|
Log-Analyse und Auswertung: Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.08.2024, 22:22 | #1 |
| Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? Hallo liebe Community. Schön zu sehen, dass es so etwas tolles im Netz gibt. Ich hoffe, dass man mir hier weiterhelfen kann. Ich war kürzlich auf Facebook unterwegs und bin auf einen Artikel hereingefallen, in dem eine erste Version von "Sora AI", also einer Video-KI angepriesen wurde. Der Link sah auf den ersten Blick richtig aus, und die Website war täuschend echt der originalen nachempfunden. Nachdem ich die vermeintliche Setupdatei heruntergeladen und die "Installation" gestartet hatte passierte nichts. Ich probierte es erneut und ahnte gleichzeitig, was passiert war. Ich installierte direkt Malwarebytes und Avast und lies es über Nacht auf dem Rechner laufen. Keines der Programme brachte einen Fund zu Tage, weshalb ich einen Tiefenscan mit Avast startete. Das Ergebnis sind hauptsächlich Errors bei den Onedrive-Schattendateien (die nur als Platzhalter vorkommen, aber in der Cloud liegen). Jedoch sind auch einige Einträge mit "crypt.exe [L] Win32:Evo-gen [Trj] (0)" im Reportfile zu sehen. Gleichzeitig wurde mein Facebookkonto gekapert (was vom Zeitfenster gut hinkommt). Ich habe zwar noch Zugriff, aber es haben sich andere Menschen mit fremden Konten durch eine Verknüpfung Zugriff auf Facebook verschafft und buchen dort unter meinem Namen und mit meinem Geld Werbung. Ich befürchte daher, dass ich nicht mit einem blauen Auge davon gekommen bin und hoffe natürlich auf die Schwarmintelligenz und die Expertise hier in diesem Board. Hier die Logfiles: Relevanter Ausschnitt aus AVAST: Code:
ATTFilter * * AVG-Scan-Bericht * Diese Datei wurde automatisch erstellt * * Scan-Name: Tiefenscan * Start: Freitag, 30. August 2024 01:05:23 * VPS: 240829-6, 29.8.2024 * C:\Users\Tobia\AppData\Local\Temp\a3090c34466986c3723d365c644d146e\crypt.exe [L] Win32:Evo-gen [Trj] (0) Die Datei wurde erfolgreich in die Quarantäne verschoben... C:\Users\Tobia\AppData\Local\Temp\25595c88a10463f2057d38d9c3669f45\crypt.exe [L] Win32:Evo-gen [Trj] (0) Die Datei wurde erfolgreich in die Quarantäne verschoben... C:\Users\Tobia\AppData\Local\Temp\dc88614fe4c71a4f730a250aa243395a\crypt.exe [L] Win32:Evo-gen [Trj] (0) Die Datei wurde erfolgreich in die Quarantäne verschoben... C:\Users\Tobia\AppData\Local\Temp\c0d2239cb38cf3a42cead0c18ae04175|>crypt.exe [L] Win32:Evo-gen [Trj] (0) Die Datei wurde erfolgreich in die Quarantäne verschoben... C:\Users\Tobia\AppData\Local\Temp\085b8675098cd90fa13e777c3b32c8db|>crypt.exe [L] Win32:Evo-gen [Trj] (0) Die Datei wurde erfolgreich in die Quarantäne verschoben... C:\Users\Tobia\AppData\Local\Temp\53d9255775ebbd8dc8d38bca0e7ee007|>crypt.exe [L] Win32:Evo-gen [Trj] (0) Die Datei wurde erfolgreich in die Quarantäne verschoben... Infizierte Dateien: 6 Dateien gesamt: 4657874 Ordner gesamt: 289895 Gesamtgröße: 48,0 TB * * Prüfung beendet: Freitag, 30. August 2024 04:29:51 * Laufzeit war 3 Stunde(n), 24 Minute(n), 28 Sekunde(n) * * * AVG-Scan-Bericht * Diese Datei wurde automatisch erstellt * * Scan-Name: Tiefenscan * Start: Freitag, 30. August 2024 06:52:40 * VPS: 240829-6, 29.8.2024 * [E] Error 0x0000A41B (42011) Infizierte Dateien: 0 Dateien gesamt: 478842 Ordner gesamt: 1 Gesamtgröße: 146,4 GB * * Prüfung beendet: Freitag, 30. August 2024 06:54:40 * Laufzeit war 2 Minute(n), 0 Sekunde(n) * |
30.08.2024, 22:23 | #2 |
| Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? FRST.txt
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-08.2024 durchgeführt von Tobia (Administrator) auf TOBYPOWERDESKTO (Gigabyte Technology Co., Ltd. X570 AORUS PRO) (30-08-2024 22:51:29) Gestartet von G:\\FRST64.exe Geladene Profile: Tobia Plattform: Microsoft Windows 11 Pro Version 23H2 22631.4037 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: Edge Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe (C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe (C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe (C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe (C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe (C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe ->) (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe ->) (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (C:\Program Files\WindowsApps\AppleInc.iCloud_15.2.157.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc) C:\Program Files\WindowsApps\AppleInc.iCloud_15.2.157.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe (explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2406.9.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2> (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (QNAP Systems, Inc. -> QNAP) C:\Program Files (x86)\QNAP\Qfinder\QfinderPro.exe (services.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe (services.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\vMix\drivers\vMixService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe (services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe (services.exe ->) (CODE SECTOR PTY LTD -> ) C:\Program Files\TeraCopy\TeraCopyService.exe (services.exe ->) (geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe (services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray_service.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> MSPCManagerService) C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.12.5.0_x64__8wekyb3d8bbwe\PCManager\MSPCManagerService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_e0e8eab0ff52148e\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7b66b6662cf6d72b\RtkAudUService64.exe (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (services.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (services.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (services.exe ->) (Symless Ltd -> ) C:\Program Files\Synergy\synergyd.exe (services.exe ->) (Virtual Desktop, Inc. -> Virtual Desktop, Inc.) C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe (sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.2.157.0_x64__nzyj5cx40ttqa\iCloud\iCloudDrive.exe (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2433.3.0_x64__cv1g1gvanyjgm\WhatsApp.exe (svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.2.157.0_x64__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe (svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.2.157.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe (svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.2.157.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe (svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.2.157.0_x64__nzyj5cx40ttqa\iCloud\iCloudOutlookConfig.exe (svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple, Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.2.157.0_x64__nzyj5cx40ttqa\iCloud\secd.exe (svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe (svchost.exe ->) (AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files\Common Files\AVG\Overseer\overseer.exe (svchost.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGUI.exe <7> (svchost.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\SIV\sensord.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\mmgaserver.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe (svchost.exe ->) (PALIT MICROSYSTEMS LTD. TAIWAN BRANCH (BELIZE) -> Palit Microsystems Ltd.) C:\Program Files\Thunder Master\ThPanel.exe (svchost.exe ->) (QNAP Systems, Inc. -> ) C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7b66b6662cf6d72b\RtkAudUService64.exe [1220312 2021-02-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [SGO License Server] => C:\Program Files\SGO Apps\License Server\bin\sgoLicenseServer.exe [1375608 2023-12-13] (Soluciones Graficas por Ordenador S.L. -> ) HKLM\...\Run: [eDocsipgateUMonitor] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro-SipgateFaxdrucker\eDocsipgateUMonitor.exe [3959128 2016-02-10] (May Computer GmbH -> May Software) [Datei ist nicht signiert] HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [7627168 2024-08-23] (Adobe Inc. -> Adobe Systems Inc.) HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [619192 2023-02-09] (geek software GmbH -> geek software GmbH) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [463800 2024-08-20] (AVG Technologies USA, LLC -> Gen Digital Inc.) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3091136 2020-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [Datei ist nicht signiert] HKLM-x32\...\Run: [Wraith Prism] => C:\Program Files (x86)\AMD Wraith\Wraith Prism\Wraith Prism HID.exe [1899520 2019-05-03] (Cooler Master) [Datei ist nicht signiert] HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [133128 2024-05-29] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1136560 2024-06-20] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Tobia\AppData\Local\Microsoft\Teams\Update.exe [2593856 2024-05-30] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Keine Datei) HKLM-x32\...\Run: [QfinderPro] => C:\Program Files (x86)\QNAP\Qfinder\QfinderPro.exe [6534992 2024-05-29] (QNAP Systems, Inc. -> QNAP) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919200 2024-08-30] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [Ferdi] => "C:\Users\Tobia\AppData\Local\Programs\ferdi\Ferdi.exe" (Keine Datei) HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4407656 2024-07-17] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIUOE.EXE [421736 2021-11-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [AusweisApp2] => C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe [2461432 2021-03-31] (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG) HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [46043392 2024-06-16] (Logitech Inc -> Logitech, Inc.) HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [MicrosoftEdgeAutoLaunch_8088DBFD80064CD5C23EF47FF78F345A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3741224 2024-08-22] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [Microsoft.Lists] => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\Microsoft.SharePoint.exe [1025552 2024-08-30] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [KeePassXC] => C:\Program Files\KeePassXC\KeePassXC.exe [5482192 2024-06-19] (DroidMonkey Apps, LLC -> KeePassXC Team) HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [11795872 2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1043077042-1772205530-4003700469-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919200 2024-08-30] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1043077042-1772205530-4003700469-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\susan\AppData\Local\Microsoft\Teams\Update.exe [2492128 2022-08-07] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: c:\windows\system32\AdobePDF.dll [203936 2024-02-10] (Adobe Inc. -> Adobe Systems Inc) HKLM\...\Print\Monitors\Canon SELPHY Language Monitor 3: c:\windows\system32\CNYLCP03.DLL [62976 2016-03-18] (Microsoft Windows Hardware Compatibility Publisher -> Canon INC.) HKLM\...\Print\Monitors\eDocPortMonitor: C:\Windows\system32\eDocPort.dll [3036672 2016-02-10] (May Software) [Datei ist nicht signiert] HKLM\...\Print\Monitors\EPSON ET-2710 Series 64MonitorBE: c:\windows\system32\E_YLMBUOE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation) HKLM\...\Print\Monitors\EpsonNet Print Port: c:\windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] HKLM\...\Print\Monitors\FRITZ!fax Color Port Monitor: c:\windows\system32\FritzColorPort64.dll [20480 2006-02-23] () [Datei ist nicht signiert] HKLM\...\Print\Monitors\novaPDF OEM 7 Monitor: novamnv7.dll (Keine Datei) HKLM\...\Print\Monitors\PCL hpf3l02t: c:\windows\system32\hpf3l02t.dll [138752 2010-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company) HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\WINDOWS\system32\SRCredentialProvider.dll [2024-01-22] (Splashtop Inc. -> Splashtop Inc.) HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> AppInit_DLLs: C:\PROGRA~1\VIRTUA~1\VIRTUA~4.DLL => C:\Program Files\Virtual Desktop Streamer\VirtualDesktop.Injector64.dll [134880 2023-09-18] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.) AppInit_DLLs-x32: C:\PROGRA~1\VIRTUA~1\VIRTUA~3.DLL => C:\Program Files\Virtual Desktop Streamer\VirtualDesktop.Injector32.dll [114912 2023-05-10] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.) Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2024-08-03] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SGO New License Server.lnk [2024-04-09] ShortcutTarget: SGO New License Server.lnk -> C:\Program Files\SGO Apps\License Server\bin\sgoLicenseServer.exe (Soluciones Graficas por Ordenador S.L. -> ) GroupPolicy: Beschränkung ? <==== ACHTUNG Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {A5568EF7-DD64-49E1-89F1-E76CD0C3857B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1563080 2024-07-31] (Adobe Inc. -> Adobe Inc.) Task: {738FDDCB-9CC9-4BCE-AAEC-0B211519E44E} - System32\Tasks\AVG\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5194176 2024-08-20] (AVG Technologies USA, LLC -> Gen Digital Inc.) Task: {57F251D5-5A3F-486A-8886-E3B436EE0767} - System32\Tasks\AVG\AVG Antivirus Patcher => C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe [8064960 2024-07-18] (AVG Technologies USA, LLC -> Gen Digital Inc.) Task: {0EAE2E12-7FA4-4CC3-849D-A220867FA879} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2385856 2024-08-20] (AVG Technologies USA, LLC -> AVG Technologies) Task: {0EB521F8-8EAA-424D-861B-BE12A6017A61} - System32\Tasks\EasyTune => C:\Program Files (x86)\GIGABYTE\EasyTune\etinit.exe [17280 2021-04-08] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) Task: {C0C17327-9266-4774-A782-D3D5AEBFAFB4} - System32\Tasks\EasyTune 1 => C:\Program Files (x86)\GIGABYTE\EasyTune\etocfile.exe [20352 2021-10-11] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) Task: {D4CE7D14-76DE-40B0-B91B-CC8295D35B64} - System32\Tasks\EPSON ET-2710 Series Update {839738F7-C25E-40AF-AA81-9F64548D832E} => C:\Windows\System32\spool\drivers\x64\3\E_YTSUOE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) Task: {EA3547DB-DD95-4109-90E1-C2534933CF5C} - System32\Tasks\GraphicsCardEngine => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngineStarter.exe [234880 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) Task: {D858569D-1C01-4370-B059-807AAE663AC8} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [1741136 2024-05-29] (QNAP Systems, Inc. -> ) Task: {D768F965-A3BD-450A-8371-AFB909B1EC89} - System32\Tasks\Launch Adobe CCXProcess => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [194056 2024-08-04] (Adobe Inc. -> Adobe Inc.) Task: {D5BF5500-7AD8-49E4-AF14-666773591479} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28583648 2024-08-10] (Microsoft Corporation -> Microsoft Corporation) Task: {628E08AE-7BE6-49AC-A247-9803B4A51FC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28583648 2024-08-10] (Microsoft Corporation -> Microsoft Corporation) Task: {3279C6F1-51B5-4357-B9DC-8E543F921EC0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222784 2024-08-26] (Microsoft Corporation -> Microsoft Corporation) Task: {645B8776-1A9B-45D3-A522-FA6EB28B504A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222784 2024-08-26] (Microsoft Corporation -> Microsoft Corporation) Task: {98BC7E19-6E1E-4C22-BA49-154C352E45A0} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4464832 2024-08-10] (Microsoft Corporation -> Microsoft Corporation) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei) Task: {9D4BF6C6-40D9-4F36-96E4-E6773B2198E9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Keine Datei) Task: {71B7BAF7-CEC8-4B49-A38C-43D398A0B753} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Keine Datei) Task: {86BBECD4-C1AB-4EBE-8D35-7678B547EA30} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Keine Datei) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei) Task: {0CABCFC4-D221-40D8-A833-0482FC333680} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-08-20] (Mozilla Corporation -> Mozilla Foundation) Task: {42DA67C0-373A-472B-A792-B58460B31123} - System32\Tasks\NDI Autorun => C:\Program Files\NDI\NDI 6 Tools\NDI Launcher.exe [454024 2024-05-06] (Newtek, Inc. -> NDI) -> C:\Program Files\NDI\NDI 6 Tools\/autorun Task: {E52EF986-FA02-4356-A0DC-2286A1859C8B} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [Datei ist nicht signiert] Task: {7BB9AB3E-5A7F-42F4-84EC-F64D0440018B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {C2D5F4E6-B6B6-45C7-8779-41B166E7E180} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {027FEA7B-B27E-4A3C-B3BD-6F1BDB5DB900} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler Task: {B6E17088-3DF8-415A-99E6-07754360FFA3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2A016A09-3C7C-4B22-8D1F-9741D3FE0F82} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {AB85CF51-235B-43B9-A606-F25143DDC228} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F16CD26E-FB30-4B50-8CD1-DE9D599D01DA} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8C2FAFFD-A4E9-451F-A268-4C1FEDF6356F} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C058E21E-0AE9-4F27-BA10-5CE5D0BA96C3} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C89AB31D-B130-4401-87D0-D7F1C0A5F9CB} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209192 2024-08-30] (Microsoft Corporation -> Microsoft Corporation) Task: {5828801C-BCF3-4DD2-8029-461A9874F8C7} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1043077042-1772205530-4003700469-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209192 2024-08-30] (Microsoft Corporation -> Microsoft Corporation) Task: {6F69C2D3-707F-4420-B627-69D6EA9E52AC} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1043077042-1772205530-4003700469-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209192 2024-08-30] (Microsoft Corporation -> Microsoft Corporation) Task: {D25A2C89-1F94-4A8E-BCC1-C054816CB72B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1043077042-1772205530-4003700469-1020 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209192 2024-08-30] (Microsoft Corporation -> Microsoft Corporation) Task: {82778F84-62AB-49B0-8A7D-2561DAF68E70} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1043077042-1772205530-4003700469-1038 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209192 2024-08-30] (Microsoft Corporation -> Microsoft Corporation) Task: {3C80F503-3A72-424D-83F7-B80D4301D6EC} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1043077042-1772205530-4003700469-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2024-05-14] (Microsoft Windows -> Microsoft Corporation) Task: {BEE0532C-20C6-4671-8DA1-162A32068372} - System32\Tasks\SIV => C:\Program Files (x86)\GIGABYTE\SIV\Thermald.exe [389488 2022-05-25] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) Task: {D4A83EB1-1543-4879-880E-904A04FC487E} - System32\Tasks\SIV-VGA => C:\Program Files (x86)\GIGABYTE\SIV\Sensord.exe [257408 2021-06-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) Task: {F7874A7A-FFD4-4316-B4BE-D4E93C15E657} - System32\Tasks\ThunderMaster => C:\Program Files\Thunder Master\ThPanel.exe [4516664 2022-01-12] (PALIT MICROSYSTEMS LTD. TAIWAN BRANCH (BELIZE) -> Palit Microsystems Ltd.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\WINDOWS\Tasks\EPSON ET-2710 Series Update {839738F7-C25E-40AF-AA81-9F64548D832E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUOE.EXE:/EXE:{839738F7-C25E-40AF-AA81-9F64548D832E} /F:UpdateWORKGROUP\TOBYPOWERDESKTO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{cd59e5f9-b410-42d2-a9da-5d07b687dac9}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{cd59e5f9-b410-42d2-a9da-5d07b687dac9}: [DhcpDomain] fritz.box Tcpip\..\Interfaces\{f07dbcff-99d7-4b54-83b5-bb2666ee8d01}: [NameServer] 8.8.8.8 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default [2024-08-30] Edge Notifications: Default -> hxxps://mail.google.com; hxxps://meet.google.com; hxxps://www.facebook.com Edge HomePage: Default -> hxxp://ecosia.de/ Edge StartupUrls: Default -> "hxxp://ecosia.de/" Edge DefaultSearchURL: Default -> hxxps://www.bing.com/search?PC=U523&q={searchTerms} Edge DefaultSearchKeyword: Default -> ecosia.org Edge Extension: (Microsoft Rewards) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnplfnhcidhhdapmblniehfaaompjlck [2024-06-25] Edge Extension: (Shoop Cashback & Gutscheine) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cpcckalhfmpnloapihhjjdoenplbhchn [2024-07-16] Edge Extension: (Ghostery Tracker- & Werbeblocker | Datenschutz AdBlocker) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2024-08-29] Edge Extension: (Ecosia) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fhfidmlnclkepgapcephbaciajegheco [2024-08-29] Edge Extension: (Google Docs Offline) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-15] Edge Extension: (Edge relevant text changes) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-01] Edge Extension: (Shade Dark Mode) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mheecjkjgohjimgmeepafikiejdhjpoa [2024-02-28] Edge Extension: (uBlock Origin) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-08-07] Edge Extension: (I don't care about cookies) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oholpbloipjbbhlhohaebmieiiieioal [2023-11-30] Edge Extension: (KeePassXC-Browser) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffhmdngciaglkoonimfcmckehcpafo [2024-08-29] FireFox: ======== FF DefaultProfile: rtki4y2p.default FF ProfilePath: C:\Users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\rtki4y2p.default [2020-10-11] FF ProfilePath: C:\Users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\hrt6jblm.default-release [2024-08-30] FF Homepage: Mozilla\Firefox\Profiles\hrt6jblm.default-release -> duckduckgo.com FF NetworkProxy: Mozilla\Firefox\Profiles\hrt6jblm.default-release -> backup.ftp", "79.143.87.140" FF Extension: (SponsorBlock für YouTube – Überspringe gesponserte Videosegmente) - C:\Users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\hrt6jblm.default-release\Extensions\sponsorBlocker@ajay.app.xpi [2024-06-28] FF Extension: (uBlock Origin) - C:\Users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\hrt6jblm.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-08-04] FF Extension: (NoScript) - C:\Users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\hrt6jblm.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2024-08-29] FF Extension: (Popup blocker for FF: Poper Blocker) - C:\Users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\hrt6jblm.default-release\Extensions\{bee8b1f2-823a-424c-959c-f8f76c8b2306}.xpi [2022-08-14] FF Extension: (Popup Blocker (strict)) - C:\Users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\hrt6jblm.default-release\Extensions\{de22fd49-c9ab-4359-b722-b3febdc3a0b0}.xpi [2024-06-13] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2024-06-20] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2024-06-20] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-07-31] (Adobe Inc. -> Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944048 2024-06-20] (Adobe Inc. -> Adobe Inc.) S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> ) R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [807864 2024-08-20] (AVG Technologies USA, LLC -> Gen Digital Inc.) R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [1245112 2024-08-20] (AVG Technologies USA, LLC -> Gen Digital Inc.) S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [9039688 2024-08-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 AVGWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2024-08-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13995704 2024-08-10] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [943016 2024-06-26] (EasyAntiCheat Oy -> Epic Games, Inc.) R2 EasyTuneEngineService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\EasyTuneEngineService.exe [147824 2022-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2020-10-02] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncHelper.exe [3522976 2024-08-30] (Microsoft Corporation -> Microsoft Corporation) S2 JBSoftwareAutoUpdate; C:\Program Files (x86)\Office-n-PDF4\AutoUpdate.exe [323072 2020-09-25] (JBSoftware) [Datei ist nicht signiert] R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10988800 2024-06-16] (Logitech Inc -> Logitech, Inc.) R2 logi_lamparray_service; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray_service.exe [9903656 2024-04-18] (Logitech Inc -> Logitech, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8965728 2024-08-20] (Malwarebytes Inc. -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-08-20] (Malwarebytes Inc. -> Malwarebytes) S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) R2 MyService1; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [18944 2021-04-08] () [Datei ist nicht signiert] R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_e0e8eab0ff52148e\Display.NvContainer\NVDisplay.Container.exe [1275008 2024-07-31] (NVIDIA Corporation -> NVIDIA Corporation) S2 OCButtonService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\OcButtonService.exe [127360 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.161.0811.0001\OneDriveUpdaterService.exe [3863568 2024-08-30] (Microsoft Corporation -> Microsoft Corporation) S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [148032 2022-08-27] (Oculus VR, LLC -> Facebook Technologies, LLC) R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [514624 2022-08-27] (Oculus VR, LLC -> Facebook Technologies, LLC) R2 PCManager Service Store; C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.12.5.0_x64__8wekyb3d8bbwe\PCManager\MSPCManagerService.exe [142272 2024-08-07] (Microsoft Corporation -> MSPCManagerService) R2 PDF24; C:\Program Files\PDF24\pdf24.exe [619192 2023-02-09] (geek software GmbH -> geek software GmbH) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522096 2024-08-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 Synergy; C:\Program Files\Synergy\synergyd.exe [307848 2017-03-16] (Symless Ltd -> ) R2 TeraCopyService.exe; C:\Program Files\TeraCopy\TeraCopyService.exe [317664 2023-06-29] (CODE SECTOR PTY LTD -> ) S3 Updater; C:\Program Files\Virtual Desktop Streamer\Updater.exe [1163488 2023-09-22] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.) R2 VirtualDesktop.Service.exe; C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe [11359960 2023-08-10] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.) R2 vMixService; C:\Program Files (x86)\vMix\drivers\vMixService.exe [20992 2023-10-11] () [Datei ist nicht signiert] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) S3 aqnic650; C:\WINDOWS\System32\drivers\aqnic650.sys [223928 2021-07-12] (Marvell Semiconductor Inc -> Marvell Semiconductor Inc.) R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [20536 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [229944 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [380984 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [293944 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [84536 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [27744 2024-08-20] (Microsoft Windows Early Launch Anti-Malware Publisher -> Gen Digital Inc.) S3 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [28728 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [271928 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [549848 2024-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [97840 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [69176 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [948792 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [1198648 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [203728 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [306648 2024-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-12-09] (Microsoft Corporation) [Datei ist nicht signiert] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-12-09] (Microsoft Corporation) [Datei ist nicht signiert] S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert] R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [32296 2022-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.) R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps) R3 DroidCamVideo; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) S3 emAudio; C:\WINDOWS\system32\drivers\emAudio64.sys [77312 2021-03-06] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.) S1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218608 2024-06-11] (Microsoft Windows -> Microsoft Corporation) R3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [45248 2022-09-24] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [18432 2019-12-08] (Microsoft Windows Hardware Compatibility Publisher -> ) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2022-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [54760 2024-06-16] (Logitech Inc -> Logitech, Inc.) R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2024-06-16] (Logitech Inc -> Logitech) S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-24] (Logitech Inc -> Logitech) R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2024-06-16] (Logitech Inc -> Logitech) R3 logi_lamparray; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray.sys [98864 2024-04-18] (Logitech Inc -> Logitech, Inc.) R0 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [231504 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-08-20] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [234168 2024-08-30] (Malwarebytes Inc. -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78800 2024-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2024-08-30] (Malwarebytes Inc. -> Malwarebytes) R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2022-09-24] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd) S3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377232 2017-03-11] (Windows Central Build Account - X -> MediaTek Inc.) R3 NewTek_AudioPortClass_Multi; C:\WINDOWS\System32\DriverStore\FileRepository\newtek_audioportclass_multi.inf_amd64_7f9816c4cd205b27\NewTek_AudioPortClass_Multi.sys [82616 2024-03-30] (Newtek, Inc. -> NewTek) R3 NewTek_WDM_KS_Multi; C:\WINDOWS\System32\drivers\NewTek_WDM_KS_Multi.sys [47320 2024-03-30] (Newtek, Inc. -> ) R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [69984 2024-01-18] (WDKTestCert Nmap,133147429230506937 -> Insecure.Com LLC.) R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-04-03] (NVIDIA Corporation -> NVIDIA Corporation) R3 oculusvad_oculusvad; C:\WINDOWS\System32\drivers\oculusvad.sys [72208 2021-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2021-01-22] (Oculus VR, LLC -> Facebook Inc.) S3 rtucx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtucx22x64.inf_amd64_a6eb3abe5befec7d\rtucx22x64.sys [1876424 2024-04-24] (Realtek Semiconductor Corp. -> Realtek Corporation) S3 rtux64w10; C:\WINDOWS\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-07] (Microsoft Windows -> Realtek Corporation) R1 StarPortLite; C:\WINDOWS\System32\drivers\StarPortLite.sys [114960 2009-01-28] (Paragon Technologie GmbH -> Rocket Division Software) R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2020-06-01] (Valve Corp. -> ) R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2020-06-01] (Valve Corp. -> ) S1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) S3 UsbNcm; C:\WINDOWS\System32\drivers\UsbNcm.sys [167936 2023-11-19] (Microsoft Windows -> ) R3 vdvad_WaveExtensible; C:\WINDOWS\System32\drivers\vdvad.sys [44936 2022-05-02] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.) R3 vdvge; C:\WINDOWS\System32\drivers\vdvge.sys [77864 2022-05-02] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.) S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2023-11-19] (Microsoft Windows -> ) S3 VoiceAIDriver; C:\WINDOWS\System32\DriverStore\FileRepository\voiceaidriver.inf_amd64_214d6aacf9c41414\voiceaidriver.sys [73616 2023-06-20] (Voice AI LLC -> Windows (R) Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [22080 2024-08-08] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2018-06-04] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [602504 2024-08-08] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-08-08] (Microsoft Windows -> Microsoft Corporation) U3 {26912da0-8ada-cda0-9ada-e604bfc5b91c}; C:\WINDOWS\TEMP\{26912da0-8ada-cda0-9ada-e604bfc5b91c}.sys [229944 2024-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) <==== ACHTUNG U3 avgbdisk; kein ImagePath U4 dmwappushsvc; kein ImagePath U4 npcap_wifi; kein ImagePath S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2024-08-30 22:50 - 2024-08-30 22:51 - 000000000 ____D C:\FRST 2024-08-30 22:44 - 2024-08-30 22:44 - 000758838 _____ C:\WINDOWS\system32\perfh007.dat 2024-08-30 22:44 - 2024-08-30 22:44 - 000157058 _____ C:\WINDOWS\system32\perfc007.dat 2024-08-30 22:39 - 2024-08-30 22:39 - 000234168 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys 2024-08-30 22:39 - 2024-08-30 22:39 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2024-08-30 22:39 - 2024-08-30 22:39 - 000000000 ____D C:\Users\Tobia\AppData\LocalLow\IGDump 2024-08-30 02:29 - 2024-08-30 02:29 - 000000000 ___HD C:\$AV_AVG 2024-08-23 22:51 - 2024-08-23 22:51 - 000001819 _____ C:\Users\Public\Desktop\Insta360 Studio.lnk 2024-08-23 22:51 - 2024-08-23 22:51 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Meishe 2024-08-23 22:51 - 2024-08-23 22:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Insta360 Studio 2024-08-23 14:44 - 2024-08-23 14:44 - 000043501 _____ C:\Users\Tobia\Desktop\Erklärung.pdf 2024-08-23 14:37 - 2024-08-23 14:37 - 000071710 _____ C:\Users\Tobia\Desktop\confirmation.pdf 2024-08-23 14:31 - 2024-08-23 14:31 - 001704226 _____ C:\Users\Tobia\Desktop\Reisepass.pdf 2024-08-23 02:54 - 2024-08-23 03:10 - 000000000 ____D C:\Users\Tobia\Desktop\Küche 2024-08-23 02:03 - 2024-08-23 02:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2024-08-21 23:34 - 2024-08-29 09:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2024-08-21 18:59 - 2024-08-21 18:59 - 000092092 _____ C:\Users\Tobia\Desktop\Beratervertrag.pdf 2024-08-21 05:36 - 2024-08-21 04:35 - 000314808 _____ (Gen Digital Inc.) C:\WINDOWS\system32\avgBoot.exe 2024-08-21 04:35 - 2024-08-21 04:35 - 000050976 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe 2024-08-20 19:41 - 2024-08-30 22:41 - 000000000 ____D C:\Users\Tobia\AppData\Local\AVG 2024-08-20 19:41 - 2024-08-21 05:36 - 000002005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus Free.lnk 2024-08-20 19:41 - 2024-08-21 05:36 - 000001993 _____ C:\Users\Public\Desktop\AVG AntiVirus Free.lnk 2024-08-20 19:41 - 2024-08-20 19:41 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\AVG 2024-08-20 19:40 - 2024-08-23 12:23 - 000000000 ____D C:\Program Files\Mozilla Firefox 2024-08-20 19:39 - 2024-08-21 05:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG 2024-08-20 19:39 - 2024-08-21 04:35 - 000000000 ____D C:\Program Files\Common Files\AVG 2024-08-20 19:38 - 2024-08-21 04:36 - 000000000 ____D C:\Program Files\AVG 2024-08-20 19:37 - 2024-08-30 22:39 - 000000000 ____D C:\ProgramData\AVG 2024-08-20 19:32 - 2024-08-21 05:36 - 000000000 ____D C:\Users\Tobia\AppData\Local\Avast Software 2024-08-20 19:29 - 2024-08-30 04:21 - 000000000 ____D C:\Users\Tobia\AppData\Local\Malwarebytes 2024-08-20 19:29 - 2024-08-20 19:29 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2024-08-20 19:29 - 2024-08-20 19:29 - 000002087 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2024-08-20 19:27 - 2024-08-20 19:27 - 000000000 ____D C:\WINDOWS\system32\o2 2024-08-20 19:27 - 2024-08-20 19:27 - 000000000 ____D C:\ProgramData\Malwarebytes 2024-08-20 19:27 - 2024-08-20 19:27 - 000000000 ____D C:\Program Files\Malwarebytes 2024-08-20 19:24 - 2024-08-21 05:36 - 000000000 ____D C:\ProgramData\Avast Software 2024-08-20 00:04 - 2024-08-20 00:04 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\NVIDIA 2024-08-19 22:55 - 2024-08-19 22:55 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\ChocoFiles 2024-08-19 22:55 - 2024-08-19 22:55 - 000000000 ____D C:\Users\Tobia\.oracle_jre_usage 2024-08-19 22:14 - 2024-08-19 22:14 - 000001453 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2024-08-19 22:09 - 2024-08-29 09:37 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-08-19 22:09 - 2024-08-29 09:37 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-08-19 22:09 - 2024-08-19 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2024-08-19 22:09 - 2024-06-11 22:19 - 002900520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2024-08-19 22:09 - 2024-06-11 22:19 - 002231336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2024-08-19 22:09 - 2024-06-11 22:18 - 001296936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll 2024-08-19 22:09 - 2024-06-11 21:50 - 000086568 _____ C:\WINDOWS\system32\FvSDK_x64.dll 2024-08-19 22:09 - 2024-06-11 21:50 - 000075304 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll 2024-08-19 22:08 - 2024-08-29 09:37 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-08-19 22:08 - 2024-08-29 09:37 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-08-19 22:08 - 2024-08-29 09:37 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-08-19 22:08 - 2024-08-29 09:37 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-08-19 22:08 - 2024-08-29 09:37 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-08-19 22:08 - 2024-08-29 09:37 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-08-19 22:08 - 2024-08-29 09:37 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-08-19 22:08 - 2024-08-19 22:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2024-08-19 22:08 - 2024-03-26 21:11 - 000180760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2024-08-19 22:08 - 2024-03-26 21:11 - 000159768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2024-08-19 21:59 - 2024-07-31 20:29 - 002040696 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2024-08-19 21:59 - 2024-07-31 20:29 - 002040696 _____ C:\WINDOWS\system32\vulkaninfo.exe 2024-08-19 21:59 - 2024-07-31 20:29 - 001583888 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2024-08-19 21:59 - 2024-07-31 20:29 - 001583888 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2024-08-19 21:59 - 2024-07-31 20:29 - 001446672 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2024-08-19 21:59 - 2024-07-31 20:29 - 001446672 _____ C:\WINDOWS\system32\vulkan-1.dll 2024-08-19 21:59 - 2024-07-31 20:29 - 001296760 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2024-08-19 21:59 - 2024-07-31 20:29 - 001296760 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2024-08-19 21:59 - 2024-07-31 20:29 - 000478360 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2024-08-19 21:59 - 2024-07-31 20:29 - 000374400 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2024-08-19 21:59 - 2024-07-31 20:26 - 001078920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll 2024-08-19 21:59 - 2024-07-31 20:26 - 000670360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll 2024-08-19 21:59 - 2024-07-31 20:26 - 000505480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll 2024-08-19 21:59 - 2024-07-31 20:25 - 002178712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2024-08-19 21:59 - 2024-07-31 20:25 - 001629848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2024-08-19 21:59 - 2024-07-31 20:25 - 001547304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2024-08-19 21:59 - 2024-07-31 20:25 - 001203248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2024-08-19 21:59 - 2024-07-31 20:25 - 001034800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2024-08-19 21:59 - 2024-07-31 20:25 - 000856704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe 2024-08-19 21:59 - 2024-07-31 20:25 - 000797336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2024-08-19 21:59 - 2024-07-31 20:24 - 016199816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2024-08-19 21:59 - 2024-07-31 20:24 - 014270088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2024-08-19 21:59 - 2024-07-31 20:24 - 006914600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2024-08-19 21:59 - 2024-07-31 20:24 - 005910680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2024-08-19 21:59 - 2024-07-31 20:24 - 005349416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll 2024-08-19 21:59 - 2024-07-31 20:24 - 003788416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2024-08-19 21:59 - 2024-07-31 20:24 - 000461872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe 2024-08-19 21:59 - 2024-07-31 20:23 - 007133544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2024-08-19 21:59 - 2024-07-31 20:23 - 006212184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2024-08-19 21:59 - 2024-07-31 20:23 - 000853656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe 2024-08-19 21:59 - 2024-07-31 00:10 - 000127237 _____ C:\WINDOWS\system32\nvinfo.pb 2024-08-19 21:58 - 2024-07-31 00:10 - 000121872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2024-08-19 21:58 - 2024-03-26 21:11 - 000059928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2024-08-19 21:58 - 2024-03-26 19:21 - 000060240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys 2024-08-19 21:55 - 2024-08-19 21:55 - 000000000 ____D C:\NVIDIA 2024-08-15 11:53 - 2024-08-15 11:53 - 000026169 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-08-15 11:52 - 2024-08-15 11:52 - 000026169 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2024-08-15 10:41 - 2024-08-15 10:39 - 000194263 _____ C:\Users\Tobia\Desktop\Angebot Plates-TaDo-24-0815-2-MON.pdf 2024-08-12 00:16 - 2024-08-12 00:16 - 000000000 ____D C:\Users\Tobia\AppData\Local\Adobe_Systems_Incorporate 2024-08-11 00:22 - 2024-08-11 00:22 - 000002551 _____ C:\Users\Tobia\Desktop\heartbeat.py 2024-08-11 00:21 - 2024-08-11 00:21 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Python 2024-08-11 00:21 - 2024-08-11 00:21 - 000000000 ____D C:\Users\Tobia\AppData\Local\pip 2024-08-11 00:18 - 2024-08-11 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.12 2024-08-11 00:18 - 2024-08-11 00:19 - 000000000 ____D C:\Program Files\Python312 2024-08-11 00:18 - 2024-08-11 00:18 - 000000000 ____D C:\Users\Tobia\AppData\Local\Package Cache 2024-08-07 23:57 - 2024-08-07 23:58 - 000000000 ____D C:\Users\Tobia\Desktop\Titan-Hack 2024-08-06 21:03 - 2024-08-06 21:03 - 000050968 _____ (Python Software Foundation) C:\WINDOWS\pyshellext.amd64.dll 2024-08-06 21:02 - 2024-08-06 21:02 - 000766232 _____ (Python Software Foundation) C:\WINDOWS\py.exe 2024-08-06 21:02 - 2024-08-06 21:02 - 000764696 _____ (Python Software Foundation) C:\WINDOWS\pyw.exe 2024-08-05 00:59 - 2024-08-10 00:35 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Postman 2024-08-05 00:59 - 2024-08-08 13:40 - 000002193 _____ C:\Users\Tobia\Desktop\Postman.lnk 2024-08-05 00:59 - 2024-08-08 13:40 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman 2024-08-05 00:59 - 2024-08-08 13:40 - 000000000 ____D C:\Users\Tobia\AppData\Local\Postman 2024-08-05 00:59 - 2024-08-05 00:59 - 000000000 ____D C:\Users\Tobia\Postman 2024-08-04 20:39 - 2024-08-04 20:39 - 000383622 _____ C:\Users\Tobia\Desktop\signal-2024-08-04-203938.jpeg 2024-08-04 17:54 - 2024-08-30 22:39 - 000000000 ____D C:\Users\Tobia\AppData\Local\KeePassXC 2024-08-04 17:54 - 2024-08-04 20:22 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\KeePassXC 2024-08-04 17:54 - 2024-08-04 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePassXC 2024-08-04 17:54 - 2024-08-04 17:54 - 000000000 ____D C:\Program Files\KeePassXC 2024-08-04 16:50 - 2024-08-04 16:50 - 000393989 _____ C:\Users\Tobia\Desktop\signal-2024-08-04-164109_002.jpeg 2024-08-04 16:48 - 2024-08-04 16:48 - 000394020 _____ C:\Users\Tobia\Desktop\signal-2024-08-04-164115_002.jpeg 2024-08-02 19:25 - 2024-08-02 19:25 - 000002559 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (Preview).lnk ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2024-08-30 22:50 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-08-30 22:44 - 2022-12-09 23:14 - 001754660 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-08-30 22:44 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF 2024-08-30 22:43 - 2022-09-12 08:20 - 000000000 ____D C:\ProgramData\NVIDIA 2024-08-30 22:39 - 2024-06-17 15:16 - 000000000 ___RD C:\Users\Tobia\iCloudDrive 2024-08-30 22:39 - 2022-12-09 23:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-08-30 22:39 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-08-30 22:39 - 2021-01-22 20:37 - 000000000 ____D C:\Users\Tobia\AppData\Local\Oculus 2024-08-30 22:39 - 2020-10-10 02:52 - 000012288 ___SH C:\DumpStack.log.tmp 2024-08-30 06:54 - 2022-05-07 07:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2024-08-30 06:52 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-08-30 06:52 - 2020-10-09 20:59 - 000000000 ___RD C:\Users\Tobia\OneDrive 2024-08-30 06:51 - 2022-12-09 23:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-08-30 06:51 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState 2024-08-30 06:51 - 2021-09-13 07:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2024-08-30 04:30 - 2020-10-09 21:38 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\KeePass 2024-08-30 03:47 - 2022-12-09 23:14 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2024-08-30 03:47 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps 2024-08-30 03:46 - 2022-12-09 23:14 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1043077042-1772205530-4003700469-1002 2024-08-30 03:46 - 2022-12-09 23:14 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1043077042-1772205530-4003700469-1001 2024-08-30 03:46 - 2021-05-08 15:52 - 000002154 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-08-30 00:59 - 2022-02-11 10:19 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-08-30 00:41 - 2020-10-17 13:38 - 000000000 ____D C:\Program Files\Synergy 2024-08-30 00:39 - 2024-02-26 23:02 - 000003582 _____ C:\WINDOWS\system32\Tasks\Launch Adobe CCXProcess 2024-08-29 21:33 - 2022-09-12 08:20 - 000000000 ____D C:\Users\Tobia\AppData\Local\D3DSCache 2024-08-29 21:25 - 2021-02-16 07:57 - 000000951 _____ C:\WINDOWS\Tasks\EPSON ET-2710 Series Update {839738F7-C25E-40AF-AA81-9F64548D832E}.job 2024-08-29 09:38 - 2020-10-17 16:04 - 000000000 ____D C:\Program Files (x86)\Steam 2024-08-29 09:37 - 2024-07-15 23:46 - 000002282 _____ C:\WINDOWS\system32\Tasks\iSCSIAgentAutoStartup 2024-08-29 09:37 - 2024-06-29 13:37 - 000002160 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog 2024-08-29 09:37 - 2024-06-22 21:35 - 000002216 _____ C:\WINDOWS\system32\Tasks\NDI Autorun 2024-08-29 09:37 - 2022-12-09 23:14 - 000003684 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-08-29 09:37 - 2022-12-09 23:14 - 000003504 _____ C:\WINDOWS\system32\Tasks\EPSON ET-2710 Series Update {839738F7-C25E-40AF-AA81-9F64548D832E} 2024-08-29 09:37 - 2022-12-09 23:14 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2024-08-29 09:37 - 2022-12-09 23:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-08-29 09:37 - 2022-12-09 23:14 - 000003070 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1043077042-1772205530-4003700469-1038 2024-08-29 09:37 - 2022-12-09 23:14 - 000003070 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1043077042-1772205530-4003700469-1020 2024-08-29 09:37 - 2022-12-09 23:14 - 000002596 _____ C:\WINDOWS\system32\Tasks\GraphicsCardEngine 2024-08-29 09:37 - 2022-12-09 23:14 - 000002502 _____ C:\WINDOWS\system32\Tasks\SIV-VGA 2024-08-29 09:37 - 2022-12-09 23:14 - 000002496 _____ C:\WINDOWS\system32\Tasks\SIV 2024-08-29 09:37 - 2022-12-09 23:14 - 000002404 _____ C:\WINDOWS\system32\Tasks\ThunderMaster 2024-08-29 08:51 - 2024-06-26 20:01 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\EasyAntiCheat 2024-08-28 22:32 - 2024-02-15 11:10 - 000002090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk 2024-08-28 22:32 - 2024-02-15 11:10 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-08-28 22:18 - 2020-10-09 20:57 - 000000000 ____D C:\Users\Tobia\AppData\Local\Packages 2024-08-28 22:18 - 2020-10-09 20:57 - 000000000 ____D C:\ProgramData\Packages 2024-08-27 19:58 - 2020-11-18 21:03 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Mumble 2024-08-26 23:00 - 2020-10-23 14:20 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\vlc 2024-08-26 22:57 - 2020-11-12 08:10 - 000000000 ____D C:\Users\Tobia\insta360 2024-08-26 20:45 - 2021-02-13 09:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2024-08-26 20:05 - 2020-10-09 23:46 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Excel 2024-08-26 10:42 - 2024-06-08 08:00 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\TeraCopy 2024-08-26 01:40 - 2021-03-06 15:45 - 000000000 ____D C:\vol0 2024-08-25 23:45 - 2020-11-03 21:46 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Signal 2024-08-24 21:52 - 2020-11-08 00:10 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-08-24 02:09 - 2020-11-15 00:28 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\HandBrake 2024-08-23 22:51 - 2024-07-28 21:56 - 000000000 ____D C:\Program Files\Insta360 Studio 2024-08-23 14:47 - 2020-10-09 22:56 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Word 2024-08-23 12:23 - 2020-10-11 11:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2024-08-23 02:03 - 2020-10-11 11:36 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2024-08-22 06:50 - 2021-10-03 19:32 - 000000000 ___HD C:\adobeTemp 2024-08-22 06:50 - 2020-10-09 22:26 - 000000000 ____D C:\Program Files\Common Files\Adobe 2024-08-21 05:36 - 2022-05-07 07:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2024-08-20 19:49 - 2020-12-18 03:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2024-08-20 19:49 - 2020-12-18 03:53 - 000000000 ____D C:\Program Files\7-Zip 2024-08-20 12:25 - 2022-09-12 08:21 - 000000000 ____D C:\Users\Tobia\AppData\Local\NVIDIA Corporation 2024-08-20 00:04 - 2022-09-12 08:20 - 000000000 ____D C:\Users\Tobia\AppData\Local\NVIDIA 2024-08-19 22:55 - 2022-12-09 23:07 - 000000000 ____D C:\Users\Tobia 2024-08-19 22:21 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-08-19 22:14 - 2022-09-12 08:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2024-08-19 22:09 - 2022-09-12 08:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2024-08-19 22:09 - 2022-09-12 08:19 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2024-08-19 22:08 - 2022-03-25 21:35 - 000000000 ____D C:\Users\Tobia\AppData\LocalLow\NVIDIA 2024-08-19 22:02 - 2020-10-09 22:15 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-08-19 22:01 - 2020-10-09 22:15 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-08-19 21:47 - 2020-10-09 20:56 - 000000000 ___SD C:\Users\Tobia\AppData\Roaming\Microsoft\Credentials 2024-08-15 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate 2024-08-15 21:20 - 2024-06-20 14:40 - 000526944 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-08-15 11:56 - 2023-10-12 22:56 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView 2024-08-15 11:56 - 2022-12-09 22:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB 2024-08-15 11:56 - 2022-05-07 12:39 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents 2024-08-15 11:56 - 2022-05-07 12:39 - 000000000 ___SD C:\WINDOWS\system32\AppV 2024-08-15 11:56 - 2022-05-07 12:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\system32\lxss 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\WUModels 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemApps 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\appraiser 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellComponents 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\Provisioning 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2024-08-15 11:56 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-08-15 11:55 - 2022-05-07 07:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2024-08-15 11:55 - 2022-05-07 07:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2024-08-12 00:16 - 2020-10-09 22:26 - 000000000 ____D C:\Program Files (x86)\Adobe 2024-08-11 00:22 - 2020-10-17 13:50 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Code 2024-08-11 00:18 - 2020-10-09 22:26 - 000000000 ____D C:\ProgramData\Package Cache 2024-08-08 09:31 - 2020-10-10 02:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2024-08-05 00:59 - 2020-11-15 19:09 - 000000000 ____D C:\Users\Tobia\AppData\Local\SquirrelTemp 2024-08-04 20:08 - 2020-12-21 11:26 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Publisher Building Blocks 2024-08-04 20:08 - 2020-12-21 11:26 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Publisher 2024-08-04 17:37 - 2020-10-09 22:26 - 000000000 ____D C:\Program Files\Adobe 2024-08-04 16:40 - 2021-03-07 13:50 - 000000000 ____D C:\Users\Tobia\AppData\Local\CrashDumps 2024-08-01 19:39 - 2022-10-20 08:46 - 000108024 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe 2024-08-01 19:39 - 2022-10-20 08:46 - 000075368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe 2024-08-01 19:39 - 2020-12-22 12:47 - 002799096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll 2024-08-01 19:38 - 2024-02-17 21:58 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy_4.dll 2024-08-01 19:38 - 2021-11-23 09:40 - 000206440 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll 2024-08-01 19:38 - 2020-12-22 12:47 - 000755304 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll 2024-08-01 19:38 - 2020-12-22 12:47 - 000222712 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll 2024-08-01 19:38 - 2020-12-22 12:47 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll 2024-08-01 01:06 - 2023-08-22 20:49 - 000000000 ____D C:\Users\Tobia\Desktop\Zwi ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2021-01-24 16:43 - 2021-01-24 16:43 - 000000000 _____ () C:\Users\Tobia\AppData\Roaming\Exif Fixer Prefs.txt 2024-06-23 20:25 - 2024-06-29 12:59 - 000091500 _____ () C:\Users\Tobia\AppData\Roaming\last.vmix 2021-02-07 13:59 - 2021-04-05 17:23 - 000000016 _____ () C:\Users\Tobia\AppData\Roaming\obs-virtualcam.txt 2021-08-06 11:41 - 2022-07-05 15:47 - 000000128 _____ () C:\Users\Tobia\AppData\Roaming\PUTTY.RND 2021-03-05 16:16 - 2024-03-13 00:31 - 000001456 _____ () C:\Users\Tobia\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2022-03-16 20:18 - 2022-03-16 20:19 - 000000461 _____ () C:\Users\Tobia\AppData\Local\HydraPlayer.settings 2020-10-09 22:51 - 2022-07-03 16:52 - 000000205 _____ () C:\Users\Tobia\AppData\Local\oobelibMkey.log 2021-08-06 11:35 - 2024-07-04 12:24 - 000000128 _____ () C:\Users\Tobia\AppData\Local\PUTTY.RND 2021-02-12 13:23 - 2021-02-12 13:23 - 000000734 _____ () C:\Users\Tobia\AppData\Local\recently-used.xbel 2021-01-15 17:47 - 2023-09-05 21:01 - 000245677 _____ () C:\Users\Tobia\AppData\Local\thetaStitching.log 2024-07-28 21:58 - 2024-08-07 00:40 - 000009596 _____ () C:\Users\Tobia\AppData\Local\thumbnail.log ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== |
30.08.2024, 22:24 | #3 |
| Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? Addition.txt
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-08.2024 durchgeführt von Tobia (30-08-2024 22:52:33) Gestartet von G:\ Microsoft Windows 11 Pro Version 23H2 22631.4037 (X64) (2022-12-10 10:27:13) Start-Modus: Normal ========================================================== ==================== Konten: ============================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) Administrator (S-1-5-21-1043077042-1772205530-4003700469-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1043077042-1772205530-4003700469-503 - Limited - Disabled) Gast (S-1-5-21-1043077042-1772205530-4003700469-501 - Limited - Disabled) susan (S-1-5-21-1043077042-1772205530-4003700469-1002 - Limited - Enabled) => C:\Users\susan Tobia (S-1-5-21-1043077042-1772205530-4003700469-1001 - Administrator - Enabled) => C:\Users\Tobia WDAGUtilityAccount (S-1-5-21-1043077042-1772205530-4003700469-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Disabled - Out of date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) @BIOS (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.22.0718.1 - GIGABYTE) Hidden @BIOS (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.22.0718.1 - GIGABYTE) 3DVista Virtual Tour (remove only) (HKLM-x32\...\3DVista Virtual Tour) (Version: - ) 3DVista Virtual Tour Suite (remove only) (HKLM-x32\...\3DVista Virtual Tour Suite) (Version: - ) 4K Video Downloader (HKLM\...\{769270BA-5E6B-4C40-A145-FD2D8826D16E}) (Version: 4.29.0.5640 - Open Media LLC) Hidden 4K Video Downloader (HKLM-x32\...\{99b22083-4f83-44d9-9706-1cf752e2c5e9}) (Version: 4.18.3.4530 - Open Media LLC) 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) 7-Zip 24.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2404-000001000000}) (Version: 24.04.00.0 - Igor Pavlov) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 24.003.20054 - Adobe) Adobe After Effects 2024 (HKLM-x32\...\AEFT_24_5) (Version: 24.5 - Adobe Inc.) Adobe Audition 2024 (HKLM-x32\...\AUDT_24_4_1) (Version: 24.4.1 - Adobe Inc.) Adobe Bridge 2024 (HKLM-x32\...\KBRG_14_0_4) (Version: 14.0.4 - Adobe Inc.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.3.0.207 - Adobe Inc.) Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.12 - Adobe Systems Incorporated) Adobe Dreamweaver 2021 (HKLM-x32\...\DRWV_21_4) (Version: 21.4 - Adobe Inc.) Adobe Lightroom Classic (HKLM-x32\...\LTRM_13_3_1) (Version: 13.3.1 - Adobe Inc.) Adobe Media Encoder 2024 (HKLM-x32\...\AME_24_4_1) (Version: 24.4.1 - Adobe Inc.) Adobe Photoshop 2024 (HKLM-x32\...\PHSP_25_7) (Version: 25.7.0.504 - Adobe Inc.) Adobe Premiere Pro 2024 (HKLM-x32\...\PPRO_24_4_1) (Version: 24.4.1 - Adobe Inc.) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601042}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.11.02.217 - Advanced Micro Devices, Inc.) AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.25.0.0 - Advanced Micro Devices, Inc.) Hidden AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD_Chipset_Drivers (HKLM-x32\...\{e71cddfd-8f71-4905-aa60-1a6b9b7d1630}) (Version: 5.11.02.217 - Advanced Micro Devices, Inc.) Hidden APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.22.0922.1 - Gigabyte) Hidden APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.22.0922.1 - Gigabyte) ARRIReferenceTool (HKLM\...\{F372BF92-EBAF-4B5E-916B-670FBB06B9D4}) (Version: 1.5.0 - ARRI) Hidden ARRIReferenceTool (HKLM-x32\...\{928701c9-11f1-4094-a40b-064f1e3e247c}) (Version: 1.5.0 - ARRI) Ashampoo WinOptimizer 25 (HKLM-x32\...\{4209F371-7957-9B1F-6D71-CCAD9BB60E95}_is1) (Version: 25.00.18 - Ashampoo GmbH & Co. KG) ASUS XG-C100C 10G Adapter Driver Version 5.0.3.3 (HKLM-x32\...\{F73D1A61-01DF-4D32-9581-5663C6FB3232}_is1) (Version: 5.0.3.3 - ASUSTek Company, Inc.) Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team) Aurora HDR (HKLM\...\Aurora HDR) (Version: 1.0.0.2550 - Skylum) AusweisApp2 (HKLM-x32\...\{C04EA002-0878-4DBA-810E-8FE84CE35CB5}) (Version: 1.22.2 - Governikus GmbH & Co. KG) AVG AntiVirus Free (HKLM\...\AVG Antivirus) (Version: 24.7.9311.1966 - Gen Digital Inc.) Aximmetry SE (HKLM\...\{7C999CC2-F5DA-44EC-B02E-FE48EE41B12F}) (Version: 2022.1.0 - Aximmetry Technologies) balenaEtcher 1.7.9 (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.7.9 - Balena Inc.) Bitrate Viewer 2.3 (HKLM-x32\...\Bitrate Viewer) (Version: 2.3 - EDV & Astro Service) Blackmagic RAW Common Components (HKLM\...\{EA2A465C-C315-4C71-B3C2-87589F000DFE}) (Version: 2.6 - Blackmagic Design) Canon SELPHY CP910 (HKLM\...\Canon SELPHY CP910) (Version: 5.1.0.1 - Canon INC.) DaVinci Resolve (HKLM\...\{E56FC931-BF85-4685-9E36-211C977209DC}) (Version: 19.0.00020 - Blackmagic Design) DaVinci Resolve Renderer (HKLM\...\{9A56D315-A4C8-43AA-A368-03FC619A9870}) (Version: 19.0.00020 - Blackmagic Design) Discord (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) DownloadTool_ObsidianPro version 1.1.16 (HKLM-x32\...\{C3DCB527-29DB-43D2-A942-BF968E9A7FED}_is1) (Version: 1.1.16 - Kandao Technology Co. Ltd) DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.5.2 - Dev47apps) EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.22.0826 - GIGABYTE) Hidden EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.22.0826 - GIGABYTE) EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.22.0822 - GIGABYTE) Hidden EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.22.0822 - GIGABYTE) EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.3.3.100 - EasternGraphics) ENE RGB HAL (HKLM\...\{8DA1B230-D82E-4A24-9237-363E2E1E2695}) (Version: 1.0.21.0 - Ene Tech.) Hidden ENE RGB HAL (HKLM-x32\...\{bb670f8d-3d66-4f36-8e60-02b71bb0a4e9}) (Version: 1.0.21.0 - Ene Tech.) Hidden ENE_AIC_Marvell_HAL (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden ENE_AIC_Marvell_HAL (HKLM-x32\...\{887e18fb-6bc3-4cd4-b34e-32d9ff71bbae}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.3.44 - Ene Tech.) Hidden ENE_DRAM_RGB_AIO (HKLM-x32\...\{deca4146-7b38-4743-854b-105eddb7331b}) (Version: 1.0.3.44 - Ene Tech.) Hidden ENE_DRAM_RGB_AURA42 (HKLM\...\{BC5E0A82-C638-44CB-8129-20C8ED70DE7A}) (Version: 1.00.02 - Ene Tech.) Hidden ENE_DRAM_RGB_AURA42 (HKLM-x32\...\{f3d7fb09-b93f-4c01-a765-0b0adc5bc746}) (Version: 1.00.02 - Ene Tech.) Hidden ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.13 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\...\{e82fcc79-4f73-46e7-859e-08fd9586ed61}) (Version: 1.0.9.13 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM-x32\...\{bf256b46-8ff7-48be-ab7f-5661e9a0651f}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden ENE_X_AIC_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden ENE_X_AIC_HAL (HKLM-x32\...\{ec10ac91-2e61-460a-b493-33f794a07682}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.8.0 - ENE Tech) Hidden ENE_X-JMI_HAL (HKLM-x32\...\{7eeee667-b295-4acd-9a4e-1160421db765}) (Version: 1.0.8.0 - ENE Tech) Hidden Epic Games Launcher (HKLM-x32\...\{2A27CA16-E158-4B0A-A502-3E6364B1F03E}) (Version: 1.2.17.0 - Epic Games, Inc.) Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.) EPSON ET-2710 Series Printer Uninstall (HKLM\...\EPSON ET-2710 Series) (Version: - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{DBC38C08-9FB5-43A5-B6BA-EB10AC7DA570}) (Version: 3.11.0053 - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation) Epson ScanSmart (HKLM-x32\...\{BF35B9D9-C4A1-40DD-B13C-46F35BD35282}) (Version: 3.5.2 - Seiko Epson Corporation) EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.15 - Blackmagic Design) FastCopy (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\FastCopy) (Version: 5.7.12 - H.Shirouzu & FastCopy Lab, LLC.) FB360 Spatial Workstation VST version 3.3.3 (HKLM\...\FB360 Spatial Workstation VST_is1) (Version: 3.3.3 - ) FileZilla 3.62.2 (HKLM-x32\...\FileZilla Client) (Version: 3.62.2 - Tim Kosse) Flicker Free (HKLM\...\Flicker Free AE) (Version: 1.1.6 - Digital Anarchy, Inc.) GPAC (remove only) (HKLM-x32\...\GPAC) (Version: - ) gs_x64 (HKLM\...\{86395DC4-1E85-4F88-840B-A686F0C51B03}) (Version: 9.18.1 - MAY Computer) Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) HandBrake 1.7.3 (HKLM-x32\...\HandBrake) (Version: 1.7.3 - ) honestech VHS to DVD 10.0 Deluxe (HKLM-x32\...\{D6D460D4-18F2-4FB0-87CE-7132297CD03D}) (Version: 10.0 - honestech) honestech VHS to DVD 3.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech) HWiNFO64 Version 6.32 (HKLM\...\HWiNFO64_is1) (Version: 6.32 - Martin Malik - REALiX) iCloud Outlook (HKLM\...\{F4523358-0218-44DA-8A86-7C40FAF2262B}) (Version: 15.0.0.215 - Apple Inc.) Insta360 Studio Version 5.2.4 (HKLM\...\{78E34D33-E6EF-442B-A808-2351211989E2}}_is1) (Version: 5.2.4 - Arashi Vision Inc.) Insta360Stitcher version 4.0.0 (HKLM-x32\...\{5B478A24-A3CE-4EFE-AAC8-846F4B4AF554}}_is1) (Version: 4.0.0 - Arashi Vision .Ltd) Insta360Titan version 1.1.0 (HKLM-x32\...\{33C65283-EF6E-46E0-A6C3-C56FD31F2382}}_is1) (Version: 1.1.0 - Arashi Vision .Ltd) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) IrfanView 4.60 (64-bit) (HKLM\...\IrfanView64) (Version: 4.60 - Irfan Skiljan) KandaoLiveV2 2.0.0.0 (HKLM-x32\...\KandaoLiveV2) (Version: 2.0.0.0 - Kandao Technology Co. Ltd) KandaoStream 1.3.0.19 (HKLM-x32\...\KandaoStream) (Version: 1.3.0.19 - Kandao Technology Co. Ltd) KandaoStudioV4 4.0.0.25 (HKLM-x32\...\KandaoStudioV4) (Version: 4.0.0.25 - Kandao Technology Co. Ltd) KeePass Password Safe 2.46 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.46 - Dominik Reichl) KeePassXC (HKLM\...\{4D0AFBD7-7864-4FF3-A481-513DEBFAB175}) (Version: 2.7.9 - KeePassXC Team) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2024.4.572095 - Logitech) Luminar AI (HKLM\...\Luminar AI) (Version: 1.5.5.10909 - Skylum) Malwarebytes version 5.1.8.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.8.123 - Malwarebytes) Microsoft .NET Host - 6.0.29 (x64) (HKLM\...\{E7C485FB-3329-43E3-965B-3DE4B863E1D9}) (Version: 48.116.12053 - Microsoft Corporation) Hidden Microsoft .NET Host - 7.0.20 (x64) (HKLM\...\{EE5EB03B-D65C-4991-848E-2C6E024326DB}) (Version: 56.80.15184 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.29 (x64) (HKLM\...\{724B2734-4B1A-46E2-9333-6D3B83351D02}) (Version: 48.116.12053 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 7.0.20 (x64) (HKLM\...\{B0FC828F-678C-4868-9B5B-99639758E6F3}) (Version: 56.80.15184 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 7.0.5 (x64) (HKLM\...\{B6F2958F-0F6F-4CCD-867F-80EC5C333B79}) (Version: 56.23.58437 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.29 (x64) (HKLM\...\{014E0350-0B29-483B-9252-8780DEBA0856}) (Version: 48.116.12053 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 7.0.20 (x64) (HKLM\...\{221BB52A-B763-4C9D-AA62-4B0B6C9AAD62}) (Version: 56.80.15184 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 7.0.5 (x64) (HKLM\...\{793FCD19-00AC-4804-B569-782DF3B24A39}) (Version: 56.23.58437 - Microsoft Corporation) Hidden Microsoft 365 Apps for Business - de-de (HKLM\...\O365BusinessRetail - de-de) (Version: 16.0.17830.20166 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 128.0.2739.42 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 128.0.2739.42 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.161.0811.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1043077042-1772205530-4003700469-1002\...\Teams) (Version: 1.5.00.8070 - Microsoft Corporation) Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.19202 - Microsoft) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.91.1 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.29 (x64) (HKLM\...\{A0DA3EDD-9C41-491F-A77E-5F90AFDB64B2}) (Version: 48.116.12057 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.29 (x64) (HKLM-x32\...\{54679abd-8ed9-4bd3-8400-7684dd7c6f03}) (Version: 6.0.29.33521 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM\...\{72C29BED-666F-4E5E-BC49-DF44C890742E}) (Version: 56.80.15245 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM-x32\...\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}) (Version: 7.0.20.33720 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 7.0.5 (x64) (HKLM\...\{109506AF-BF9E-43E1-87F3-3141B9C3F6BA}) (Version: 56.23.58485 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 7.0.5 (x64) (HKLM-x32\...\{c7984cd8-d837-4988-a30d-8da7822bc716}) (Version: 7.0.5.32327 - Microsoft Corporation) Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg) Mistika VR (HKLM\...\Mistika VR) (Version: 10.10.0-20231213 - SGO) Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 129.0.2 (x64 de)) (Version: 129.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.12.0 - Mozilla) MPC-HC 1.9.17 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.9.17 - MPC-HC Team) Mumble (client) (HKLM\...\{8DA03EEA-8A36-4C17-A54F-4330781D461B}) (Version: 1.4.230 - Mumble VoIP) MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.3.6 - SEIKO EPSON CORPORATION) Hidden MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - Seiko Epson Corporation) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 2.0 - F.J. Wechselberger) NDI 6 Tools (HKLM\...\{35D49334-910D-4519-B971-C7B604214855}_is1) (Version: 6.0.1.0 - NDI) Neat Video v5.5.1 Pro plug-in for After Effects (64-bit) (HKLM\...\Neat Video v5 for After Effects_is1) (Version: - Neat Video team, ABSoft) NewTek SpeedHQ Video Codec (x64) (Remove Only) (HKLM\...\NewTek_SpeedHQ_Codec_x64) (Version: - ) NewTek SpeedHQ Video Codec (x86) (Remove Only) (HKLM-x32\...\NewTek_SpeedHQ_Codec) (Version: - ) Nmap 7.95 (HKLM-x32\...\Nmap) (Version: 7.95 - Nmap Project) Npcap (HKLM-x32\...\NpcapInst) (Version: 1.79 - Nmap Project) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.28.0.417 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.28.0.417 - NVIDIA Corporation) NVIDIA Grafiktreiber 560.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.81 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.4.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.0.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.1.2 - OBS Project) obs-websocket version 5.0.1 (HKLM-x32\...\{117EE44F-48E1-49E5-A381-CC8D9195CF35}_is1) (Version: 5.0.1 - OBS Project) Oculus (HKLM\...\Oculus) (Version: <3 - Facebook Technologies, LLC) ODM (HKLM\...\{806CF6D2-7626-4E47-B369-D5A62BCA9340}) (Version: 2.2.250 - Synesis) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17830.20166 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17830.20166 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17830.20166 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden Office-n-PDF 4 (HKLM-x32\...\{1040D17A-004D-496D-A34C-1B6D40EFE404}) (Version: 4.0.0.73 - JBSoftware) ON_OFF Charge 2 B19.1119.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.19.1119.1 - GIGABYTE) Hidden ON_OFF Charge 2 B19.1119.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.19.1119.1 - GIGABYTE) Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.1 - Patriot Memory) Hidden Patriot Viper M2 SSD RGB (HKLM-x32\...\{07236f40-ec25-4646-8cb6-b6aaf1597324}) (Version: 1.1.0.1 - Patriot Memory) Hidden PDF24 Creator 11.10.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.10.2 - PDF24.org) Postman x86_64 11.7.0 (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Postman) (Version: 11.7.0 - Postman) PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 240618 - Kakao Corp.) PuTTY release 0.81 (64-bit) (HKLM\...\{DDC95F26-92B1-4546-9678-5DC68DF76BA0}) (Version: 0.81.0.0 - Simon Tatham) Python 2.7 (64-bit) (HKLM\...\{20c31435-2a0a-4580-be8b-ac06fc243ca5}) (Version: 2.7.150 - Python Software Foundation) Python 3.12.5 (64-bit) (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\{65f0caff-14d5-41c8-bfcc-cf071c618bc3}) (Version: 3.12.5150.0 - Python Software Foundation) Python 3.12.5 Add to Path (64-bit) (HKLM\...\{297F0F40-8782-45A0-A4A1-7A27E5629000}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Core Interpreter (64-bit symbols) (HKLM\...\{D625FDB4-D5EA-45C7-BFB6-6B732AEA99EB}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Core Interpreter (64-bit) (HKLM\...\{B2ACF787-C0C6-4049-B5E0-728FDE281A0C}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Development Libraries (64-bit) (HKLM\...\{A576F2EB-97DB-4B01-9422-B8E1FA15B92B}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Documentation (64-bit) (HKLM\...\{3E498CAA-A927-434A-9A52-1C0BAB891020}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Executables (64-bit symbols) (HKLM\...\{2DEB3E6E-4572-4A03-8A36-7C498E983D02}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Executables (64-bit) (HKLM\...\{49C6B471-DE43-4ECA-B4F2-2CE5D7BF8F6D}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 pip Bootstrap (64-bit) (HKLM\...\{C43FD2AD-079B-409F-ADE9-FD287B1F79F0}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Standard Library (64-bit symbols) (HKLM\...\{9DD6BE85-B712-4FCB-ACA9-7427C58CFC6B}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Standard Library (64-bit) (HKLM\...\{0DC6C3A0-5CF6-46F6-B639-80DA74882478}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Tcl/Tk Support (64-bit symbols) (HKLM\...\{A65D9FFE-640A-47CE-90FB-392910151A72}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Tcl/Tk Support (64-bit) (HKLM\...\{C3052A24-45DB-4723-AD99-9025FC199975}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Test Suite (64-bit symbols) (HKLM\...\{5F2AB75C-660C-4AA0-B6FB-EBEA36B2114E}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python 3.12.5 Test Suite (64-bit) (HKLM\...\{C0BCA7FE-EABE-4740-B19D-FAF0C1DFF90C}) (Version: 3.12.5150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{F88968D7-7934-415F-910A-4C35E6528C6C}) (Version: 3.12.5150.0 - Python Software Foundation) QNAP Qfinder Pro (HKLM-x32\...\QNAP_FINDER) (Version: 7.11.0.0529 - QNAP Systems, Inc.) REAPER (x64) (HKLM\...\REAPER) (Version: - ) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) REDlauncher (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - CD Projekt RED) ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 7.5.0.0 - den4b Team) RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.22.0525.1 - Gigabyte) RICOH THETA 3.15.4 (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\de8e8266-71dc-5eb1-ade9-67b81e6aa729) (Version: 3.15.4 - Ricoh Company, Ltd.) RICOH THETA Stitcher Version 3.00.0 (HKLM\...\{41CA16E2-6ECB-4849-BDF9-2CC6BF6D8632}_is1) (Version: 3.00.0 - Ricoh Company Ltd) RX 9 Audio Editor Advanced (HKLM\...\RX 9 Audio Editor) (Version: 9.0.1 - iZotope, Inc.) RX 9 Breath Control (HKLM\...\RX 9 Breath Control) (Version: 9.0.1 - iZotope, Inc.) SideQuest 0.10.27 (HKLM\...\4924ec51-3e48-5cb7-b145-2119467094c7) (Version: 0.10.27 - Shane Harris) Signal 7.21.0 (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 7.21.0 - Signal Messenger, LLC) sipgate Faxdrucker (HKLM\...\{42325BC7-3589-4AC1-B500-EC576D6109D3}) (Version: 3.24.0 - sipgate GmbH) SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.22.0826 - GIGABYTE) Hidden SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.22.0826 - GIGABYTE) Skiller SGK30 (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\Skiller SGK30) (Version: 0.1.0.9 - Sharkoon Technologies) SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group) Splashtop Business (HKLM-x32\...\{6A4CA92E-2579-4C4D-9C8B-44735449C64E}) (Version: 3.4.2.0 - Splashtop Inc.) Splashtop Personal (HKLM-x32\...\{938E02B6-2E1F-4A4B-BE20-21F51924A5EB}) (Version: 3.6.600.0 - Splashtop Inc.) Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.23 - Splashtop Inc.) Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.7.0.1 - Splashtop Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SteuerRatgeber 2021-2022 (HKLM-x32\...\{03F5B20E-69BB-426F-B873-6549E6F80C60}) (Version: 27.22.04.14 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerRatgeber 2022-2023 (HKLM-x32\...\{9886EDBE-795A-447E-AD30-99DCC50F69A1}) (Version: 28.22.10.21 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerSparErklärung 2022 (HKLM-x32\...\{7FED71CC-993E-42A4-A2C7-798D4416A192}) (Version: 27.30.74 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) SteuerSparErklärung 2023 (HKLM-x32\...\{3DC8F379-3D6D-4424-8AC9-9D5477CBC41F}) (Version: 28.33.71 - Akademische Arbeitsgemeinschaft Verlagsgesellschaft mbH) Street View Download 360 4.0.3 (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\8cf05631-c050-5027-8eaf-0b240a587908) (Version: 4.0.3 - Thomas Orlita) Synergy (64-bit) (HKLM\...\{AFC0B660-3BC8-492B-A17C-338DBF633EFA}) (Version: 1.8.8 - Symless Ltd) TeraCopy (HKLM\...\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}) (Version: 3.17 - Code Sector) Thunder Master v4.11 (HKLM\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 4.11.0.3 - Palit Microsystems Ltd.) Topaz Gigapixel AI (HKLM\...\Topaz Gigapixel AI 5.2.0) (Version: 5.5.2 - Topaz Labs LLC) Topaz Video Enhance AI (HKLM\...\Topaz Video Enhance AI 2.6.4) (Version: 2.6.4 - Topaz Labs LLC) TreeSize Free V4.6.2 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.6.2 - JAM Software) UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation) UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.) VCD01 USB AV Capture (HKLM\...\VID_0572&PID_8B30&MI_01) (Version: 7.0.127.18 - Conexant Systems, Inc.) Virtual Desktop Service (HKLM\...\{91143D8B-ADF5-4512-AD83-2C7DF5A9DF41}) (Version: 1.18.37 - Virtual Desktop, Inc.) Virtual Desktop Streamer (HKLM\...\{8DEBDF08-C3CE-4551-B3C8-008623C020E7}) (Version: 1.29.0 - Virtual Desktop, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN) vMix (HKLM-x32\...\{93D664E9-E81E-4277-9E90-6CDABAC7208F}_is1) (Version: - StudioCoast) vMix Social (HKLM-x32\...\{1A0C8557-EB4A-4DD1-B4F9-A974ADEFE05F}_is1) (Version: - StudioCoast Pty Ltd) vMix Video Codec version 3.1 (HKLM-x32\...\{9C262A06-E609-41AF-93C2-EAAE331F25B8}_is1) (Version: 3.1 - StudioCoast Pty Ltd) Vordio (HKLM\...\{9B3B1CC0-8C5F-4347-9A59-F49408ADFD8B}) (Version: 5.5.4 - John Baker) Voukoder 13.4.1 (HKLM\...\{7C45BCCC-D149-4D51-966E-E720C3CA8613}) (Version: 13.4.1.0 - Daniel Stankewitz) WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden WebM for Premiere (HKLM\...\{B89B471B-5309-40E3-8E83-EB60C4A54269}) (Version: 1.1.2 - fnord) Wireshark 4.2.5 x64 (HKLM-x32\...\Wireshark) (Version: 4.2.5 - The Wireshark developer community, hxxps://www.wireshark.org) Wise Auto Shutdown 2.0.2 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 2.0.2 - WiseCleaner.com, Inc.) WISO EÜR+Kasse 2021 (HKLM-x32\...\{06FC0205-0F50-40B9-93A3-FD5197E8FAA8}) (Version: 28.02.1946 - Buhl Data Service GmbH) WISO EÜR+Kasse 2022 (HKLM-x32\...\{E6D7FE1F-EA01-49F3-8454-AB80264C32D7}) (Version: 29.01.2480 - Buhl Data Service GmbH) WISO EÜR+Kasse 2023 (HKLM-x32\...\{B865CD06-A706-4EC9-AC0C-EE0582A698AB}) (Version: 30.08.3660 - Buhl Data Service GmbH) WISO EÜR+Kasse 2024 (HKLM-x32\...\{13DD88B4-8151-4528-8980-A84F6B7CF487}) (Version: 31.04.3590 - Buhl Data Service GmbH) Wraith Prism Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_COOLER_MASTER_SR4) (Version: 1.18 - AMD Wraith) Zoom (HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\ZoomUMX) (Version: 5.17.7 (31859) - Zoom Video Communications, Inc.) Zoom (HKU\S-1-5-21-1043077042-1772205530-4003700469-1002\...\ZoomUMX) (Version: 5.3.2 (53291.1011) - Zoom Video Communications, Inc.) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-02-15] (Adobe Systems Incorporated) Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2024-08-28] () Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc [2024-05-29] (Adobe Systems Incorporated) Affinity Photo -> C:\Program Files\WindowsApps\SerifEuropeLtd.AffinityPhoto_11006.1665.0.0_x64__844sdzfcmm7k0 [2022-12-03] (Serif Europe Ltd) AppleInc.iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_15.2.157.0_x64__nzyj5cx40ttqa [2024-08-10] (Apple Inc.) [Startup Task] Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-03-16] (Microsoft Corporation) Google Chat -> C:\Program Files\WindowsApps\mail.google.com-8E394CDE_1.0.0.1_neutral__vq8mrer2vmnwe [2024-08-30] (mail.google.com) Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-17] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-10-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-10-11] (Microsoft Corporation) [MS Ad] Microsoft Teams -> C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe [2024-08-14] (Microsoft) [Startup Task] Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-06-07] (Microsoft Corporation) Microsoft.HEVCVideoExtensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.1.1804.0_x64__8wekyb3d8bbwe [2024-07-20] (Microsoft Corporation) Microsoft.MicrosoftPCManager -> C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.12.5.0_x64__8wekyb3d8bbwe [2024-08-07] (Microsoft Corporation) [Startup Task] Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-31] (Microsoft Corporation) Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.144.0_x64__8wekyb3d8bbwe [2024-08-28] (Microsoft Corporation) [Startup Task] MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24081.51.0_x64__cw5n1h2txyewy [2024-08-22] (Microsoft Windows) [Startup Task] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-08-19] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.20.238.0_x64__dt26b99r8h8gj [2023-09-13] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0 [2024-08-28] (Spotify AB) [Startup Task] TreeSize Free (Outdated) -> C:\Program Files\WindowsApps\JAMSoftware.TreeSizeFree_5.0.0.0_x86__37s2tpab2h9zg [2022-11-23] (JAM Software) WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2433.3.0_x64__cv1g1gvanyjgm [2024-08-28] (WhatsApp Inc.) [Startup Task] WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.214.1843.0_x64__8wekyb3d8bbwe [2024-08-19] (Microsoft Corp.) WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.214.1843.0_x64__8wekyb3d8bbwe [2024-08-19] (Microsoft Corp.) Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.DesktopSpotlight_cw5n1h2txyewy [2024-08-15] (Microsoft Windows) Windows HDR Calibration -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsHDRCalibration_1.0.152.0_x64__8wekyb3d8bbwe [2024-03-30] (Microsoft Corp.) Windows-Fotoanzeige -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-08-02] (Microsoft Corporation) [Startup Task] ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{04271989-C4D2-88D3-D54A-5E47A9DE5255} -> [OneDrive - ACTION CONCEPT GmbH] => A:\OneDrive-ProdConceptPersonal\OneDrive - ACTION CONCEPT GmbH [2023-01-25 14:02] CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{0a87c24d-281b-2f1f-fb71-67c2008a4d94}\localserver32 -> "C:\Program Files\Microsoft PC Manager\MSPCManager.exe" -ToastActivated => Keine Datei CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-12CEAB4C57C6} -> [Creative Cloud Files Personal Account tobias.sieben@posteo.de 9C3D0A59540F6AC00A4C98BC@AdobeID] => C:\Users\Tobia\Creative Cloud Files Personal Account tobias.sieben@posteo.de 9C3D0A59540F6AC00A4C98BC@AdobeID [2022-07-03 17:04] CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Tobia\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.19202\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{23A5B06E-20BB-4E7E-A0AC-6982ED6A6041}\localserver32 -> C:\Program Files\3DVista\3DVista Virtual Tour\3DVista Virtual Tour.exe (3DVista Espana SL -> ) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{444c3d34-4024-4c6f-a9da-b47eed58ceb6}\localserver32 -> C:\Program Files\Skylum\Luminar AI\Luminar AI.exe (Skylum Software USA, Inc. -> Skylum) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Tobia\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Tobia\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{6CD0856D-13A4-4BC0-BC7E-4E6BF09E9F56} -> [iCloud Drive] => C:\Users\Tobia\iCloudDrive [2024-06-17 15:16] CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Tobia\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Tobia\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Tobia\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Tobia\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => Keine Datei CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{DEDBE4C9-9E87-40C5-B437-9AAB7EB9C667}\InprocServer32 -> C:\Program Files (x86)\EasternGraphics\EGR-ShellExtension\Win64\egr_se.dll (EasternGraphics GmbH -> EasternGraphics) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) CustomCLSID: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001_Classes\CLSID\{fa5312d1-0b58-428a-bd93-3b87ef89945d}\localserver32 -> "C:\Program Files\Skylum\Luminar Neo\Luminar Neo.exe" -ToastActivated => Keine Datei ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-07-29] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-07-29] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-07-29] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-08-20] (AVG Technologies USA, LLC -> Gen Digital Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-08-20] (AVG Technologies USA, LLC -> Gen Digital Inc.) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-04-05] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-07-29] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-08-20] (AVG Technologies USA, LLC -> Gen Digital Inc.) ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [Datei ist nicht signiert] ContextMenuHandlers1: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector) ContextMenuHandlers2: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector) ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-08-20] (AVG Technologies USA, LLC -> Gen Digital Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-08-20] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-04-05] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers4: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.161.0811.0001\FileSyncShell64.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_e0e8eab0ff52148e\nvshext.dll [2024-07-31] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-04-05] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-07-29] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-08-20] (AVG Technologies USA, LLC -> Gen Digital Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-08-20] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [TeraCopy] -> {2386CB87-96FF-473D-A009-957E3BFE6F88} => C:\Program Files\TeraCopy\Context.dll [2023-09-04] (CODE SECTOR PTY LTD -> Code Sector) ContextMenuHandlers1_S-1-5-21-1043077042-1772205530-4003700469-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => -> Keine Datei ContextMenuHandlers6_S-1-5-21-1043077042-1772205530-4003700469-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => -> Keine Datei ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Drivers32: [VIDC.SHQ0] => c:\windows\system32\Codec.SpeedHQ.x64.dll [27751304 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ1] => c:\windows\system32\Codec.SpeedHQ.x64.dll [27751304 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ2] => c:\windows\system32\Codec.SpeedHQ.x64.dll [27751304 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ3] => c:\windows\system32\Codec.SpeedHQ.x64.dll [27751304 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ4] => c:\windows\system32\Codec.SpeedHQ.x64.dll [27751304 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ5] => c:\windows\system32\Codec.SpeedHQ.x64.dll [27751304 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ7] => c:\windows\system32\Codec.SpeedHQ.x64.dll [27751304 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ9] => c:\windows\system32\Codec.SpeedHQ.x64.dll [27751304 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [vidc.VMX1] => c:\windows\system32\vMixVideoCodec_x64.dll [473600 2022-11-23] (StudioCoast Pty Ltd) [Datei ist nicht signiert] HKLM\...\Drivers32: [VIDC.SHQ0] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2939272 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ1] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2939272 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ2] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2939272 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ3] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2939272 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ4] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2939272 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ5] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2939272 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ7] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2939272 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [VIDC.SHQ9] => C:\Windows\SysWOW64\Codec.SpeedHQ.x86.dll [2939272 2024-05-06] (Newtek, Inc. -> ) HKLM\...\Drivers32: [vidc.VMX1] => C:\Windows\SysWOW64\vMixVideoCodec_x86.dll [333312 2022-11-23] (StudioCoast Pty Ltd) [Datei ist nicht signiert] ==================== Verknüpfungen & WMI ======================== ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2024-05-29 10:58 - 2024-05-29 10:58 - 003825664 _____ () [Datei ist nicht signiert] c:\program files (x86)\qnap\qfinder\dhconfigsdk.dll 2024-05-29 10:58 - 2024-05-29 10:58 - 019337216 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\QNAP\Qfinder\dhnetsdk.dll 2024-05-29 10:58 - 2024-05-29 10:58 - 000176640 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\QNAP\Qfinder\quazip.dll 2022-01-11 18:36 - 2022-01-11 18:36 - 000108032 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\qrcodelib.dll 2023-01-29 16:14 - 2006-02-23 12:35 - 000020480 _____ () [Datei ist nicht signiert] C:\WINDOWS\System32\FritzColorPort64.dll 2021-11-05 17:07 - 2021-11-05 17:07 - 000236544 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [Datei ist nicht signiert] C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\yccV3.dll 2021-11-05 17:07 - 2021-11-05 17:07 - 000236544 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [Datei ist nicht signiert] C:\Program Files (x86)\GIGABYTE\SIV\yccV3.dll 2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzinw12.dll 2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzipm12.dll 2016-02-10 14:49 - 2016-02-10 14:49 - 003036672 _____ (May Software) [Datei ist nicht signiert] C:\Windows\system32\eDocPort.dll 2023-01-29 16:14 - 2023-01-29 16:14 - 001602560 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\WinSxS\Fusion\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_none_758c8a477f89a995\8.0\8.0.50727.42\MFC80U.DLL 2023-01-29 16:14 - 2023-01-29 16:14 - 000065536 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\WinSxS\Fusion\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_none_eeb8165fbcb9c171\8.0\8.0.50727.42\MFC80DEU.DLL 2021-02-13 10:01 - 2021-02-13 10:01 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvSubsystems32.dll 2021-02-13 10:01 - 2021-02-13 10:01 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll 2021-10-26 16:58 - 2021-10-26 16:58 - 000647168 _____ (Seiko Epson Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\EPSON\MyEpson Portal\Condition Viewer_00000012\ConView.dll 2021-10-26 10:00 - 2021-10-26 10:00 - 000708608 _____ (Seiko Epson Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\EPSON\MyEpson Portal\Configration_00000171\MepCfg.dll 2020-04-17 10:15 - 2020-04-17 10:15 - 000577536 _____ (Seiko Epson Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\EPSON\MyEpson Portal\MepUploader_00000542\MepUploader.dll 2019-02-22 15:09 - 2019-02-22 15:09 - 000475136 _____ (Seiko Epson Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\EPSON\MyEpson Portal\Online Manual_00000013\MepFAQ.dll 2016-09-14 15:31 - 2016-09-14 15:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] C:\WINDOWS\System32\enppmon.dll 2024-05-29 10:59 - 2024-05-29 10:59 - 001265664 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\QNAP\Qfinder\LIBEAY32.dll 2024-05-29 10:59 - 2024-05-29 10:59 - 000274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] c:\program files (x86)\qnap\qfinder\ssleay32.dll 2024-05-29 10:59 - 2024-05-29 10:59 - 002516480 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\QNAP\Qfinder\libcrypto-1_1.dll 2024-05-29 10:59 - 2024-05-29 10:59 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\QNAP\Qfinder\libssl-1_1.dll 2024-05-29 11:14 - 2024-05-29 11:14 - 005109232 _____ (The Qt Company Oy -> The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\QNAP\Qfinder\Qt5Core.dll 2021-06-22 15:45 - 2021-06-22 15:45 - 009127424 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GbtNvGpuLib.dll 2023-01-29 16:14 - 2006-02-23 13:16 - 000047616 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\WINDOWS\System32\AvmColorFax.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Users\Tobia\AppData\Local\Aximmetry:8557EAA1C22F26C05870E900C985AB21 [1716] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ============= BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-08-02] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-02] (Microsoft Corporation -> Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\sharepoint.com -> hxxps://actionconcepthuerth-files.sharepoint.com ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2019-12-07 11:14 - 2024-02-09 22:07 - 000002024 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 choice.microsoft.com 127.0.0.1 choice.microsoft.com.nsatc.net 127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com 127.0.0.1 df.telemetry.microsoft.com 127.0.0.1 oca.telemetry.microsoft.com 127.0.0.1 oca.telemetry.microsoft.com.nsatc.net 127.0.0.1 redir.metaservices.microsoft.com 127.0.0.1 reports.wes.df.telemetry.microsoft.com 127.0.0.1 services.wes.df.telemetry.microsoft.com 127.0.0.1 settings-sandbox.data.microsoft.com 127.0.0.1 sls.update.microsoft.com.akadns.net 127.0.0.1 sqm.df.telemetry.microsoft.com 127.0.0.1 sqm.telemetry.microsoft.com 127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net 127.0.0.1 statsfe2.ws.microsoft.com 127.0.0.1 telecommand.telemetry.microsoft.com 127.0.0.1 telecommand.telemetry.microsoft.com.nsat�c.net 127.0.0.1 telemetry.appex.bing.net 127.0.0.1 telemetry.microsoft.com 127.0.0.1 telemetry.urs.microsoft.com 127.0.0.1 vortex-sandbox.data.microsoft.com 127.0.0.1 vortex-win.data.microsoft.com 127.0.0.1 vortex.data.microsoft.com 127.0.0.1 watson.ppe.telemetry.microsoft.com 127.0.0.1 watson.telemetry.microsoft.com 127.0.0.1 watson.telemetry.microsoft.com.nsatc.net 2024-02-05 21:20 - 2024-04-22 23:40 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.28.128.1 TobyPowerDesktop.mshome.net # 2029 4 6 21 21 40 47 529 ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Python312\Scripts\;C:\Program Files\Python312\;c:\program files\oculus\support\oculus-runtime;c:\program files (x86)\common files\intel\shared libraries\redist\intel64\compiler;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\windows\system32\openssh\;c:\program files (x86)\insta360stitcher\tools\prostitcher;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\PuTTY\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tobia\OneDrive\360 Business\Logo\Wallpaper 4k.jpg HKU\S-1-5-21-1043077042-1772205530-4003700469-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: Datenträger ist nicht mit dem Internet verbunden. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ist aktiviert. Network Binding: ============= Ethernet: Intel(R) I211 Gigabit Network Connection -> e1i68x64.sys vms_vsf: Erweiterungsfilter für virtuellen Hyper-V-Switch INSECURE_NPCAP: Npcap Packet Driver (NPCAP) vms_vsp: Extension-Protokoll für virtuellen Hyper-V-Switch ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\StartupFolder: => "SGO New License Server.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "eDocsipgateUMonitor" HKLM\...\StartupApproved\Run: => "EPPCCMON" HKLM\...\StartupApproved\Run: => "SGO License Server" HKLM\...\StartupApproved\Run: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run: => "PDF24" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "Delete Cached Update Binary" HKLM\...\StartupApproved\Run: => "Delete Cached Standalone Update Binary" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "Wraith Prism" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\StartupFolder: => "Luminar AI.lnk" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\StartupFolder: => "Luminar Neo.lnk" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "Ferdi" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "LGHUB" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "ISUSPM" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "Facebook.MessengerDesktop" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8088DBFD80064CD5C23EF47FF78F345A" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "AusweisApp2" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-1043077042-1772205530-4003700469-1001\...\StartupApproved\Run: => "Microsoft.Lists" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [UDP Query User{89925F65-5557-41DA-B11F-3692062B5BFB}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project) FirewallRules: [TCP Query User{A7F27B5D-6AA5-4FE6-9156-C731A86E41AB}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project) FirewallRules: [UDP Query User{AF74AE6C-8A1C-40BC-8686-D43A1AD4EB0A}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) FirewallRules: [TCP Query User{35680CB6-BC9D-45AC-A0C2-6C610BE2B958}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) FirewallRules: [{925A211C-6D73-4FE2-AFC5-5DE3CDBEF8CF}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{60BD2D0B-79A5-4949-B272-3322220FEB3E}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{8D115CCD-77BD-4E63-BA95-DDFD69FD7474}] => (Allow) C:\Program Files\Aximmetry SE\bin\Aximmetry.Renderer.exe (Aximmetry Technologies Kft. -> Aximmetry Technologies) FirewallRules: [{9248DD95-B413-4055-8668-C0D1414820D3}] => (Allow) C:\Program Files\Aximmetry SE\bin\Aximmetry.Performer.exe (Aximmetry Technologies Kft. -> Aximmetry Technologies) FirewallRules: [{784EDFF4-EAA7-4AAF-B862-B693F54D0430}] => (Allow) C:\Program Files\Aximmetry SE\bin\Aximmetry.Composer.exe (Aximmetry Technologies Kft. -> Aximmetry Technologies) FirewallRules: [{68EB14A6-68CD-4182-BBE6-414BF0A505BC}] => (Allow) C:\Program Files\Aximmetry SE\bin\Aximmetry.Launcher.exe (Aximmetry Technologies Kft. -> Aximmetry Technologies) FirewallRules: [UDP Query User{FCBDEF73-E3DE-418E-8B51-24FF98517094}C:\program files\unrealengine\ue_4.27\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\unrealengine\ue_4.27\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{41A11B58-A01E-43DE-8144-816961389850}C:\program files\unrealengine\ue_4.27\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\unrealengine\ue_4.27\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{539973E4-0A8B-4E14-B454-2329DACF8D52}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{A144ECE1-0FEF-4AC1-9BC5-6D0EF79CFFF5}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{438C4979-0BC7-4DCA-BCE0-84B59D267E0F}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{9F007129-AEC4-4808-940A-3A1ACC2DA31B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{B85CF959-9E26-4030-BF29-B899D8068ED6}C:\program files\unrealengine\ue_4.27\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\unrealengine\ue_4.27\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{23C789E3-40B1-43E3-853B-47C8D9563EB6}C:\program files\unrealengine\ue_4.27\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\unrealengine\ue_4.27\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{273E85D8-AA8D-4A2D-B5D1-C6947F074BAE}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{948F06F5-FB22-41EE-A45C-D97507D2447D}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG) FirewallRules: [{0F35D4D9-9074-4320-9AC0-B642B42636E5}] => (Allow) C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG) FirewallRules: [UDP Query User{47CFD382-2089-4DCB-89F9-BE259D5663BF}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.) FirewallRules: [TCP Query User{F02D0B5E-B8E2-4957-8DF4-0BD7C4A928D2}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.) FirewallRules: [{B248C82C-74DB-444B-87A4-F457D754620F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG sp. z o.o -> GOG.com) FirewallRules: [{A26E38EE-9CB0-4EAF-840B-94721F67F947}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG sp. z o.o -> GOG.com) FirewallRules: [UDP Query User{3DAA44B2-BFAD-40F3-B6E4-4DC11C6B100A}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe (Cockos Incorporated) [Datei ist nicht signiert] FirewallRules: [TCP Query User{352BE4A6-CD2D-4BD2-B24F-1D1396023C36}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe (Cockos Incorporated) [Datei ist nicht signiert] FirewallRules: [UDP Query User{B8C91928-D096-4324-8DC6-C17D499227D4}C:\program files\sgo apps\mistika vr\bin\vr.exe] => (Allow) C:\program files\sgo apps\mistika vr\bin\vr.exe (Soluciones Graficas por Ordenador S.L. -> ) FirewallRules: [TCP Query User{2EC1B375-6001-45DF-B1DA-75BDC2C54776}C:\program files\sgo apps\mistika vr\bin\vr.exe] => (Allow) C:\program files\sgo apps\mistika vr\bin\vr.exe (Soluciones Graficas por Ordenador S.L. -> ) FirewallRules: [UDP Query User{FD4FB564-32E5-4710-8E42-381DC0279F0F}C:\program files\3dvista\3dvista virtual tour\3dvista virtual tour.exe] => (Allow) C:\program files\3dvista\3dvista virtual tour\3dvista virtual tour.exe (3DVista Espana SL -> ) FirewallRules: [TCP Query User{730F101A-8C47-40E2-9C70-9F1B33AAA2A1}C:\program files\3dvista\3dvista virtual tour\3dvista virtual tour.exe] => (Allow) C:\program files\3dvista\3dvista virtual tour\3dvista virtual tour.exe (3DVista Espana SL -> ) FirewallRules: [UDP Query User{BC33625A-680C-4F16-B9A6-0D483605F217}C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe (Firaxis Games) [Datei ist nicht signiert] FirewallRules: [TCP Query User{414B65B8-3772-499E-B3F9-857B5D2A253B}C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe (Firaxis Games) [Datei ist nicht signiert] FirewallRules: [UDP Query User{E7824555-20CE-493D-9F20-0A4EC1B3711A}C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi_dx12.exe] => (Allow) C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi_dx12.exe (Firaxis Games) [Datei ist nicht signiert] FirewallRules: [TCP Query User{B6ABFF32-34D4-4330-BE76-3C07F8699860}C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi_dx12.exe] => (Allow) C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi_dx12.exe (Firaxis Games) [Datei ist nicht signiert] FirewallRules: [UDP Query User{E9AF2AE8-846B-4AD7-B8E8-9B201E519ECF}C:\program files\mpc-hc\mpc-hc64.exe] => (Block) C:\program files\mpc-hc\mpc-hc64.exe (MPC-HC Team) [Datei ist nicht signiert] FirewallRules: [TCP Query User{B50BB80B-2631-493D-9D9C-BAEEB180AF75}C:\program files\mpc-hc\mpc-hc64.exe] => (Block) C:\program files\mpc-hc\mpc-hc64.exe (MPC-HC Team) [Datei ist nicht signiert] FirewallRules: [UDP Query User{21010CDE-BF67-47B4-9E83-6F4122DAE519}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{A4045FB4-3F9A-47C5-B7D0-358748DDA4DB}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{2B069F01-BACE-44F1-A3EE-64A891CEA484}C:\program files\mpc-hc\mpc-hc64.exe] => (Allow) C:\program files\mpc-hc\mpc-hc64.exe (MPC-HC Team) [Datei ist nicht signiert] FirewallRules: [TCP Query User{CBE87ACB-EF7F-4D1A-B190-CDEE19E446BB}C:\program files\mpc-hc\mpc-hc64.exe] => (Allow) C:\program files\mpc-hc\mpc-hc64.exe (MPC-HC Team) [Datei ist nicht signiert] FirewallRules: [{4A0FD1CE-171F-4DB5-8323-3031447DDE00}] => (Allow) C:\Users\Tobia\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{599C3E8D-3179-4E62-97C2-3C4547B08A4D}] => (Allow) C:\Users\Tobia\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{45B1344D-57D3-4963-A6F8-3235E72D6734}] => (Allow) C:\Users\Tobia\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{78D2E201-25F0-4B99-A4DC-4579723147E6}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [Datei ist nicht signiert] FirewallRules: [{C65EC44C-F63B-420E-89CE-E184DEA0BED1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [Datei ist nicht signiert] FirewallRules: [{BB8973D5-ECDB-4824-8B33-A3F761A13491}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => Keine Datei FirewallRules: [{9D2E0AEF-9D96-46C9-A9F4-EE1363CBA621}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life Alyx\game\bin\win64\hlvr.exe (Valve -> ) FirewallRules: [{A37E2434-5E7D-4638-A058-B8C6A30FF968}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life Alyx\game\bin\win64\hlvr.exe (Valve -> ) FirewallRules: [{02E7F331-D5C5-4D3C-99F5-FC436AAD825A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EarthVR\Earth.exe (Google Inc -> Google Inc) FirewallRules: [{30104212-ADFC-4955-9C27-BF71A03A1119}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EarthVR\Earth.exe (Google Inc -> Google Inc) FirewallRules: [{36891E9A-62D4-4B89-BCE6-7EF85776775A}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC) [Datei ist nicht signiert] FirewallRules: [{DE7D7459-D4C8-4846-A23A-6D2E741E92FE}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC) [Datei ist nicht signiert] FirewallRules: [{B26BF4A6-8C60-44DC-BB7D-97320E7CA5F2}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe (Oculus VR, LLC -> Epic Games, Inc.) FirewallRules: [{4FF139D6-CF5C-45C9-82E2-CD23CE569B42}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe (Oculus VR, LLC -> Epic Games, Inc.) FirewallRules: [{83D48665-F8EB-4C8C-BA16-0BB205D35368}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2.exe (Epic Games, Inc.) [Datei ist nicht signiert] FirewallRules: [{AA171050-69AC-4D0D-9CFF-57FFAA4AC17F}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2.exe (Epic Games, Inc.) [Datei ist nicht signiert] FirewallRules: [{22ADBE26-936A-4532-A50D-46DF8F0F7922}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Engine\Binaries\Win64\UnrealCEFSubProcess.exe (Epic Games, Inc.) [Datei ist nicht signiert] FirewallRules: [{F8F9B126-5F01-4E99-B65E-A3776E161D98}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Engine\Binaries\Win64\UnrealCEFSubProcess.exe (Epic Games, Inc.) [Datei ist nicht signiert] FirewallRules: [{D3719492-164F-4210-B96A-FA9C401AA062}] => (Allow) C:\Program Files\Oculus\Support\oculus-dash\dash\bin\OculusDash.exe (Oculus VR, LLC -> ) FirewallRules: [{F6AFB8E5-11CB-4F30-B9C3-5A2496142D77}] => (Allow) C:\Program Files\Oculus\Support\oculus-dash\dash\bin\OculusDash.exe (Oculus VR, LLC -> ) FirewallRules: [{FC8E7AED-364E-486F-B540-C6BFBF5956F8}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Oculus VR, LLC -> Facebook Technologies, LLC) FirewallRules: [{11C81CE0-AA68-4A1A-8B68-9F1CABA11932}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Oculus VR, LLC -> Facebook Technologies, LLC) FirewallRules: [{91DFD963-ED31-4ECE-A3F4-424C87C8E3B3}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC) FirewallRules: [{DEB14CFD-3525-4070-A76E-5CA877F3ADE7}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC) FirewallRules: [{FC89BACB-F10A-4F05-A389-264E50E214E6}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC) FirewallRules: [{012C5E2A-E6AA-4311-A78A-7D15A354E0AC}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC) FirewallRules: [UDP Query User{64105060-F465-4BDA-A424-329F240B74DC}C:\program files\sgo apps\license server\bin\sgolicenseserver.exe] => (Allow) C:\program files\sgo apps\license server\bin\sgolicenseserver.exe (Soluciones Graficas por Ordenador S.L. -> ) FirewallRules: [TCP Query User{59AC61B8-C8E9-4823-BE9A-B36AC4AEA7A2}C:\program files\sgo apps\license server\bin\sgolicenseserver.exe] => (Allow) C:\program files\sgo apps\license server\bin\sgolicenseserver.exe (Soluciones Graficas por Ordenador S.L. -> ) FirewallRules: [UDP Query User{3B3EC8AC-51B3-42E5-916D-3803E62037F9}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{39C6E0F9-586F-4FE0-9370-5A970989DE5B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{D2C87825-B5AC-4798-AA2B-F5739BD46B98}C:\program files\fb360 spatial workstation\video player\client\videoclient.exe] => (Allow) C:\program files\fb360 spatial workstation\video player\client\videoclient.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{60D2D947-1587-4AB7-817D-9B9EE024A30F}C:\program files\fb360 spatial workstation\video player\client\videoclient.exe] => (Allow) C:\program files\fb360 spatial workstation\video player\client\videoclient.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{9DCC6469-D051-4195-ACCC-BD693C2855BD}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe (Cockos Incorporated) [Datei ist nicht signiert] FirewallRules: [TCP Query User{C801EDD3-AC06-4AE2-891A-F0CF1DC52BC3}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe (Cockos Incorporated) [Datei ist nicht signiert] FirewallRules: [{BF66FD06-9A7F-4413-A20E-9583ABCC274A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve Corp. -> ) FirewallRules: [{1CFD8FA7-73B6-42A7-B596-587D195F482E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve Corp. -> ) FirewallRules: [{4889A66C-8644-4794-AD19-1EA95C706CF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve Corp. -> ) FirewallRules: [{14451609-1249-418D-83A4-E250A31E2DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve Corp. -> ) FirewallRules: [{19C476F9-B594-422A-AECD-1195C2F14075}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{B93EE355-FFEC-436B-AC0D-80DEC79E68D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{6976E90C-6BFE-45B6-8A23-4F7031E872C2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{1B2F4AE4-B5EF-4117-B6AF-2B6CB8290BF9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [UDP Query User{6E54E625-A22E-430A-BFA1-DE2EFAF23FA6}C:\users\susan\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\susan\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [TCP Query User{EFE91FFD-44F4-48B7-8A06-68A6482C88B5}C:\users\susan\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\susan\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{63592CF0-1ABD-4312-B22B-FF1762EF1600}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{B5A7A35F-FC05-4000-AEE4-365D328C8FB4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{DE7BE90F-115C-479D-A460-E9506E4AF1A1}] => (Allow) C:\Program Files\Synergy\synergys.exe (Symless Ltd -> ) FirewallRules: [{CA7056DE-9FA1-4285-B0F6-46699EC6FD26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{22781D15-A952-413E-A8D9-758262428404}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{682B7373-5016-4D83-91B3-EEEA9D9A5710}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Client for STB\wbs-agent\projects\viewit\wbs_agent.exe (Node.js Foundation -> Node.js) FirewallRules: [TCP Query User{C3F80B01-90AA-4B89-8706-EEDD41ED414C}C:\users\tobia\sgo appdata\vr\config\streaming\rtsp-simple-server.exe] => (Allow) C:\users\tobia\sgo appdata\vr\config\streaming\rtsp-simple-server.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{D38518F6-1AA2-467B-8253-6506D16F84E9}C:\users\tobia\sgo appdata\vr\config\streaming\rtsp-simple-server.exe] => (Allow) C:\users\tobia\sgo appdata\vr\config\streaming\rtsp-simple-server.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{30D86D17-AF4C-4C35-8C6B-FD8A9B3A9A57}C:\users\tobia\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\tobia\appdata\local\temp\_istmp1.dir\_ins5576._mp => Keine Datei FirewallRules: [UDP Query User{13EBBB33-E835-452A-B87C-82917968170C}C:\users\tobia\appdata\local\temp\_istmp1.dir\_ins5576._mp] => (Allow) C:\users\tobia\appdata\local\temp\_istmp1.dir\_ins5576._mp => Keine Datei FirewallRules: [TCP Query User{1476821E-A6C3-465F-9108-8D99FABCF0F1}C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe (Adobe Inc. -> Adobe Inc.) FirewallRules: [UDP Query User{88671A21-7B0D-4763-A6E4-9AD9F2B688CB}C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe (Adobe Inc. -> Adobe Inc.) FirewallRules: [{E03C1878-1A38-45E8-A275-4A7C37B1D434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life Alyx\game\bin\win64\hlvr.exe (Valve -> ) FirewallRules: [{3FFE4307-9363-4C95-8C98-BD355329DC70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life Alyx\game\bin\win64\hlvr.exe (Valve -> ) FirewallRules: [TCP Query User{FF3ECDE3-B777-4CCE-BF72-5A0949C2EC81}C:\program files\sgo apps\mistika vr\bin\vr.exe] => (Allow) C:\program files\sgo apps\mistika vr\bin\vr.exe (Soluciones Graficas por Ordenador S.L. -> ) FirewallRules: [UDP Query User{C50A1441-EFD0-4CD8-8D0C-C5A5EB43AB85}C:\program files\sgo apps\mistika vr\bin\vr.exe] => (Allow) C:\program files\sgo apps\mistika vr\bin\vr.exe (Soluciones Graficas por Ordenador S.L. -> ) FirewallRules: [TCP Query User{61F3DDB7-4416-4559-AAD7-562830A71BF0}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.) FirewallRules: [UDP Query User{40250B38-B7CF-4041-8889-9736A9ADD63F}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.) FirewallRules: [{8B9A0810-1A26-42BE-AE2D-E3349587A432}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F644213F-B50A-44C7-90D6-BEED7DB39B4B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DCAB5113-4891-497E-B3CB-7E356FCAAE24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space (2023)\Dead Space.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{F8669504-1B9D-4B69-8332-00E36729FB1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Space (2023)\Dead Space.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{17248E40-CF02-4A85-8469-C6491C040EC6}] => (Allow) C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger) FirewallRules: [TCP Query User{3027AD11-6B5B-420C-AD9A-B64AFEFAADE5}A:\benutzer\toby\downloads\monaserver_win32\monaserver.exe] => (Allow) A:\benutzer\toby\downloads\monaserver_win32\monaserver.exe => Keine Datei FirewallRules: [UDP Query User{19A0F651-1F3C-4543-B1A2-DED59DE3E95F}A:\benutzer\toby\downloads\monaserver_win32\monaserver.exe] => (Allow) A:\benutzer\toby\downloads\monaserver_win32\monaserver.exe => Keine Datei FirewallRules: [TCP Query User{D6F41FA1-536C-4BB3-9AEA-FDB14A531676}A:\benutzer\toby\downloads\monaserver_win64\monaserver.exe] => (Allow) A:\benutzer\toby\downloads\monaserver_win64\monaserver.exe => Keine Datei FirewallRules: [UDP Query User{25EDBC33-9C48-424D-B513-C802C940BCC9}A:\benutzer\toby\downloads\monaserver_win64\monaserver.exe] => (Allow) A:\benutzer\toby\downloads\monaserver_win64\monaserver.exe => Keine Datei FirewallRules: [{6D46BDE1-74E8-4F24-99BB-0EB767824CBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe () [Datei ist nicht signiert] FirewallRules: [{38C384CF-D747-43D6-9966-602BB9F31998}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe () [Datei ist nicht signiert] FirewallRules: [{ab25420d-b5f9-4c39-a65b-274a7240b8a5}] => (Allow) C:\Program Files\Virtual Desktop Streamer\VirtualDesktop.Streamer.exe (Virtual Desktop, Inc. -> Virtual Desktop, Inc.) FirewallRules: [TCP Query User{939D95F1-EFA5-49CF-AF44-D7340301490C}C:\program files\adobe\adobe premiere pro 2024\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro 2024\adobe premiere pro.exe (Adobe Inc. -> Adobe) FirewallRules: [UDP Query User{83C3A27C-8BB1-4893-9CA7-3661AED9EBBC}C:\program files\adobe\adobe premiere pro 2024\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro 2024\adobe premiere pro.exe (Adobe Inc. -> Adobe) FirewallRules: [TCP Query User{9FE8DD5E-09E2-44BE-A591-3BF260707C9F}C:\users\tobia\desktop\windowssubsystemandroid\wsaclient\wsaclient.exe] => (Block) C:\users\tobia\desktop\windowssubsystemandroid\wsaclient\wsaclient.exe => Keine Datei FirewallRules: [UDP Query User{D034ABBA-A74D-4A9E-BB1C-25309D2BB965}C:\users\tobia\desktop\windowssubsystemandroid\wsaclient\wsaclient.exe] => (Block) C:\users\tobia\desktop\windowssubsystemandroid\wsaclient\wsaclient.exe => Keine Datei FirewallRules: [TCP Query User{5B1C9114-F018-4BDC-9E71-535EE31A2DFE}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe => Keine Datei FirewallRules: [UDP Query User{E8CABA7B-A1F6-498A-BF39-370E3EB058E0}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe => Keine Datei FirewallRules: [TCP Query User{C9F628E0-111A-46B2-ABC3-897FB5FA975E}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe => Keine Datei FirewallRules: [UDP Query User{2EF20764-896D-4E61-9885-7EBCCE2050F8}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe => Keine Datei FirewallRules: [TCP Query User{9DB9EA57-2C9A-45B0-8988-040D7F088F3F}C:\program files\adobe\adobe dreamweaver 2021\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2021\node\node.exe (Adobe Inc. -> Node.js) FirewallRules: [UDP Query User{8E412CD6-708F-4484-A718-6ECB595F710E}C:\program files\adobe\adobe dreamweaver 2021\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2021\node\node.exe (Adobe Inc. -> Node.js) FirewallRules: [TCP Query User{4A33A04B-C174-4A20-A35A-B11DC887DA47}C:\program files\adobe\adobe media encoder 2024\adobe media encoder.exe] => (Allow) C:\program files\adobe\adobe media encoder 2024\adobe media encoder.exe (Adobe Inc. -> Adobe) FirewallRules: [UDP Query User{2511264A-18C5-44AC-989B-5BFFA9B564BA}C:\program files\adobe\adobe media encoder 2024\adobe media encoder.exe] => (Allow) C:\program files\adobe\adobe media encoder 2024\adobe media encoder.exe (Adobe Inc. -> Adobe) FirewallRules: [{444C2AA4-5CE8-4381-B9BB-69784D73D578}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{57B9C035-33F9-47D6-868D-6E311846B8FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{5555E2F4-B31C-4CAD-B126-1DBDCCFF0293}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [UDP Query User{884B6CAB-7ECD-4A5F-9283-F8BFC360EAC9}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [TCP Query User{45A908E8-C39C-41E4-8EBF-95C8F2140C7F}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [UDP Query User{F194639A-9C22-4761-A4DC-26C79B286652}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{A0B67B48-AFFF-4975-A904-F91A3E18BFCC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{E5DA67AC-0FFE-4C5A-A1BE-582F3C19FE1A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{759276A6-22A7-4ED2-86AE-ED57D549AD6C}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{081B2E09-7DD3-43EF-962F-2F85732FE975}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{00B9AC8D-D833-41EC-84C8-43760170F138}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{255914EF-ADAC-47EA-A2DC-A937B0C61618}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{49FCF5DB-6095-4B63-89D0-58DDBE11EE60}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [TCP Query User{9146AEB7-AC27-4B69-88D1-8893C368B5CA}C:\program files (x86)\steam\steamapps\common\steamvr\bin\win64\vrserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\steamvr\bin\win64\vrserver.exe (Valve Corp. -> Valve Corporation) FirewallRules: [UDP Query User{3208F760-D73D-4DF2-A44A-6F806739254C}C:\program files (x86)\steam\steamapps\common\steamvr\bin\win64\vrserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\steamvr\bin\win64\vrserver.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{5D7DCAB1-D701-4391-8352-10A04BC69E4F}C:\users\tobia\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\tobia\appdata\local\microsoft\teams\current\teams.exe => Keine Datei FirewallRules: [UDP Query User{81223BE4-937D-4210-9371-93A2B66960D8}C:\users\tobia\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\tobia\appdata\local\microsoft\teams\current\teams.exe => Keine Datei FirewallRules: [{E26E86D2-6925-4B00-A68F-58FA84AF7557}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GTFO\GTFO.exe () [Datei ist nicht signiert] FirewallRules: [{B48C045C-D93D-4A65-971D-0B7AC281C67D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GTFO\GTFO.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{8FF0A38A-99F6-4292-B6FF-637D6DC38481}C:\program files\kandao\kandaostream\kandaostream.exe] => (Allow) C:\program files\kandao\kandaostream\kandaostream.exe (深圳看到科技有限公司 -> Kandao Technology Company Limited) FirewallRules: [UDP Query User{0E8DF5D6-55DA-4DD3-ACDD-1180ACFB8586}C:\program files\kandao\kandaostream\kandaostream.exe] => (Allow) C:\program files\kandao\kandaostream\kandaostream.exe (深圳看到科技有限公司 -> Kandao Technology Company Limited) FirewallRules: [TCP Query User{30B9CED6-A8EA-44D4-AFED-6A78D365DCE8}C:\program files\kandao\kandaostream\kandaostream.exe] => (Allow) C:\program files\kandao\kandaostream\kandaostream.exe (深圳看到科技有限公司 -> Kandao Technology Company Limited) FirewallRules: [UDP Query User{67A43BE0-9135-4B05-B004-861282F41288}C:\program files\kandao\kandaostream\kandaostream.exe] => (Allow) C:\program files\kandao\kandaostream\kandaostream.exe (深圳看到科技有限公司 -> Kandao Technology Company Limited) FirewallRules: [TCP Query User{3E2C6ACF-A680-466D-BFE6-192A22A5D1C1}C:\program files\kandao\kandaostream\kd-nginx-rtmp\nginx.exe] => (Allow) C:\program files\kandao\kandaostream\kd-nginx-rtmp\nginx.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{B8507E00-534E-4E2A-AE4F-C950CD94FD53}C:\program files\kandao\kandaostream\kd-nginx-rtmp\nginx.exe] => (Allow) C:\program files\kandao\kandaostream\kd-nginx-rtmp\nginx.exe () [Datei ist nicht signiert] FirewallRules: [{A5DF0317-181A-46F3-B0AC-12B509C33666}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Screen Capture\Application.Network.ScanConverter2.x64.exe (Newtek, Inc. -> ) FirewallRules: [{E7D9BCD7-BB2E-4E1C-89FF-BA48995F9D5A}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Screen Capture\Application.Network.ScanConverterHX.x64.exe (Newtek, Inc. -> ) FirewallRules: [{391E806F-7007-4020-9558-6E8A1896B12A}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Webcam\Webcam.exe (Newtek, Inc. -> NDI) FirewallRules: [{8609593C-C5CA-4D46-9BAB-2AB15272608D}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Test Patterns\Application.Network.TestPatterns.exe (Newtek, Inc. -> NDI) FirewallRules: [{D83E11E0-57FF-425B-BA7E-B381C8BCE2B8}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Studio Monitor\Application.Network.StudioMonitor.x64.exe (Newtek, Inc. -> ) FirewallRules: [{C382A0E6-3F67-48C8-83EE-5A933D01DA92}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Studio Monitor\Application.NDIRecording.x64.exe (Newtek, Inc. -> ) FirewallRules: [{15EBB976-728D-466F-A74B-D7EAEB8CD58E}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Remote\Application.NDI.Remote.x64.exe (Newtek, Inc. -> ) FirewallRules: [{19EF4813-BF41-4510-B5FD-15ED5ECF686A}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Remote\Application.RemoteConnectionManager.exe (Newtek, Inc. -> NDI) FirewallRules: [{98191DBA-DE4A-45C3-970E-DE00EEFC7A72}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Router\Application.NDI.Router.exe (Newtek, Inc. -> NDI) FirewallRules: [{1E42BE9F-FAE3-49B9-BF6E-5C3B4219BFAD}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Discovery\NDI Discovery Service.exe (Newtek, Inc. -> ) FirewallRules: [{75B6668E-C493-42A4-8734-DF26CBF56CA7}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Bridge\Application.NDI.Public.x64.exe (Newtek, Inc. -> ) FirewallRules: [{4A25221C-E250-4E73-9255-1D337704F5FE}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Bridge\Application.NDI.Bridge.UI.exe (Newtek, Inc. -> NDI) FirewallRules: [{D1DC9EC4-E1A3-4DD5-82EA-1ACD145CB673}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Bridge\Application.NDI.Bridge.x64.exe (Newtek, Inc. -> ) FirewallRules: [{B303D274-430B-4A57-A972-D4EAC74A603A}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Bridge\Application.Network.ProxyHX.x64.exe (Newtek, Inc. -> ) FirewallRules: [{C303A357-44EC-400F-A551-E46E01AE2644}] => (Allow) C:\Program Files\NDI\NDI 6 Tools\Bridge\NDI Discovery Service.exe (Newtek, Inc. -> ) FirewallRules: [TCP Query User{A8836425-2305-4920-8D88-9BF5936352DA}C:\program files (x86)\synesis\odm\odm.exe] => (Allow) C:\program files (x86)\synesis\odm\odm.exe (Synesis) [Datei ist nicht signiert] FirewallRules: [UDP Query User{30E73FB6-35F6-403E-9226-04DD9C43EF31}C:\program files (x86)\synesis\odm\odm.exe] => (Allow) C:\program files (x86)\synesis\odm\odm.exe (Synesis) [Datei ist nicht signiert] FirewallRules: [TCP Query User{8A13BE43-CD98-41B9-A38E-529215101F2A}C:\program files\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS) FirewallRules: [UDP Query User{8234A30E-6075-4822-9F88-F9626F894700}C:\program files\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS) FirewallRules: [{93D6A5BD-01CF-4EC0-894F-14C06C7EA8D8}] => (Allow) C:\Program Files (x86)\vMix\vMix.exe (STUDIOCOAST PTY LTD -> StudioCoast Pty Ltd) FirewallRules: [{831697BC-68FF-4341-9F0E-86FB5D6033B0}] => (Allow) C:\Program Files (x86)\vMix\vMix64.exe (STUDIOCOAST PTY LTD -> StudioCoast Pty Ltd) FirewallRules: [{2EDB5198-3C90-464A-8880-6DDC54B45D22}] => (Allow) C:\Program Files (x86)\vMix\ndi\vMixNDIHelper.exe (StudioCoast Pty Ltd) [Datei ist nicht signiert] FirewallRules: [{7D2D12F8-D70F-429C-8336-74281DCB3DF6}] => (Allow) C:\Program Files (x86)\vMix\vMixDesktopCapture.exe (STUDIOCOAST PTY LTD -> ) FirewallRules: [{392EADC0-79AD-47B9-A6C9-3FFD79D9A1D9}] => (Allow) C:\Program Files (x86)\vMix\ndi\x64\NDIRecord.exe (Newtek, Inc. -> ) FirewallRules: [{94ADD4A8-16BE-4DC4-88E6-EEEBF21C07A7}] => (Allow) C:\Program Files (x86)\vMix\NDINode.exe () [Datei ist nicht signiert] FirewallRules: [{0D2B6043-B72A-4135-B302-164D68C22405}] => (Allow) C:\Program Files (x86)\vMix\zoom\vMixZoomNode.exe () [Datei ist nicht signiert] FirewallRules: [{45BFBB59-39FE-4C75-8E9E-7C76A9CFC956}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [Datei ist nicht signiert] FirewallRules: [{408EEEC6-D9CA-4C53-B07C-8E5A3544F88D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{1D97801D-AF99-4C9E-87D4-B09057B2D503}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{95680D32-E106-469C-85A3-FCCB539C978B}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{6D56270E-4347-428F-A4D2-F2694C1601A8}A:\benutzer\toby\downloads\osc-for-obs.3.1.3.-pc\osc-for-obs(3.1.3)-pc\osc-for-obs.exe] => (Allow) A:\benutzer\toby\downloads\osc-for-obs.3.1.3.-pc\osc-for-obs(3.1.3)-pc\osc-for-obs.exe (Joe Shea) [Datei ist nicht signiert] FirewallRules: [UDP Query User{4570D770-8696-4C3A-AE3E-548750E1C1D0}A:\benutzer\toby\downloads\osc-for-obs.3.1.3.-pc\osc-for-obs(3.1.3)-pc\osc-for-obs.exe] => (Allow) A:\benutzer\toby\downloads\osc-for-obs.3.1.3.-pc\osc-for-obs(3.1.3)-pc\osc-for-obs.exe (Joe Shea) [Datei ist nicht signiert] FirewallRules: [TCP Query User{F9D6010E-EE88-4F2A-BB2E-6834F5143301}C:\program files (x86)\nmap\nmap.exe] => (Allow) C:\program files (x86)\nmap\nmap.exe (Nmap Software LLC -> Insecure.Org) FirewallRules: [UDP Query User{CDE5C545-7048-48BA-B3B9-4E8E0C5623AA}C:\program files (x86)\nmap\nmap.exe] => (Allow) C:\program files (x86)\nmap\nmap.exe (Nmap Software LLC -> Insecure.Org) FirewallRules: [{9A577189-FE16-4477-BD8D-5CEA7CC65A06}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{BE915EAA-2527-4C86-B914-10BA24A5FDFC}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe (QNAP Systems, Inc. -> QNAP) FirewallRules: [UDP Query User{8D0DB93F-B7C7-4267-A5A0-24409402F4FE}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe (QNAP Systems, Inc. -> QNAP) FirewallRules: [TCP Query User{4C91D09E-4FA2-4C7F-A397-58122CE05BF6}C:\users\tobia\appdata\local\postman\app-11.6.1\postman.exe] => (Allow) C:\users\tobia\appdata\local\postman\app-11.6.1\postman.exe (Postman, Inc. -> Postman) FirewallRules: [UDP Query User{7BC0AFD1-75AF-4804-9F04-CC029EF0DE95}C:\users\tobia\appdata\local\postman\app-11.6.1\postman.exe] => (Allow) C:\users\tobia\appdata\local\postman\app-11.6.1\postman.exe (Postman, Inc. -> Postman) FirewallRules: [TCP Query User{808F223C-7D56-4B70-962E-183347AC7CEB}C:\users\tobia\appdata\local\postman\app-11.7.0\postman.exe] => (Allow) C:\users\tobia\appdata\local\postman\app-11.7.0\postman.exe (Postman, Inc. -> Postman) FirewallRules: [UDP Query User{FACA1C92-43C2-47CB-8951-C1AEE39C5169}C:\users\tobia\appdata\local\postman\app-11.7.0\postman.exe] => (Allow) C:\users\tobia\appdata\local\postman\app-11.7.0\postman.exe (Postman, Inc. -> Postman) FirewallRules: [{B78B27E7-9C41-4C60-A83D-998A57CD924A}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4F4A31B6-CBF8-4BFC-921A-A677D1D39771}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7E40884E-109A-4AA7-AF89-E7E066907543}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{DF961A14-6B41-4A60-A12A-7969BC5F2D20}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{2D5D21D9-3F3F-4FD0-B8CA-A5DE77B842BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E8ED499D-1BBD-466E-806E-40C3FBCD4B15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{11B1B773-9BEC-4CBB-9C4D-0DFB65479E9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7DEA3C70-9CD5-4D1F-B841-CDD9D35CFD1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{31740600-4BE4-417F-A78A-53FDF35D97E8}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.) FirewallRules: [{6E9400ED-37A3-4379-AC04-A971FCC5FC38}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.) FirewallRules: [{8C3B12A8-E47D-476E-873F-4EA017C450E0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.126.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{0D351130-B709-43AA-BCF9-9E2BA390EC23}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.126.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{81815E1F-6C44-4C49-AEBA-372406189D1D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.126.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{358E2237-3891-4E30-B31C-83549D3E6DF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.126.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{053F8696-1571-4AA1-A033-7CEBD82521B8}] => (Allow) C:\Program Files\Insta360 Studio\Insta360 Studio.exe (影石创新科技股份有限公司 -> Arashi Vision Inc.) FirewallRules: [{433EFA99-11B8-4D46-94E7-4F01D565C20F}] => (Allow) C:\Program Files\Insta360 Studio\insta360-proxy-service.exe (影石创新科技股份有限公司 -> Arashi Vision Inc.) FirewallRules: [{5D26F94B-6D09-4242-8C34-B15CD8F092C7}] => (Allow) C:\Program Files\Insta360 Studio\insta360-network-service.exe (影石创新科技股份有限公司 -> Arashi Vision Inc.) FirewallRules: [{298EED61-958B-4B88-94CF-8DD2A569D5D4}] => (Allow) C:\Program Files\Insta360 Studio\insta360-exporter-service.exe (影石创新科技股份有限公司 -> Arashi Vision Inc.) FirewallRules: [{039FA82B-E336-45C1-86B7-166DF02FFD10}] => (Allow) C:\Program Files\Insta360 Studio\insta360-thumbnail-service.exe (影石创新科技股份有限公司 -> Arashi Vision Inc.) FirewallRules: [{A3F4B8DB-2E18-4D1C-9A53-7A3584F46962}] => (Allow) C:\Program Files\Insta360 Studio\Insta360 Studio.exe (影石创新科技股份有限公司 -> Arashi Vision Inc.) FirewallRules: [{2691ABD9-3F33-4149-9DA2-8CCECFE878E0}] => (Allow) C:\Program Files\Insta360 Studio\insta360-proxy-service.exe (影石创新科技股份有限公司 -> Arashi Vision Inc.) FirewallRules: [{13D379EC-14E6-4DD1-9853-175B9BC35DC3}] => (Allow) C:\Program Files\Insta360 Studio\insta360-network-service.exe (影石创新科技股份有限公司 -> Arashi Vision Inc.) FirewallRules: [{CBF36EDB-0EC0-4E38-B5DF-6374F9845D49}] => (Allow) C:\Program Files\Insta360 Studio\insta360-exporter-service.exe (影石创新科技股份有限公司 -> Arashi Vision Inc.) FirewallRules: [{85D1DD5B-C328-4C9A-ACA8-B8064F15D8D2}] => (Allow) C:\Program Files\Insta360 Studio\insta360-thumbnail-service.exe (影石创新科技股份有限公司 -> Arashi Vision Inc.) FirewallRules: [{4D981635-BEB7-4757-98AB-7CE0BCF002BC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CD37B7D6-CD9B-4137-BCC5-AC24A0BE62B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{F3DDBC41-4107-420B-B097-910464EC467C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{FDCAA757-2990-4271-8A44-B5068CBE94EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{798201CC-ECE0-476E-A577-73BB4B3BB0DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{615AFC12-8A18-423C-AD10-16CDFBBCD2C5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{2C5FEF8E-EDF7-485E-8021-EB39B47596E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{AC3F81F2-FD2F-4B3B-AF22-F5181426EE9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{860A9F69-A636-4711-95DB-756AE5DBFD9B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{8763F8B2-B88B-455D-9BFD-18DD7B4DA272}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{A367CD65-6845-4EEE-85F8-27DDA2E67572}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{508094E4-CDB0-4A06-8FC9-59B5FE73513C}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe (Splashtop Inc. -> Splashtop Inc.) Geändert von Septem (30.08.2024 um 22:26 Uhr) Grund: 2mal das selbe gepostet |
30.08.2024, 22:28 | #4 |
| Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? Addition.txt (Part 2) Code:
ATTFilter ==================== Wiederherstellungspunkte ========================= 22-08-2024 06:14:22 Windows Update 22-08-2024 06:14:31 Windows Update 27-08-2024 19:57:03 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: Virtual Desktop Monitor Description: Virtual Desktop Monitor Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Virtual Desktop, Inc. Service: WUDFRd Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (08/30/2024 10:39:34 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\TOBYPOWERDESKTO$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps Methode: GET(0ms) Phase: GetCACaps Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (08/30/2024 10:39:34 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps Methode: GET(31ms) Phase: GetCACaps Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (08/30/2024 06:51:57 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\TOBYPOWERDESKTO$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Fri, 30 Aug 2024 04:51:59 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 01ce7530-9aeb-4b4f-828a-f66706d654e2 Methode: GET(172ms) Phase: GetCACaps Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/30/2024 06:51:57 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Fri, 30 Aug 2024 04:51:58 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: b7b11956-da91-4ace-8729-d24840d4e7aa Methode: GET(203ms) Phase: GetCACaps Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/30/2024 06:51:46 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: ) Description: Event-ID 0 Error: (08/30/2024 04:31:10 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.. Error: (08/30/2024 04:31:10 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.] Error: (08/30/2024 04:31:10 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.. Systemfehler: ============= Error: (08/30/2024 10:43:28 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT) Description: Beim Update für den sicheren Start konnte eine Variable für den sicheren Start nicht aktualisiert werden. Fehler: -2147020471. Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2169931 Error: (08/30/2024 10:39:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert. Error: (08/30/2024 10:39:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet: Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt. Error: (08/30/2024 10:39:28 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT) Description: Beim Update für den sicheren Start konnte eine Variable für den sicheren Start nicht aktualisiert werden. Fehler: -2147020471. Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2169931 Error: (08/30/2024 10:39:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 5 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/30/2024 10:39:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet: Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt. Error: (08/30/2024 10:39:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "GameInput Service" wurde unerwartet beendet. Dies ist bereits 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/30/2024 10:39:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "GameInput Service" wurde mit folgendem Fehler beendet: Die Verbunddatei "GameInput Service" wurde mit einer neueren Version erstellt. Windows Defender: ================ Date: 2024-08-20 10:05:53 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {2236CDB8-6277-4205-BC8E-A7B1221D50EE} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2024-08-04 21:03:55 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {4512C058-3A80-4D44-93F9-060EA3F54FA6} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2024-07-29 20:58:07 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {B50F0017-AB6E-4E34-A2AC-D32C154DDDB3} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2024-07-29 11:10:57 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {D95A34D7-259F-48BA-9E82-E601E3521D42} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2024-07-28 22:32:20 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {7799171C-E926-4496-B5BD-79E57356543F} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Event[0] Date: 2024-08-30 06:54:43 Description: Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten. Neue Version der Sicherheitsinformationen: %Vorherige Version der Sicherheitsinformationen: 1.417.205.0 Update Source: Microsoft Update-Server Sicherheitstyp: AntiVirus Updatetyp: Voll Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %Vorherige Modulversion: 1.1.24070.3 Fehlercode: 0x8007045b Fehlerbeschreibung: Der Computer wird heruntergefahren. Date: 2024-08-29 09:38:49 Description: Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren. Security Intelligence versucht: Sicherung Fehlercode: 0x80004004 Fehlerbeschreibung: Vorgang abgebrochen Security Intelligence-Version: 1.417.205.0;1.417.205.0 Modulversion: 1.1.24070.3 Date: 2024-08-29 09:38:49 Description: Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren. Security Intelligence versucht: Aktuell Fehlercode: 0x80501102 Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support". Security Intelligence-Version: 1.417.205.0;1.417.205.0 Modulversion: 1.1.24070.3 Date: 2024-08-28 23:34:38 Description: Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren. Security Intelligence versucht: Sicherung Fehlercode: 0x80004004 Fehlerbeschreibung: Vorgang abgebrochen Security Intelligence-Version: 1.417.205.0;1.417.205.0 Modulversion: 1.1.24070.3 Date: 2024-08-28 23:34:37 Description: Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren. Security Intelligence versucht: Aktuell Fehlercode: 0x80501102 Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support". Security Intelligence-Version: 1.417.363.0;1.417.363.0 Modulversion: 1.1.24070.3 CodeIntegrity: =============== Date: 2024-08-30 22:44:19 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2024-08-30 22:44:19 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. ==================== Speicherinformationen =========================== BIOS: American Megatrends International, LLC. F35 01/04/2022 Hauptplatine: Gigabyte Technology Co., Ltd. X570 AORUS PRO Prozessor: AMD Ryzen 9 3900X 12-Core Processor Prozentuale Nutzung des RAM: 10% Installierter physikalischer RAM: 65459.07 MB Verfügbarer physikalischer RAM: 58740.17 MB Summe virtueller Speicher: 69555.07 MB Verfügbarer virtueller Speicher: 61892.49 MB ==================== Laufwerke ================================ Drive a: (Daten) (Fixed) (Total:1863 GB) (Free:403.91 GB) (Model: SanDisk SDSSDH3 2T00) NTFS Drive c: (System) (Fixed) (Total:930.71 GB) (Free:36.93 GB) (Model: CT1000P1SSD8) NTFS Drive d: (Project_working) (Fixed) (Total:16763.98 GB) (Free:8821.32 GB) (Model: WDC WUH721818ALE6L4) NTFS Drive e: (UEFI) (Removable) (Total:0.01 GB) (Free:0.01 GB) FAT Drive f: (Storage) (Fixed) (Total:11175.98 GB) (Free:1002.56 GB) (Model: ST12000DM001-2JD101) NTFS Drive g: () (Removable) (Total:55.3 GB) (Free:21.81 GB) exFAT \\?\Volume{90a48243-1c9f-4877-b0b4-94174aabd0a5}\ () (Fixed) (Total:0.69 GB) (Free:0.11 GB) NTFS \\?\Volume{ed64ac22-9b87-4de1-ab27-af3e50f4c132}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 16764 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (Protective MBR) (Size: 11176 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 4 (Size: 59.6 GB) (Disk ID: 746EEB45) Partition 1: (Active) - (Size=4.3 GB) - (Type=00) Partition 2: (Not Active) - (Size=15 MB) - (Type=EF) Partition 3: (Not Active) - (Size=55.3 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ======================= |
03.09.2024, 12:06 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
03.09.2024, 14:22 | #6 |
| Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? ja ich mach das parallel - zum glück habe ich einen PW-Manager (Master-PW meiner Keepass-Datei wurde sofort geändert) und gehe jetzt mit dieser "neuen" Datenbank alle Einträge durch und ändere die PWs, bzw. miste dabei auch aus oder stelle auf Fido-Passkey um. |
03.09.2024, 14:28 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? Störende, veraltete oder unnötige Programme deinstallieren Bitte über Programme und Features (appwiz.cpl) deinstallieren:
__________________ Logfiles bitte immer in CODE-Tags posten |
04.09.2024, 14:28 | #8 |
| Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? Sorry, aber ich werde direkt eine Neuinstallation vornehmen. Seit der Ausführung des Fake-Setups ist mein Facebook-Konto gehackt worden, und mein Router verzeichnet jeden Tag zig erfolglose Login-Versuche mit allen möglichen Benutzernamen. Passwörter werden weiterhin geändert (das ist ganz schön viel Arbeit), Router und PC sind mittlerweile zurückgesetzt. Gibt es noch mehr was ich im Auge haben sollte? Das der Trojaner irgendwie im Router oder PC persistiert muss ich nicht befürchten, oder? |
04.09.2024, 14:30 | #9 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
04.09.2024, 14:43 | #10 |
| Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? Weil meine Telefonie auch darüber läuft und ich so auch von Unterwegs auf die Anruflisten zugreifen zu können. Auch konnte ich so meiner Frau mal bei bestimmten Konfigurationen von unterwegs aus helfen (da ich beruflich viel auf Achse bin). Ich hatte auch bisher nie die Befürchtung, dass es Sicherheitstechnisch so ein großes Problem sei.... bis jetzt. Nach dem Zurücksetzen habe ich übrigens ein komplett neues Passwort gesetzt, ein neues WLAN-PW vergeben und die Verbindung nach außen hin gar nicht erst aktiviert. |
04.09.2024, 14:45 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? Dann musst du dich aber echt nicht wundern, dass irgendwelche Bots versuchen da reinzukommen. Das ist so wenn das Ding üebr ne öffentliche IPv4 erreichbar ist. Und das hat auch nix mit dem Fakelink oder deinem Rechner zu tun.
__________________ Logfiles bitte immer in CODE-Tags posten |
04.09.2024, 21:17 | #12 |
| Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? Es ist halt nicht so ganz einfach für "normale" User solche Risiken abzuschätzen. Vor allem nicht dann, wenn einem das Konfigurationsmenü des Routers ganz bequem solche Einstellungen vornehmen lässt, ohne vor möglichen Konsequenzen zu warnen. Nun bin ich ja schlauer und werde das nicht noch einmal machen. Windows 11 ist jetzt frisch neu installiert. Ich habe alle Partitionen auf der Systemplatte geplättet und nur die anderen Platten auf denen Videos, Bilder und Musik liegt unangetastet gelassen. Dort habe ich nach der Neuinstallation noch einmal nach *.exe Dateien gesucht, um sicher zu gehen, dass da nicht noch irgendein möglicherweise infiziertes Programm schlummert, dass ich dann in ein paar Wochen oder Monaten unbedarft starte (und das möglicherweise verseucht ist). Macht es Sinn, noch mal eine Analyse mit FRST zu starten, oder sollte der PC jetzt wieder nutzbar sein? |
04.09.2024, 23:49 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? Es ist kein großes Risiko. So lange du das Admininterface gut absicherst und die Firmware des Routers immer aktuell hälst. Aber es muss doch auch einem Laien klar sein, dass JEDER Host weltweit dann darauf zugreifen kann. Denn genau so wolltest du das ja haben. Poste ruhig mal neue FRST-Logs.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.09.2024, 22:49 | #14 |
| Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen?Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-08.2024 durchgeführt von Tobia (Administrator) auf DESKTOPTOBY (Gigabyte Technology Co., Ltd. X570 AORUS PRO) (07-09-2024 23:47:22) Gestartet von C:\Users\Tobia\Downloads\FRST64.exe Geladene Profile: Tobia Plattform: Microsoft Windows 11 Pro N Version 23H2 22631.3880 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: Edge Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe <2> (cmd.exe ->) (DroidMonkey Apps, LLC -> ) C:\Program Files\KeePassXC\keepassxc-proxy.exe (explorer.exe ->) (DroidMonkey Apps, LLC -> KeePassXC Team) C:\Program Files\KeePassXC\KeePassXC.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <23> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe (hvsimgr.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\hvsirdpclient.exe (hvsimgr.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\hvsirpcd.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncHelper.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_e0e8eab0ff52148e\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7b66b6662cf6d72b\RtkAudUService64.exe <2> (services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileCoAuth.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\hvsimgr.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe (vmcompute.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\vmwp.exe konnte nicht auf den Prozess zugreifen -> vmmemCmZygote konnte nicht auf den Prozess zugreifen -> vmmemMDAG ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7b66b6662cf6d72b\RtkAudUService64.exe [1220312 2021-02-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKU\S-1-5-21-2582514280-2087681898-1917672019-1001\...\Run: [MicrosoftEdgeAutoLaunch_8088DBFD80064CD5C23EF47FF78F345A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3741248 2024-09-03] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2582514280-2087681898-1917672019-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919352 2024-09-07] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2582514280-2087681898-1917672019-1001\...\Run: [KeePassXC] => C:\Program Files\KeePassXC\KeePassXC.exe [5482192 2024-06-19] (DroidMonkey Apps, LLC -> KeePassXC Team) HKU\S-1-5-21-2582514280-2087681898-1917672019-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4407656 2024-07-17] (Valve Corp. -> Valve Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {468ED05F-6A22-46AA-9DBA-675338F7FAB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-08-25] (Microsoft Corporation -> Microsoft Corporation) Task: {3D114DFD-46AE-47E1-8A7F-9B5A6ED4E682} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-08-25] (Microsoft Corporation -> Microsoft Corporation) Task: {5CC8232B-11A0-438D-B9B6-8CDAC1A7E190} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312520 2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Task: {1E811CAE-7ADA-4837-8C76-3B9EF21B0EBA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312520 2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Task: {4680704D-F534-44B5-8759-7FC3A7F52039} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [187024 2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Task: {B28E27FA-D356-48A2-99C8-54A7751B20ED} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei) Task: {D4995C88-6CDB-46C1-9B8E-243056E77853} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5ABE4FA0-EE7E-4E70-BCF1-32B4C485D201} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8CB4BE08-D372-40AF-9A53-F1674B90F5E6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FDAEF043-4722-41D6-B7C9-0515CD5DFA4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {80390E26-9313-44AB-94D6-BAAF5F79A512} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B064A21A-9850-4430-98CD-04AC733ACABC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8C079716-7033-4D19-9472-E50DB73BF6CB} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209208 2024-09-07] (Microsoft Corporation -> Microsoft Corporation) Task: {34F354D9-5231-4906-A687-1C90318618B7} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2582514280-2087681898-1917672019-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209208 2024-09-07] (Microsoft Corporation -> Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\..\Interfaces\{6e5632fc-f8ba-4163-99df-a7cf0d52d4c9}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6e5632fc-f8ba-4163-99df-a7cf0d52d4c9}: [DhcpDomain] fritz.box Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-07] Edge HomePage: Default -> hxxp://ecosia.de/ Edge StartupUrls: Default -> "hxxp://ecosia.de/" Edge DefaultSearchURL: Default -> hxxps://www.bing.com/search?PC=U523&q={searchTerms} Edge DefaultSearchKeyword: Default -> ecosia.org Edge Extension: (Microsoft Rewards) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnplfnhcidhhdapmblniehfaaompjlck [2024-09-04] Edge Extension: (Shoop Cashback & Gutscheine) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cpcckalhfmpnloapihhjjdoenplbhchn [2024-09-04] Edge Extension: (Ghostery Tracker- & Werbeblocker | Datenschutz AdBlocker) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2024-09-07] Edge Extension: (Ecosia) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fhfidmlnclkepgapcephbaciajegheco [2024-09-04] Edge Extension: (Google Docs Offline) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-04] Edge Extension: (Edge relevant text changes) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-04] Edge Extension: (Shade Dark Mode) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mheecjkjgohjimgmeepafikiejdhjpoa [2024-09-04] Edge Extension: (uBlock Origin) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-09-04] Edge Extension: (I don't care about cookies) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oholpbloipjbbhlhohaebmieiiieioal [2024-09-04] Edge Extension: (KeePassXC-Browser) - C:\Users\Tobia\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffhmdngciaglkoonimfcmckehcpafo [2024-09-04] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14042624 2024-08-25] (Microsoft Corporation -> Microsoft Corporation) R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncHelper.exe [3523112 2024-09-07] (Microsoft Corporation -> Microsoft Corporation) R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_e0e8eab0ff52148e\Display.NvContainer\NVDisplay.Container.exe [1275008 2024-07-31] (NVIDIA Corporation -> NVIDIA Corporation) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.166.0818.0003\OneDriveUpdaterService.exe [3863984 2024-09-07] (Microsoft Corporation -> Microsoft Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-09-04] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert] R0 fse; C:\Windows\System32\drivers\fse.sys [218608 2024-09-04] (Microsoft Windows -> Microsoft Corporation) S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-07] (Microsoft Windows -> Realtek Corporation) S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2024-09-04] (Microsoft Windows -> ) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22080 2024-09-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602504 2024-09-07] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2024-09-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2024-09-07 23:47 - 2024-09-07 23:47 - 000015658 _____ C:\Users\Tobia\Downloads\FRST.txt 2024-09-07 10:46 - 2024-09-07 10:46 - 000000000 ____D C:\ProgramData\chocolatey 2024-09-07 10:36 - 2024-09-07 10:36 - 000720748 _____ C:\Windows\system32\perfh007.dat 2024-09-07 10:36 - 2024-09-07 10:36 - 000148840 _____ C:\Windows\system32\perfc007.dat 2024-09-07 10:19 - 2024-09-07 23:47 - 000000000 ____D C:\FRST 2024-09-07 10:18 - 2024-09-07 10:19 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2024-09-07 10:18 - 2024-09-07 10:18 - 000000000 ____D C:\Windows\system32\%userprofile% 2024-09-07 10:17 - 2024-09-07 10:17 - 000000000 ____D C:\Users\Tobia\AppData\Local\NVIDIA Corporation 2024-09-07 10:16 - 2024-09-07 10:16 - 002397184 _____ (Farbar) C:\Users\Tobia\Downloads\FRST64.exe 2024-09-07 10:15 - 2024-09-07 10:15 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\IME 2024-09-07 10:14 - 2024-09-07 10:14 - 000001607 _____ C:\Windows\system32\config\VSMIDK 2024-09-07 10:13 - 2024-09-07 10:13 - 000000000 ___SD C:\Windows\system32\containers 2024-09-07 10:13 - 2024-09-07 10:13 - 000000000 ____D C:\Windows\system32\HvsiSettingsProviders 2024-09-05 00:14 - 2024-09-05 00:14 - 000000222 _____ C:\Users\Tobia\Desktop\7 Days to Die.url 2024-09-05 00:14 - 2024-09-05 00:14 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2024-09-05 00:12 - 2024-09-05 00:13 - 000000000 ____D C:\Users\Tobia\AppData\Local\Steam 2024-09-05 00:10 - 2024-09-07 23:47 - 000000000 ____D C:\Program Files (x86)\Steam 2024-09-05 00:10 - 2024-09-05 00:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2024-09-05 00:00 - 2024-09-07 10:13 - 000000000 ____D C:\Users\Tobia\AppData\Local\ESET 2024-09-05 00:00 - 2024-09-05 00:00 - 000001382 _____ C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2024-09-04 23:49 - 2024-09-04 23:49 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Office 2024-09-04 23:27 - 2024-09-07 10:18 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2024-09-04 23:27 - 2024-09-07 10:18 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-09-04 23:27 - 2024-09-07 10:18 - 000000000 ___RD C:\Users\Default\OneDrive 2024-09-04 23:26 - 2024-09-04 23:26 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2024-09-04 23:26 - 2024-09-04 23:26 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2024-09-04 23:26 - 2024-09-04 23:26 - 000002516 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2024-09-04 23:26 - 2024-09-04 23:26 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk 2024-09-04 23:26 - 2024-09-04 23:26 - 000002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2024-09-04 23:26 - 2024-09-04 23:26 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2024-09-04 23:26 - 2024-09-04 23:26 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2024-09-04 23:26 - 2024-09-04 23:26 - 000002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk 2024-09-04 23:26 - 2024-09-04 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2024-09-04 23:26 - 2024-09-04 23:26 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2024-09-04 23:13 - 2024-09-04 23:26 - 000000000 ____D C:\Program Files\Microsoft Office 2024-09-04 23:13 - 2024-09-04 23:13 - 000000000 ____D C:\Program Files\Microsoft Office 15 2024-09-04 22:21 - 2024-09-04 22:21 - 000000000 ____D C:\Users\Tobia\AppData\Local\VirtualStore 2024-09-04 22:21 - 2024-09-04 22:21 - 000000000 ____D C:\Users\Tobia\AppData\Local\Comms 2024-09-04 22:21 - 2024-09-04 22:21 - 000000000 ____D C:\Users\Tobia\AppData\Local\CEF 2024-09-04 22:21 - 2024-09-04 22:21 - 000000000 ____D C:\Users\Tobia\ansel 2024-09-04 22:12 - 2024-09-04 22:26 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2024-09-04 22:12 - 2024-09-04 22:12 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-09-04 22:12 - 2024-09-04 22:12 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2024-09-04 22:12 - 2024-09-04 22:12 - 000000000 ____D C:\Users\Tobia\AppData\LocalLow\NVIDIA 2024-09-04 22:12 - 2024-06-11 21:50 - 000086568 _____ C:\Windows\system32\FvSDK_x64.dll 2024-09-04 22:12 - 2024-06-11 21:50 - 000075304 _____ C:\Windows\SysWOW64\FvSDK_x86.dll 2024-09-04 22:10 - 2024-07-31 00:10 - 000121872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2024-09-04 22:08 - 2024-09-07 10:49 - 000000000 ____D C:\Users\Tobia\AppData\Local\KeePassXC 2024-09-04 22:08 - 2024-09-04 23:33 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\KeePassXC 2024-09-04 22:07 - 2024-09-04 22:12 - 000000000 ____D C:\ProgramData\Package Cache 2024-09-04 22:07 - 2024-09-04 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePassXC 2024-09-04 22:07 - 2024-09-04 22:07 - 000000000 ____D C:\Program Files\KeePassXC 2024-09-04 22:05 - 2024-09-04 21:07 - 000000000 ____D C:\Windows\Panther 2024-09-04 22:05 - 2024-07-31 20:29 - 002040696 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe 2024-09-04 22:05 - 2024-07-31 20:29 - 002040696 _____ C:\Windows\system32\vulkaninfo.exe 2024-09-04 22:05 - 2024-07-31 20:29 - 001583888 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2024-09-04 22:05 - 2024-07-31 20:29 - 001583888 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2024-09-04 22:05 - 2024-07-31 20:29 - 001446672 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll 2024-09-04 22:05 - 2024-07-31 20:29 - 001446672 _____ C:\Windows\system32\vulkan-1.dll 2024-09-04 22:05 - 2024-07-31 20:29 - 001296760 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll 2024-09-04 22:05 - 2024-07-31 20:29 - 001296760 _____ C:\Windows\SysWOW64\vulkan-1.dll 2024-09-04 22:05 - 2024-07-31 20:29 - 000478360 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2024-09-04 22:05 - 2024-07-31 20:29 - 000374400 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2024-09-04 22:05 - 2024-07-31 20:26 - 001078920 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll 2024-09-04 22:05 - 2024-07-31 20:26 - 000670360 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll 2024-09-04 22:05 - 2024-07-31 20:26 - 000505480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll 2024-09-04 22:05 - 2024-07-31 20:25 - 002178712 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2024-09-04 22:05 - 2024-07-31 20:25 - 001629848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2024-09-04 22:05 - 2024-07-31 20:25 - 001547304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2024-09-04 22:05 - 2024-07-31 20:25 - 001203248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2024-09-04 22:05 - 2024-07-31 20:25 - 001034800 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2024-09-04 22:05 - 2024-07-31 20:25 - 000856704 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe 2024-09-04 22:05 - 2024-07-31 20:25 - 000797336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2024-09-04 22:05 - 2024-07-31 20:24 - 016199816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2024-09-04 22:05 - 2024-07-31 20:24 - 014270088 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2024-09-04 22:05 - 2024-07-31 20:24 - 006914600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2024-09-04 22:05 - 2024-07-31 20:24 - 005910680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2024-09-04 22:05 - 2024-07-31 20:24 - 005349416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll 2024-09-04 22:05 - 2024-07-31 20:24 - 003788416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2024-09-04 22:05 - 2024-07-31 20:24 - 000461872 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe 2024-09-04 22:05 - 2024-07-31 20:23 - 007133544 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2024-09-04 22:05 - 2024-07-31 20:23 - 006212184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2024-09-04 22:05 - 2024-07-31 20:23 - 000853656 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe 2024-09-04 22:04 - 2024-07-31 00:10 - 000127237 _____ C:\Windows\system32\nvinfo.pb 2024-09-04 21:55 - 2024-09-04 21:55 - 000000000 ____D C:\Users\Tobia\AppData\Local\Publishers 2024-09-04 21:52 - 2024-09-04 21:52 - 000000000 ____D C:\Users\Tobia\AppData\Local\OneDrive 2024-09-04 21:43 - 2024-09-07 23:35 - 000000000 ____D C:\Users\Tobia\AppData\Local\PlaceholderTileLogoFolder 2024-09-04 21:42 - 2024-09-07 10:15 - 000000000 ____D C:\Users\Tobia\AppData\Local\D3DSCache 2024-09-04 21:42 - 2024-09-04 21:42 - 000000000 ___HD C:\OneDriveTemp 2024-09-04 21:41 - 2024-09-07 23:48 - 000000000 ___RD C:\Users\Tobia\OneDrive 2024-09-04 21:41 - 2024-09-07 10:18 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2582514280-2087681898-1917672019-1001 2024-09-04 21:41 - 2024-09-04 21:41 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2024-09-04 21:40 - 2024-09-07 23:35 - 000000000 ____D C:\Users\Tobia\AppData\Local\Packages 2024-09-04 21:40 - 2024-09-07 10:15 - 000000000 ____D C:\Users\Tobia\AppData\Local\ConnectedDevicesPlatform 2024-09-04 21:40 - 2024-09-04 22:26 - 000000000 ____D C:\Users\Tobia\AppData\Local\NVIDIA 2024-09-04 21:40 - 2024-09-04 21:40 - 000000000 __RHD C:\Users\Public\AccountPictures 2024-09-04 21:40 - 2024-09-04 21:40 - 000000000 ___SD C:\Users\Tobia\AppData\Roaming\Microsoft\Crypto 2024-09-04 21:40 - 2024-09-04 21:40 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Vault 2024-09-04 21:40 - 2024-09-04 21:40 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Network 2024-09-04 21:40 - 2024-09-04 21:40 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Adobe 2024-09-04 21:37 - 2024-09-04 21:37 - 000000000 ____D C:\Windows\SysWOW64\DDFs 2024-09-04 21:33 - 2024-09-04 21:33 - 000025684 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-09-04 21:33 - 2024-09-04 21:33 - 000025684 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2024-09-04 21:30 - 2024-09-04 21:31 - 000000000 ___HD C:\$WinREAgent 2024-09-04 21:21 - 2024-09-07 10:49 - 000000000 ____D C:\ProgramData\NVIDIA 2024-09-04 21:21 - 2024-09-07 10:36 - 001662156 _____ C:\Windows\system32\PerfStringBackup.INI 2024-09-04 21:21 - 2024-09-05 00:12 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2024-09-04 21:21 - 2024-09-04 22:26 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2024-09-04 21:21 - 2024-09-04 22:12 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation 2024-09-04 21:21 - 2024-09-04 21:21 - 000000000 ___SD C:\Users\Tobia\AppData\Roaming\Microsoft\SystemCertificates 2024-09-04 21:21 - 2021-09-22 07:07 - 000676496 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2024-09-04 21:21 - 2021-09-22 07:07 - 000564344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2024-09-04 21:21 - 2021-09-22 07:07 - 000046264 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll 2024-09-04 21:20 - 2024-09-04 22:29 - 000000000 ____D C:\Users\Tobia 2024-09-04 21:20 - 2024-09-04 21:47 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Spelling 2024-09-04 21:20 - 2024-09-04 21:40 - 000000000 ____D C:\Users\Tobia\AppData\Roaming\Microsoft\Windows 2024-09-04 21:20 - 2024-09-04 21:20 - 000000020 ___SH C:\Users\Tobia\ntuser.ini 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\Vorlagen 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\Startmenü 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\Netzwerkumgebung 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\Lokale Einstellungen 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\Eigene Dateien 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\Druckumgebung 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\Documents\Eigene Videos 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\Documents\Eigene Musik 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\Documents\Eigene Bilder 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\AppData\Local\Verlauf 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\AppData\Local\Anwendungsdaten 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 _SHDL C:\Users\Tobia\Anwendungsdaten 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 ___SD C:\Users\Tobia\AppData\Roaming\Microsoft\Protect 2024-09-04 21:20 - 2024-09-04 21:20 - 000000000 ___SD C:\Users\Tobia\AppData\Roaming\Microsoft\Credentials 2024-09-04 21:17 - 2021-02-17 02:41 - 000283288 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTHDASIO64.dll 2024-09-04 21:17 - 2021-02-17 02:41 - 000238232 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RTHDASIO.dll 2024-09-04 21:10 - 2024-09-04 21:10 - 000000000 ____D C:\Windows\CSC 2024-09-04 21:08 - 2024-09-07 23:35 - 000000000 ____D C:\ProgramData\Packages 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Public\Documents\Eigene Videos 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Public\Documents\Eigene Musik 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Public\Documents\Eigene Bilder 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\Vorlagen 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\Startmenü 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\Netzwerkumgebung 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\Lokale Einstellungen 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\Eigene Dateien 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\Druckumgebung 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\Documents\Eigene Videos 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Users\Default\Anwendungsdaten 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Programme 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\ProgramData\Vorlagen 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\ProgramData\Startmenü 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\ProgramData\Dokumente 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\ProgramData\Anwendungsdaten 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Program Files\Gemeinsame Dateien 2024-09-04 21:08 - 2024-09-04 21:08 - 000000000 _SHDL C:\Dokumente und Einstellungen 2024-09-04 21:06 - 2024-09-07 23:30 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-09-04 21:06 - 2024-09-07 23:30 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2024-09-04 21:06 - 2024-09-07 23:30 - 000000000 ____D C:\Windows\system32\SleepStudy 2024-09-04 21:06 - 2024-09-07 10:46 - 000000000 ____D C:\Windows\system32\Drivers\wd 2024-09-04 21:06 - 2024-09-07 10:29 - 000012288 ___SH C:\DumpStack.log.tmp 2024-09-04 21:06 - 2024-09-07 10:29 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2024-09-04 21:06 - 2024-09-07 10:13 - 000473288 _____ C:\Windows\system32\FNTCACHE.DAT 2024-09-04 21:06 - 2024-09-04 21:16 - 000003756 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-09-04 21:06 - 2024-09-04 21:16 - 000003632 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-09-04 21:06 - 2024-09-04 21:06 - 000000000 ____D C:\Windows\system32\config\BFS 2024-09-04 21:06 - 2024-09-04 21:06 - 000000000 ____D C:\Windows\ServiceProfiles ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2024-09-07 23:47 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemTemp 2024-09-07 23:40 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\AppReadiness 2024-09-07 23:35 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps 2024-09-07 23:30 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-09-07 10:46 - 2022-05-07 07:24 - 000000000 ____D C:\Program Files\Windows Defender 2024-09-07 10:36 - 2022-05-07 07:22 - 000000000 ____D C:\Windows\INF 2024-09-07 10:24 - 2022-05-07 07:17 - 000262144 _____ C:\Windows\system32\config\BBI 2024-09-07 10:23 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\appcompat 2024-09-07 10:15 - 2022-05-07 07:17 - 000000000 ____D C:\Windows\CbsTemp 2024-09-04 23:45 - 2022-05-07 07:17 - 000032768 _____ C:\Windows\system32\config\ELAM 2024-09-04 23:26 - 2022-05-07 07:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2024-09-04 22:22 - 2023-12-04 08:20 - 000095720 _____ (Microsoft Corporation) C:\Windows\system32\hvsimgrps.dll 2024-09-04 22:22 - 2023-12-04 08:20 - 000079344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsc.sys 2024-09-04 22:22 - 2023-12-04 08:20 - 000079328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsp.sys 2024-09-04 22:22 - 2023-12-04 08:20 - 000044928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsimgrps.dll 2024-09-04 22:22 - 2023-12-04 08:20 - 000026992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsicontainerservice.dll 2024-09-04 22:22 - 2023-12-04 08:19 - 000094208 _____ C:\Windows\system32\Drivers\vmbusproxy.sys 2024-09-04 22:22 - 2023-12-04 08:19 - 000087520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\l2bridge.sys 2024-09-04 22:22 - 2023-12-04 08:19 - 000066928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocketcontrol.sys 2024-09-04 22:22 - 2023-12-04 08:19 - 000050656 _____ (Microsoft Corporation) C:\Windows\system32\VrdUmed.dll 2024-09-04 22:22 - 2023-12-04 08:19 - 000046552 _____ (Microsoft Corporation) C:\Windows\system32\vmsifproxystub.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000144736 _____ (Microsoft Corporation) C:\Windows\system32\rdp4vs.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000132456 _____ C:\Windows\system32\secfw_AuthenticAMD.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000124240 _____ (Microsoft Corporation) C:\Windows\system32\vmwpevents.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000095584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pvhdparser.sys 2024-09-04 22:22 - 2022-05-07 07:20 - 000075104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\passthruparser.sys 2024-09-04 22:22 - 2022-05-07 07:20 - 000058704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hnswfpdriver.sys 2024-09-04 22:22 - 2022-05-07 07:20 - 000054608 _____ (Microsoft Corporation) C:\Windows\system32\UtilityVmSysprep.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000042344 _____ (Microsoft Corporation) C:\Windows\system32\vmcomputeeventlog.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\VmComputeProxy.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000025960 _____ (Microsoft Corporation) C:\Windows\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000025960 _____ (Microsoft Corporation) C:\Windows\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000025952 _____ (Microsoft Corporation) C:\Windows\system32\f1db7d81-95be-4911-935a-8ab71629112a_HyperV-IsolatedVM.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000025952 _____ (Microsoft Corporation) C:\Windows\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000025952 _____ (Microsoft Corporation) C:\Windows\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000025952 _____ (Microsoft Corporation) C:\Windows\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll 2024-09-04 22:22 - 2022-05-07 07:20 - 000006658 _____ C:\Windows\system32\VmFirmwareHcl Third-Party Notices.txt 2024-09-04 22:22 - 2022-05-07 07:20 - 000006658 _____ C:\Windows\system32\VmFirmware Third-Party Notices.txt 2024-09-04 22:05 - 2022-05-07 07:24 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2024-09-04 22:00 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate 2024-09-04 21:56 - 2022-05-07 07:24 - 000000000 ___RD C:\Windows\PrintDialog 2024-09-04 21:55 - 2022-05-07 07:17 - 000000000 ____D C:\Windows\servicing 2024-09-04 21:40 - 2022-05-07 07:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2024-09-04 21:37 - 2023-12-04 08:24 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView 2024-09-04 21:37 - 2022-05-07 12:39 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents 2024-09-04 21:37 - 2022-05-07 12:39 - 000000000 ___SD C:\Windows\system32\AppV 2024-09-04 21:37 - 2022-05-07 12:39 - 000000000 ____D C:\Windows\InboxApps 2024-09-04 21:37 - 2022-05-07 12:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\SysWOW64\F12 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\UNP 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\F12 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\UUS 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\setup 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\Dism 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemResources 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemApps 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\WinMetadata 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\SystemResetPlatform 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\ShellExperiences 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\Sgrm 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\setup 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\oobe 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\migwiz 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\Dism 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\DDFs 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\appraiser 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellExperiences 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellComponents 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\Provisioning 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\PolicyDefinitions 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\BrowserCore 2024-09-04 21:37 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\bcastdvr 2024-09-04 21:36 - 2022-05-07 12:39 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll 2024-09-04 21:36 - 2022-05-07 12:39 - 000024383 _____ C:\Windows\system32\OEMDefaultAssociations.xml 2024-09-04 21:10 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\spool 2024-09-04 21:10 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\AppLocker 2024-09-04 21:08 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ServiceState 2024-09-04 21:08 - 2022-05-07 07:24 - 000000000 ____D C:\Program Files\Windows NT ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-08.2024 durchgeführt von Tobia (07-09-2024 23:48:12) Gestartet von C:\Users\Tobia\Downloads Microsoft Windows 11 Pro N Version 23H2 22631.3880 (X64) (2024-09-04 19:08:21) Start-Modus: Normal ========================================================== ==================== Konten: ============================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) Administrator (S-1-5-21-2582514280-2087681898-1917672019-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2582514280-2087681898-1917672019-503 - Limited - Disabled) Gast (S-1-5-21-2582514280-2087681898-1917672019-501 - Limited - Disabled) Tobia (S-1-5-21-2582514280-2087681898-1917672019-1001 - Administrator - Enabled) => C:\Users\Tobia WDAGUtilityAccount (S-1-5-21-2582514280-2087681898-1917672019-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) KeePassXC (HKLM\...\{4D0AFBD7-7864-4FF3-A481-513DEBFAB175}) (Version: 2.7.9 - KeePassXC Team) Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.17928.20114 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 128.0.2739.67 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 128.0.2739.67 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.166.0818.0003 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA Grafiktreiber 560.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.81 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.4.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.0.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17928.20018 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17928.20114 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Packages: ========= Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.79.0_x64__8wekyb3d8bbwe [2024-09-07] (Microsoft Corporation) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-09-04] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2024-09-04] (Realtek Semiconductor Corp) Widgets Platform Runtime -> C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe [2024-09-07] (Microsoft Corporation) Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-09-04] (Microsoft Windows) Windows-Fotoanzeige -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-09-05] (Microsoft Corporation) [Startup Task] ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.166.0818.0003\FileSyncShell64.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_e0e8eab0ff52148e\nvshext.dll [2024-07-31] (NVIDIA Corporation -> NVIDIA Corporation) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== ==================== Verknüpfungen & WMI ======================== ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ============= BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-04] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2022-05-07 07:24 - 2022-05-07 07:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2582514280-2087681898-1917672019-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img19.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ist aktiviert. Network Binding: ============= Ethernet: Intel(R) I211 Gigabit Network Connection -> e1i68x64.sys vms_vsf: Erweiterungsfilter für virtuellen Hyper-V-Switch ms_hvsifltr: Microsoft Defender Application Guard – Filtertreiber vms_vsp: Extension-Protokoll für virtuellen Hyper-V-Switch ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{BE74F5A9-2BAF-4FA9-A6C1-D382031E7E79}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{532C1149-3B86-483B-A197-00C223E477B2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{F83086BC-E57E-49EB-87EA-6ED2F837ADC0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{EB50E3AA-7A0F-4FAF-9032-C648E64C334E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{8A59075F-0030-42FD-A2B1-6D21D09AAAC4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{F503CFCF-8EB9-451A-BA96-1D2CBD832A53}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Wiederherstellungspunkte ========================= 04-09-2024 21:11:45 Windows Modules Installer 07-09-2024 10:15:24 Windows Modules Installer ==================== Fehlerhafte Geräte im Gerätemanager ============ ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (09/07/2024 10:29:19 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOPTOBY$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 07 Sep 2024 08:29:19 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: df562f60-f6b4-43a0-a45e-2d51c1edb4f8 Methode: GET(156ms) Phase: GetCACaps Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (09/07/2024 10:29:19 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 07 Sep 2024 08:29:19 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 32315277-72e3-4606-9cae-bb43c09ad462 Methode: GET(204ms) Phase: GetCACaps Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (09/07/2024 10:15:21 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOPTOBY$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 07 Sep 2024 08:15:21 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 8e892738-92ac-4d37-be13-9cf75dcfad32 Methode: GET(172ms) Phase: GetCACaps Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (09/07/2024 10:15:21 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 07 Sep 2024 08:15:21 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 6fa02453-30f5-496c-8055-ba4a0ddad825 Methode: GET(219ms) Phase: GetCACaps Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (09/04/2024 09:43:37 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOPTOBY) Description: Name der fehlerhaften Anwendung: Windows HDR Calibration Installer.exe, Version: 22408.807.1.0, Zeitstempel: 0xc2abfcee Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007ffc197ee064 ID des fehlerhaften Prozesses: 0x0x25ec Startzeit der fehlerhaften Anwendung: 0x0x1daff02bb0fccb7 Pfad der fehlerhaften Anwendung: C:\Users\Tobia\Downloads\Windows HDR Calibration Installer.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 4fb26557-120e-4f95-bdbe-07b098541664 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/04/2024 09:43:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Windows HDR Calibration Installer.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException bei MS.Internal.Data.DataBindEngine.GetDefaultValueConverter(System.Type, System.Type, Boolean) bei System.Windows.Data.BindingExpression.SetupDefaultValueConverter(System.Type) bei MS.Internal.Data.PropertyPathWorker.ReplaceItem(Int32, System.Object, System.Object) bei MS.Internal.Data.PropertyPathWorker.UpdateSourceValueState(Int32, System.ComponentModel.ICollectionView, System.Object, Boolean) bei MS.Internal.Data.ClrBindingWorker.AttachDataItem() bei System.Windows.Data.BindingExpression.Activate(System.Object) bei System.Windows.Data.BindingExpression.AttachToContext(AttachAttempt) bei System.Windows.Data.BindingExpression.MS.Internal.Data.IDataBindEngineClient.AttachToContext(Boolean) bei MS.Internal.Data.DataBindEngine+Task.Run(Boolean) bei MS.Internal.Data.DataBindEngine.Run(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.DispatcherOperation.InvokeImpl() bei MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) bei MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) bei System.Windows.Threading.DispatcherOperation.Invoke() bei System.Windows.Threading.Dispatcher.ProcessQueue() bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) bei System.Windows.Application.RunDispatcher(System.Object) bei System.Windows.Application.RunInternal(System.Windows.Window) bei StoreInstaller.App.Main() bei StoreInstaller.Launcher.LaunchPsi() bei StoreInstaller.Launcher.Main() Error: (09/04/2024 09:40:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x80004005 Befehlszeilenargumente: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9fbaf5d6-4d83-4422-870d-fdda6e5858aa;NotificationInterval=1440;Trigger=UserLogon;SessionId=2 Error: (09/04/2024 09:39:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT) Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOPTOBY$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Wed, 04 Sep 2024 19:39:23 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: f7960724-d528-4f79-b67c-e99336d311e9 Methode: GET(172ms) Phase: GetCACaps Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Systemfehler: ============= Error: (09/07/2024 11:36:04 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT) Description: Beim Update für den sicheren Start konnte eine Variable für den sicheren Start nicht aktualisiert werden. Fehler: -2147020471. Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2169931 Error: (09/07/2024 11:35:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Kamera-Frame-Server-Monitor" wurde mit folgendem Fehler beendet: Das angegebene Modul wurde nicht gefunden. Error: (09/07/2024 11:35:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Kamera-FrameServer" wurde mit folgendem Fehler beendet: Das angegebene Modul wurde nicht gefunden. Error: (09/07/2024 11:35:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Kamera-Frame-Server-Monitor" wurde mit folgendem Fehler beendet: Das angegebene Modul wurde nicht gefunden. Error: (09/07/2024 11:30:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience Error: (09/07/2024 11:30:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Kamera-Frame-Server-Monitor" wurde mit folgendem Fehler beendet: Das angegebene Modul wurde nicht gefunden. Error: (09/07/2024 11:30:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Kamera-FrameServer" wurde mit folgendem Fehler beendet: Das angegebene Modul wurde nicht gefunden. Error: (09/07/2024 11:30:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Kamera-Frame-Server-Monitor" wurde mit folgendem Fehler beendet: Das angegebene Modul wurde nicht gefunden. ==================== Speicherinformationen =========================== BIOS: American Megatrends International, LLC. F35 01/04/2022 Hauptplatine: Gigabyte Technology Co., Ltd. X570 AORUS PRO Prozessor: AMD Ryzen 9 3900X 12-Core Processor Prozentuale Nutzung des RAM: 12% Installierter physikalischer RAM: 65459.07 MB Verfügbarer physikalischer RAM: 57190.66 MB Summe virtueller Speicher: 74675.07 MB Verfügbarer virtueller Speicher: 64343.79 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:930.63 GB) (Free:824.11 GB) (Model: CT1000P1SSD8) NTFS Drive d: (Daten) (Fixed) (Total:1863 GB) (Free:407.47 GB) (Model: SanDisk SDSSDH3 2T00) NTFS Drive e: (Project_working) (Fixed) (Total:16763.98 GB) (Free:8821.52 GB) (Model: WDC WUH721818ALE6L4) NTFS Drive f: () (Removable) (Total:58.97 GB) (Free:58.97 GB) exFAT \\?\Volume{0adf7bb6-7293-4750-be30-df486d978548}\ (Storage) (Fixed) (Total:11175.98 GB) (Free:1003.16 GB) NTFS \\?\Volume{1f8f9dff-7290-4d96-b25b-d809c30348c6}\ () (Fixed) (Total:0.76 GB) (Free:0.08 GB) NTFS \\?\Volume{f0b6e61b-d77b-4e15-867b-d1692f765c96}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 16764 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (Protective MBR) (Size: 11176 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 4 (Size: 59.6 GB) (Disk ID: 11522AA9) Partition 1: (Active) - (Size=664 MB) - (Type=00) Partition 2: (Not Active) - (Size=59 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ======================= |
08.09.2024, 16:59 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? Die Logs sind ok. Aber das ist ja auch keine große Überraschung nach der Neuinstallation.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Auf Fakelink hereingefallen und Datei ausgeführt. Kurz darauf Facebookhack - Trojaner eingefangen? |
appdata, automatisch, avast, beendet, code, datei, dateien, ergebnis, facebook, fakelink, file, geld, gen, installation, link, logfiles, malwarebytes, namen, programme, quarantäne, rechner, scan, temp, trojaner, win, win32, zugriff |