\system32\AppV 2023-12-13 16:07 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2023-12-13 16:07 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2023-12-13 16:07 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2023-12-13 16:07 - 2019-12-07 15:51 - 000000000 ____D C:\Windows\SysWOW64\de 2023-12-13 16:07 - 2019-12-07 15:51 - 000000000 ____D C:\Windows\system32\de 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System 2023-12-13 16:07 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2023-12-13 16:07 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI 2023-12-13 16:07 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing 2023-12-13 16:03 - 2019-12-07 15:54 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll 2023-12-13 16:03 - 2019-12-07 15:54 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml 2023-12-13 16:03 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2023-12-13 16:03 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll 2023-12-13 16:03 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp 2023-12-13 15:59 - 2020-11-19 00:53 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-12-13 15:54 - 2021-05-16 16:26 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-12-13 15:21 - 2021-05-16 16:26 - 000000000 ____D C:\Windows\system32\MRT 2023-12-13 15:19 - 2021-05-16 16:26 - 182871392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-12-13 15:18 - 2021-05-16 18:01 - 000002525 _____ C:\Users\ichbi\Desktop\Excel.lnk 2023-12-11 11:48 - 2021-11-07 20:31 - 000000576 ____H C:\Windows\Tasks\MATLAB R2021b Startup Accelerator.job 2023-12-06 19:08 - 2020-11-19 00:51 - 000000000 ____D C:\Windows\system32\Drivers\wd ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2021-05-28 23:28 - 2021-05-28 23:31 - 000018544 _____ () C:\Users\ichbi\AppData\Roaming\Avid_CCS_Service_Stop.log 2022-01-16 14:36 - 2022-01-17 08:38 - 000000016 _____ () C:\Users\ichbi\AppData\Roaming\obs-virtualcam.txt 2021-09-25 11:31 - 2022-06-27 18:26 - 000000128 _____ () C:\Users\ichbi\AppData\Local\PUTTY.RND 2023-12-23 17:56 - 2023-12-23 17:56 - 000010644 _____ () C:\Users\ichbi\AppData\Local\recently-used.xbel 2021-07-26 22:42 - 2023-06-24 20:37 - 000007638 _____ () C:\Users\ichbi\AppData\Local\Resmon.ResmonCfg 2021-05-17 16:05 - 2021-05-17 16:05 - 000000003 _____ () C:\Users\ichbi\AppData\Local\updater.log 2021-05-17 16:05 - 2021-05-17 16:05 - 000000424 _____ () C:\Users\ichbi\AppData\Local\UserProducts.xml ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== |
05.01.2024, 20:06 | #7 |
| Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails.Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05.01.2024 01 durchgeführt von ichbi (05-01-2024 20:01:32) Gestartet von C:\Users\ichbi\Downloads Microsoft Windows 10 Pro for Workstations Version 22H2 19045.3803 (X64) (2021-05-16 15:07:12) Start-Modus: Normal ========================================================== ==================== Konten: ============================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) Administrator (S-1-5-21-3203882355-2465378241-1904074028-500 - Administrator - Disabled) B02C33EEFEF34FAEA538 (S-1-5-21-3203882355-2465378241-1904074028-1004 - Limited - Enabled) DefaultAccount (S-1-5-21-3203882355-2465378241-1904074028-503 - Limited - Disabled) Gast (S-1-5-21-3203882355-2465378241-1904074028-501 - Limited - Disabled) haert (S-1-5-21-3203882355-2465378241-1904074028-1002 - Limited - Disabled) ichbi (S-1-5-21-3203882355-2465378241-1904074028-1001 - Administrator - Enabled) => C:\Users\ichbi WDAGUtilityAccount (S-1-5-21-3203882355-2465378241-1904074028-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov) Adesso Cybertrack Driver version 1.00 (HKLM-x32\...\{BCAB7D40-5D74-4C2A-8B76-D13389AB63BC}_is1) (Version: 1.00 - ) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 23.008.20458 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Amazon Games (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.3.8425.2 - Amazon.com Services, Inc.) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.07.21.306 - Advanced Micro Devices, Inc.) AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.80 - Advanced Micro Devices, Inc.) Hidden AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 6.0.0.3 - Advanced Micro Devices, Inc.) Hidden AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.7.0.1725 - Advanced Micro Devices, Inc.) AMD SBxxx SMBus Driver Alpha (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD_Chipset_Drivers (HKLM-x32\...\{7598e74a-915c-4911-918c-ca4b2c296122}) (Version: 2.07.21.306 - Advanced Micro Devices, Inc.) Hidden ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15_Beta2 - tippach engineering) Audacity 3.0.0 (HKLM-x32\...\Audacity_is1) (Version: 3.0.0 - Audacity Team) Audacity 3.1.2 (64 Bit) (HKLM\...\Audacity_is1) (Version: 3.1.2 - Audacity Team) Avid Cloud Client Services (HKLM\...\{66E7D4F4-F044-428D-A734-59138A626A52}) (Version: 2.4.0.15 - Avid Technology, Inc.) Avid Effects (HKLM\...\{19DE6A9D-DAF1-4CCD-8641-98AF7F7A3DC2}) (Version: 20.9.0.119 - Avid Technology, Inc.) Blackmagic RAW Common Components (HKLM\...\{35D9A1FC-10E0-4825-B2D2-3B15EB9B2232}) (Version: 2.4.0.1 - Blackmagic Design) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CamScanner 1.1.3 (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\03fc796f-ccca-5cd2-9de8-e077585adf0b) (Version: 1.1.3 - intsig) CCleaner (HKLM\...\CCleaner) (Version: 6.19 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP) ChamSys MagicQ (HKLM-x32\...\MagicQ) (Version: 1.9.1.6 - ChamSys Limited) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Cisco Webex Meetings (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\ActiveTouchMeetingClient) (Version: 42.1.3 - Cisco Webex LLC) CPUID CPU-Z 1.96 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.96 - CPUID, Inc.) CPUID HWMonitor 1.44 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.44 - CPUID, Inc.) CurseForge 0.240.3-15191 (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\ca0e291c-abd4-5fc3-b6a0-3d4333eccbd7) (Version: 0.240.3-15191 - Overwolf) darktable (HKLM\...\darktable) (Version: 3.8.0 - the darktable project) DaVinci Resolve (HKLM\...\{0DE05B8E-6889-4616-8428-850274AB0700}) (Version: 17.4.60004 - Blackmagic Design) DaVinci Resolve Control Panels (HKLM\...\{7667C543-084F-47F7-BC60-175FC25E9D6F}) (Version: 2.0.1.0 - Blackmagic Design) DDFCreator 2.2.1 (HKLM-x32\...\DDFCreator_2.2.1) (Version: 2.2.1 - DMXControl Projects e.V.) Discord (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Discord) (Version: 1.0.9001 - Discord Inc.) DisplayFusion 9.8 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.8.0.0 - Binary Fortress Software) DMXControl 2.12.2 (HKLM-x32\...\DMXControl) (Version: 2.12.2 - PopSoft) ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.2.2 - Ene Tech.) Hidden ENE_DRAM_RGB_AIO (HKLM-x32\...\{c0cc7253-fa06-46c2-9ceb-f8641408262f}) (Version: 1.0.2.2 - Ene Tech.) Hidden ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\...\{54d3d2b5-db16-446d-b6dd-f4964b166b3b}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden Engine DJ (HKLM\...\{1D6DD610-418A-4FC3-91C2-CE1B88C14B20}) (Version: 3.3.0.70 - AIR Music Technology) Hidden Engine DJ (HKLM-x32\...\{0c9736f4-2a1e-4177-844e-823e11a9cc30}) (Version: 3.3.0.70 - AIR Music Technology) FACEIT Anti-Cheat (HKLM\...\{1419E44C-0EF4-4822-9194-9F1A4D43973D}_is1) (Version: 2.1 - FACEIT LTD) FileZilla Client 3.54.1 (HKLM-x32\...\FileZilla Client) (Version: 3.54.1 - Tim Kosse) FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Focusrite Audio Drivers 4.102.4.735 (HKLM\...\Focusrite Audio Drivers_is1) (Version: 4.102.4.735 - Focusrite Audio Engineering, Ltd.) GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team) Git version 2.32.0 (HKLM\...\Git_is1) (Version: 2.32.0 - The Git Development Community) GlobalProtect (HKLM\...\{8221047A-6727-47A0-AF10-C5F89CAA56A6}) (Version: 5.2.11 - Palo Alto Networks) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 118.0.5993.89 - Google LLC) Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 82.0.1.0 - Google LLC) Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2545.0 - Rockstar Games) grandMA3 onPC 1.6.3.7 (HKLM-x32\...\MA Lighting Technology GmbH grandMA3 onPC 1.6.3.7) (Version: - "MA Lighting Technology GmbH") Inkscape (HKLM-x32\...\Inkscape) (Version: 1.1.2- - Inkscape) ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com) Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation) Java(TM) SE Development Kit 16.0.1 (64-bit) (HKLM\...\{75CDB88B-F917-5456-AB2D-5504DE7F43DE}) (Version: 16.0.1.0 - Oracle Corporation) Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains) Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.) Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes) MATLAB R2021b (HKLM\...\Matlab R2021b) (Version: 9.11 - MathWorks) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.91 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.91 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Volume - de-de) (Version: 16.0.10405.20015 - Microsoft Corporation) Microsoft Teams classic (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Teams) (Version: 1.6.00.29964 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing) Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang) MIXO 0.61.0 (HKLM\...\d55b2c77-de3d-571c-b37e-a566ff87822a) (Version: 0.61.0 - MIXO) Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 121.0 (x64 de)) (Version: 121.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.1.2 - Mozilla) Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 115.5.2 (x64 de)) (Version: 115.5.2 - Mozilla) MSI SDK (HKLM-x32\...\{EE7D557C-3AE7-4348-8DCA-3A89790D0002}}_is1) (Version: 2.2021.0428.01 - MSI) MSYS2 64bit (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\{73df107e-2385-4feb-924e-ecf18a2366cb}) (Version: 20220603 - The MSYS2 Developers) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.6.2.547 - Native Instruments) Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.14.1.156 - Native Instruments) Native Instruments Traktor Pro 3 (HKLM-x32\...\Native Instruments Traktor Pro 3) (Version: 3.5.1.277 - Native Instruments) Nextcloud (HKLM\...\{235C8899-32EF-44CF-9E58-3E182ABEFDC6}) (Version: 3.7.4.20230309 - Nextcloud GmbH) Nicepage 5.2.4 (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\c9e6a573-2a17-5f23-a9b7-1d442c8e5de0) (Version: 5.2.4 - Artisteer Limited) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.8 - Notepad++ Team) Nullsoft Install System (HKLM-x32\...\NSIS) (Version: 3.08 - Nullsoft and Contributors) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA Grafiktreiber 537.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 537.58 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.1 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10405.20015 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10405.20015 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.10405.20015 - Microsoft Corporation) Hidden OpenIV (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\OpenIV) (Version: 4.1.1502 - .black/OpenIV Team) Outlook (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook) PACE License Support Win64 (HKLM\...\{5AC4321F-FCD1-4a37-BFCB-E1EB0047CDA4}) (Version: 5.4.1.3706 - PACE Anti-Piracy, Inc.) Hidden PACE License Support Win64 (HKLM-x32\...\InstallShield_{5AC4321F-FCD1-4a37-BFCB-E1EB0047CDA4}) (Version: 5.4.1.3706 - PACE Anti-Piracy, Inc.) PDF24 Creator 11.13.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.13.1 - PDF24.org) Phonic FireFly 808 & 808U Firewire Driver v6.11.0.0 (HKLM-x32\...\Phonic FireFly 808 & 808U Firewire Driver v6.11.0.0) (Version: 6.11.0.0 - Phonic) PowerPoint (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.) PuTTY release 0.75 (64-bit) (HKLM\...\{06DB09EC-52D5-47FA-A0F3-D70ED6407481}) (Version: 0.75.0.0 - Simon Tatham) Python 3.10.7 (64-bit) (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\{c62ef944-a7c9-4646-9fc7-d9e658defc1f}) (Version: 3.10.7150.0 - Python Software Foundation) Python 3.10.7 Core Interpreter (64-bit) (HKLM\...\{D4C83865-A602-4834-8390-B094CAF22F71}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Development Libraries (64-bit) (HKLM\...\{C9D65557-5B19-4B9B-860E-4E5477F9B10A}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Documentation (64-bit) (HKLM\...\{51EC70CA-6E66-499A-B7F7-94912F3EA381}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Executables (64-bit) (HKLM\...\{CE8E4C24-9C7B-447B-B974-CD8236BE09B9}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 pip Bootstrap (64-bit) (HKLM\...\{30C9588C-5E1D-479E-988A-DA38CADFA384}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Standard Library (64-bit) (HKLM\...\{08D7A4E8-F704-409B-A676-457432DA3248}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Tcl/Tk Support (64-bit) (HKLM\...\{7BB23EC2-FD76-4BDB-813C-3EEFBB7FD3D9}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Test Suite (64-bit) (HKLM\...\{099B73AD-9E34-4ADF-B982-7E3A75610CA6}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python 3.10.7 Utility Scripts (64-bit) (HKLM\...\{E1A1200C-5CC4-404B-BF93-E33C463963CD}) (Version: 3.10.7150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{96BFBDD2-78C9-42B5-9893-FABA2BB527C4}) (Version: 3.10.7917.0 - Python Software Foundation) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9013.1 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.46.1231.2020 - Realtek) Realtek USB Wireless LAN Driver (HKLM-x32\...\InstallShield_{DBCC4C27-F949-482b-B786-7B3B67587CD2}) (Version: Drv_3.00.0018 - REALTEK Semiconductor Corp.) Realtek USB Wireless LAN Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: UI_1.00.0287 - REALTEK Semiconductor Corp.) rekordbox 5.8.7 64bit (HKLM\...\Pioneer rekordbox 5.8.7) (Version: 5.8.7.0006 - AlphaTheta) rekordbox 6.6.5 64bit (HKLM\...\Pioneer rekordbox 6.6.5) (Version: 6.6.5.0041 - AlphaTheta) REW 5.20.9 (HKLM\...\4549-9647-2313-4375) (Version: 5.20.9 - John Mulcahy) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.63.962 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.5.1 - Rockstar Games) Sena 30K Updater 1.0.3 (HKLM\...\09cac4af-f108-5ae0-8a45-6335da525e88) (Version: 1.0.3 - Sena Technologies, Inc.) Sena Bluetooth Device Manager 4.3.3 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 4.3.3 - Copyright (C) 2012 ~ 2022 Sena Technologies Inc.) Sidify Music Converter 2.5.0 (HKLM-x32\...\Sidify Music Converter) (Version: 2.5.0 - Sidify) SiudiDriver Version 2.3 (HKLM\...\SiudiDriver_is1) (Version: 2.3 - LightingSoft AG) SoundSwitch 2.5.0.416 (HKLM\...\{BD01C6BB-0A08-4D41-8FD3-CB5280B5AAB8}_is1) (Version: 2.5.0.416 - onesixone Ltd) Spotify (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\Spotify) (Version: 1.2.26.1187.g36b715a1 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH) TeamViewer (HKLM\...\TeamViewer) (Version: 15.41.9 - TeamViewer) the t.racks FIR DSP 408 Processor Editor V1.1 (HKLM-x32\...\{4CC7B455-8C3D-4D79-AE0E-0CA76A27C448}_is1) (Version: - ) TR-8S Driver (HKLM\...\RolandRDID0198) (Version: - Roland Corporation) TuneFab Spotify Music Converter 3.1.24 (HKLM\...\9ff685d9-8f1e-59e1-a273-b7c9e7cf0c17) (Version: 3.1.24 - TuneFab) Two Point Hospital (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\AmazonGames/Two Point Hospital) (Version: - SEGA) VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden Webex (HKLM\...\{611AD18D-000D-4ABB-84FD-CC503FDE8EC6}) (Version: 41.5.0.18911 - Cisco Systems, Inc) Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA) Windows-Treiberpaket - Cambridge Silicon Radio Ltd. (CSRBC) USB (11/27/2020 2.5.5.9) (HKLM\...\6A50C99E75CE49370D2FB6BD3959E25A02A0751A) (Version: 11/27/2020 2.5.5.9 - Cambridge Silicon Radio Ltd.) Xournal++ (HKLM\...\Xournal++) (Version: - The Xournal++ Team) Zoom (HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\ZoomUMX) (Version: 5.16.2 (22807) - Zoom Video Communications, Inc.) Packages: ========= Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-01-04] () AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-12] (Microsoft Corporation) DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.121.0_x64__kzh8wxbdkxb8p [2021-12-10] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task] Excel -> C:\Program Files\WindowsApps\excel.office.com-72EAE3D_1.0.0.0_neutral__2vp2pd36ganw2 [2023-12-13] (excel.office.com) Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-25] (Microsoft Corporation) HEVC-Videoerweiterungen -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2023-08-13] (Microsoft Corporation) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-14] (HP Inc.) Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-17] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-10-16] (NVIDIA Corp.) Python 3.10 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.3056.0_x64__qbz5n2kfra8p0 [2023-04-06] (Python Software Foundation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.38.277.0_x64__dt26b99r8h8gj [2023-08-31] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11210.0_x64__8wekyb3d8bbwe [2023-11-30] (Microsoft Studios) [MS Ad] Word -> C:\Program Files\WindowsApps\word.office.com-51E922F2_1.0.0.1_neutral__jc2kecmnkxwqc [2023-09-01] (word.office.com) Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.0_neutral__jc2kecmnkxwqc [2022-12-03] (word.office.com) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\ichbi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23270.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{1E62D59A-6EA4-476C-B707-4A32E88ED822}\InprocServer32 -> C:\Program Files\Nextcloud\CfApiShellExtensions.dll () [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\Users\ichbi\AppData\Local\WebEx\WebEx64\Meetings\atucfobj.dll (Cisco WebEx LLC -> Cisco WebEx LLC) CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{3ebb2ee6-b94d-405e-aafd-3256b99908fc} -> [Nextcloud] => C:\Users\ichbi\Nextcloud [2023-01-24 17:55] CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{6FF9B5B6-389F-444A-9FDD-A286C36EA079}\InprocServer32 -> C:\Program Files\Nextcloud\CfApiShellExtensions.dll () [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{993c1522-cb84-4df3-94f5-975ea4f69dbf}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\ichbi\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ NextcloudError] -> {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\NCOverlays.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ NextcloudOK] -> {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\NCOverlays.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ NextcloudOKShared] -> {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\NCOverlays.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ NextcloudSync] -> {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\NCOverlays.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ NextcloudWarning] -> {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\NCOverlays.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> ) ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2020-06-05] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2020-06-05] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-05] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers3: [NextcloudContextMenuHandler] -> {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\NCContextMenu.dll [2023-03-09] (Nextcloud GmbH -> Nextcloud GmbH) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\82.0.1.0\drivefsext.dll [2023-10-12] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispsig.inf_amd64_2a8379cc1977656a\nvshext.dll [2023-10-05] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-05] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\ichbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb ShortcutWithArgument: C:\Users\ichbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\ichbi\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\ichbi\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [141] AlternateDataStreams: C:\Users\ichbi\Downloads\esetonlinescanner(1).exe:MBAM.Zone.Identifier [354] AlternateDataStreams: C:\Users\ichbi\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [354] AlternateDataStreams: C:\Users\ichbi\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-16] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-05-17] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-05-17] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-16] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-16] (Microsoft Corporation -> Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\sharepoint.com -> hxxps://dtudk-files.sharepoint.com ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\Program Files\Git\cmd;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\MATLAB\R2021b\bin; HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ichbi\Pictures\Saved Pictures\hd-wallpaper-3519309(1).jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ist aktiviert. Network Binding: ============= VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled) VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKLM\...\StartupApproved\StartupFolder: => "Avid Application Manager.lnk" HKLM\...\StartupApproved\Run: => "PDF24" HKLM\...\StartupApproved\Run: => "DigidesignMMERefresh" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\StartupFolder: => "rekordboxAgent.lnk" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "CiscoSpark" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_4D67C3CB7D15609F738713BBF52A3A48" HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{B0F7A8B0-742F-4122-B8A3-D088453E9334}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{95DE6847-2DF0-47EB-9BEF-F9141EB68D98}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{742BDAB2-59CB-429B-B8FA-D83336DCCAF2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{95C6F058-C7C8-4896-BCA1-F5644A1FA279}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8D3D2C69-7A73-41D0-BB40-95C0E3FDA997}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{92282828-0611-4788-8229-DC7CF8DDAC51}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{85FA02CE-5F40-4B74-A538-44D905B1A418}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1093ED26-AE6D-46B5-839D-CBA774FCED2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{40704FC3-B77C-4CE5-A6D4-770F5ABA4CA4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{B92DF34A-EB05-4A66-99FE-E19B5DEF377A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{295C6CE7-7412-44A8-AF57-DA679936E62D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{5E159A1F-85F5-4409-AA79-0A29830D6DD6}] => (Allow) LPort=32682 FirewallRules: [{88A723FD-2EC9-4D34-AC2C-3A86B198C814}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{11FB3506-1E8D-43A0-BEF6-A43F2D29F8B5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{70AE0C66-590A-48EF-84BE-05921365C3CD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{36254BEA-AD6B-451A-A424-F371EC13CC99}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{CD23AB14-32A4-4521-9278-6D401FC80DCA}] => (Allow) D:\Programme\Steam\steamapps\common\Battlefield Bad Company 2\BFBC2Game.exe (EA Digital Illusions CE AB -> EA Digital Illusions CE AB) FirewallRules: [{B8991E9B-DC6F-4F9F-BFD7-D7FAC98926E4}] => (Allow) D:\Programme\Steam\steamapps\common\Battlefield Bad Company 2\BFBC2Game.exe (EA Digital Illusions CE AB -> EA Digital Illusions CE AB) FirewallRules: [{95FB7026-B5A9-4B10-8A0D-898A5831FFD0}] => (Allow) D:\Programme\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe (UBISOFT ENTERTAINMENT INC. -> Blue Mammoth Games) FirewallRules: [{3B75BFED-2159-4024-9AED-1DC71A073F32}] => (Allow) D:\Programme\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe (UBISOFT ENTERTAINMENT INC. -> Blue Mammoth Games) FirewallRules: [{BBE27F17-2D0B-4409-BC83-F8E479B8A169}] => (Allow) D:\Programme\Steam\steamapps\common\Business Tour\BusinessTour.exe () [Datei ist nicht signiert] FirewallRules: [{F9EBFE0D-C363-4CC1-A6F3-3D4D9BAC5887}] => (Allow) D:\Programme\Steam\steamapps\common\Business Tour\BusinessTour.exe () [Datei ist nicht signiert] FirewallRules: [{A051E65C-B58A-4EDE-A8CA-C9E480F100E5}] => (Allow) D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => Keine Datei FirewallRules: [{E1360204-6D48-4C00-87E0-B87F8BF77119}] => (Allow) D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => Keine Datei FirewallRules: [{46C7D13A-43B7-4230-B7F6-B5BC7B7C78B5}] => (Allow) D:\Programme\Steam\steamapps\common\Human Fall Flat\Human.exe () [Datei ist nicht signiert] FirewallRules: [{8D98A846-E0A9-4744-9EAD-113AEB33D970}] => (Allow) D:\Programme\Steam\steamapps\common\Human Fall Flat\Human.exe () [Datei ist nicht signiert] FirewallRules: [{9F7A774E-AB60-49E4-8341-B665C14398E9}] => (Allow) D:\Programme\Steam\steamapps\common\Poly Bridge\polybridge.exe () [Datei ist nicht signiert] FirewallRules: [{3E14E871-4F66-4381-B1F8-2FD5CC1092BF}] => (Allow) D:\Programme\Steam\steamapps\common\Poly Bridge\polybridge.exe () [Datei ist nicht signiert] FirewallRules: [{96DA8933-5D2C-407A-87D2-83D028E6DCD2}] => (Allow) D:\Programme\Steam\steamapps\common\Stigmat\Stigmat.exe () [Datei ist nicht signiert] FirewallRules: [{47BD320C-76DE-406A-BB60-3EB8364E9382}] => (Allow) D:\Programme\Steam\steamapps\common\Stigmat\Stigmat.exe () [Datei ist nicht signiert] FirewallRules: [{E12B3C2B-A8AB-4950-98A1-56E40548F74A}] => (Allow) D:\Programme\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [Datei ist nicht signiert] FirewallRules: [{32925F97-E4F9-4A6E-B035-4D1E18D3A2BA}] => (Allow) D:\Programme\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [Datei ist nicht signiert] FirewallRules: [{C47CA2D5-518A-4DA9-B868-728BE2B52B58}] => (Allow) D:\Programme\Steam\steamapps\common\TRIP\trip.exe () [Datei ist nicht signiert] FirewallRules: [{F9CA3290-8088-4478-86E8-CA1290D633B0}] => (Allow) D:\Programme\Steam\steamapps\common\TRIP\trip.exe () [Datei ist nicht signiert] FirewallRules: [{7765A5DF-3DE8-48A1-A81F-0CC79A7A2FC7}] => (Allow) D:\Programme\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [Datei ist nicht signiert] FirewallRules: [{C4F65A04-192C-4DA8-92BC-CB67801F8EE7}] => (Allow) D:\Programme\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [Datei ist nicht signiert] FirewallRules: [{F04FFBAC-BF43-401F-AEC8-A4379BC0405D}] => (Allow) D:\Programme\Steam\steamapps\common\Ben and Ed - Blood Party\BaEBloodParty.exe () [Datei ist nicht signiert] FirewallRules: [{C2C23592-85B3-40BD-8927-38277119BA68}] => (Allow) D:\Programme\Steam\steamapps\common\Ben and Ed - Blood Party\BaEBloodParty.exe () [Datei ist nicht signiert] FirewallRules: [{5A22AC9F-2EE1-44D7-9C85-96EF3DB8EC16}] => (Allow) D:\Programme\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe (Haemimont Games) [Datei ist nicht signiert] FirewallRules: [{DEBFF066-D7ED-4E36-B435-8E8B59E0A1A0}] => (Allow) D:\Programme\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe (Haemimont Games) [Datei ist nicht signiert] FirewallRules: [{ECF581ED-9FA1-4CAF-A7E7-6B658B28F639}] => (Allow) C:\Users\ichbi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{EE9CDDA4-6010-4976-93E5-B2B9769023AB}] => (Allow) C:\Users\ichbi\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{8F481034-9422-4A5B-ABD1-1019C730B929}] => (Allow) C:\Users\ichbi\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{698DD5BB-309F-414F-AE93-13D2C56581B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{85A3CDE6-2499-4504-99FA-AB9826CA249B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{05097074-1493-48EF-AD9B-F765D37B2747}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6093BB38-E05A-4612-9CDA-B6E1FFB0273F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E91EA20F-7E0C-4B61-8155-211B3A118E47}] => (Allow) C:\Program Files\Avid\Cloud Client Services\Hub.exe (Avid Technology, Inc. -> Avid Technology, Inc.) FirewallRules: [{0FB5BFB4-D01A-4F67-B20E-4359CB2418F6}] => (Allow) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe (Avid Technology, Inc. -> Avid Technology, Inc.) FirewallRules: [{D5DD9903-A84C-4FCD-B224-62B32F915722}] => (Allow) C:\Program Files\Avid\Avid Link\jre\bin\java.exe => Keine Datei FirewallRules: [{7F052D66-EB4D-465C-BF94-545F94D58325}] => (Allow) C:\Program Files\Avid\Avid Link\Avid Link.exe => Keine Datei FirewallRules: [{31D62179-368A-4BF3-A351-9208DD232D3B}] => (Allow) C:\Program Files\Avid\Avid Link\AvidAppManHelper.exe => Keine Datei FirewallRules: [{3631C4B7-5200-4A66-91A5-6596F9900D0C}] => (Allow) D:\Programme\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (KRAFTON, Inc. -> KRAFTON, Inc.) FirewallRules: [{830C12D3-1A9F-4FA9-A8F8-19950593A9C3}] => (Allow) D:\Programme\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (KRAFTON, Inc. -> KRAFTON, Inc.) FirewallRules: [{6D46D3F3-8271-4E93-8D95-F7496560D969}] => (Allow) C:\Program Files\Avid\Pro Tools FirstProToolsFirst.exe => Keine Datei FirewallRules: [TCP Query User{54638ADB-8D0A-48AE-A917-0E07EE5F39E2}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => Keine Datei FirewallRules: [UDP Query User{1A6138DB-AC6F-41F8-9A06-B5C6BF4EF915}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => Keine Datei FirewallRules: [TCP Query User{7FDBB71B-D166-4F69-AF85-D69671A36023}D:\programme\gta5\grand theft auto v\gta5.exe] => (Allow) D:\programme\gta5\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{E692F718-035B-47FA-8C50-A5864531A509}D:\programme\gta5\grand theft auto v\gta5.exe] => (Allow) D:\programme\gta5\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{15F0CB0C-C722-4BD6-9A45-38D08669016C}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => Keine Datei FirewallRules: [UDP Query User{3DAAA096-EE19-481D-A213-8297E9BDA2CF}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe => Keine Datei FirewallRules: [{5C099345-F44F-40EE-ABEB-443138F2B070}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{415CFEAE-60E7-4709-AC47-DFBEF0B3D14B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{F5934923-D33E-491B-AF66-808660737E5A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{6651349D-8367-4BC6-8ABC-C3A43A563E6A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [TCP Query User{F3C5B21C-2E57-4956-B591-0ED06F620995}C:\users\ichbi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ichbi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{C280454A-A011-48F0-8C35-DCA9677431B4}C:\users\ichbi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ichbi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AE50AEA7-4C6A-4570-B47D-F91C30A78436}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{60067F71-F890-46BF-B0D2-A6A3AAC4B148}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{FE4432A8-A73F-4CE6-9D02-8688CB2A6948}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{C2D9597D-3A0F-43E7-9B58-C8BE818F5DCF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{8B93FA1B-D066-40E8-894A-2A9411C3496E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{871CF4E8-B398-47D9-87BB-38D0D120F899}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{2518094A-AC98-41FA-B8C5-DBBD5B32561B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{6BB64CEA-788C-4878-93FE-AE098E948A10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [TCP Query User{0F5DCF46-9885-4C55-A693-CA0F99D92F2F}C:\users\ichbi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ichbi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{D6C02BC9-AA0B-4867-AAA7-8E77F2EE9DE9}C:\users\ichbi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ichbi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A19B1C4D-ABE2-44E0-886D-AA9C940265F4}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe => Keine Datei FirewallRules: [{7992D638-601B-4BB5-A224-0E10B0062D70}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe => Keine Datei FirewallRules: [TCP Query User{B8E8807C-D99A-45EA-BC8B-ADBB8BA083EE}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe FirewallRules: [UDP Query User{D1FFB670-BAD0-4F2A-ACF0-8276EC743ED6}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe FirewallRules: [{7271F8DD-576F-42A3-BC3A-FD5D9025B82D}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) FirewallRules: [{E1380A33-0EBC-4ED1-BC81-640A65AC32C1}] => (Allow) LPort=1542 FirewallRules: [{C49C792E-2A12-4334-9C12-BBFB31AA38B0}] => (Allow) LPort=1542 FirewallRules: [{22B6582F-CDC8-402C-84A2-DB276DAEBB3C}] => (Allow) LPort=53 FirewallRules: [{9132FED8-8A09-4AAB-B5E6-C3B2FB270F76}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{34FA8617-09E5-4846-B27F-82EC5FEDD9EE}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{A14FF5E4-CFF5-404F-B2C6-6EF34A600E61}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{CE224003-4E2C-4D4A-B202-A23D61F8F14B}] => (Allow) LPort=53 FirewallRules: [{C0FC1DEB-91BB-4A22-9AD7-82AB7BBC69AD}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{9AC907C3-7C29-4FEB-A74C-6186F1D4EF9B}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{22D20951-604C-4F91-BBEC-79940A34C168}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{A332EBD2-6094-4307-8522-5598CC38432F}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [TCP Query User{2A0DE262-92D3-4167-AA7C-55741094346A}D:\programme\steam\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe] => (Allow) D:\programme\steam\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe (Epic Games, Inc.) [Datei ist nicht signiert] FirewallRules: [UDP Query User{35E1A64F-92EE-432B-A95B-37C8F7365CC8}D:\programme\steam\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe] => (Allow) D:\programme\steam\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe (Epic Games, Inc.) [Datei ist nicht signiert] FirewallRules: [TCP Query User{298FF566-C6AD-4F2D-9213-44C20875F095}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{CE128228-330B-4D40-9E09-CA0D1594E405}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [{421212DF-F44C-49B4-A014-3F27C1C03110}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA) FirewallRules: [{AB2F84C2-9F8D-4F35-928C-538512CED97D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA) FirewallRules: [TCP Query User{8202C236-541F-4A7E-9D31-F84EBF510D72}C:\program files\teamspeak 3 client\ts3client_win64.exe] => (Allow) C:\program files\teamspeak 3 client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH) FirewallRules: [UDP Query User{4E04F0E0-4381-4BEF-8A84-7F6E91448868}C:\program files\teamspeak 3 client\ts3client_win64.exe] => (Allow) C:\program files\teamspeak 3 client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH) FirewallRules: [{6EC8EBC8-C4AE-4060-BB8D-90EDC311F56C}] => (Allow) D:\Programme\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH) FirewallRules: [{4A06503D-87BE-441D-81E8-A2B8FF1B8939}] => (Allow) D:\Programme\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH) FirewallRules: [TCP Query User{27E8C48E-80B0-45CF-9F7F-4ECC15338866}C:\program files\soundswitch\soundswitch.exe] => (Allow) C:\program files\soundswitch\soundswitch.exe (inMusic New Zealand Limited -> Onesixone) FirewallRules: [UDP Query User{4C445716-4DC1-48E4-8192-C495FAC1C569}C:\program files\soundswitch\soundswitch.exe] => (Allow) C:\program files\soundswitch\soundswitch.exe (inMusic New Zealand Limited -> Onesixone) FirewallRules: [TCP Query User{846B90C7-4163-4CD9-A42B-166F5EC89030}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe (DMXControl Projects e. V. -> PopSoft) [Datei ist nicht signiert] FirewallRules: [UDP Query User{B1EFC2E0-2456-47F8-87D7-E0C1C25986B8}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe (DMXControl Projects e. V. -> PopSoft) [Datei ist nicht signiert] FirewallRules: [TCP Query User{D2044C2D-12F1-42E5-841B-18CE131ACECA}D:\programme\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programme\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (KRAFTON, Inc. -> KRAFTON, Inc.) FirewallRules: [UDP Query User{90D8489E-24F4-439F-9792-684443C0FE61}D:\programme\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programme\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (KRAFTON, Inc. -> KRAFTON, Inc.) FirewallRules: [TCP Query User{47F86A28-8DAC-4F5B-A010-7CA8CDE7A63A}C:\program files (x86)\chamsys ltd\magicq pc\mqqt.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqqt.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{6E915E32-18C0-4FAB-B502-543B26929A2C}C:\program files (x86)\chamsys ltd\magicq pc\mqqt.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqqt.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{15FBCB82-2D1A-453B-91CD-469BA8C3283D}C:\program files (x86)\chamsys ltd\magicq pc\mqhd.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqhd.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{4779BFB5-8EE1-415A-8B99-07EDEB19D724}C:\program files (x86)\chamsys ltd\magicq pc\mqhd.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqhd.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{4D34AAE5-D22C-4494-BC1D-28F8ED4D4C7E}C:\program files (x86)\chamsys ltd\magicq pc\mqvis.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqvis.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{DF4D2E36-8D31-4740-9761-09CB42ACBED9}C:\program files (x86)\chamsys ltd\magicq pc\mqvis.exe] => (Allow) C:\program files (x86)\chamsys ltd\magicq pc\mqvis.exe () [Datei ist nicht signiert] FirewallRules: [{209964DC-45DA-4557-9581-5E8AD818AA13}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.6.3\bin\app_system.exe (MA Lighting Technology GmbH. -> MA Lighting Technology) FirewallRules: [{F23FC923-CD12-40FA-B3D3-053788239B81}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.6.3\bin\app_gma3.exe (MA Lighting Technology GmbH. -> MA Lighting Technology) FirewallRules: [{7F4C126F-5FC3-4450-A0A6-444D1CFFAB9E}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.6.3\bin\app_updater.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [{5EB89E3E-499D-47EC-BDC0-CB66F4CE3FB0}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.6.3\bin\app_terminal.exe (MA Lighting Technology GmbH. -> ) FirewallRules: [{0B49B177-E589-46DE-8C5D-75831329ACEB}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{5DEEA7C4-8295-429C-9A94-165C81C0251E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{2BF8500B-6703-4D2B-9309-3F6F9B4B62D3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> ) FirewallRules: [{0B16A5A2-33CB-4FA1-B71A-0BAD9FBDEA80}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> ) FirewallRules: [{B82115B8-EEC8-4988-99EC-3AF102D91403}] => (Allow) D:\Programme\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{D62FEDEB-CBBC-4842-B4F9-64C5993CA2B7}] => (Allow) D:\Programme\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{06D7853D-258F-404A-A63D-8DFDABED638D}D:\programme\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\programme\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{3750B706-27CA-40B1-989D-4C45F9D2DC25}D:\programme\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\programme\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{196BF6AF-7522-4C90-91A5-ED7CB6B98880}C:\programdata\ichbi\wtools\app-1.2.1\wtools.exe] => (Allow) C:\programdata\ichbi\wtools\app-1.2.1\wtools.exe (LightingSoft AG -> Nicolaudie Group Inc.) FirewallRules: [UDP Query User{6F3044D3-7F94-4ABB-81CA-3FD2286AB48D}C:\programdata\ichbi\wtools\app-1.2.1\wtools.exe] => (Allow) C:\programdata\ichbi\wtools\app-1.2.1\wtools.exe (LightingSoft AG -> Nicolaudie Group Inc.) FirewallRules: [TCP Query User{CA5358B8-53B6-4BEF-B164-E1CCEE34F8B0}C:\users\ichbi\appdata\local\wtools\app-1.2.1\wtools.exe] => (Allow) C:\users\ichbi\appdata\local\wtools\app-1.2.1\wtools.exe => Keine Datei FirewallRules: [UDP Query User{6CCEC559-DEC4-427E-B5A0-CFE2A65ACC1D}C:\users\ichbi\appdata\local\wtools\app-1.2.1\wtools.exe] => (Allow) C:\users\ichbi\appdata\local\wtools\app-1.2.1\wtools.exe => Keine Datei FirewallRules: [TCP Query User{26B00AC8-815B-4050-AADE-BA25146CBDBD}C:\program files\matlab\r2021b\bin\win64\_temp_supportsoftwaredownloader_r2022a_win64\bin\win64\supportsoftwareinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\_temp_supportsoftwaredownloader_r2022a_win64\bin\win64\supportsoftwareinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [UDP Query User{F26EB670-3AAA-4804-AEF1-DD333F9C522E}C:\program files\matlab\r2021b\bin\win64\_temp_supportsoftwaredownloader_r2022a_win64\bin\win64\supportsoftwareinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\_temp_supportsoftwaredownloader_r2022a_win64\bin\win64\supportsoftwareinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [TCP Query User{07BC7897-6B76-465C-BFA2-9B260CE860AB}C:\program files\matlab\r2021b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\matlab.exe (The MathWorks, Inc. -> The MathWorks Inc.) FirewallRules: [UDP Query User{44334CEA-8AAF-4AA3-A8F3-365B8A758E02}C:\program files\matlab\r2021b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\matlab.exe (The MathWorks, Inc. -> The MathWorks Inc.) FirewallRules: [TCP Query User{E0BF3854-1654-44B3-AEC7-07ADE6070D9F}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe (DMXControl Projects e. V. -> PopSoft) [Datei ist nicht signiert] FirewallRules: [UDP Query User{E74E8248-E22C-451F-90B9-A3DAFE5DA197}C:\program files (x86)\dmxcontrol\dmxcontrol.exe] => (Allow) C:\program files (x86)\dmxcontrol\dmxcontrol.exe (DMXControl Projects e. V. -> PopSoft) [Datei ist nicht signiert] FirewallRules: [{36BDEFAA-AEB0-402E-A339-3CFFA93FEDEF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{7D0798BF-12F9-43AB-9CE9-B6EF02CF4E24}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{A3485A3C-0C30-45AE-96EB-15CF8C877569}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{4D90C065-C1AF-41CC-A788-E97E93FC1A4F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{913753A8-2331-4E42-84E5-FF36FFA0BBC9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{3A7EFEBE-5992-4784-9F5D-FC0CA859C2B8}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{58F44218-D96A-4238-B960-20AF731D50DA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => Keine Datei FirewallRules: [{F972CA2B-5A8B-407F-B53C-D9DBDA10D812}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{F970A519-8C2C-4A91-AE66-D210F8C04511}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C086083F-11C9-45BC-917D-E1D8AD5832E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A8BD563C-2C87-4746-9003-A343A29FBCA8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{91C5865B-41FC-40BB-B8DB-C1C82AC39EEE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{8B55B662-EC8B-4982-A7D3-883B85DFDC70}C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [UDP Query User{17FF7001-D56A-467D-BC41-4E1C19B487F9}C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [TCP Query User{853B8257-A28E-49F4-88A0-4E5B74F14810}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{5AD9B704-B2EA-40EA-B727-BD99BD14C80D}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{66936BB7-2C76-44D6-AE2A-9E865AE2D9EF}C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [UDP Query User{9400B343-9976-466F-B1B8-356D185309BB}C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [{41411A05-8AF8-477B-B3E4-B8E12BC61B08}] => (Allow) D:\Programme\Steam\steamapps\common\Poly Bridge 2\Poly Bridge 2.exe () [Datei ist nicht signiert] FirewallRules: [{39797DF0-8291-498B-8209-9FC440C51412}] => (Allow) D:\Programme\Steam\steamapps\common\Poly Bridge 2\Poly Bridge 2.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{5192F18A-FE9A-42CE-B9FC-A652AA2D7254}C:\users\ichbi\appdata\local\wtools\app-1.3.1\wtools.exe] => (Allow) C:\users\ichbi\appdata\local\wtools\app-1.3.1\wtools.exe => Keine Datei FirewallRules: [UDP Query User{6D696B6C-E016-4EE3-9788-E93AA2547048}C:\users\ichbi\appdata\local\wtools\app-1.3.1\wtools.exe] => (Allow) C:\users\ichbi\appdata\local\wtools\app-1.3.1\wtools.exe => Keine Datei FirewallRules: [TCP Query User{82509882-027A-4AD5-85DC-85331334874B}C:\slmev\easyview.exe] => (Allow) C:\slmev\easyview.exe => Keine Datei FirewallRules: [UDP Query User{8C0000D6-E413-4930-8F41-87C5BBCEFB9A}C:\slmev\easyview.exe] => (Allow) C:\slmev\easyview.exe => Keine Datei FirewallRules: [{5C79924A-DA3E-4D30-861B-661736EFF82D}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\rekordbox.exe (AlphaTheta Corporation -> AlphaTheta Corporation) FirewallRules: [{DB418B63-0756-4B42-9C7A-4B25EA3ADCA3}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\psvnfsd.exe (AlphaTheta Corporation -> AlphaTheta Corporation) FirewallRules: [{6817FB9D-4BC6-4613-9B90-524F0C7366C5}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\psvlinksysmgr.exe (AlphaTheta Corporation -> AlphaTheta Corporation) FirewallRules: [{E1C6B6A3-1517-476A-9DEC-8D59B018A5A7}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\edb_streamd.exe (AlphaTheta Corporation -> ) FirewallRules: [{7BCC20EF-F379-4E31-8C44-BE1951EF3F54}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\ls-unity-rekordbox-win-64bit.exe (AlphaTheta Corporation -> ) FirewallRules: [{8142F0FD-C6B8-41BE-9977-DDCD6F8332E4}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\rbHttpServer.exe (AlphaTheta Corporation -> ) FirewallRules: [{8DF0DBBC-2C79-49A5-A89E-57C5E846E9CE}] => (Allow) C:\Program Files\Pioneer\rekordbox 6.6.5\rekordboxAgent-win32-x64\rekordboxAgent.exe (AlphaTheta Corporation -> AlphaTheta Corporation) FirewallRules: [{2C7F95BC-A010-4587-BCF5-CD5ECB472F57}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\rekordbox.exe (AlphaTheta Corporation -> AlphaTheta Corporation) FirewallRules: [{435E3049-627F-42BF-9244-2993CD6EFF65}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\psvnfsd.exe (AlphaTheta Corporation -> Pioneer DJ Corporation.) FirewallRules: [{EEF1B5BF-CF35-4786-9E50-60C0CC9ACF53}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\psvlinksysmgr.exe (AlphaTheta Corporation -> Pioneer DJ Corporation.) FirewallRules: [{C6C52502-8B12-4742-A37A-06DEBCCAE348}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\edb_streamd.exe (AlphaTheta Corporation -> ) FirewallRules: [{DC6677E7-0905-41C8-9FBA-CEB5B44C27D7}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\ls-unity-rekordbox-win-64bit.exe (AlphaTheta Corporation -> ) FirewallRules: [{916D74EF-83EA-456A-A417-FB1992BE5708}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.8.7\rbHttpServer.exe (AlphaTheta Corporation -> ) FirewallRules: [{E05669DB-864E-4260-94F9-337F38F5BEEA}] => (Allow) D:\Programme\Steam\steamapps\common\Galaxy Life\Galaxy Life.exe => Keine Datei FirewallRules: [{B6148BC4-430A-4DF9-93BC-42598B9B5107}] => (Allow) D:\Programme\Steam\steamapps\common\Galaxy Life\Galaxy Life.exe => Keine Datei FirewallRules: [{E569B051-DD70-41F3-862A-F6FD6A5CBCDF}] => (Allow) D:\Programme\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{E08D4857-5A29-4D0B-AEDE-1B51D9F1DCCE}] => (Allow) D:\Programme\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{2A09DE71-F547-4502-99EB-87FE0AFD931A}] => (Allow) D:\Programme\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{778F20A8-0A95-4DBE-BA4C-568700FF969F}] => (Allow) D:\Programme\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{6D8CD427-FC49-449C-8429-591815B42E35}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B60DD0A4-007C-4781-9A7C-B6726585CBDC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{7FBD8017-7D39-4E6B-A496-D2EFFD97DC09}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{304A9476-9153-4778-8DFF-E1EBE19FF75B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [TCP Query User{C3B9F1F0-4281-4DFE-B658-4ADCD6D6E33A}C:\program files\engine dj\engine dj.exe] => (Allow) C:\program files\engine dj\engine dj.exe (inMusic Brands, Inc. -> AIR Music Technology) FirewallRules: [UDP Query User{B29F8ED8-C00D-4C89-BB63-64F55E6A6E07}C:\program files\engine dj\engine dj.exe] => (Allow) C:\program files\engine dj\engine dj.exe (inMusic Brands, Inc. -> AIR Music Technology) FirewallRules: [TCP Query User{0EC46D3C-0AFC-4662-A66A-56FE928526F5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [UDP Query User{6F7825AD-6CDD-4214-86F5-81B8E6EEE1A1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [TCP Query User{7A7B07CF-FA17-45D6-BDD5-A0506108A63F}C:\program files\engine dj\engine dj.exe] => (Allow) C:\program files\engine dj\engine dj.exe (inMusic Brands, Inc. -> AIR Music Technology) FirewallRules: [UDP Query User{40585C1B-A4C7-41E9-A793-8B2B81406061}C:\program files\engine dj\engine dj.exe] => (Allow) C:\program files\engine dj\engine dj.exe (inMusic Brands, Inc. -> AIR Music Technology) FirewallRules: [{9DAE8B49-9222-4050-BBB9-078BEDEF8F55}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{73B57914-2EB7-46F2-95A4-C49036D526BE}C:\users\ichbi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\ichbi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{CE1222EA-F448-4AD4-8EA0-4D95BA8E1216}C:\users\ichbi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\ichbi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{41555CD2-0F77-48EE-AEB8-EC8F0A3E8E72}C:\users\ichbi\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\ichbi\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [UDP Query User{D809FF12-1E98-4748-9CD5-BB56B04A56AE}C:\users\ichbi\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\ichbi\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [TCP Query User{D35390B7-8F41-4D35-8369-222F5AA69FC6}C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [UDP Query User{9B3F6935-56B7-4014-A863-836D95D0E386}C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe] => (Allow) C:\program files\matlab\r2021b\bin\win64\addonproductinstaller.exe (The MathWorks, Inc. -> The MathWorks, Inc) FirewallRules: [TCP Query User{B36BB949-8E06-4EFC-87E1-8891E3FB108D}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{69BDE64E-AA0D-481B-9C50-34CFAD897D1E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{00075C33-9180-4FDC-8F75-E29D436FDF85}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Wiederherstellungspunkte ========================= 17-12-2023 13:31:39 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 04-01-2024 19:06:06 Geplanter Prüfpunkt ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: PANGP Virtual Ethernet Adapter Description: PANGP Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: PaloAltoNetworks Service: PanGpd Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (01/05/2024 07:23:15 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (01/05/2024 06:43:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ESETOnlineScanner.exe, Version: 10.23.31.0, Zeitstempel: 0x61e82da2 Name des fehlerhaften Moduls: WININET.dll, Version: 11.0.19041.3636, Zeitstempel: 0x5ccf5c78 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00313a68 ID des fehlerhaften Prozesses: 0x114c Startzeit der fehlerhaften Anwendung: 0x01da3ffea06a0a4d Pfad der fehlerhaften Anwendung: C:\Users\ichbi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\WININET.dll Berichtskennung: 2b71e4d5-ee66-4ef2-a8f4-55a08424b88f Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (01/05/2024 06:42:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ESETOnlineScanner.exe, Version: 10.23.31.0, Zeitstempel: 0x61e82da2 Name des fehlerhaften Moduls: WININET.dll, Version: 11.0.19041.3636, Zeitstempel: 0x5ccf5c78 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00313a68 ID des fehlerhaften Prozesses: 0x3f20 Startzeit der fehlerhaften Anwendung: 0x01da3ffe97635775 Pfad der fehlerhaften Anwendung: C:\Users\ichbi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\WININET.dll Berichtskennung: 2a2b3822-a536-482b-8251-1b2731c4223c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (01/05/2024 06:42:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ESETOnlineScanner.exe, Version: 10.23.31.0, Zeitstempel: 0x61e82da2 Name des fehlerhaften Moduls: WININET.dll, Version: 11.0.19041.3636, Zeitstempel: 0x5ccf5c78 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00313a68 ID des fehlerhaften Prozesses: 0x3084 Startzeit der fehlerhaften Anwendung: 0x01da3ffe8d53e41f Pfad der fehlerhaften Anwendung: C:\Users\ichbi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\WININET.dll Berichtskennung: 3affffdd-2815-477a-9056-a528ed538e4a Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (01/05/2024 06:42:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ESETOnlineScanner.exe, Version: 10.23.31.0, Zeitstempel: 0x61e82da2 Name des fehlerhaften Moduls: WININET.dll, Version: 11.0.19041.3636, Zeitstempel: 0x5ccf5c78 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00313a68 ID des fehlerhaften Prozesses: 0x4364 Startzeit der fehlerhaften Anwendung: 0x01da3ffe86d66f6e Pfad der fehlerhaften Anwendung: C:\Users\ichbi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\WININET.dll Berichtskennung: 1e77e458-40ab-414b-957f-84ca3f422af7 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (01/05/2024 06:39:32 PM) (Source: NIHardwareService) (EventID: 259) (User: ) Description: MIDIDevice: Unable to unlock BMIDI DLL/driver Error: (01/04/2024 07:23:16 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (01/04/2024 06:52:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: Die Speicheroptimierung konnte erneut optimieren auf DatenII (E:) nicht abschließen. Grund: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A) Systemfehler: ============= Error: (01/05/2024 06:41:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/05/2024 06:41:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "VMware Workstation Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/05/2024 06:41:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VMware Authorization Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/05/2024 06:41:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "VMware USB Arbitration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/05/2024 06:41:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VMware DHCP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/05/2024 06:41:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "PDF24" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/05/2024 06:41:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "PACE License Services" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/05/2024 06:41:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "PanGPS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Windows Defender: ================ Date: 2024-01-04 17:10:27 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {22D83DEA-FBB0-4151-940D-4476E65F55DF} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2023-12-23 22:45:01 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish&threatid=2147678587&enterprise=0 Name: Trojan:HTML/Phish Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: containerfile:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar; file:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar->backup_domainmail_2109251227.tgz->(GZip)->info/Maildir/new/1538777135.M782738P8140V0000000000000902I0000000004120FB7.srv.web-alpha.de,S=2158; file:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar->backup_domainmail_2109251227.tgz->(GZip)->inhaber/Maildir/new/1538777136.M302278P8157V0000000000000902I0000000004120FB8.srv.web-alpha.de,S=2374; file:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar->backup_domainmail_2109251227.tgz->(GZip)->inhaber/Maildir/new/1538913208.M471140P25230V0000000000000902I0000000004120FBC.srv.web-alpha.de,S=2397 Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Benutzer Benutzer: JULIAN-PC-STUDI\ichbi Prozessname: Unknown Sicherheitsversion: AV: 1.403.693.0, AS: 1.403.693.0, NIS: 1.403.693.0 Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2 Date: 2023-12-23 22:45:01 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0 Name: Trojan:Script/Wacatac.H!ml Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: file:_C:\Users\ichbi\Downloads\Chapter-File-1.rar Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: Benutzer Benutzer: JULIAN-PC-STUDI\ichbi Prozessname: Unknown Sicherheitsversion: AV: 1.403.693.0, AS: 1.403.693.0, NIS: 1.403.693.0 Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2 Date: 2023-12-23 22:45:01 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Zusy.EC!MTB&threatid=2147842708&enterprise=0 Name: Trojan:Win32/Zusy.EC!MTB Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: containerfile:_C:\$Recycle.Bin\S-1-5-21-3203882355-2465378241-1904074028-1001\$R0F09Q3.zip; file:_C:\$Recycle.Bin\S-1-5-21-3203882355-2465378241-1904074028-1001\$R0F09Q3.zip->aclui.dll Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Benutzer Benutzer: JULIAN-PC-STUDI\ichbi Prozessname: Unknown Sicherheitsversion: AV: 1.403.693.0, AS: 1.403.693.0, NIS: 1.403.693.0 Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2 Date: 2023-12-23 22:45:01 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/CryptoExtortBTC&threatid=2147830595&enterprise=0 Name: Trojan:HTML/CryptoExtortBTC Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: containerfile:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar; file:_E:\Backups\Equi-Trend.com\backup_equi-trend.com_2109251227.tar->backup_domainmail_2109251227.tgz->(GZip)->info/Maildir/new/1631216929.M296629P18582.mailsrv.web-beta.de,S=2876,W=2921 Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Benutzer Benutzer: JULIAN-PC-STUDI\ichbi Prozessname: Unknown Sicherheitsversion: AV: 1.403.693.0, AS: 1.403.693.0, NIS: 1.403.693.0 Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2 CodeIntegrity: =============== Date: 2024-01-05 20:00:14 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Speicherinformationen =========================== BIOS: American Megatrends International, LLC. H.F1 08/04/2021 Hauptplatine: Micro-Star International Co., Ltd. X570-A PRO (MS-7C37) Prozessor: AMD Ryzen 9 3900X 12-Core Processor Prozentuale Nutzung des RAM: 20% Installierter physikalischer RAM: 32689.02 MB Verfügbarer physikalischer RAM: 25857.91 MB Summe virtueller Speicher: 37553.02 MB Verfügbarer virtueller Speicher: 28314.89 MB ==================== Laufwerke ================================ Drive c: (Boot) (Fixed) (Total:476.38 GB) (Free:71.56 GB) (Model: SAMSUNG MZVL2512HCJQ-00B00) NTFS Drive d: (Daten) (Fixed) (Total:953.87 GB) (Free:161.42 GB) (Model: SAMSUNG MZVL21T0HCLR-00B00) NTFS Drive e: (DatenII) (Fixed) (Total:931.51 GB) (Free:645.51 GB) (Model: ST1000DM003-1ER162) NTFS \\?\Volume{2ef37091-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS \\?\Volume{2ef37091-0000-0000-0000-d01b77000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F38A4BF1) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 2EF37091) Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=476.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=515 MB) - (Type=27) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 953.9 GB) (Disk ID: C78726A4) Partition 1: (Not Active) - (Size=953.9 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ======================= |
05.01.2024, 21:58 | #8 |
/// TB-Ausbilder | Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Wir führen eine Reparatur mit FRST durch und kontrollieren anschließend mit KVRT. Beide Schritte können jeweils einige Minuten (>> 15) dauern, bitte gedulde dich. Schritt 1 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
Schritt 2 Führe das Kaspersky Virus Removal Tool (KVRT) gemäß der bebilderten Anleitung aus und poste abschließend die Logdateien. |
06.01.2024, 17:08 | #9 |
| Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Fixlog: Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05.01.2024 01 durchgeführt von ichbi (06-01-2024 12:02:40) Run:1 Gestartet von C:\Users\ichbi\Downloads Geladene Profile: ichbi Start-Modus: Normal ============================================== fixlist Inhalt: ***************** Start:: SystemRestore: On CreateRestorePoint: CloseProcesses: AlternateDataStreams: C:\Users\ichbi\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\ichbi\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [141] AlternateDataStreams: C:\Users\ichbi\Downloads\esetonlinescanner(1).exe:MBAM.Zone.Identifier [354] AlternateDataStreams: C:\Users\ichbi\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [354] AlternateDataStreams: C:\Users\ichbi\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] C:\Users\ichbi\Downloads\Chapter-File-1.rar HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\MountPoints2: {728efc9f-c9d4-11eb-912b-d8bbc1099828} - "F:\OnePlus_setup.exe" /s HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\...\MountPoints2: {ea960893-bd9e-11ec-9158-d8bbc1099828} - "F:\OnePlus_setup.exe" /s GroupPolicy: Beschränkung ? <==== ACHTUNG Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG Task: {41ED8001-A23A-4D4F-A9CC-AAE1369F970D} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3203882355-2465378241-1904074028-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei) S3 netr28x; \SystemRoot\System32\drivers\netr28x.sys [X] U4 npcap_wifi; kein ImagePath S4 NvModuleTracker; \SystemRoot\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] CMD: cscript /nologo %systemroot%\System32\slmgr.vbs /dlv CMD: netsh winsock reset CMD: netsh int ip reset CMD: ipconfig /release CMD: ipconfig /renew CMD: ipconfig /registerdns CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh winhttp reset proxy CMD: Bitsadmin /Reset /Allusers CMD: Winmgmt /salvagerepository CMD: Winmgmt /verifyrepository CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R CMD: sfc /scannow Hosts: RemoveProxy: EmptyTemp: End:: ***************** SystemRestore: On => abgeschlossen Wiederherstellungspunkt wurde erfolgreich erstellt. Prozesse erfolgreich geschlossen. C:\Users\ichbi\Anwendungsdaten => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS erfolgreich entfernt C:\Users\ichbi\Downloads\adwcleaner.exe => ":MBAM.Zone.Identifier" ADS erfolgreich entfernt C:\Users\ichbi\Downloads\esetonlinescanner(1).exe => ":MBAM.Zone.Identifier" ADS erfolgreich entfernt C:\Users\ichbi\Downloads\esetonlinescanner.exe => ":MBAM.Zone.Identifier" ADS erfolgreich entfernt "C:\Users\ichbi\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS nicht gefunden. "C:\Users\ichbi\Downloads\Chapter-File-1.rar" => nicht gefunden HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => erfolgreich entfernt HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{728efc9f-c9d4-11eb-912b-d8bbc1099828} => erfolgreich entfernt HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea960893-bd9e-11ec-9158-d8bbc1099828} => erfolgreich entfernt "C:\Windows\system32\GroupPolicy\Machine" Ordner verschieben: C:\Windows\system32\GroupPolicy\Machine => erfolgreich verschoben C:\Windows\system32\GroupPolicy\GPT.ini => erfolgreich verschoben C:\ProgramData\NTUSER.pol => erfolgreich verschoben HKLM\SOFTWARE\Policies\Mozilla => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41ED8001-A23A-4D4F-A9CC-AAE1369F970D}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41ED8001-A23A-4D4F-A9CC-AAE1369F970D}" => erfolgreich entfernt C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3203882355-2465378241-1904074028-500 => erfolgreich verschoben "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-3203882355-2465378241-1904074028-500" => erfolgreich entfernt HKLM\System\CurrentControlSet\Services\netr28x => erfolgreich entfernt netr28x => Dienst erfolgreich entfernt HKLM\System\CurrentControlSet\Services\npcap_wifi => erfolgreich entfernt npcap_wifi => Dienst erfolgreich entfernt HKLM\System\CurrentControlSet\Services\NvModuleTracker => erfolgreich entfernt NvModuleTracker => Dienst erfolgreich entfernt HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible => erfolgreich entfernt nvvad_WaveExtensible => Dienst erfolgreich entfernt ========= cscript /nologo %systemroot%\System32\slmgr.vbs /dlv ========= Softwarelizenzierungsdienst-Version: 10.0.19041.3803 Name: Windows(R), ProfessionalWorkstation edition Beschreibung: Windows(R) Operating System, VOLUME_MAK channel Aktivierungs-ID: 721f9237-9341-4453-a661-09e8baa6cca5 Anwendungs-ID: 55c92734-d682-4d71-983e-d6ec3f16059f Erweiterte PID: 03612-03919-028-218082-03-1031-19042.0000-1362021 Product Key-Kanal: Volume:MAK Installations-ID: 337505115574814497491633149414733166034655659041359441547098401 Lizenz-URL verwenden: https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail URL fr die šberprfung: https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx Teil-Product Key: RX9YX Lizenzstatus: Lizenziert Verbleibende Windows Rearm-Anzahl: 1001 Verbleibende SKU Rearm-Anzahl: 1001 Vertrauenswrdige Zeit: 06.01.2024 12:02:49 ========= Ende von CMD: ========= ========= netsh winsock reset ========= Der Winsock-Katalog wurde zurckgesetzt. Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen. ========= Ende von CMD: ========= ========= netsh int ip reset ========= Depotweiterleitung wird zurckgesetzt... OK Depot wird zurckgesetzt... OK Steuerungsprotokoll wird zurckgesetzt... OK Echosequenzanforderung wird zurckgesetzt... OK Global wird zurckgesetzt... OK Schnittstelle wird zurckgesetzt... OK Anycastadresse wird zurckgesetzt... OK Multicastadresse wird zurckgesetzt... OK Unicastadresse wird zurckgesetzt... OK Nachbar wird zurckgesetzt... OK Pfad wird zurckgesetzt... OK Potentiell wird zurckgesetzt... OK Pr„fixrichtlinie wird zurckgesetzt... OK Proxynachbar wird zurckgesetzt... OK Route wird zurckgesetzt... OK Standordpr„fix wird zurckgesetzt... OK Unterschnittstelle wird zurckgesetzt... OK Reaktivierungsmuster wird zurckgesetzt... OK Nachbar aufl”sen wird zurckgesetzt... OK wird zurckgesetzt... OK wird zurckgesetzt... OK wird zurckgesetzt... OK wird zurckgesetzt... OK wird zurckgesetzt... Fehler Zugriff verweigert wird zurckgesetzt... OK wird zurckgesetzt... OK wird zurckgesetzt... OK wird zurckgesetzt... OK wird zurckgesetzt... OK wird zurckgesetzt... OK wird zurckgesetzt... OK wird zurckgesetzt... OK Starten Sie den Computer neu, um die Aktion abzuschlieáen. ========= Ende von CMD: ========= ========= ipconfig /release ========= Windows-IP-Konfiguration Ethernet-Adapter Ethernet: Verbindungsspezifisches DNS-Suffix: Standardgateway . . . . . . . . . : Ethernet-Adapter VMware Network Adapter VMnet1: Verbindungsspezifisches DNS-Suffix: IPv4-Adresse . . . . . . . . . . : 192.168.19.1 Subnetzmaske . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : Ethernet-Adapter VMware Network Adapter VMnet8: Verbindungsspezifisches DNS-Suffix: IPv4-Adresse . . . . . . . . . . : 192.168.234.1 Subnetzmaske . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : ========= Ende von CMD: ========= ========= ipconfig /renew ========= Windows-IP-Konfiguration Ethernet-Adapter Ethernet: Verbindungsspezifisches DNS-Suffix: fritz.box IPv4-Adresse . . . . . . . . . . : 192.168.178.47 Subnetzmaske . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : 192.168.178.1 Ethernet-Adapter VMware Network Adapter VMnet1: Verbindungsspezifisches DNS-Suffix: IPv4-Adresse . . . . . . . . . . : 192.168.19.1 Subnetzmaske . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : Ethernet-Adapter VMware Network Adapter VMnet8: Verbindungsspezifisches DNS-Suffix: IPv4-Adresse . . . . . . . . . . : 192.168.234.1 Subnetzmaske . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : ========= Ende von CMD: ========= ========= ipconfig /registerdns ========= Windows-IP-Konfiguration Die Registrierung der DNS-Ressourceneintr„ge fr alle Adapter dieses Computer wurde initialisiert. Fehler werden in der Ereignisanzeige in 15 Minuten aufgefhrt. ========= Ende von CMD: ========= ========= netsh advfirewall reset ========= OK. ========= Ende von CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= OK. ========= Ende von CMD: ========= ========= netsh winhttp reset proxy ========= Aktuelle WinHTTP-Proxyeinstellungen: DirectAccess (kein Proxyserver). ========= Ende von CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright Microsoft Corp. {95C18161-DEE1-4D78-BC58-A23404BFCEE9} canceled. {5F5AA4F7-E209-4EDA-8CCD-F81FF0ED9530} canceled. {18099B8B-C64D-4C2C-B89E-DCA7AC90F245} canceled. {9239D9D9-E570-43E6-844B-21DBC06A2085} canceled. {FC8B3215-B94A-489F-A70C-4459236368B6} canceled. {8B246136-A6F6-49F7-933B-A65DA1CD79AD} canceled. {651A301C-CB91-48BB-8340-1D9469E5C81A} canceled. {1826F5C4-E3A0-40B8-A7C3-AEB0F8A664EE} canceled. 8 out of 8 jobs canceled. ========= Ende von CMD: ========= ========= Winmgmt /salvagerepository ========= Das WMI-Repository ist konsistent. ========= Ende von CMD: ========= ========= Winmgmt /verifyrepository ========= Das WMI-Repository ist konsistent. ========= Ende von CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden. ========= Ende von CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden. ========= Ende von CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden. ========= Ende von CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden. ========= Ende von CMD: ========= ========= sfc /scannow ========= Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern. Überprüfungsphase der Systemsuche wird gestartet. Überprüfung 0 % abgeschlossen. Überprüfung 1 % abgeschlossen. Überprüfung 1 % abgeschlossen. Überprüfung 2 % abgeschlossen. Überprüfung 2 % abgeschlossen. Überprüfung 3 % abgeschlossen. Überprüfung 3 % abgeschlossen. Überprüfung 4 % abgeschlossen. Überprüfung 5 % abgeschlossen. Überprüfung 5 % abgeschlossen. Überprüfung 6 % abgeschlossen. Überprüfung 6 % abgeschlossen. Überprüfung 7 % abgeschlossen. Überprüfung 7 % abgeschlossen. Überprüfung 8 % abgeschlossen. Überprüfung 9 % abgeschlossen. Überprüfung 9 % abgeschlossen. Überprüfung 10 % abgeschlossen. Überprüfung 10 % abgeschlossen. Überprüfung 11 % abgeschlossen. Überprüfung 11 % abgeschlossen. Überprüfung 12 % abgeschlossen. Überprüfung 13 % abgeschlossen. Überprüfung 13 % abgeschlossen. Überprüfung 14 % abgeschlossen. Überprüfung 14 % abgeschlossen. Überprüfung 15 % abgeschlossen. Überprüfung 15 % abgeschlossen. Überprüfung 16 % abgeschlossen. Überprüfung 17 % abgeschlossen. Überprüfung 17 % abgeschlossen. Überprüfung 18 % abgeschlossen. Überprüfung 18 % abgeschlossen. Überprüfung 19 % abgeschlossen. Überprüfung 19 % abgeschlossen. Überprüfung 20 % abgeschlossen. Überprüfung 21 % abgeschlossen. Überprüfung 21 % abgeschlossen. Überprüfung 22 % abgeschlossen. Überprüfung 22 % abgeschlossen. Überprüfung 23 % abgeschlossen. Überprüfung 23 % abgeschlossen. Überprüfung 24 % abgeschlossen. Überprüfung 24 % abgeschlossen. Überprüfung 25 % abgeschlossen. Überprüfung 26 % abgeschlossen. Überprüfung 26 % abgeschlossen. Überprüfung 27 % abgeschlossen. Überprüfung 27 % abgeschlossen. Überprüfung 28 % abgeschlossen. Überprüfung 28 % abgeschlossen. Überprüfung 29 % abgeschlossen. Überprüfung 30 % abgeschlossen. Überprüfung 30 % abgeschlossen. Überprüfung 31 % abgeschlossen. Überprüfung 31 % abgeschlossen. Überprüfung 32 % abgeschlossen. Überprüfung 32 % abgeschlossen. Überprüfung 33 % abgeschlossen. Überprüfung 34 % abgeschlossen. Überprüfung 34 % abgeschlossen. Überprüfung 35 % abgeschlossen. Überprüfung 35 % abgeschlossen. Überprüfung 36 % abgeschlossen. Überprüfung 36 % abgeschlossen. Überprüfung 37 % abgeschlossen. Überprüfung 38 % abgeschlossen. Überprüfung 38 % abgeschlossen. Überprüfung 39 % abgeschlossen. Überprüfung 39 % abgeschlossen. Überprüfung 40 % abgeschlossen. Überprüfung 40 % abgeschlossen. Überprüfung 41 % abgeschlossen. Überprüfung 42 % abgeschlossen. Überprüfung 42 % abgeschlossen. Überprüfung 43 % abgeschlossen. Überprüfung 43 % abgeschlossen. Überprüfung 44 % abgeschlossen. Überprüfung 44 % abgeschlossen. Überprüfung 45 % abgeschlossen. Überprüfung 45 % abgeschlossen. Überprüfung 46 % abgeschlossen. Überprüfung 47 % abgeschlossen. Überprüfung 47 % abgeschlossen. Überprüfung 48 % abgeschlossen. Überprüfung 48 % abgeschlossen. Überprüfung 49 % abgeschlossen. Überprüfung 49 % abgeschlossen. Überprüfung 50 % abgeschlossen. Überprüfung 51 % abgeschlossen. Überprüfung 51 % abgeschlossen. Überprüfung 52 % abgeschlossen. Überprüfung 52 % abgeschlossen. Überprüfung 53 % abgeschlossen. Überprüfung 53 % abgeschlossen. Überprüfung 54 % abgeschlossen. Überprüfung 55 % abgeschlossen. Überprüfung 55 % abgeschlossen. Überprüfung 56 % abgeschlossen. Überprüfung 56 % abgeschlossen. Überprüfung 57 % abgeschlossen. Überprüfung 57 % abgeschlossen. Überprüfung 58 % abgeschlossen. Überprüfung 59 % abgeschlossen. Überprüfung 59 % abgeschlossen. Überprüfung 60 % abgeschlossen. Überprüfung 60 % abgeschlossen. Überprüfung 61 % abgeschlossen. Überprüfung 61 % abgeschlossen. Überprüfung 62 % abgeschlossen. Überprüfung 63 % abgeschlossen. Überprüfung 63 % abgeschlossen. Überprüfung 64 % abgeschlossen. Überprüfung 64 % abgeschlossen. Überprüfung 65 % abgeschlossen. Überprüfung 65 % abgeschlossen. Überprüfung 66 % abgeschlossen. Überprüfung 67 % abgeschlossen. Überprüfung 67 % abgeschlossen. Überprüfung 68 % abgeschlossen. Überprüfung 68 % abgeschlossen. Überprüfung 69 % abgeschlossen. Überprüfung 69 % abgeschlossen. Überprüfung 70 % abgeschlossen. Überprüfung 70 % abgeschlossen. Überprüfung 71 % abgeschlossen. Überprüfung 72 % abgeschlossen. Überprüfung 72 % abgeschlossen. Überprüfung 73 % abgeschlossen. Überprüfung 73 % abgeschlossen. Überprüfung 74 % abgeschlossen. Überprüfung 74 % abgeschlossen. Überprüfung 75 % abgeschlossen. Überprüfung 76 % abgeschlossen. Überprüfung 76 % abgeschlossen. Überprüfung 77 % abgeschlossen. Überprüfung 77 % abgeschlossen. Überprüfung 78 % abgeschlossen. Überprüfung 78 % abgeschlossen. Überprüfung 79 % abgeschlossen. Überprüfung 80 % abgeschlossen. Überprüfung 80 % abgeschlossen. Überprüfung 81 % abgeschlossen. Überprüfung 81 % abgeschlossen. Überprüfung 82 % abgeschlossen. Überprüfung 82 % abgeschlossen. Überprüfung 83 % abgeschlossen. Überprüfung 84 % abgeschlossen. Überprüfung 84 % abgeschlossen. Überprüfung 85 % abgeschlossen. Überprüfung 85 % abgeschlossen. Überprüfung 86 % abgeschlossen. Überprüfung 86 % abgeschlossen. Überprüfung 87 % abgeschlossen. Überprüfung 88 % abgeschlossen. Überprüfung 88 % abgeschlossen. Überprüfung 89 % abgeschlossen. Überprüfung 89 % abgeschlossen. Überprüfung 90 % abgeschlossen. Überprüfung 90 % abgeschlossen. Überprüfung 91 % abgeschlossen. Überprüfung 91 % abgeschlossen. Überprüfung 92 % abgeschlossen. Überprüfung 93 % abgeschlossen. Überprüfung 93 % abgeschlossen. Überprüfung 94 % abgeschlossen. Überprüfung 94 % abgeschlossen. Überprüfung 95 % abgeschlossen. Überprüfung 95 % abgeschlossen. Überprüfung 96 % abgeschlossen. Überprüfung 97 % abgeschlossen. Überprüfung 97 % abgeschlossen. Überprüfung 98 % abgeschlossen. Überprüfung 98 % abgeschlossen. Überprüfung 99 % abgeschlossen. Überprüfung 99 % abgeschlossen. Überprüfung 100 % abgeschlossen. Der Windows-Ressourcenschutz hat beschädigte Dateien gefunden und erfolgreich repariert. Bei Onlinereparaturen finden Sie Details in der CBS-Protokolldatei unter windir\Logs\CBS\CBS.log. Beispiel C:\Windows\Logs\CBS\CBS.log. Bei Offlinereparaturen finden Sie Details in der durch das /OFFLOGFILE-Kennzeichen angegebenen Protokolldatei. ========= Ende von CMD: ========= C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben Hosts erfolgreich wiederhergestellt. ========= RemoveProxy: ========= "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt "HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt "HKU\S-1-5-21-3203882355-2465378241-1904074028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt ========= Ende von RemoveProxy: ========= =========== EmptyTemp: ========== FlushDNS => abgeschlossen BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1969181536 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1236239537 B Windows/system/drivers => 40789171 B Edge => 0 B Chrome => 490669355 B Firefox => 3608495086 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 1371414682 B systemprofile32 => 1371414682 B LocalService => 1371430908 B NetworkService => 1371834232 B ichbi => 1452200647 B RecycleBin => 76169 B EmptyTemp: => 13.3 GB temporäre Dateien entfernt. ================================ Das System musste neu gestartet werden. ==== Ende von Fixlog 12:31:08 ==== |
06.01.2024, 21:06 | #10 | |
/// TB-Ausbilder | Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails.Zitat:
Du kannst das Tool auch starten und alleine durchlaufen lassen. Du musst nicht die ganze Zeit daneben sitzen. |
08.01.2024, 17:43 | #11 |
| Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Okay, nun habe ich den Kaspersky Scan durchlaufen lassen können. Der Vollständigkeit halber sende ich den Log vom abgebrochenen Suchlauf vor zwei Tagen ebenfalls mit. Der abgebrochene Scan: Code:
ATTFilter <Report> <Metadata Version="1" PCID="{84689A19-32DF-7E40-71BF-4702F6252B5A}" LastModification="2024.01.06 16:49:18.016" /> <EventBlocks /> </Report> Code:
ATTFilter <Report> <Metadata Version="1" PCID="{84689A19-32DF-7E40-71BF-4702F6252B5A}" LastModification="2024.01.08 17:40:44.461" /> <EventBlocks> <Block0 Type="Scan" Processed="4472673" Found="0" Neutralized="0"> <Event0 Action="Scan" Time="133491997920353442" Object="" Info="Started" /> <Event1 Action="Scan" Time="133492053957113511" Object="" Info="Finished" /> </Block0> </EventBlocks> </Report> |
08.01.2024, 19:27 | #12 |
/// TB-Ausbilder | Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Vielen Dank für die Logdateien. Bei den Mails brauchst du dir nichts denken, das ist nur Spam. Die Funde vom Defender zeigen nur auf deine Backups... und dort wiederrum auf irgendwelche Spam-Mails. Aktive Malware ist nicht zu sehen. Gibt es aktuell sonst noch was? Wie läuft das System? Bitte noch eine kurze Kontrolle mit SecurityCheck ausführen. Schritt 1 Führe SecurityCheck (SC) gemäß der bebilderten Anleitung aus und füge die Logdatei als Anhang hinzu. |
08.01.2024, 21:14 | #13 |
| Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Der Log von Securitychek: Code:
ATTFilter SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21] WebSite: www.safezone.cc DateLog: 08.01.2024 21:10:13 Path starting: C:\Users\ichbi\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: ichbi VersionXML: 10.86is-06.01.2024 ___________________________________________________________________________ Windows 10(6.3.19045) (x64) ProfessionalWorkstation Release: 2009 Lang: German(0407) Installation date OS: 16.05.2021 15:07:12 LicenseStatus: Office 19, Office19ProPlus2019VL_MAK_AE edition The machine is permanently activated. LicenseStatus: Windows(R), ProfessionalWorkstation edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe SystemDrive: C: FS: [NTFS] Capacity: [476.4 Gb] Used: [411.2 Gb] Free: [65.2 Gb] ------------------------------- [ Windows ] ------------------------------- User Account Control enabled (Level 3) Sicherheitscenter (wscsvc) - The service is running Remoteregistrierung (RemoteRegistry) - The service has stopped SSDP-Suche (SSDPSRV) - The service is running Remotedesktopdienste (TermService) - The service has stopped Windows-Remoteverwaltung (WS-Verwaltung) (WinRM) - The service has stopped ---------------------------- [ Antivirus_WMI ] ---------------------------- Malwarebytes (enabled and up to date) Windows Defender (disabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Windows Defender Firewall (mpssvc) - The service is running ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Malwarebytes version 4.6.8.311 v.4.6.8.311 GlobalProtect v.5.2.11 --------------------------- [ OtherUtilities ] ---------------------------- Git version 2.32.0 v.2.32.0 Warning! Download Update Notepad++ (64-bit x64) v.8.4.8 Warning! Download Update Microsoft Office Professional Plus 2019 - de-de v.16.0.10405.20015 Warning! Download Update How Install Office updates? TeamViewer v.15.41.9 Warning! Download Update PuTTY release 0.75 (64-bit) v.0.75.0.0 Warning! Download Update VMware Workstation v.15.5.6 Warning! Download Update Python 3.10.7 (64-bit) v.3.10.7150.0 Warning! Download Update FileZilla Client 3.54.1 v.3.54.1 Warning! Download Update Steam v.2.10.91.91 Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 v.14.36.32532.0 Warning! Download Update Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 v.14.36.32532.0 Warning! Download Update ------------------------------- [ Backup ] -------------------------------- Google Drive v.82.0.1.0 Warning! Download Update ------------------------------ [ ArchAndFM ] ------------------------------ 7-Zip 21.07 (x64) v.21.07 Warning! Download Update Uninstall old version and install new one. ------------------------------- [ Imaging ] ------------------------------- GIMP 2.10.24 v.2.10.24 Warning! Download Update Inkscape v.1.1.2- -------------------------- [ IMAndCollaborate ] --------------------------- Cisco Webex Meetings v.42.1.3 Warning! Download Update Discord v.1.0.9001 Warning! Download Update Microsoft Teams classic v.1.6.00.29964 Warning! Download Update Zoom v.5.16.2 (22807) Warning! Download Update -------------------------------- [ Java ] --------------------------------- Java 8 Update 291 (64-bit) v.8.0.2910.10 Warning! Download Update Uninstall old version and install new one (jre-8u391-windows-x64.exe). -------------------------------- [ Media ] -------------------------------- Audacity 3.1.2 (64 Bit) v.3.1.2 Warning! Download Update VLC media player v.3.0.18 Warning! Download Update Spotify v.1.2.26.1187.g36b715a1 Audacity 3.0.0 v.3.0.0 Warning! Download Update Winamp v.5.8 --------------------------- [ AdobeProduction ] --------------------------- Adobe Acrobat (64-bit) v.23.008.20458 ------------------------------- [ Browser ] ------------------------------- Mozilla Firefox (x64 de) v.121.0 Google Chrome v.118.0.5993.89 Warning! Download Update Microsoft Edge v.120.0.2210.121 ----------------------------- [ EmailClient ] ----------------------------- Mozilla Thunderbird (x64 de) v.115.6.0 ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1737 Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1269 PanGPS (PanGPS) - The service is running C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe v.5.2.11.10 C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe v.5.2.11.10 Microsoft Defender Antivirus-Dienst (WinDefend) - The service has stopped Microsoft Defender Antivirus-Netzwerkinspektionsdienst (WdNisSvc) - The service has stopped ---------------------------- [ UnwantedApps ] ----------------------------- CCleaner v.6.19 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program. VdhCoApp 1.6.3 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Bonjour v.3.0.0.10 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. ----------------------------- [ End of Log ] ------------------------------ Ich wollte mit der Hilfesuche hier nur sicherstellen, dass mein System rein ist - vor allem weil der Defender ja vier Trojaner erkannt und entfernt hat. Vielen Dank für die treue Hilfe. Damals bei meinem alten PC habt ihr meinem naiven Teenager-Ich echt den Arsch gerettet |
09.01.2024, 13:57 | #14 |
/// TB-Ausbilder | Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. Du solltest deine Softwarekomponenten aktualisieren. Schritt 1 Die folgenden Programme sind veraltet. Du solltest sie deinstallieren und die neueste Version installieren:
Microsoft Office bitte noch updaten, z. B. so:
Entfernung der verwendeten Tools Führe KpRm gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst... Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen. Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen: Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
10.01.2024, 13:17 | #15 |
| Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails.Code:
ATTFilter # Run at 10.01.2024 13:16:48 # KpRm (Kernel-panik) version 2.15.0 # Website https://kernel-panik.me/tool/kprm/ # Run by ichbi from C:\Users\ichbi\Downloads # Computer Name: JULIAN-PC-STUDI # OS: Windows 10 X64 (19045) (10.0.19045.3803) # Number of passes: 1 - Checked options - ~ Delete Tools - Delete Tools - ## AdwCleaner [OK] C:\Users\ichbi\Downloads\adwcleaner.exe deleted ## ESET Online Scanner [OK] C:\Users\ichbi\Downloads\esetonlinescanner(1).exe deleted [OK] C:\Users\ichbi\Downloads\esetonlinescanner.exe deleted [OK] C:\Users\ichbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted ## FRST [OK] C:\Users\ichbi\Downloads\Addition.txt deleted [OK] C:\Users\ichbi\Downloads\Fixlog.txt deleted [OK] C:\Users\ichbi\Downloads\FRST-OlderVersion deleted [OK] C:\Users\ichbi\Downloads\FRST.txt deleted [OK] C:\Users\ichbi\Downloads\FRST64.exe deleted ## Kaspersky Virus Removal Tool [OK] C:\Users\ichbi\Desktop\KVRT.exe deleted ## Malwarebytes (log) [OK] C:\Users\ichbi\Desktop\trjoanerboard\malwarebytes.txt deleted ## SecurityCheck [OK] C:\Users\ichbi\Downloads\SecurityCheck.exe deleted [OK] C:\SecurityCheck deleted - Other Lines - ## Quarantines keeped ~ C:\AdwCleaner (AdwCleaner) ~ C:\Users\ichbi\AppData\Local\ESET\ESETOnlineScanner (ESET Online Scanner) ~ C:\FRST (FRST) ~ C:\KVRT2020_Data (Kaspersky Virus Removal Tool) -- KPRM finished in 2.81s -- |
Themen zu Windowns 10: Defender findet mehrere Trojaner und ich erhalte Erpresser-Mails. |
bonjour, computer, defender, desktop, downloader, entfernen, erpressung, firefox, internet, mozilla, mp3, programm, prozesse, realtek, scan, sicherheit, software, svchost.exe, system, trojan, trojaner, updates, usb, viren, virus, virusverdacht, windows, windows updates |