FRST: Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2021
durchgeführt von wowts (Administrator) auf WOWTSCHIK (LENOVO 81X2) (03-12-2021 15:57:55)
Gestartet von C:\Users\wowts\Downloads
Geladene Profile: wowts
Plattform: Microsoft Windows 11 Home Version 21H2 22000.348 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366689.inf_amd64_4f0d6991b007c8f1\B366217\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0366689.inf_amd64_4f0d6991b007c8f1\B366217\atiesrxx.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.2.15.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.SmartAppearance_1.1.10.0_neutral__5grkq8ppsgwt4\CameraConfiguration\CameraConfiguration.exe <2>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.41\msedgewebview2.exe <6>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.14326.20588.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20045.455.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(Nextcloud GmbH -> Nextcloud GmbH) C:\Program Files\Nextcloud\nextcloud.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141552 2020-08-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3180256 2021-10-14] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2015-01-29] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN (Keine Datei)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\wowts\AppData\Local\Microsoft\Teams\Update.exe [2459344 2021-12-03] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Keine Datei)
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Run: [Amazon Music Helper] => C:\Users\wowts\AppData\Local\Amazon Music\Amazon Music Helper.exe [2356312 2021-09-17] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Run: [Amazon Music] => C:\Users\wowts\AppData\Local\Amazon Music\Amazon Music.exe [21370456 2021-09-17] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIREE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Run: [Discord] => C:\Users\wowts\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [2739008 2021-10-28] (Nextcloud GmbH -> Nextcloud GmbH)
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Run: [] => [X]
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Policies\Explorer: [DissallowRun] 1
HKLM\...\Print\Monitors\EPSON XP-342 343 345 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBREE.DLL [182784 2015-12-09] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2021-12-01]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xxx.exe.lnk [2021-04-15]
ShortcutTarget: xxx.exe.lnk -> C:\Windows\System32\net.exe (Microsoft Windows -> Microsoft Corporation)
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy\User: Beschränkung ? <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {18F8950B-F4E0-4B2C-8E8B-31195C06F079} - System32\Tasks\Opera scheduled Autoupdate 1608812151 => C:\Users\wowts\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Keine Datei)
Task: {239A1A46-AF4F-47B2-B042-A8AE5FFAE370} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {246D2A2F-6508-4B14-A7A7-8D5134D6E57B} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4190800 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D38D28F-50D2-4FEC-A450-A7225056836B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-10] (Avast Software s.r.o. -> Avast Software)
Task: {30D6AB6A-D4EA-4A2D-B32E-F6113FCF007A} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {34BB7D71-EA5D-41D4-86EB-5EB752DA7AA4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314824 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {4970B72F-FA6C-489E-B9DF-F13B7293EABE} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Auffrischen der Anti-Beacon-Immunisierung => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe /apply /silent /atlogon (Keine Datei)
Task: {54F176B0-3B92-443E-B25A-76182A28D4FB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" <==== ACHTUNG
Task: {5E68E165-9DAA-41E0-8272-F19324B00ABF} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Keine Datei <==== ACHTUNG
Task: {71DD2352-C63D-4F74-BB81-1972F958EBC3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D31A86D-8A11-4007-9511-4FD92A416C72} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (Keine Datei)
Task: {90FE37F6-C391-4BF9-96C8-D047B8A3EB56} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [443248 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {9361E511-201D-4D05-A00E-D56DA024A0F2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1600416 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9CE36D85-6FB0-4EFE-AF7D-0C6826966698} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d0841792-83c8-42fe-8cb3-16ac7452c9cb => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {9E115AB0-D9D7-460D-B159-B62EE6C74BE2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0691F33-8890-4099-9EC4-7A389F9E6AF7} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (Keine Datei)
Task: {AB39CFED-C536-4D25-9CD2-8804E70D243B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314824 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {B8A519CB-8E88-4EA9-BBC6-6A4C0E0D2179} - \Lenovo\ImController\TimeBasedEvents\b5e72d1e-3c2b-4022-b8d4-05aaaf0ede3b -> Keine Datei <==== ACHTUNG
Task: {BAA18872-1A38-4BF6-9327-9CA0D261A690} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF3AF84D-5CA9-455D-A33C-F73F6F4E35B7} - \Lenovo\ImController\TimeBasedEvents\16fe7d6a-97e8-4a38-b239-16cce6426068 -> Keine Datei <==== ACHTUNG
Task: {C3805D6C-E3CB-4419-B372-0FA6F79BAC81} - System32\Tasks\Opera scheduled assistant Autoupdate 1608812155 => C:\Users\wowts\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\wowts\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Keine Datei)
Task: {CD55368D-9846-48D6-B0DF-27F72EFC093A} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [201584 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {D333FBA7-53F8-4995-A7DA-DF266DBFFF91} - \Lenovo\ImController\TimeBasedEvents\6e00c4de-d788-42d6-8ee4-e9f00def51ac -> Keine Datei <==== ACHTUNG
Task: {DCEE1E8E-E441-46AF-8B88-2C1EA0987ED0} - \Lenovo\ImController\TimeBasedEvents\9bd5d08d-2576-4846-8a3a-302919e6ef4d -> Keine Datei <==== ACHTUNG
Task: {DD9424D8-84F6-403C-8DE0-9B82F99A93A5} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Keine Datei <==== ACHTUNG
Task: {E04D1A24-4418-4BFB-AA3C-D54D09044835} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{194b8a07-8a49-42e0-ba56-e2c84f8f5540}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69129b5f-2abf-4956-9cb1-0da2b391e6f7}: [DhcpNameServer] 192.168.32.102
Tcpip\..\Interfaces\{6a13e067-204c-4049-b75d-0e9e01c79d60}: [DhcpNameServer] 192.168.0.38
Tcpip\..\Interfaces\{8532842c-0128-4504-a307-46ec5dcf05db}: [DhcpNameServer] 172.168.127.2
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\wowts\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-03]
Edge Session Restore: Default -> ist aktiviert.
Edge Extension: (Microsoft-Editor: Rechtschreibung- und Grammatikprüfung) - C:\Users\wowts\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2021-12-01]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]
FireFox:
========
FF DefaultProfile: 3ztst3tj.default
FF ProfilePath: C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\3ztst3tj.default [2020-12-21]
FF ProfilePath: C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723 [2021-12-03]
FF Session Restore: Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723 -> ist aktiviert.
FF Extension: (Disconnect) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\2.0@disconnect.me.xpi [2021-12-01]
FF Extension: (Dark Reader) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\addon@darkreader.org.xpi [2021-12-01]
FF Extension: (OneNote Web Clipper) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\Clipper@OneNote.com.xpi [2021-12-01]
FF Extension: (Ninja Cookie) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\debug@ninja-cookie.com.xpi [2021-12-01]
FF Extension: (Decentraleyes) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2021-12-01]
FF Extension: (Privacy Badger) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-12-01]
FF Extension: (uBlock Origin) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\uBlock0@raymondhill.net.xpi [2021-12-01]
FF Extension: (NoScript) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-12-01]
FF Extension: (ClearURLs) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\{74145f27-f039-47ce-a470-a662b129930a}.xpi [2021-12-01]
FF Extension: (YouTube Playlist Download) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\{753bfcdc-8bcc-4626-89f0-6d22dc209561}.xpi [2021-12-01]
FF Extension: (Citavi Picker) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2021-12-01]
FF Extension: (Google Docs Viewer) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\{a734ba68-4aac-41e0-9141-9f8d00373d93}.xpi [2021-12-01]
FF Extension: (Matte Black (Red)) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\{a7589411-c5f6-41cf-8bdc-f66527d9d930}.xpi [2021-12-01]
FF Extension: (The universe of ancient times.) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\{b6d370bd-f532-4049-9a82-f53b47f369b3}.xpi [2021-12-01]
FF Extension: (Zoom Scheduler) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}.xpi [2021-12-01]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\wowts\AppData\Roaming\Mozilla\Firefox\Profiles\ac04xoor.default-release-1638383461723\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-12-01]
FF ProfilePath: C:\Users\wowts\AppData\Roaming\kompozer.net\KompoZer\Profiles\l6xmpoac.default [2021-08-26]
FF Extension: (Citavi Picker) - C:\Program Files\Mozilla Firefox\distribution\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2021-07-09]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-12-02] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
Chrome:
=======
CHR Profile: C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default [2021-12-02]
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Session Restore: Default -> ist aktiviert.
CHR Extension: (Präsentationen) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-23]
CHR Extension: (Docs) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-23]
CHR Extension: (Google Drive) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-23]
CHR Extension: (YouTube) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-23]
CHR Extension: (Slinky Vornehm) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2021-01-23]
CHR Extension: (Avira Password Manager) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-10-14]
CHR Extension: (Adblock für Youtube™) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-10-04]
CHR Extension: (Dark Reader) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2021-10-14]
CHR Extension: (Tabellen) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-14]
CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-10-14]
CHR Extension: (StudentBook) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiimjijildjkajollpjecaocbbjfobed [2021-01-23]
CHR Extension: (TiltShiftMaker) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2021-01-23]
CHR Extension: (SnapPages) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\iedpncdncgcneohjpggphlkhjofphgkf [2021-01-23]
CHR Extension: (Zoom Scheduler) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2021-10-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Citavi Picker) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2021-08-15]
CHR Extension: (Weather Underground) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2021-01-23]
CHR Extension: (Google Mail) - C:\Users\wowts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-23]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]
Opera:
=======
OPR Profile: C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable [2021-12-02]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-29]
OPR Extension: (I don't care about cookies) - C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable\Extensions\iambaeepkgdclnmbfdnnohkjjpdglbeo [2021-11-30]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-15]
OPR Extension: (uBlock Origin) - C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2021-10-15]
OPR Extension: (Zoom Scheduler) - C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2021-11-29]
OPR Extension: (Install Chrome Extensions) - C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2021-01-24]
OPR Extension: (Privacy Badger) - C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2021-12-01]
OPR Extension: (Ninja Cookie) - C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable\Extensions\naomjjbmcadiepggkdoknhklmklcobna [2021-11-17]
OPR Extension: (Avira Password Manager) - C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg [2021-02-12]
OPR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\wowts\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2021-12-02]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
S3 CmWebAdmin.exe; C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe [12002208 2019-12-16] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
S4 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1874272 2021-06-30] (GOG Sp. z o.o. -> GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6840672 2021-06-30] (GOG Sp. z o.o. -> GOG.com)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe [539128 2021-08-26] (Lenovo -> Lenovo(beijing) Limited)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1832944 2021-08-12] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-01] (Malwarebytes Inc -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [45368 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2557144 2021-09-10] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3475672 2021-09-10] (Electronic Arts, Inc. -> Electronic Arts)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [116592 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
S4 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10163312 2021-10-14] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 YMC; C:\WINDOWS\System32\YMC.exe [856920 2020-06-17] (Lenovo -> Lenovo Group Ltd.)
S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [X]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 64347b00; C:\WINDOWS\System32\Drivers\64347b00.sys [299544 2021-11-29] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [41376 2021-07-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0366689.inf_amd64_4f0d6991b007c8f1\B366217\amdkmdag.sys [82677912 2021-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2021-02-27] (AVAST Software s.r.o. -> The OpenVPN Project)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [184424 2020-07-14] (BayHub Technology Inc. -> BayHubTech/O2Micro)
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 gvm; C:\WINDOWS\system32\DRIVERS\gvm.sys [393712 2021-05-03] (Google LLC -> Google LLC)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2021-11-29] (Microsoft Windows -> Microsoft Corporation)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2021-02-27] (IBM Polska Sp. z o.o. -> IBM)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-12-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52104 2020-05-28] (Symantec Corporation -> The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8217168 2021-10-14] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-12-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-12-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-12-02] (Microsoft Windows -> Microsoft Corporation)
U1 avgbdisk; kein ImagePath
S0 klupd_64347b00a_arkmon; System32\Drivers\klupd_64347b00a_arkmon.sys [X]
S3 klupd_64347b00a_arkmon_6D66C841; \??\C:\KVRT2020_Data\Temp\6D66C841DE4E80E48D94B67F324D5423\klupd_64347b00a_arkmon.sys [X]
S3 klupd_64347b00a_klark; System32\Drivers\klupd_64347b00a_klark.sys [X]
S0 klupd_64347b00a_klbg; System32\Drivers\klupd_64347b00a_klbg.sys [X]
S3 klupd_64347b00a_mark; System32\Drivers\klupd_64347b00a_mark.sys [X]
U4 npcap_wifi; kein ImagePath
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-12-03 15:53 - 2021-12-03 15:53 - 000000000 ____D C:\Users\wowts\AppData\LocalLow\IGDump
2021-12-03 15:52 - 2021-12-03 15:52 - 002311680 _____ (Farbar) C:\Users\wowts\Downloads\FRST64.exe
2021-12-03 14:36 - 2021-12-03 15:58 - 000032057 _____ C:\Users\wowts\Downloads\FRST.txt
2021-12-03 14:36 - 2021-12-03 15:55 - 000047314 _____ C:\Users\wowts\Downloads\Addition.txt
2021-12-03 13:58 - 2021-12-03 14:03 - 000000000 ____D C:\Users\wowts\Desktop\Forum
2021-12-03 13:57 - 2021-12-03 13:57 - 000000000 ____D C:\Users\wowts\Desktop\Blog
2021-12-03 13:14 - 2021-12-03 13:14 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-12-03 13:00 - 2021-12-03 13:00 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-12-03 12:59 - 2021-12-03 12:59 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-03 12:59 - 2021-12-03 12:59 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-12-03 12:59 - 2021-12-03 12:59 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-12-03 11:10 - 2021-12-03 11:10 - 000000000 ____D C:\Users\wowts\AppData\LocalLow\AMD
2021-12-03 10:07 - 2021-12-03 10:07 - 000002409 _____ C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2021-12-02 21:25 - 2021-12-02 21:26 - 014349527 _____ C:\Users\wowts\Downloads\183672.zip
2021-12-02 21:24 - 2021-12-02 21:24 - 009931809 _____ C:\Users\wowts\Downloads\190222.zip
2021-12-02 20:48 - 2021-12-02 20:48 - 005022673 _____ C:\Users\wowts\Downloads\190233.zip
2021-12-02 18:53 - 2021-12-02 18:53 - 000000000 ____D C:\Users\wowts\Desktop\AskAdmin
2021-12-02 15:34 - 2021-07-30 13:17 - 000041376 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdfendrmgr.sys
2021-12-02 15:15 - 2021-12-02 19:24 - 000047315 _____ C:\Users\wowts\Documents\Bolzen(Automatisch wiederhergestellt).xlsx
2021-12-02 13:33 - 2021-12-02 13:33 - 000006603 _____ C:\Users\wowts\Desktop\Bolzen.xlsx
2021-12-02 13:33 - 2021-12-02 13:33 - 000000165 ____H C:\Users\wowts\Desktop\~$Bolzen.xlsx
2021-12-02 11:37 - 2021-12-02 11:37 - 000000000 ____D C:\Users\wowts\AppData\Roaming\LibreOffice
2021-12-02 11:30 - 2021-12-02 11:30 - 000001153 _____ C:\Users\Public\Desktop\LibreOffice 7.2.lnk
2021-12-02 11:30 - 2021-12-02 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.2
2021-12-02 11:29 - 2021-12-02 11:30 - 000000000 ____D C:\Program Files\LibreOffice
2021-12-02 11:17 - 2021-12-02 11:22 - 339107840 _____ C:\Users\wowts\Downloads\LibreOffice_7.2.3_Win_x64.msi
2021-12-02 11:10 - 2021-12-02 11:10 - 000000085 _____ C:\WINDOWS\wininit.ini
2021-12-02 10:56 - 2021-12-02 10:56 - 000000000 ____H C:\ProgramData\rebootpending.txt
2021-12-01 19:31 - 2021-12-01 19:31 - 000000000 ____D C:\Users\wowts\Desktop\Alte Firefox-Daten
2021-12-01 13:58 - 2021-12-01 13:58 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-01 13:58 - 2021-12-01 13:58 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-01 13:58 - 2021-12-01 13:58 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-01 13:58 - 2021-12-01 13:58 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-01 13:58 - 2021-12-01 13:57 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-12-01 13:57 - 2021-12-01 13:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-30 18:15 - 2021-11-30 17:10 - 000455026 _____ C:\WINDOWS\system32\Drivers\etc\hosts.original-30.11.2021
2021-11-30 17:57 - 2021-12-03 15:58 - 000000000 ____D C:\FRST
2021-11-30 17:17 - 2021-11-30 17:55 - 000000000 ___HD C:\$SysReset
2021-11-29 15:10 - 2021-11-29 15:10 - 000040960 _____ C:\WINDOWS\system32\prxyqry.dll
2021-11-29 15:10 - 2021-11-29 15:10 - 000015040 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-29 15:10 - 2021-11-29 15:10 - 000013824 _____ C:\WINDOWS\SysWOW64\prxyqry.dll
2021-11-29 15:09 - 2021-11-29 15:09 - 000000000 ___HD C:\$WinREAgent
2021-11-29 15:04 - 2021-11-29 15:04 - 000215552 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2021-11-29 13:30 - 2021-11-29 13:30 - 000000000 ____D C:\ProgramData\Emsisoft
2021-11-29 13:29 - 2021-12-01 10:59 - 000000000 ____D C:\EEK
2021-11-29 13:26 - 2021-11-29 13:26 - 000299544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\64347b00.sys
2021-11-29 13:13 - 2021-11-29 13:13 - 000040960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-11-29 13:12 - 2021-11-29 13:13 - 000000000 ____D C:\ProgramData\HitmanPro
2021-11-29 12:45 - 2021-11-29 14:43 - 000000000 ____D C:\ProgramData\AVG
2021-11-29 12:20 - 2021-11-29 12:20 - 000425230 _____ C:\Users\wowts\Downloads\OneDrive_1_29.11.2021.zip
2021-11-29 10:36 - 2021-12-01 10:49 - 000000681 _____ C:\Users\wowts\Desktop\ESET Online Scanner.lnk
2021-11-29 10:35 - 2021-11-29 10:35 - 000000780 _____ C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-11-29 10:35 - 2021-11-29 10:35 - 000000000 ____D C:\Users\wowts\AppData\Local\ESET
2021-11-29 09:20 - 2021-11-29 09:20 - 000000000 ____D C:\Users\wowts\AppData\Local\mbam
2021-11-29 09:17 - 2021-12-01 13:57 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-28 23:51 - 2021-11-28 21:21 - 000454567 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20211128-235106.backup
2021-11-27 22:24 - 2021-11-27 22:24 - 000000000 ____D C:\Users\wowts\AppData\Local\Bigpoint GmbH
2021-11-27 22:22 - 2021-11-27 22:22 - 000000000 ____D C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DarkOrbit
2021-11-27 22:19 - 2021-11-27 22:24 - 000000000 ____D C:\Users\wowts\Dark Orbit
2021-11-26 16:40 - 2021-11-26 16:42 - 009451378 _____ C:\Users\wowts\Downloads\Feedback-XXXXXXXXX-V3.pdf
2021-11-26 14:18 - 2021-11-26 14:18 - 000000000 ____D C:\Users\wowts\AppData\Roaming\Delphi
2021-11-26 14:18 - 2021-11-26 14:18 - 000000000 ____D C:\ProgramData\Delphi
2021-11-26 14:11 - 2021-11-26 14:12 - 000000000 ____D C:\Users\wowts\Desktop\Diagnose
2021-11-26 11:37 - 2021-11-26 14:18 - 000000249 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2021-11-26 11:37 - 2021-11-26 11:37 - 000000000 ____D C:\Users\wowts\AppData\Roaming\Autocom
2021-11-26 11:37 - 2021-11-26 11:37 - 000000000 ____D C:\ProgramData\Common Diagnostics
2021-11-26 11:37 - 2021-11-26 11:37 - 000000000 ____D C:\ProgramData\Autocom
2021-11-26 11:25 - 2021-11-26 11:25 - 000000000 ____D C:\Users\wowts\Documents\CarPort
2021-11-26 11:25 - 2021-11-26 11:25 - 000000000 ____D C:\Users\wowts\AppData\Roaming\Obsidium
2021-11-26 11:25 - 2021-11-26 11:25 - 000000000 ____D C:\Users\wowts\AppData\Roaming\MPP-Engineering
2021-11-26 11:25 - 2021-11-26 11:25 - 000000000 ____D C:\Users\wowts\AppData\Local\MPP-Engineering
2021-11-25 13:52 - 2021-11-25 13:52 - 000000000 _____ C:\Users\wowts\Downloads\Eraser_6.2.0.2993.exe.part
2021-11-23 19:05 - 2021-11-23 19:06 - 008814674 _____ C:\Users\wowts\Downloads\Praktikum Gedaempfte Schwingung (1) (2).pdf
2021-11-23 10:07 - 2021-11-23 12:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-22 18:21 - 2021-11-22 18:24 - 008814674 _____ C:\Users\wowts\Downloads\Praktikum Gedaempfte Schwingung (1) (1).pdf
2021-11-22 12:53 - 2021-11-22 12:53 - 000159961 _____ C:\Users\wowts\Downloads\202111091348408430_2213437_200919.pdf
2021-11-22 12:52 - 2021-11-22 12:53 - 000410438 _____ C:\Users\wowts\Downloads\202111091921079470_2239425_200919.eml
2021-11-22 09:24 - 2021-11-22 09:24 - 008814674 _____ C:\Users\wowts\Downloads\Praktikum Gedaempfte Schwingung (1).pdf
2021-11-19 16:13 - 2021-11-19 16:13 - 000000000 ____D C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-11-19 14:19 - 2021-11-19 14:21 - 023061073 _____ C:\Users\wowts\Downloads\01 Vorlesungsunterlagen.zip
2021-11-18 13:00 - 2019-06-05 04:43 - 000135667 _____ C:\WINDOWS\system32\Drivers\rtldata.txt
2021-11-18 10:49 - 2021-11-07 22:36 - 000109296 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2021-11-18 03:31 - 2021-11-18 03:31 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7c0f368e88e72
2021-11-16 20:43 - 2021-11-16 20:44 - 048334535 _____ C:\Users\wowts\Downloads\405.pdf
2021-11-15 10:15 - 2021-11-15 10:15 - 000000018 _____ C:\Users\wowts\delte
2021-11-15 10:14 - 2021-11-15 10:14 - 000000011 _____ C:\Users\wowts\delete
2021-11-12 12:38 - 2021-11-12 12:38 - 000401898 _____ C:\Users\wowts\Desktop\SHA-Antragsformular_Version_SARS-CoV-2.pdf
2021-11-12 03:13 - 2021-04-23 08:23 - 001865880 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-11-12 03:13 - 2021-04-23 08:23 - 001865880 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-11-12 03:13 - 2021-04-23 08:23 - 001446544 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-11-12 03:13 - 2021-04-23 08:23 - 001446544 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-11-12 03:13 - 2021-04-23 08:23 - 001101752 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-11-12 03:13 - 2021-04-23 08:23 - 001101752 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-11-12 03:13 - 2021-04-23 08:23 - 000954920 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-11-12 03:13 - 2021-04-23 08:23 - 000954920 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-11-12 03:13 - 2021-04-23 08:23 - 000744600 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2021-11-12 03:13 - 2021-04-23 08:23 - 000628888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2021-11-12 03:13 - 2021-04-23 08:23 - 000098456 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
2021-11-12 03:13 - 2021-04-23 08:23 - 000083096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2021-11-12 03:13 - 2021-04-23 08:23 - 000054408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2021-11-12 03:13 - 2021-04-23 08:23 - 000051336 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2021-11-12 03:13 - 2021-04-23 08:22 - 000504472 _____ C:\WINDOWS\system32\GameManager64.dll
2021-11-12 03:13 - 2021-04-23 08:22 - 000500888 _____ C:\WINDOWS\system32\dgtrayicon.exe
2021-11-12 03:13 - 2021-04-23 08:22 - 000440448 _____ C:\WINDOWS\system32\EEURestart.exe
2021-11-12 03:13 - 2021-04-23 08:22 - 000387712 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2021-11-12 03:13 - 2021-04-23 08:22 - 000354432 _____ C:\WINDOWS\system32\clinfo.exe
2021-11-12 03:13 - 2021-04-23 08:22 - 000253064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2021-11-12 03:13 - 2021-04-23 08:22 - 000220808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2021-11-12 03:13 - 2021-04-23 08:22 - 000174752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2021-11-12 03:13 - 2021-04-23 08:22 - 000174216 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2021-11-12 03:13 - 2021-04-23 08:22 - 000148608 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2021-11-12 03:13 - 2021-04-23 08:22 - 000027888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2021-11-12 03:13 - 2021-04-23 08:22 - 000027864 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 081591432 _____ C:\WINDOWS\system32\amd_comgr.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 067170952 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 005528184 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 001510008 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiacm64.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 001339504 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 000829064 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2021-11-12 03:13 - 2021-04-23 08:21 - 000476296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 000464008 _____ C:\WINDOWS\system32\atieah64.exe
2021-11-12 03:13 - 2021-04-23 08:21 - 000359560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2021-11-12 03:13 - 2021-04-23 08:21 - 000190088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 000166360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 000143480 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 000138880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 000133256 _____ C:\WINDOWS\system32\atidxx64.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 000123528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 000115336 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2021-11-12 03:13 - 2021-04-23 08:21 - 000077936 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2021-11-12 03:13 - 2021-04-23 08:20 - 072489608 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2021-11-12 03:13 - 2021-04-23 08:20 - 000948888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2021-11-12 03:13 - 2021-04-23 08:20 - 000776344 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2021-11-12 03:13 - 2021-04-23 08:20 - 000497288 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2021-11-12 03:13 - 2021-04-23 08:20 - 000474272 _____ C:\WINDOWS\system32\amdlogum.exe
2021-11-12 03:13 - 2021-04-23 08:20 - 000387720 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2021-11-12 03:13 - 2021-04-23 08:19 - 001708432 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2021-11-12 03:13 - 2021-04-23 08:19 - 001384944 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2021-11-12 03:13 - 2021-04-23 08:19 - 000559704 _____ C:\WINDOWS\system32\amdmiracast.dll
2021-11-12 03:13 - 2021-04-23 08:19 - 000145304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2021-11-12 03:13 - 2021-04-23 08:19 - 000139576 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2021-11-12 03:13 - 2021-04-23 08:19 - 000139576 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2021-11-12 03:13 - 2021-04-23 08:19 - 000129464 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2021-11-12 03:13 - 2021-04-23 08:19 - 000117304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2021-11-12 03:13 - 2021-04-23 08:19 - 000117288 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2021-11-12 03:13 - 2021-04-23 07:49 - 059070488 _____ C:\WINDOWS\system32\amdxc64.so
2021-11-12 03:13 - 2021-04-23 07:49 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2021-11-12 03:13 - 2021-04-23 07:49 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2021-11-12 03:13 - 2021-04-23 07:49 - 000557888 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2021-11-12 03:13 - 2021-04-23 07:49 - 000557888 _____ C:\WINDOWS\system32\atiapfxx.blb
2021-11-12 03:13 - 2021-04-23 07:49 - 000128048 _____ C:\WINDOWS\system32\kapp_ci.sbin
2021-11-12 03:13 - 2021-04-23 07:49 - 000076237 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2021-11-12 03:13 - 2021-04-23 07:49 - 000012344 _____ C:\WINDOWS\system32\brandingWS_RSX.bmp
2021-11-12 03:13 - 2021-04-23 07:49 - 000012344 _____ C:\WINDOWS\system32\brandingRSX.bmp
2021-11-12 03:13 - 2021-04-23 07:49 - 000011014 _____ C:\WINDOWS\system32\atiacmLocalisation.ini
2021-11-12 03:13 - 2021-04-23 07:49 - 000000822 _____ C:\WINDOWS\system32\branding.bmp
2021-11-12 00:15 - 2021-11-12 00:15 - 000106344 _____ C:\Users\wowts\Documents\Praktikum1.mw
2021-11-12 00:00 - 2021-11-12 00:00 - 000699151 _____ C:\Users\wowts\Documents\Praktikum 2.mw
2021-11-11 21:26 - 2021-11-11 21:26 - 000048681 _____ C:\Users\wowts\Documents\Mathe 2 Praktikum Aufgabe 7 DGl 2.O. Randwert.mw
2021-11-11 19:16 - 2021-11-11 19:16 - 000000000 ____D C:\Users\wowts\Maple
2021-11-11 18:58 - 2021-11-11 18:58 - 000001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maple 2021.lnk
2021-11-11 18:58 - 2021-11-11 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maple 2021
2021-11-11 18:51 - 2021-11-11 19:08 - 000000000 ____D C:\Program Files\Maple 2021
2021-11-11 18:29 - 2021-11-12 17:01 - 000035841 _____ C:\Users\wowts\Documents\Aufgabe 7.2.mw
2021-11-11 18:29 - 2021-11-12 17:01 - 000035507 _____ C:\Users\wowts\Documents\aufgabe 7.mw
2021-11-11 15:26 - 2021-11-11 15:26 - 011349663 _____ C:\Users\wowts\Downloads\Endfeedback-XXXXXXXXX-V2.pdf
2021-11-11 13:47 - 2021-10-08 11:00 - 000160376 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-11-11 10:25 - 2021-11-11 10:25 - 000190883 _____ C:\Users\wowts\Downloads\KL_Kran-Projektaufgabe_WS 21-22.pdf
2021-11-11 10:25 - 2021-11-11 10:25 - 000169344 _____ C:\Users\wowts\Downloads\KL_Kran-Projektaufgabe_Deckblatt_WS 21-22.pdf
2021-11-10 18:58 - 2021-11-11 20:34 - 000036049 _____ C:\Users\wowts\Documents\,,,.mw
2021-11-10 12:57 - 2021-11-10 12:57 - 000000000 ____D C:\Users\wowts\AppData\Roaming\VS Revo Group
2021-11-10 09:53 - 2021-12-01 09:40 - 000000000 ____D C:\Users\wowts\Desktop\Alles
2021-11-10 02:58 - 2021-11-10 02:58 - 000286720 _____ C:\WINDOWS\system32\AggregatorHost.exe
2021-11-10 02:58 - 2021-11-10 02:58 - 000077824 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-09 20:00 - 2021-11-09 20:00 - 000157859 _____ C:\Users\wowts\Downloads\202110062004282930_2150114_200919.pdf
2021-11-09 14:40 - 2021-11-09 14:41 - 015920937 _____ C:\Users\wowts\Downloads\Praktikum Absorbtion.V2.pdf
2021-11-09 00:52 - 2021-11-09 00:52 - 000118814 _____ C:\Users\wowts\Documents\asxaxasxa.mw
2021-11-06 00:44 - 2021-11-06 00:44 - 000121344 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-06 00:44 - 2021-11-06 00:44 - 000024576 _____ C:\WINDOWS\system32\nrtapi.dll
2021-11-06 00:44 - 2021-11-06 00:44 - 000006656 _____ C:\WINDOWS\SysWOW64\nrtapi.dll
2021-11-06 00:43 - 2021-11-06 00:43 - 000258048 _____ C:\WINDOWS\system32\CoreMas.dll
2021-11-06 00:43 - 2021-11-06 00:43 - 000208896 _____ C:\WINDOWS\system32\IHDS.dll
2021-11-06 00:43 - 2021-11-06 00:43 - 000167936 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-04 23:25 - 2021-11-04 23:25 - 000001935 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nextcloud.lnk
2021-11-04 22:40 - 2021-11-29 10:26 - 000000000 ____D C:\Users\wowts\AppData\Roaming\FileZilla
2021-11-04 22:40 - 2021-11-28 11:25 - 000000000 ____D C:\Users\wowts\AppData\Local\FileZilla
2021-11-04 22:37 - 2021-11-04 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2021-11-04 22:37 - 2021-11-04 22:37 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2021-11-04 09:40 - 2021-11-04 09:40 - 000040763 _____ C:\Users\wowts\Downloads\eBay-Widerrufsbelehrung (1).pdf
2021-11-04 09:40 - 2021-11-04 09:40 - 000005456 _____ C:\Users\wowts\Downloads\eBay-Widerrufsbelehrung (1).html
2021-11-04 09:40 - 2021-11-04 09:40 - 000005298 _____ C:\Users\wowts\Downloads\eBay-Widerrufsbelehrung (1).txt
2021-11-04 09:39 - 2021-11-04 09:39 - 000056309 _____ C:\Users\wowts\Downloads\EBAY-AGB_BASIC-INKL.DATENSCHUTZ (1).pdf
2021-11-04 09:39 - 2021-11-04 09:39 - 000023370 _____ C:\Users\wowts\Downloads\EBAY-AGB_BASIC-INKL.DATENSCHUTZ (4).html
2021-11-04 09:27 - 2021-11-04 09:27 - 000310915 _____ C:\Users\wowts\Downloads\Retourenformular (1).pdf
2021-11-04 09:27 - 2021-11-04 09:27 - 000299132 _____ C:\Users\wowts\Downloads\Muster_Versand-_und_Zahlungsinformationen (1).pdf
2021-11-04 09:27 - 2021-11-04 09:27 - 000225153 _____ C:\Users\wowts\Downloads\Zugangsbestaetigung.pdf
2021-11-04 09:27 - 2021-11-04 09:27 - 000197292 _____ C:\Users\wowts\Downloads\Auftragsbestaetigung.pdf
2021-11-04 09:26 - 2021-11-04 09:27 - 000177885 _____ C:\Users\wowts\Downloads\Muster-Rechnungen (1).pdf
2021-11-04 09:26 - 2021-11-04 09:26 - 000180429 _____ C:\Users\wowts\Downloads\Vertrag_ueber_die_Ueberlassung_und_Verwendung_von_Model-Bildern_mit_Datenschutzhinweisen.pdf
2021-11-04 09:25 - 2021-11-04 09:25 - 000226971 _____ C:\Users\wowts\Downloads\Muster_fuer_eine_Geheimhaltungsvereinbarung.pdf
2021-11-04 09:25 - 2021-11-04 09:25 - 000150333 _____ C:\Users\wowts\Downloads\E-Mail_Signatur_fuer_Kaufleute (1).pdf
2021-11-04 09:24 - 2021-11-04 09:24 - 000155203 _____ C:\Users\wowts\Downloads\E-Mail_Signatur_fuer_GmbH_und_UG.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-12-03 15:57 - 2020-12-21 15:39 - 000000000 ____D C:\Users\wowts\Downloads\Programe
2021-12-03 15:55 - 2021-06-05 13:09 - 000000000 ____D C:\WINDOWS\INF
2021-12-03 15:54 - 2021-10-14 13:01 - 001768198 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-03 15:54 - 2021-06-05 18:53 - 000766156 _____ C:\WINDOWS\system32\perfh007.dat
2021-12-03 15:54 - 2021-06-05 18:53 - 000158958 _____ C:\WINDOWS\system32\perfc007.dat
2021-12-03 15:53 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-03 15:53 - 2020-12-21 14:45 - 000000000 ____D C:\Users\wowts\AppData\LocalLow\Mozilla
2021-12-03 15:50 - 2021-10-14 13:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-12-03 15:50 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-12-03 15:50 - 2020-12-21 14:45 - 000000000 ____D C:\ProgramData\Mozilla
2021-12-03 15:47 - 2021-10-14 13:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-03 15:47 - 2021-10-14 13:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-03 15:47 - 2021-10-14 12:13 - 000000000 ____D C:\Users\wowts
2021-12-03 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-03 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-03 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-03 15:47 - 2021-04-19 10:31 - 000000000 ___SD C:\Homecloud
2021-12-03 15:47 - 2020-05-06 19:33 - 000012288 ___SH C:\DumpStack.log.tmp
2021-12-03 15:46 - 2021-10-28 20:04 - 000000000 ____D C:\Users\wowts\Downloads\bin64
2021-12-03 15:46 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-12-03 15:46 - 2021-04-19 08:41 - 000000000 ____D C:\Users\wowts\AppData\Roaming\Nextcloud
2021-12-03 15:45 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-03 15:44 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\registration
2021-12-03 15:44 - 2020-12-02 02:00 - 000000000 ____D C:\ProgramData\Lenovo
2021-12-03 15:33 - 2021-03-01 12:30 - 000000000 ____D C:\Users\wowts\AppData\Local\CrashDumps
2021-12-03 15:30 - 2020-12-21 13:40 - 000000000 ____D C:\Users\wowts\AppData\Local\D3DSCache
2021-12-03 14:35 - 2021-01-18 13:34 - 000000000 ____D C:\Users\wowts\Documents\Outlook-Dateien
2021-12-03 13:15 - 2020-12-21 13:40 - 000000000 ____D C:\Users\wowts\AppData\Local\Lenovo
2021-12-03 13:03 - 2020-12-02 01:59 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-03 12:59 - 2021-06-05 13:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-12-03 11:23 - 2020-12-02 02:07 - 000000000 ____D C:\WINDOWS\TempInst
2021-12-03 11:08 - 2021-01-26 18:32 - 000000000 ____D C:\Program Files\AMD
2021-12-03 11:08 - 2020-12-21 13:40 - 000000000 ____D C:\Users\wowts\AppData\Local\AMD
2021-12-03 11:02 - 2020-12-02 02:01 - 000000512 _____ C:\Users\Public\amdsfhdcd.bin
2021-12-03 10:47 - 2020-12-21 13:40 - 000000000 ____D C:\Users\wowts\AppData\Local\Packages
2021-12-03 10:44 - 2021-10-14 13:00 - 000673072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-03 10:43 - 2021-10-20 08:23 - 000000000 ____D C:\inetpub
2021-12-03 10:43 - 2021-06-05 13:10 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2021-12-03 10:43 - 2021-06-05 13:10 - 000000000 ___SD C:\WINDOWS\system32\lxss
2021-12-03 10:43 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-12-03 10:43 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-12-03 10:13 - 2021-06-05 13:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-12-03 10:07 - 2021-01-23 02:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-12-03 10:07 - 2020-12-21 16:38 - 000000000 ____D C:\Users\wowts\AppData\Local\SquirrelTemp
2021-12-03 10:06 - 2021-06-05 13:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-03 09:52 - 2021-02-25 17:45 - 000000000 ____D C:\Users\wowts\AppData\Local\CCleaner Browser
2021-12-03 09:50 - 2021-02-14 23:12 - 000000000 ____D C:\Users\wowts\Documents\Citavi 6
2021-12-02 22:19 - 2020-12-21 13:30 - 000000000 ____D C:\ProgramData\Packages
2021-12-02 19:12 - 2020-12-21 14:36 - 000000000 ____D C:\Users\wowts\Desktop\Datein
2021-12-02 18:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2021-12-02 15:57 - 2021-10-14 13:00 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2021-12-02 15:35 - 2020-12-02 01:59 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-02 15:26 - 2020-12-02 01:59 - 000000000 ___HD C:\AMD
2021-12-02 15:23 - 2021-02-01 20:37 - 000000000 ____D C:\Users\wowts\AppData\Local\AMD_Common
2021-12-02 14:52 - 2020-05-06 19:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-12-02 14:32 - 2020-12-23 15:51 - 000007617 _____ C:\Users\wowts\AppData\Local\Resmon.ResmonCfg
2021-12-02 14:26 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-02 11:36 - 2020-12-24 15:39 - 000000000 ___RD C:\Users\wowts\Desktop\Programe
2021-12-02 11:11 - 2021-10-20 08:21 - 000000000 ____D C:\Program Files\Npcap
2021-12-02 11:10 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-12-02 11:10 - 2021-04-14 13:05 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-12-02 11:07 - 2021-01-04 16:24 - 000007750 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-12-02 11:06 - 2021-10-14 13:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2021-12-02 11:06 - 2021-02-18 19:54 - 000002054 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2021-12-02 11:06 - 2020-12-02 02:01 - 000000000 ____D C:\Program Files\Lenovo
2021-12-02 11:04 - 2021-02-14 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-12-02 11:04 - 2021-02-14 22:40 - 000000000 ____D C:\Program Files\Java
2021-12-02 11:02 - 2021-01-23 22:48 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-02 11:01 - 2021-02-14 23:09 - 000000000 ____D C:\Users\wowts\AppData\Local\Docker
2021-12-02 11:00 - 2021-04-14 13:05 - 000001524 _____ C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Delphi Toasts App.lnk
2021-12-02 10:58 - 2020-12-24 13:12 - 000000000 ____D C:\ProgramData\Avira
2021-12-01 19:31 - 2021-10-14 13:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-12-01 17:53 - 2021-02-01 20:18 - 000000000 ____D C:\Users\wowts\AppData\Local\ElevatedDiagnostics
2021-12-01 14:02 - 2021-10-16 11:28 - 000001972 _____ C:\Users\wowts\Desktop\EET2.lnk
2021-12-01 13:58 - 2021-06-05 13:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-01 09:40 - 2020-12-21 20:53 - 000000000 ___RD C:\Users\wowts\Desktop\Spiele
2021-11-30 17:10 - 2021-10-14 12:12 - 000000000 ____D C:\WINDOWS\system32\AMD
2021-11-30 17:10 - 2019-12-07 10:14 - 000455026 _____ C:\WINDOWS\system32\Drivers\etc\.hosts
2021-11-29 21:38 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\id-ID
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-11-29 15:47 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-29 15:47 - 2021-06-05 13:01 - 000000000 ____D C:\WINDOWS\servicing
2021-11-29 15:04 - 2021-10-14 13:01 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-11-29 14:43 - 2021-01-24 17:12 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2021-11-29 10:23 - 2021-06-05 13:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-11-29 10:18 - 2020-12-24 13:10 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-11-29 09:38 - 2021-08-26 20:19 - 000000000 ____D C:\Users\wowts\AppData\LocalLow\IObit
2021-11-29 09:38 - 2021-05-06 12:14 - 000000000 ____D C:\ProgramData\IObit
2021-11-29 09:38 - 2021-05-06 12:13 - 000000000 ____D C:\Users\wowts\AppData\Roaming\IObit
2021-11-28 18:10 - 2021-02-12 17:50 - 000000128 _____ C:\Users\wowts\AppData\Local\PUTTY.RND
2021-11-26 11:30 - 2021-08-26 20:18 - 000000000 ____D C:\ProgramData\WinZip
2021-11-26 10:53 - 2020-12-21 14:29 - 000000000 ____D C:\Program Files\Maple 2020
2021-11-25 22:42 - 2020-12-21 15:39 - 000000000 ____D C:\Users\wowts\Downloads\Uni
2021-11-25 12:49 - 2021-10-14 13:12 - 000004196 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1608812151
2021-11-23 12:04 - 2020-12-21 14:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-23 11:55 - 2020-12-21 14:45 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-22 18:49 - 2021-10-20 08:15 - 000005202 _____ C:\WINDOWS\storelibdebug.txt
2021-11-22 14:59 - 2021-10-14 13:12 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-778103176-1376588227-3002950867-1001
2021-11-22 14:59 - 2020-12-21 13:34 - 000002406 _____ C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-19 16:13 - 2020-12-21 16:38 - 000000000 ____D C:\Users\wowts\AppData\Roaming\Zoom
2021-11-18 03:31 - 2021-10-14 13:12 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-16 20:59 - 2021-10-16 11:28 - 000002380 _____ C:\Users\wowts\Desktop\WK2.lnk
2021-11-14 14:27 - 2020-12-02 02:01 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-12 17:01 - 2021-01-02 10:46 - 000000000 ____D C:\Users\wowts\.maplesoft
2021-11-11 19:08 - 2021-01-02 19:08 - 000000000 ____D C:\Users\wowts\AppData\Roaming\Maple
2021-11-10 12:55 - 2021-04-14 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-11-10 09:53 - 2021-10-16 11:28 - 000002037 _____ C:\Users\wowts\Desktop\Physik 2.lnk
2021-11-10 09:52 - 2021-10-09 10:34 - 000001860 _____ C:\Users\wowts\Desktop\Semester 4 WS21.lnk
2021-11-10 09:52 - 2020-12-21 14:33 - 000001542 _____ C:\Users\wowts\Desktop\OneDrive.lnk
2021-11-10 05:00 - 2021-06-05 13:10 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-11-10 05:00 - 2021-06-05 13:10 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-10 03:07 - 2020-12-24 12:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-10 03:01 - 2020-12-24 12:31 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-07 22:36 - 2021-08-17 23:01 - 000429952 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2021-11-07 22:36 - 2021-08-17 23:01 - 000063728 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2021-11-07 22:36 - 2020-12-02 02:00 - 000109296 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2021-11-07 02:40 - 2021-08-21 13:11 - 000001040 _____ C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2021-11-06 22:00 - 2021-10-31 15:13 - 000000000 ____D C:\WINDOWS\SysWOW64\ncp
2021-11-06 00:55 - 2021-04-28 07:32 - 000000000 ____D C:\Users\wowts\AppData\Roaming\vlc
2021-11-04 23:57 - 2021-02-21 23:50 - 000002286 ____H C:\Users\wowts\Documents\Default.rdp
2021-11-04 23:25 - 2021-10-13 16:47 - 000000000 ____D C:\Program Files\Nextcloud
2021-11-04 22:54 - 2021-01-24 15:53 - 000000439 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-11-04 22:30 - 2021-05-14 22:12 - 000000000 ____D C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2020-12-26 15:12 - 2021-07-23 10:16 - 000000128 _____ () C:\Users\wowts\AppData\Roaming\winscp.rnd
2021-02-06 10:12 - 2021-02-10 12:20 - 000018267 _____ () C:\Users\wowts\AppData\Local\PlariumPlay.log
2021-02-12 17:50 - 2021-11-28 18:10 - 000000128 _____ () C:\Users\wowts\AppData\Local\PUTTY.RND
2021-05-15 09:26 - 2021-05-15 09:26 - 000015975 _____ () C:\Users\wowts\AppData\Local\recently-used.xbel
2020-12-23 15:51 - 2021-12-02 14:32 - 000007617 _____ () C:\Users\wowts\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Additions: Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-12-2021
durchgeführt von wowts (03-12-2021 15:58:46)
Gestartet von C:\Users\wowts\Downloads
Microsoft Windows 11 Home Version 21H2 22000.348 (X64) (2021-10-14 12:12:39)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-778103176-1376588227-3002950867-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-778103176-1376588227-3002950867-503 - Limited - Disabled)
Gast (S-1-5-21-778103176-1376588227-3002950867-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-778103176-1376588227-3002950867-504 - Limited - Disabled)
wowts (S-1-5-21-778103176-1376588227-3002950867-1001 - Administrator - Enabled) => C:\Users\wowts
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Amazon Music (HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Amazon Amazon Music) (Version: 8.7.1.2286 - Amazon.com Services LLC)
Apache NetBeans IDE 12.2 (HKLM\...\nbi-nb-all-12.2.0.0.201121) (Version: 12.2 - Apache NetBeans)
AusweisApp2 (HKLM-x32\...\{F3E22721-7F7E-472F-BBBA-6B5572E15A58}) (Version: 1.22.0 - Governikus GmbH & Co. KG)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{0648F446-BAE9-402F-9BEC-8B333959D8FB}) (Version: 1.2.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{A242EB06-0518-48A3-AF7A-5973BE9CAF7B}) (Version: 1.0.7.3 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.10.0.0 - Swiss Academic Software)
CodeMeter Runtime Kit v7.00 (HKLM\...\{9054FBAC-C4FD-4FC2-B3F2-E4E41E49A20B}) (Version: 7.00.3918.500 - WIBU-SYSTEMS AG)
ControlCenter4 (HKLM-x32\...\{9ADB625A-7F6D-4C48-9058-4767A55D5424}) (Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden
Dark Orbit (HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\{80d70823-f874-42a3-82af-2b7a4425bede}) (Version: 1.0.0 - Bigpoint GmbH)
DeviceDetect (HKLM-x32\...\{F805D16D-AB79-4DC7-A60F-436621995275}) (Version: 1.2.1.0 - Brother Industries Ltd.) Hidden
Discord (HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Docker Desktop (HKLM\...\Docker Desktop) (Version: 3.1.0 - Docker Inc.)
Druckerdeinstallation für EPSON XP-342 343 345 Series (HKLM\...\EPSON XP-342 343 345 Series) (Version: - Seiko Epson Corporation)
Epic Games Launcher (HKLM-x32\...\{07D9F8F3-EC99-4133-919D-DA341C62937C}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft)
FileZilla Client 3.56.2 (HKLM-x32\...\FileZilla Client) (Version: 3.56.2 - Tim Kosse)
GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
GRAPHISOFT BIMx Desktop Viewer (HKLM\...\BIMx Viewer 23.0 GEN FULL R1 1) (Version: 2019.2.2328.0 - GRAPHISOFT SE)
GRAPHISOFT License Manager Tool (HKLM\...\License Manager Tool 20.0 GER FULL R1 1) (Version: 20.0.0.4800 - GRAPHISOFT SE)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Java(TM) SE Development Kit 15.0.2 (64-bit) (HKLM\...\{2041CF7D-1F63-5C58-9F35-C445251E39C9}) (Version: 15.0.2.0 - Oracle Corporation)
LatencyMon 7.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 7.2.3.2 (HKLM\...\{81490660-3C36-47B4-AE9F-73B6C5BD4F98}) (Version: 7.2.3.2 - The Document Foundation)
Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes)
Maple 2021 (HKLM\...\Maple 2021) (Version: 2021 - Maplesoft)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.41 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Teams) (Version: 1.4.00.31569 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 94.0.2 (x64 de)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.10.1 - Mozilla)
Mozilla Thunderbird 78.10.1 (x64 de) (HKLM\...\Mozilla Thunderbird 78.10.1 (x64 de)) (Version: 78.10.1 - Mozilla)
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Nextcloud (HKLM\...\{3A99002F-BABA-4378-BB20-44C94A159696}) (Version: 3.3.6.20211028 - Nextcloud GmbH)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.104.48966 - Electronic Arts, Inc.)
PDFsam Basic (HKLM\...\{5F69C3E1-65F3-4B53-99A1-AABF8E9FFBA6}) (Version: 4.2.1.0 - Sober Lemur S.a.s. di Vacondio Andrea)
PS Remote Play (HKLM-x32\...\{77FAB2DD-F7FB-41E5-AE39-F9C878736A58}) (Version: 4.5.0.08250 - Sony Interactive Entertainment Inc.)
PuTTY release 0.74 (64-bit) (HKLM\...\{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 - Simon Tatham)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.3.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.5 - VS Revo Group, Ltd.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop Version 2.8.11 (HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.8.11 - Telegram FZ-LLC)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 85.0 - Ubisoft)
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
VALORANT (HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version: - Ubisoft)
Windows*11-Installationsassistent (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.1285 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{63EFBDB5-01B0-4614-BE9F-7F1908E42275}) (Version: 3.1.2109.29003 - Microsoft Corporation)
WinISD v0.7 (HKLM-x32\...\WinISD) (Version: v0.7 - Linearteam)
WinRAR 6.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl)
Zoom (HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\ZoomUMX) (Version: 5.8.4 (1736) - Zoom Video Communications, Inc.)
Packages:
=========
Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.82.0_x64__pwbj9vvecjh7j [2021-12-03] (Amazon Development Centre (London) Ltd)
AnyConnect -> C:\Program Files\WindowsApps\CiscoSystems.AnyConnect_4.10.72.0_x64__edjcgkw48dhxt [2021-12-03] (Cisco Systems)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.15.0_x64__38kynpdw5g1aw [2021-12-03] (Wacom Europe GmbH)
Drawboard PDF -> C:\Program Files\WindowsApps\DRAWBOARD.DRAWBOARDPDF_6.7.3.0_x64__gqbn7fs4pywxm [2021-12-03] (Drawboard)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.2.15.0_x64__5grkq8ppsgwt4 [2021-12-03] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-12-03] (LENOVO INC.)
LiquidText -> C:\Program Files\WindowsApps\LiquidText.LiquidText_2.1.26.0_x64__rx5mtpcf576t0 [2021-12-03] (LiquidText)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-12-03] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-03] (Microsoft Corporation) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.57.43142.0_x64__8wekyb3d8bbwe [2021-12-03] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_51.10913.5796.0_x64__8wekyb3d8bbwe [2021-12-03] (Microsoft Corporation)
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-12-03] (Microsoft Corporation)
Offlineerweiterung für plastischen Reader -> C:\Program Files\WindowsApps\Microsoft.ImmersiveReader_1.4.0.0_x64__8wekyb3d8bbwe [2021-12-03] (Microsoft Corporation)
Penbook -> C:\Program Files\WindowsApps\36376UserCamp.Penbook_2.1.30.0_x64__t7afzrbtd67z0 [2021-12-03] (User Camp)
PenNotes -> C:\Program Files\WindowsApps\59553DiegoTonetti.PenNotes_3.0.2.0_x64__zztq7ygp8fse6 [2021-12-03] (Diego Tonetti)
PowerPoint Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.PowerPoint_16001.14326.20588.0_x64__8wekyb3d8bbwe [2021-12-03] (Microsoft Corporation)
Samsung Notes -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungNotes_4.2.66.0_x64__wyx1vj98g3asy [2021-12-03] (Samsung Electronics Co, Ltd.)
Smart Appearance -> C:\Program Files\WindowsApps\E0469640.SmartAppearance_1.1.10.0_neutral__5grkq8ppsgwt4 [2021-12-03] (LENOVO INC) [Startup Task]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0 [2021-12-03] (Spotify AB) [Startup Task]
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2021-12-03] (VideoLAN)
Wacom Notes -> C:\Program Files\WindowsApps\D91E29CF.WacomNotes_1.6.13.0_x64__38kynpdw5g1aw [2021-12-03] (Wacom Europe GmbH)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2144.11.0_x64__cv1g1gvanyjgm [2021-12-03] (WhatsApp Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-778103176-1376588227-3002950867-1001_Classes\CLSID\{04271989-C4D2-7AB6-8593-307A4B278444} -> [OneDrive - smail.th-koeln.de] => C:\Users\wowts\Desktop\Datein\OneDrive - th-koeln.de\OneDrive - smail.th-koeln.de [2020-12-21 14:41]
CustomCLSID: HKU\S-1-5-21-778103176-1376588227-3002950867-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\wowts\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-778103176-1376588227-3002950867-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\wowts\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-778103176-1376588227-3002950867-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\wowts\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21229.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-778103176-1376588227-3002950867-1001_Classes\CLSID\{88ce18a3-8d45-462e-98ee-5719a3dbf8cc} -> [Nextcloud] => C:\Homecloud [2021-04-19 10:31]
ShellIconOverlayIdentifiers: [ NextcloudError] -> {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-10-28] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOK] -> {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-10-28] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOKShared] -> {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-10-28] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudSync] -> {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-10-28] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudWarning] -> {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-10-28] (Nextcloud GmbH -> Nextcloud GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [NextcloudContextMenuHandler] -> {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\shellext\NCContextMenu.dll [2021-10-28] (Nextcloud GmbH -> Nextcloud GmbH)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2021-10-28 13:29 - 2021-10-28 13:29 - 000099328 _____ () [Datei ist nicht signiert] C:\Program Files\Nextcloud\nextcloudsync_vfs_cfapi.dll
2021-10-28 13:30 - 2021-10-28 13:30 - 000030208 _____ () [Datei ist nicht signiert] C:\Program Files\Nextcloud\nextcloudsync_vfs_suffix.dll
2020-12-21 16:36 - 2005-04-22 13:36 - 000143360 _____ () [Datei ist nicht signiert] C:\WINDOWS\system32\BrSNMP64.dll
2020-12-21 16:36 - 2013-03-08 15:44 - 000087040 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\WINDOWS\system32\BrNetSti.dll
2020-12-02 02:01 - 2020-12-02 02:01 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-12-02 02:01 - 2020-12-02 02:01 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-11-06 14:34 - 2021-11-06 14:35 - 000137184 _____ (Microsoft Windows -> Microsoft Corporation) [Datei ist nicht signiert] C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20045.455.0_x64__cw5n1h2txyewy\Dashboard\WebView2Loader.dll
2021-10-28 13:34 - 2021-10-28 13:34 - 005972464 _____ (The Qt Company Oy -> The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\Nextcloud\Qt5Core.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64347b00.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64347b00.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {88056C61-C84B-4838-9355-0DE7B3C95802} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {88056C61-C84B-4838-9355-0DE7B3C95802} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> DefaultScope {88056C61-C84B-4838-9355-0DE7B3C95802} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {88056C61-C84B-4838-9355-0DE7B3C95802} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKU\S-1-5-21-778103176-1376588227-3002950867-1001 -> DefaultScope {88056C61-C84B-4838-9355-0DE7B3C95802} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kein Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> Keine Datei
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7940 mehr Seiten.
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2021-11-30 18:17 - 2021-12-02 11:00 - 000001334 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 analytics.ff.avast.com
0.0.0.0 analytics.ns1.ff.avast.com
0.0.0.0 v7event.stats.avcdn.net
0.0.0.0 v7.stats.avcdn.net
0.0.0.0 flow.lavasoft.com
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 ws.mcafee.com
0.0.0.0 analytics.ccs.mcafee.com
0.0.0.0 analyticsdcs.ccs.mcafee.com
0.0.0.0 carcharodon.trendmicro.com
2021-01-24 15:53 - 2021-11-04 22:54 - 000000439 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.20.64.1 Wowtschik.mshome.net # 2026 11 2 3 21 54 43 36
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\Program Files\Docker\Docker\resources\bin;C:\ProgramData\DockerDesktop\version-bin
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\wowts\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
MSCONFIG\Services: ccleaner => 3
MSCONFIG\Services: CCleanerBrowserElevationService => 3
MSCONFIG\Services: ccleanerm => 3
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 3
MSCONFIG\Services: vgc => 3
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Netzwerk Server.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run: => ""
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "CORSAIR iCUE Software"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "FileZilla Server Interface"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\StartupFolder: => "xxx.exe.lnk"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "SurfEasy"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "icq.desktop"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-778103176-1376588227-3002950867-1001\...\StartupApproved\Run: => "Discord"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{CE58D672-AFC3-4045-8360-33F36F09CA3C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9DB10886-038A-44BB-B8E2-E6D242A0FE9F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{BE460EA9-4AF2-4D6C-8AE0-895673425CBD}C:\users\wowts\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\wowts\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{22C5778E-0A06-46BD-82AE-7FE5F43234F1}C:\users\wowts\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\wowts\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1CE93924-7FD7-4289-99F1-4640AB57B7D3}] => (Allow) C:\Users\wowts\AppData\Local\Programs\Opera\81.0.4196.60\opera.exe => Keine Datei
FirewallRules: [TCP Query User{143B664D-0D9B-443F-BCDE-70B080EDDF3A}C:\users\wowts\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\wowts\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{642298ED-0976-49C6-BF00-5985E5E43099}C:\users\wowts\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\wowts\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{521B5AD0-5B17-4CD9-B323-F64763145A9E}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{C10541A5-A92A-41C5-B982-E454105BAF47}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{0DF84D2A-F814-4150-AA13-957A9AC71B72}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{B7AADBB0-A522-4582-83E7-3FECAB63A979}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5EA72659-E4BD-4D9F-91B8-54498BFD724D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D3F8363-247B-4802-8468-D8A4F4BCE485}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0DE86AA-E599-4667-9785-308B0DD02D0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B4E9A786-B3ED-440B-8331-C546FFF87305}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1BBBA406-68F8-4F9D-9DFF-F503D9FF81B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BB691E53-3A21-4D70-A8B1-27DD8DD6527B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{419C117E-B90F-4519-A612-CFEF1ECC9E24}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7700DFC2-B95F-4344-9AE0-995A9B950945}C:\users\wowts\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\wowts\appdata\local\programs\opera\opera.exe => Keine Datei
FirewallRules: [UDP Query User{528B6EE3-AC8F-4DFD-80A3-C2AED0A08E19}C:\users\wowts\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\wowts\appdata\local\programs\opera\opera.exe => Keine Datei
FirewallRules: [TCP Query User{F2311190-A8EF-48D4-A3DF-D8FE6239D2D2}C:\users\wowts\appdata\local\programs\opera\opera.exe] => (Block) C:\users\wowts\appdata\local\programs\opera\opera.exe => Keine Datei
FirewallRules: [UDP Query User{5898252B-19DF-4F7A-A458-7968B1352B71}C:\users\wowts\appdata\local\programs\opera\opera.exe] => (Block) C:\users\wowts\appdata\local\programs\opera\opera.exe => Keine Datei
FirewallRules: [{24C24BF1-3C38-4744-8ED6-1B1283244B49}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.41\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3485F820-24FB-4B27-9BA6-2E0A7B5AC4AC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21302.202.1065.6968_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3DEFB48C-386F-494D-8F69-6E0D78A73155}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21302.202.1065.6968_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
==================== Wiederherstellungspunkte =========================
03-12-2021 12:58:54 AdwCleaner_BeforeCleaning_03/12/2021_12:58:53
03-12-2021 13:08:42 AdwCleaner_BeforeCleaning_03/12/2021_13:08:42
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/03/2021 03:53:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MBAMService.exe, Version: 3.2.0.1009, Zeitstempel: 0x61854cd8
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.22000.348, Zeitstempel: 0x22eb3761
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000000000010be99
ID des fehlerhaften Prozesses: 0x1110
Startzeit der fehlerhaften Anwendung: 0x01d7e854a4e576db
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 739dfb0c-1b2c-4d5c-8ed5-51d7ded0690f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/03/2021 03:47:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -1216.
Error: (12/03/2021 03:47:51 PM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (4440,U,98) Catalog Database: Unerwarteter Fehler "-1216" bei der Datenbankwiederherstellung.
Error: (12/03/2021 03:47:51 PM) (Source: ESENT) (EventID: 494) (User: )
Description: Catalog Database (4440,U,98) Catalog Database: Fehler -1216 bei der Datenbankwiederherstellung, da Verweise auf die Datenbank "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
Error: (12/03/2021 03:47:17 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\WOWTSCHIK$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 03 Dec 2021 14:47:18 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 2879c25e-8933-47c6-8d62-b12f9777d7d0
Methode: GET(344ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (12/03/2021 03:47:15 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
Methode: GET(188ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (12/03/2021 03:47:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4456,R,98) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\WINDOWS\system32\SRU\SRU043DD.log.
Error: (12/03/2021 03:33:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SystemSettings.exe, Version: 10.0.22000.348, Zeitstempel: 0x27a6d211
Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 10.0.22000.348, Zeitstempel: 0x003360cd
Ausnahmecode: 0xc000027b
Fehleroffset: 0x0000000000834af0
ID des fehlerhaften Prozesses: 0x3d30
Startzeit der fehlerhaften Anwendung: 0x01d7e852aa21d7d9
Pfad der fehlerhaften Anwendung: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\Windows.UI.Xaml.dll
Berichtskennung: 95f2b427-4f5a-4fa5-ab31-4b804dda04d6
Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel
Systemfehler:
=============
Error: (12/03/2021 03:53:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/03/2021 03:47:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 03.12.2021 um 13:07:53 unerwartet heruntergefahren.
Error: (12/03/2021 03:25:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/03/2021 01:26:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/03/2021 01:15:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LenovoVantageService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/03/2021 01:08:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "System Interface Foundation Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/03/2021 01:08:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/03/2021 01:08:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Universal Device Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Windows Defender:
================
Date: 2021-12-03 10:42:49
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi.YPS!MTB&threatid=2147793448&enterprise=0
Name: Backdoor:Win32/Bladabindi.YPS!MTB
Schweregrad: Schwerwiegend
Kategorie: Hintertür
Pfad: file:_C:\Users\wowts\Downloads\VSCodeUserSetup_x86_x64_CB-DL-Manager.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: WOWTSCHIK\wowts
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.353.1971.0, AS: 1.353.1971.0, NIS: 1.353.1971.0
Modulversion: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-12-03 10:42:32
Description:
N/A
Date: 2021-12-03 10:42:30
Description:
N/A
Date: 2021-12-03 10:42:17
Description:
N/A
Date: 2021-12-03 10:42:17
Description:
N/A
Event[0]
Date: 2021-11-26 10:04:29
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.335.493.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18000.5
Fehlercode: 0x80090305
Fehlerbeschreibung: Das angeforderte Sicherheitspaket ist nicht vorhanden.
Date: 2021-11-26 10:04:29
Description:
N/A
Date: 2021-11-26 10:04:28
Description:
N/A
Date: 2021-11-26 10:04:28
Description:
N/A
Date: 2021-11-26 10:04:28
Description:
N/A
CodeIntegrity:
===============
Date: 2021-12-03 15:53:34
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
BIOS: LENOVO EECN36WW 05/17/2021
Hauptplatine: LENOVO LNVNB161216
Prozessor: AMD Ryzen 7 4700U with Radeon Graphics
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 15742.16 MB
Verfügbarer physikalischer RAM: 10882.62 MB
Summe virtueller Speicher: 23422.16 MB
Verfügbarer virtueller Speicher: 18101.99 MB
==================== Laufwerke ================================
Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:86.5 GB) NTFS
\\?\Volume{0e1952d6-4fe8-49ec-916e-3565231aebc6}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.37 GB) NTFS
\\?\Volume{27481c08-52bc-47ba-a4e4-a08dc146e489}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 15F42639)
Partition: GPT.
==================== Ende von Addition.txt =======================
...unter "Internet Explorer" sind "komische" Domain einträge in der Registry. Woher kommen die?
VG |
