Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   Windwos 11: System lahmt und stockt, Internetseite lädt nicht sporadisch, Abstürze durch Nordvpn (Bluescreen) (https://www.trojaner-board.de/208331-windwos-11-system-lahmt-stockt-internetseite-laedt-sporadisch-abstuerze-nordvpn-bluescreen.html)

Subzer00 03.02.2024 18:20
Windwos 11: System lahmt und stockt, Internetseite lädt nicht sporadisch, Abstürze durch Nordvpn (Bluescreen)
 
Hallo,

Hab mir ein neune Laptop gegönnt mit Windows 11, nur läuft der irgendwie nicht gut.

Hatte schon öfters das ich im Browser eine Seite aufrufe und sie lädt nicht, oder das System lahmt und ist manchmal auch abgestürzt wegen NordVPN.

Dann hab ich mal in die Ereignis anzeige geschaut und hab da sehr viele Fehler und Warnungen gefunden. (Aktuell 4892 in Administrative Ereignisse)

Habe gestern Kaspersky Free Rescue Disk laufen lassen und es wurden drei gelbe Objekte gefunden die ich gelöscht hab "Adware" und "This is not malware" oder so stand dran.

Der Grund warum ich das gemacht habe war, das ich eine Microsoft Defender Antivirus Offline Überprüfung gemacht hatte und da kam die Meldung das möglicher weise Malware auf meinem Rechner ist. Was aber später nicht im verlauf auftauchte.

Hab mit FRST.exe logs gemacht:

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 03.02.2024 01
durchgeführt von krümel (Administrator) auf KEKS (LENOVO 82TL) (03-02-2024 17:43:33)
Gestartet von C:\Users\krümel\Desktop\FRST64.exe
Geladene Profile: krümel
Plattform: Microsoft Windows 11 Pro Version 23H2 22631.3085 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Brave
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.147\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.147\BraveCrashHandler64.exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantage-(SmartInteractAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe <6>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9709186d216ac57\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_f6255f9b56d06c65\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_f6255f9b56d06c65\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_f6255f9b56d06c65\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_f6255f9b56d06c65\FnHotkeyUtility.exe
(DriverStore\FileRepository\lnvsst.inf_amd64_95a89ec5b2e0af12\SmartSense.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_95a89ec5b2e0af12\SmartSenseController.exe
(DriverStore\FileRepository\lnvsst.inf_amd64_95a89ec5b2e0af12\SmartSense.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_95a89ec5b2e0af12\UserSSCtrl.exe
(DriverStore\FileRepository\u0390832.inf_amd64_43cf2d2b9b7da977\B390488\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0390832.inf_amd64_43cf2d2b9b7da977\B390488\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2312.33.0_x64__8wekyb3d8bbwe\SnippingTool\SnippingTool.exe
(explorer.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordVPN.exe
(Lenovo -> Lenovo) C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\netsh.exe <3>
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0390832.inf_amd64_43cf2d2b9b7da977\B390488\atiesrxx.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9709186d216ac57\DAX3API.exe
(services.exe ->) (Geek Software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo Limited Company) C:\Program Files\Lenovo\LVA Pro Service\VoiceAssistantService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_f6255f9b56d06c65\LenovoUtilityService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_95a89ec5b2e0af12\SmartSense.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (Oracle America, Inc. -> ) C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d315e0ae42c5f5e6\RtkAudUService64.exe <2>
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [LVAW] => C:\Program Files\Lenovo\LVA Pro Service\StartupHelper.exe [699680 2023-02-10] (Lenovo -> Lenovo Limited Company)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d315e0ae42c5f5e6\RtkAudUService64.exe [1922856 2023-08-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BraveVpnWireguardService] => C:\Program Files\BraveSoftware\Brave-Browser\Application\121.1.62.156\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10928152 2024-01-31] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3293072 2023-10-12] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [644952 2023-12-08] (Geek Software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5109624 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\MRT: Beschränkung <==== ACHTUNG
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\Run: [MicrosoftEdgeAutoLaunch_70EE13B711ECD4BE568CAD7F8C004D7A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788840 2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2597288 2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\Run: [MicrosoftEdgeAutoLaunch_5DF05707A8A0977F46B97D144206D7B7] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788840 2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4388200 2024-01-13] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44540320 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\Run: [Discord] => C:\Users\krümel\AppData\Local\Discord\Update.exe [1525016 2023-12-19] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\Run: [LenovoVantage] => C:\ProgramData\Lenovo\Vantage\Addins\LenovoCompanionAppAddin\1.0.0.37\LenovoVantage.exe [25512 2023-12-26] (Lenovo -> Lenovo)
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\Run: [LenovoVantageToolbar] => C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe [108456 2023-09-19] (Lenovo -> Lenovo)
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\121.1.62.156\Installer\chrmstp.exe [2024-01-31] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\krümel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2024-01-07]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07FF50F7-8B89-4E3A-BD8C-EC1A7A0B96DE} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{AEB71723-ADE3-4418-A6E8-A98274613EFA} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2024-01-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {ADDB8A50-B793-406B-8BF5-F94F4538E8E6} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{18E4C8DF-A579-49C6-B3B6-7D82C5E3AC85} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2024-01-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {276EBBAE-0AE8-4E60-90FE-1EDB5279BD7B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {E3DC44D9-B6D2-40BF-93E7-91113107B65F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5bb1143e-00c2-496b-968a-93fda0ec3084" --version "6.20.10897" --silent
Task: {841E972A-8F96-4E78-90BD-72418590B9D1} - System32\Tasks\CCleanerSkipUAC - krümel => C:\Program Files\CCleaner\CCleaner.exe [38319520 2024-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {B0E55B96-2985-4B93-9592-A4CC21444B44} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {E8339D5C-437B-4FFB-A062-AF82E7FB63E1} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {54DFEA64-1027-4D49-8B82-1C8948DABBC5} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\Windows\System32\reg.exe [102400 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {0420C2EF-1DD4-4509-943A-1CEBF9EB27F6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\281d5053-5b1a-4773-b07f-78a0db270081 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {A0EE859F-F5F6-4DE6-BF88-A9C930635831} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\37ac9e21-eec1-4a14-bea0-8710698a0dcf => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {02D040DB-4999-4AA4-8105-5783C20B22B8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\61c94390-a997-453d-8551-3f2dbdec53ab => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {A0E1E520-E7E6-4BCC-B4CC-34FECF7E9D02} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c22558a1-ce67-4f94-a157-525eb81c9de5 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {13BE9A3C-1EC4-4926-A8CD-1AB02F185549} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c3eab5b3-886b-48f8-a922-7504314819cd => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {DAD20D27-BD25-4175-A65D-77229F70A5E8} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {0090DD7F-34EB-4702-BB8D-3E55D1CD21D8} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90600 2023-11-02] (Lenovo -> Lenovo Group Ltd.)
Task: {4998891E-73E5-4395-98AE-DAE4799BDFC5} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [185312 2023-11-02] (Lenovo -> Lenovo Group Ltd.)
Task: {BA18B94E-9B26-434F-80F1-64CE2822709E} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {31C5226D-DB5C-44BD-BDC5-A9E28A3DF1BA} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {F8106B0A-CD89-47A2-92FB-C7ACFBF79DD4} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {FC6F6E0D-AA99-4364-A044-801D503BAD31} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {F21CDBB5-9125-4E18-A41C-994E4DDF3C7D} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {DE6FE2DD-89AD-4F5C-AAC8-10DC07A86DC4} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {D6E8B350-A247-4C9B-A186-1E518C9F6CCE} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {EF89BD6B-DBCB-4676-8902-026DAC37747B} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {56D116C2-02F5-4BBC-BEE3-B8561C2688A9} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {CC1D4A84-4B57-4102-902E-F760C1D700B9} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {929669E7-8E77-4286-A67C-A459FE425FDC} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {68C71B32-14F9-46EA-A0DF-EAEB5466364A} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {98847315-FD03-4F72-A9A0-F74EB058093C} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {AF445AE6-916E-49B4-8B37-5C94359E173A} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {BB44087E-A925-4093-9D0D-F3FA12081B79} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\uninstall.exe [311776 2023-12-15] (Lenovo -> Lenovo)
Task: {457CE5CA-C3EB-4377-AD10-5D7D18843237} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {15217C8B-6620-41B8-9951-092524BECF0C} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {EB259053-72D1-4986-A3A2-89BD9EA792FA} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {887380B9-36A5-41E3-9E4B-0C45777093A3} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {9EDE45B1-0CAA-4605-BEB8-8AAD21F04C13} - System32\Tasks\McAfee\WPS\tracker_remover => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {81D8FFC5-4D0B-4D42-822D-EEB9048649DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28371640 2024-01-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {147A4241-A64B-42E7-B2D7-F70A5C089D3B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28371640 2024-01-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {2EE38AC5-DF36-4E83-987F-ADE641FF7AAE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306224 2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDB2B76B-DB22-4699-BD8A-3E1A89F0CEC0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306224 2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {9740686E-8B2B-4CF1-B4B8-8BDFF9FDFA31} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170128 2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Keine Datei)
Task: {579AAF08-6E31-46DB-9220-85BC2C8499FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2B8CF2F9-790E-4363-84D0-755752CFE22D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E4E6650F-070E-4FE1-A5FF-4A55565AB7D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0E70AC66-36EE-461C-8989-5C66ED97B8DA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B22BA7C7-FC46-4EF4-9DA2-62B94BB19CF5} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671648 2024-01-18] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1CE05EFF-6BBF-47EE-9E91-D1F50AEC9866} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-01-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {68910DB5-4085-4BF1-8CB6-4B5527F339F3} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [Datei ist nicht signiert]
Task: {87D28D8D-43DA-45EB-A7DC-902E45C2D063} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {94180D9B-5D22-4BBC-85BD-8FE27EF665B5} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4201263534-3633762348-2776426445-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {428067E8-244A-4B60-825F-886DF0FE9B9A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4201263534-3633762348-2776426445-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {ADC9622E-0C1B-4B80-A869-5E01006E1F19} - System32\Tasks\Remove AdwCleaner Application => C:\Windows\system32\CMD.EXE [323584 2024-01-02] (Microsoft Windows -> Microsoft Corporation) -> /C DEL /F /Q "C:\Users\krümel\Desktop\resources\stage_3_disinfect\malwarebytes_adwcleaner\adwcleaner.exe"
Task: {02536B87-A7CA-4E9D-8795-DDB6416A5E90} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {61B2ECE1-0941-45A7-8655-D162A6B778D6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {75A3B0AD-436D-4045-9C5C-3E6D8106E437} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{029a1bcb-ea55-4561-850a-e856c798b22f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{029a1bcb-ea55-4561-850a-e856c798b22f}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{029a1bcb-ea55-4561-850a-e856c798b22f}\960586F6E6560267F6E6021497471636: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{029a1bcb-ea55-4561-850a-e856c798b22f}\D4F62697B6C69636B6: [DhcpNameServer] 213.209.104.220 213.209.104.250
Tcpip\..\Interfaces\{52c9a754-8da7-4a6b-a104-f0dca7e79710}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{52c9a754-8da7-4a6b-a104-f0dca7e79710}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{c0f621c0-410f-4c29-bfa0-d40711afaa5f}: [DhcpNameServer] 150.203.1.2
Tcpip\..\Interfaces\{fc01fcd5-2b9d-2fd8-78d8-cb78b313e2b2}: [NameServer] 9.9.9.11,149.112.112.11,146.255.56.98,84.200.69.80,103.86.96.100,103.86.99.100
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\krümel\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-02]
Edge Extension: (Dashlane*– Passwort-Manager) - C:\Users\krümel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gehmmocbbkpblljhkekmfhjpfbkclbph [2024-02-02]
Edge Extension: (Google Docs Offline) - C:\Users\krümel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-25]
Edge Extension: (Edge relevant text changes) - C:\Users\krümel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
Edge Extension: (Privacy Badger) - C:\Users\krümel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mkejgcgkdlddbggjhhflekkondicpnop [2024-01-08]
Edge Extension: (uBlock Origin) - C:\Users\krümel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-01-08]

FireFox:
========
FF DefaultProfile: fs7tx0hm.default
FF ProfilePath: C:\Users\krümel\AppData\Roaming\Mozilla\Firefox\Profiles\fs7tx0hm.default [2024-02-02]
FF ProfilePath: C:\Users\krümel\AppData\Roaming\Mozilla\Firefox\Profiles\9q0iycth.default-release [2024-02-03]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)

Brave:
=======
BRA Profile: C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-02-03]
BRA DefaultSearchURL: Default -> hxxps://www.startpage.com/do/search?q={searchTerms}&segment=startpage.brave
BRA DefaultSearchKeyword: Default -> :sp
BRA DefaultSuggestURL: Default -> hxxps://www.startpage.com/cgi-bin/csuggest?query={searchTerms}&limit=10&format=json
BRA Extension: (uBlock Origin) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-01-29]
BRA Extension: (Dashlane*– Passwort-Manager) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2024-02-02]
BRA Extension: (Privacy Badger) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2024-01-02]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-02-03]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-02-03]
BRA Extension: (Brave NTP background images) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-01]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-02-03]
BRA Extension: (Wallet Data Files Updater) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-22]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-02-03]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-01-02]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-01-02]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-02-03]
BRA Extension: (Brave Ads Resources) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\jcncoheihebhhiemmbmpfhkceomfipbj [2024-01-25]
BRA Extension: (Brave Ad Block Updater (EasyList Germany (plaintext))) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2024-02-03]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-01-26]
BRA Extension: (Brave NTP sponsored images) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2024-02-03]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\krümel\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2024-01-02]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2024-01-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2024-01-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\121.1.62.156\brave_vpn_helper.exe [2806296 2024-01-31] (Brave Software, Inc. -> Brave Software, Inc.)
S3 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\121.1.62.156\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10928152 2024-01-31] (Brave Software, Inc. -> Brave Software, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14045768 2024-01-25] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9709186d216ac57\DAX3API.exe [2363392 2023-03-27] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncHelper.exe [3515408 2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [943032 2023-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_f6255f9b56d06c65\LenovoUtilityService.exe [161160 2023-11-08] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe [34272 2023-12-15] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1849552 2023-04-18] (Lenovo -> Lenovo(beijing) Limited)
R2 LVAWService; C:\Program Files\Lenovo\LVA Pro Service\VoiceAssistantService.exe [693536 2023-02-10] (Lenovo -> Lenovo Limited Company)
R2 MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [28742728 2023-10-11] (Oracle America, Inc. -> )
R3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [320088 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2023-08-09] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.010.0114.0001\OneDriveUpdaterService.exe [3852832 2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [644952 2023-12-08] (Geek Software GmbH -> geek software GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2737016 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4588408 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534592 2024-01-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SmartSense; C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_95a89ec5b2e0af12\SmartSense.exe [204672 2023-11-21] (Lenovo -> Lenovo)
R2 UDCService; C:\Windows\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72160 2023-11-02] (Lenovo -> Lenovo Group Ltd.)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [802752 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-01-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-01-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\121.1.62.156\elevation_service.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AMDAfdAudioService; C:\Windows\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_dea03ff0fb4183f1\amdacpafd.sys [435136 2023-02-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [35360 2022-06-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0390832.inf_amd64_43cf2d2b9b7da977\B390488\amdkmdag.sys [94634328 2023-04-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AX88179; C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\ax88179_178a.sys [79872 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
R3 AX88179A; C:\Windows\System32\DriverStore\FileRepository\axusbeth.inf_amd64_88fb34fbbab9fd2d\AxUsbEth.sys [153472 2023-12-20] (WDKTestCert AndyChen,132652806163117881 -> ASIX Electronics Corp.)
S3 AX88772; C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\ax88772.sys [116736 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
R0 fse; C:\Windows\System32\drivers\fse.sys [218592 2024-01-02] (Microsoft Windows -> Microsoft Corporation)
R3 mshield; C:\Windows\System32\DRIVERS\mshield.sys [43112 2024-01-10] (nordvpn s.a. -> Nordvpn S.A.)
R3 MTKBTFilterx64; C:\Windows\system32\DRIVERS\mtkbtfilterx.sys [371600 2023-09-03] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\Windows\System32\drivers\mtkwl6ex.sys [1669928 2023-09-01] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R2 NDivert; C:\Program Files\NordVPN\7.18.5.0\Drivers\NDivert.sys [131472 2023-08-04] (nordvpn s.a. -> Nordvpn S.A.)
R4 NordDivert10; C:\Program Files\NordVPN\NordSec ThreatProtection\1.4.18.7\NordDivert1064.sys [101240 2024-01-10] (nordvpn s.a. -> NordVPN/Basil)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [77792 2023-10-19] (Nmap Software LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [77792 2023-10-19] (Nmap Software LLC -> Insecure.Com LLC.)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [205552 2021-02-12] (RH Software Ltd -> Ray Hinchliffe)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2024-01-05] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2023-11-14] (nordvpn s.a. -> The OpenVPN Project)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [251776 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [262648 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1060600 2023-10-12] (Oracle Corporation -> Oracle and/or its affiliates)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [813112 2024-01-18] (Microsoft Windows Hardware Compatibility Publisher -> IDRIX)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2024-01-02] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2024-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [594304 2024-01-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2024-01-02] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [29680 2024-01-02] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 nordlwf; \SystemRoot\system32\DRIVERS\nordlwf.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-02-03 17:43 - 2024-02-03 17:44 - 000042812 _____ C:\Users\krümel\Desktop\FRST.txt
2024-02-03 17:43 - 2024-02-03 17:43 - 000000000 ____D C:\FRST
2024-02-03 17:26 - 2024-02-03 17:26 - 002389504 _____ (Farbar) C:\Users\krümel\Desktop\FRST64.exe
2024-02-03 17:25 - 2024-02-03 17:25 - 000760092 _____ C:\Windows\system32\perfh007.dat
2024-02-03 17:25 - 2024-02-03 17:25 - 000157276 _____ C:\Windows\system32\perfc007.dat
2024-02-03 17:14 - 2024-02-03 17:14 - 000003199 _____ C:\Users\krümel\Desktop\BackSuboptimazition.ps1
2024-02-03 09:14 - 2024-02-03 09:14 - 000546588 _____ (glax24 (safezone.cc)) C:\Users\krümel\Downloads\SecurityCheck.exe
2024-02-03 09:14 - 2024-02-03 09:14 - 000000000 ____D C:\SecurityCheck
2024-02-03 07:41 - 2024-02-03 07:41 - 000000000 ____D C:\Windows\Microsoft Antimalware
2024-02-03 01:19 - 2024-02-03 17:26 - 000000000 ____D C:\Users\krümel\AppData\Local\NordVPN
2024-02-03 01:19 - 2024-02-03 17:21 - 000000000 ____D C:\Program Files\NordVPN
2024-02-03 01:19 - 2024-02-03 01:22 - 000000000 ____D C:\ProgramData\NordVPN
2024-02-03 01:19 - 2024-02-03 01:19 - 000000000 ____D C:\ProgramData\NordUpdater
2024-02-03 01:19 - 2024-02-03 01:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2024-02-03 01:19 - 2024-02-03 01:19 - 000000000 ____D C:\Program Files\NordUpdater
2024-02-03 01:19 - 2024-02-03 01:19 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2024-02-03 01:19 - 2024-01-10 10:37 - 000043112 _____ (Nordvpn S.A.) C:\Windows\system32\Drivers\mshield.sys
2024-02-03 01:11 - 2024-02-03 01:11 - 001744384 _____ (NordVPN ) C:\Users\krümel\Downloads\NordVPNSetup(1).exe
2024-02-03 00:43 - 2024-02-03 00:43 - 000000000 ____D C:\Users\yok01\AppData\Local\VirtualStore
2024-02-03 00:31 - 2024-02-03 00:31 - 000000000 ____D C:\KRD2018_Data
2024-02-02 10:24 - 2024-02-02 12:40 - 000000000 ____D C:\Users\krümel\AppData\Roaming\gitmind
2024-02-02 10:24 - 2024-02-02 10:24 - 000001224 _____ C:\Users\Public\Desktop\GitMind.lnk
2024-02-02 10:24 - 2024-02-02 10:24 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Apowersoft
2024-02-02 10:24 - 2024-02-02 10:24 - 000000000 ____D C:\Users\krümel\AppData\Local\gitmind-updater
2024-02-02 10:24 - 2024-02-02 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2024-02-02 10:24 - 2024-02-02 10:24 - 000000000 ____D C:\Program Files (x86)\Apowersoft
2024-02-02 10:23 - 2024-02-02 10:23 - 002125600 _____ (Apowersoft) C:\Users\krümel\Downloads\gitmind-setup.exe
2024-02-02 10:16 - 2024-02-02 10:16 - 000035394 _____ C:\Users\krümel\Downloads\ÜbungsaufgabenElektrischeLeistungUndArbeit.docx-1.pdf
2024-02-02 09:17 - 2024-02-02 09:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-02 09:17 - 2024-02-02 09:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-02 09:17 - 2024-02-02 09:17 - 000002045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Privater Modus.lnk
2024-02-02 09:17 - 2024-02-02 09:17 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-02 09:17 - 2024-02-02 09:17 - 000001004 _____ C:\Users\Public\Desktop\Firefox.lnk
2024-02-02 09:17 - 2024-02-02 09:17 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-02-02 09:17 - 2024-02-02 09:17 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Mozilla
2024-02-02 09:17 - 2024-02-02 09:17 - 000000000 ____D C:\Users\krümel\AppData\Local\Mozilla
2024-02-02 09:17 - 2024-02-02 09:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-02 09:16 - 2024-02-02 09:16 - 000350120 _____ (Mozilla) C:\Users\krümel\Downloads\Firefox Installer.exe
2024-02-01 19:06 - 2024-02-01 19:14 - 000000000 ____D C:\Users\krümel\Documents\VSCode
2024-02-01 16:43 - 2024-02-01 16:43 - 000000000 ____D C:\Users\krümel\AppData\Local\IsolatedStorage
2024-01-31 22:52 - 2024-02-03 00:44 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-01-30 17:34 - 2024-01-30 17:34 - 000000000 ____D C:\Users\krümel\AppData\Local\PDF24
2024-01-30 17:33 - 2024-01-30 17:34 - 000000000 ____D C:\Program Files\PDF24
2024-01-30 17:33 - 2024-01-30 17:33 - 000001723 _____ C:\Users\Public\Desktop\PDF24 Launcher.lnk
2024-01-30 17:33 - 2024-01-30 17:33 - 000001718 _____ C:\Users\Public\Desktop\PDF24 Toolbox.lnk
2024-01-30 17:33 - 2024-01-30 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2024-01-30 17:32 - 2024-01-30 17:33 - 353043816 _____ (geek software GmbH ) C:\Users\krümel\Downloads\pdf24-creator-11.15.2-x64.exe
2024-01-30 16:15 - 2024-01-30 16:15 - 000000000 ____D C:\Users\krümel\Documents\Benutzerdefinierte Office-Vorlagen
2024-01-30 16:07 - 2024-02-02 22:53 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4201263534-3633762348-2776426445-1002
2024-01-30 16:07 - 2024-02-02 22:53 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-01-30 16:07 - 2024-02-02 22:53 - 000002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-01-30 16:07 - 2024-01-30 16:07 - 000000000 ___RD C:\Users\Default\OneDrive
2024-01-30 16:06 - 2024-01-30 16:06 - 000002552 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2024-01-30 16:06 - 2024-01-30 16:06 - 000002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-01-30 16:06 - 2024-01-30 16:06 - 000002527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-01-30 16:06 - 2024-01-30 16:06 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-01-30 15:51 - 2024-01-30 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-01-29 16:45 - 2024-01-29 16:45 - 000054115 _____ C:\Users\krümel\Downloads\Seminar Grundlagen Datenbanksystem - Aufgabe 2 Versicherung Lösung.pdf
2024-01-29 15:22 - 2024-01-29 15:23 - 000000000 ____D C:\Users\krümel\AppData\Local\Adobe
2024-01-29 15:19 - 2024-01-29 15:19 - 000177774 _____ C:\Users\krümel\Downloads\Fortsetzung Praktikum.pdf
2024-01-29 15:14 - 2024-01-29 15:14 - 000053949 _____ C:\Users\krümel\Downloads\Seminar Grundlagen Datenbanksystem - Aufgabe 2 Versicherung.pdf
2024-01-29 07:11 - 2024-01-29 07:11 - 000012594 _____ C:\Users\krümel\Downloads\#01_KostenNutzenFaktor.xlsx
2024-01-28 21:20 - 2024-01-28 21:20 - 000000112 _____ C:\Users\krümel\index.html
2024-01-28 18:54 - 2024-01-28 18:54 - 026589696 _____ (Python Software Foundation) C:\Users\krümel\Downloads\python-3.12.1-amd64.exe
2024-01-28 18:54 - 2024-01-28 18:54 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.12
2024-01-28 18:54 - 2024-01-28 18:54 - 000000000 ____D C:\Users\krümel\AppData\Local\Package Cache
2024-01-28 17:54 - 2024-01-28 17:54 - 000000000 ____D C:\Users\krümel\AppData\Local\conda
2024-01-28 17:54 - 2024-01-28 17:54 - 000000000 ____D C:\Users\krümel\.continuum
2024-01-28 17:54 - 2024-01-28 17:54 - 000000000 ____D C:\Users\krümel\.anaconda
2024-01-28 17:53 - 2024-01-28 18:46 - 000000000 ____D C:\Users\krümel\.conda
2024-01-28 17:53 - 2024-01-28 17:53 - 000000000 ____D C:\Users\krümel\AppData\Roaming\.anaconda
2024-01-28 01:29 - 2024-01-28 01:29 - 014806156 _____ C:\Users\krümel\Documents\NachDesubopt.pcapng
2024-01-28 00:53 - 2024-01-28 01:07 - 000000000 ____D C:\BACKUP
2024-01-28 00:51 - 2024-01-28 00:51 - 000043083 _____ C:\Users\krümel\Documents\desubuptimation.ps1
2024-01-28 00:50 - 2024-01-28 00:50 - 000000000 _____ C:\Users\krümel\Desktop\Textdokument (neu).txt
2024-01-28 00:39 - 2024-01-28 00:39 - 000000000 ____D C:\Users\krümel\AppData\Local\Microsoft_Corporation
2024-01-27 22:40 - 2024-01-27 22:40 - 000000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2024-01-27 22:00 - 2024-01-27 22:00 - 000000116 ___RH C:\Users\krümel\Downloads\Stinger.opt
2024-01-27 19:55 - 2024-01-27 22:01 - 000000000 ____D C:\ProgramData\McAfee
2024-01-27 19:55 - 2024-01-27 22:01 - 000000000 ____D C:\Program Files\Common Files\McAfee
2024-01-27 19:47 - 2024-01-27 21:31 - 000000848 _____ C:\Users\krümel\Downloads\Stinger_27012024_194746.html
2024-01-26 23:35 - 2023-04-28 08:37 - 093402533 _____ C:\Users\krümel\Downloads\new_employees.sql
2024-01-26 23:34 - 2024-01-26 23:34 - 016968652 _____ C:\Users\krümel\Downloads\new_employees.zip
2024-01-26 21:34 - 2024-01-22 17:41 - 000002831 _____ C:\Windows\system32\Drivers\etc\hosts.20240126-213440.backup
2024-01-26 20:11 - 2024-01-26 20:11 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2024-01-26 20:02 - 2024-01-26 21:33 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2024-01-26 20:02 - 2024-01-26 21:33 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-01-26 20:02 - 2024-01-26 20:02 - 000001475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2024-01-26 20:02 - 2024-01-26 20:02 - 000001463 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2024-01-26 20:02 - 2024-01-26 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2024-01-26 20:02 - 2018-02-06 18:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2024-01-26 18:40 - 2024-01-26 18:40 - 000306149 _____ C:\Users\krümel\Documents\bookmarks_26.01.24.html
2024-01-26 17:52 - 2024-01-26 18:24 - 000000128 _____ C:\Users\krümel\AppData\Local\PUTTY.RND
2024-01-26 17:49 - 2024-01-26 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2024-01-26 17:49 - 2024-01-26 17:49 - 000000000 ____D C:\Program Files\PuTTY
2024-01-26 14:54 - 2024-01-26 14:54 - 000000000 ____D C:\Users\krümel\AppData\Roaming\MySQL
2024-01-26 14:47 - 2024-01-26 14:47 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
2024-01-26 14:46 - 2024-01-26 14:48 - 000000000 ____D C:\Program Files\MySQL
2024-01-26 14:45 - 2024-01-26 14:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2024-01-26 14:45 - 2024-01-26 14:48 - 000000000 ____D C:\Program Files (x86)\MySQL
2024-01-26 14:45 - 2024-01-26 14:46 - 000000000 ____D C:\ProgramData\MySQL
2024-01-26 07:26 - 2024-01-26 07:26 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\IME
2024-01-25 21:35 - 2024-01-25 21:35 - 000019222 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-01-25 21:35 - 2024-01-25 21:35 - 000019222 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-01-24 16:22 - 2024-01-24 16:23 - 391802880 _____ C:\Users\krümel\Downloads\mysql-installer-community-5.7.44.0.msi
2024-01-24 16:22 - 2024-01-24 16:22 - 000052463 _____ C:\Users\krümel\Downloads\mysqlsampledatabase.zip
2024-01-23 21:03 - 2024-01-23 21:03 - 133606492 _____ C:\Users\krümel\Documents\vpnOff21.03.pcapng
2024-01-22 17:11 - 2024-01-22 17:11 - 000000000 ____D C:\ProgramData\Sophos
2024-01-22 17:08 - 2024-01-22 17:08 - 000003418 _____ C:\Windows\system32\Tasks\Remove AdwCleaner Application
2024-01-22 17:08 - 2024-01-22 17:08 - 000000000 ____D C:\Users\krümel\AppData\Local\mbamtray
2024-01-22 17:07 - 2024-01-22 17:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-01-22 16:05 - 2024-01-22 16:05 - 000000000 ____D C:\Windows\SysWOW64\XPSViewer
2024-01-22 16:05 - 2024-01-22 16:05 - 000000000 ____D C:\Program Files\Reference Assemblies
2024-01-22 16:05 - 2024-01-22 16:05 - 000000000 ____D C:\Program Files\MSBuild
2024-01-22 16:05 - 2024-01-22 16:05 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2024-01-22 16:05 - 2024-01-22 16:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2024-01-22 15:56 - 2021-02-12 18:24 - 000205552 _____ (Ray Hinchliffe) C:\Windows\system32\Drivers\SIVX64.sys
2024-01-21 11:36 - 2024-01-21 11:36 - 012510210 _____ C:\Users\krümel\Downloads\AP1_4x.7z
2024-01-21 11:23 - 2024-01-21 11:23 - 010451409 _____ C:\Users\krümel\Documents\AP1.7z
2024-01-21 11:18 - 2024-01-23 22:52 - 000000000 ____D C:\Users\krümel\Documents\AP1
2024-01-21 03:07 - 2024-01-21 03:07 - 001459283 _____ C:\Users\krümel\Downloads\2312.16171v1.pdf
2024-01-19 16:59 - 2024-01-19 16:59 - 000835627 _____ C:\Users\krümel\Downloads\GA1-FISI-Frühjahr2023Losungen.pdf
2024-01-19 16:59 - 2024-01-19 16:59 - 000566945 _____ C:\Users\krümel\Downloads\2023_Frühjahr_AP1_Loesung.pdf
2024-01-19 16:59 - 2024-01-19 16:59 - 000345537 _____ C:\Users\krümel\Downloads\GA1-FISI-Frühjahr2023.pdf
2024-01-19 16:59 - 2024-01-19 16:59 - 000345537 _____ C:\Users\krümel\Downloads\2023_Frühjahr_AP1.pdf
2024-01-18 18:50 - 2024-01-18 18:50 - 000000000 ____D C:\Users\krümel\VirtualBox VMs
2024-01-18 18:21 - 2024-01-21 12:43 - 000000000 ____D C:\Users\krümel\Downloads\AP1_4x
2024-01-18 12:56 - 2024-01-18 12:58 - 000000000 ____D C:\Users\krümel\Documents\VM
2024-01-18 12:54 - 2024-01-18 13:56 - 000000000 ____D C:\Users\krümel\Documents\Abschlussprüfungen 2019-202x
2024-01-18 12:53 - 2024-01-18 12:53 - 000290537 _____ C:\Users\krümel\Documents\bookmarks_18.01.24.html
2024-01-18 12:47 - 2024-01-18 12:47 - 000000000 ____D C:\Users\krümel\AppData\Roaming\VeraCrypt
2024-01-18 12:46 - 2024-01-18 12:46 - 035282192 _____ (IDRIX) C:\Users\krümel\Downloads\VeraCrypt Setup 1.26.7.exe
2024-01-18 12:46 - 2024-01-18 12:46 - 000000899 _____ C:\Users\Public\Desktop\VeraCrypt.lnk
2024-01-18 12:46 - 2024-01-18 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2024-01-18 12:46 - 2024-01-18 12:46 - 000000000 ____D C:\Program Files\VeraCrypt
2024-01-17 23:13 - 2024-01-17 23:13 - 000000000 ___HD C:\Users\krümel\AppData\Roaming\9NZQPT0MWTD0
2024-01-17 23:13 - 2024-01-17 23:13 - 000000000 ____D C:\Users\krümel\AppData\Local\Gameloft
2024-01-17 23:13 - 2024-01-17 23:13 - 000000000 _____ C:\Users\krümel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asphalt 9
2024-01-17 22:57 - 2024-01-17 22:57 - 000000223 _____ C:\Users\krümel\Desktop\Asphalt 9 Legends.url
2024-01-17 22:57 - 2024-01-17 22:57 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-01-16 19:11 - 2024-01-16 19:11 - 002746088 _____ C:\Users\krümel\Documents\NordVPN_Quad9_EDNS.pcapng
2024-01-16 18:45 - 2024-02-03 01:14 - 000000000 ____D C:\Windows\Minidump
2024-01-16 18:26 - 2024-01-03 16:44 - 000043112 _____ (Nordvpn S.A.) C:\Windows\system32\Drivers\SET6F1E.tmp
2024-01-16 18:25 - 2024-01-16 18:25 - 001744384 _____ (NordVPN ) C:\Users\krümel\Downloads\NordVPNSetup.exe
2024-01-16 18:25 - 2023-03-23 14:52 - 000041024 _____ (TEFINCOM S.A.) C:\Windows\Nord.Setup.dll
2024-01-12 22:54 - 2024-01-12 22:54 - 000007611 _____ C:\Users\krümel\AppData\Local\Resmon.ResmonCfg
2024-01-12 17:52 - 2024-01-25 21:40 - 000474232 _____ C:\Windows\system32\FNTCACHE.DAT
2024-01-11 07:17 - 2024-01-11 07:17 - 017772024 _____ C:\Users\krümel\Documents\04.pcapng
2024-01-09 23:11 - 2024-01-09 23:11 - 000000962 _____ C:\Users\krümel\Desktop\Sysinternals.lnk
2024-01-09 23:10 - 2024-01-09 23:10 - 041422980 _____ C:\Users\krümel\Documents\03.pcapng
2024-01-09 23:05 - 2024-01-09 23:06 - 000000000 ____D C:\Users\krümel\Documents\SysinternalsSuite
2024-01-09 23:04 - 2024-01-09 23:04 - 053047703 _____ C:\Users\krümel\Downloads\SysinternalsSuite.zip
2024-01-09 20:19 - 2024-01-09 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerShell
2024-01-09 20:19 - 2024-01-09 20:19 - 000000000 ____D C:\Program Files\PowerShell
2024-01-09 20:07 - 2024-01-09 20:07 - 000045670 _____ C:\Users\krümel\Downloads\Dokumentation_Beispiel.odt
2024-01-09 20:07 - 2024-01-09 20:07 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Proof
2024-01-09 19:46 - 2024-01-09 19:46 - 000179231 _____ C:\Users\krümel\Downloads\04_AM_Fehlzeitenerfassung_TN_Info_2024_01.pdf
2024-01-09 03:26 - 2024-01-09 03:27 - 000000000 ____D C:\Users\krümel\Downloads\crystaldiskmark8_0_4c
2024-01-09 03:26 - 2024-01-09 03:26 - 003798590 _____ C:\Users\krümel\Downloads\crystaldiskmark8_0_4c.zip
2024-01-08 23:21 - 2024-01-13 18:56 - 000000000 ____D C:\Users\krümel\AppData\Roaming\LM Studio
2024-01-08 23:21 - 2024-01-12 19:04 - 000002309 _____ C:\Users\krümel\Desktop\LM Studio.lnk
2024-01-08 23:21 - 2024-01-08 23:21 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LM Studio
2024-01-08 23:21 - 2024-01-08 23:21 - 000000000 ____D C:\Users\krümel\AppData\Local\LM-Studio
2024-01-08 23:21 - 2024-01-08 23:21 - 000000000 ____D C:\Users\krümel\.cache
2024-01-08 23:19 - 2024-01-08 23:21 - 422646400 _____ (LM Studio) C:\Users\krümel\Downloads\LM+Studio-0.2.10+Setup.exe
2024-01-08 22:57 - 2024-01-08 22:57 - 002688876 _____ C:\Users\krümel\Documents\#_02.pcapng
2024-01-08 22:39 - 2024-01-09 03:32 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Samsung Magician
2024-01-08 22:36 - 2024-01-08 22:36 - 195309392 _____ (Samsung Electronics ) C:\Users\krümel\Downloads\Samsung_Magician_Installer_Official_8.0.1.1000.exe
2024-01-08 22:24 - 2024-01-08 22:24 - 000358877 _____ C:\Users\krümel\Downloads\GODMODE.zip
2024-01-08 22:14 - 2024-01-08 22:14 - 000000000 ____D C:\Users\krümel\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2024-01-07 22:21 - 2024-01-20 23:31 - 000000000 ____D C:\Users\krümel\AppData\Roaming\discord
2024-01-07 22:21 - 2024-01-20 22:53 - 000000000 ____D C:\Users\krümel\AppData\Local\Discord
2024-01-07 22:21 - 2024-01-08 23:21 - 000000000 ____D C:\Users\krümel\AppData\Local\SquirrelTemp
2024-01-07 22:21 - 2024-01-07 22:21 - 096194848 _____ (Discord Inc.) C:\Users\krümel\Downloads\DiscordSetup.exe
2024-01-07 22:21 - 2024-01-07 22:21 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-01-07 19:42 - 2024-02-02 14:14 - 000000000 ____D C:\Users\krümel\Documents\CSI Linux 2023.2 VirtualBox
2024-01-07 19:18 - 2024-01-07 19:29 - 221298688 _____ C:\Users\krümel\Downloads\CSI_Linux_2023.2_VMware.7z
2024-01-07 19:11 - 2024-01-07 19:37 - 000000000 ____D C:\Users\krümel\AppData\Roaming\VMware
2024-01-07 19:11 - 2024-01-07 19:37 - 000000000 ____D C:\Users\krümel\AppData\Local\VMware
2024-01-07 19:07 - 2023-10-10 02:08 - 000060344 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2024-01-07 19:06 - 2024-01-08 22:19 - 000000000 ____D C:\ProgramData\VMware
2024-01-07 19:06 - 2024-01-07 19:06 - 001694220 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-01-07 19:06 - 2024-01-07 19:06 - 000000000 ____D C:\Program Files (x86)\VMware
2024-01-07 19:06 - 2023-10-10 02:19 - 001310656 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2024-01-07 19:03 - 2024-01-07 19:04 - 566428648 _____ (VMware, Inc.) C:\Users\krümel\Downloads\VMware-player-full-17.5.0-22583795.exe
2024-01-07 16:39 - 2024-01-07 16:39 - 311699332 _____ C:\Users\krümel\Documents\#_01.pcapng
2024-01-07 16:19 - 2024-01-07 16:19 - 001589510 _____ (Igor Pavlov) C:\Users\krümel\Downloads\7z2301-x64.exe
2024-01-07 16:19 - 2024-01-07 16:19 - 000000000 ____D C:\Program Files\7-Zip
2024-01-07 15:39 - 2024-01-07 15:39 - 000000000 ____D C:\Program Files\USBPcap
2024-01-07 15:38 - 2024-01-22 16:48 - 000000000 ____D C:\Program Files\Npcap
2024-01-07 15:38 - 2024-01-07 15:38 - 000003460 _____ C:\Windows\system32\Tasks\npcapwatchdog
2024-01-07 15:38 - 2024-01-07 15:38 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2024-01-07 15:38 - 2024-01-07 15:38 - 000000000 ____D C:\Windows\system32\Npcap
2024-01-07 15:30 - 2024-01-30 16:02 - 000000000 ____D C:\Users\krümel\Documents\.SysApps
2024-01-07 15:27 - 2024-01-07 16:11 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Wireshark
2024-01-07 15:13 - 2024-01-07 15:39 - 000001838 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2024-01-07 15:11 - 2024-01-07 15:39 - 000000000 ____D C:\Program Files\Wireshark
2024-01-07 14:59 - 2024-02-03 01:20 - 000000000 ____D C:\Users\krümel\.VirtualBox
2024-01-07 14:59 - 2024-02-03 01:20 - 000000000 ____D C:\ProgramData\VirtualBox
2024-01-07 14:59 - 2024-01-07 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2024-01-07 14:59 - 2024-01-07 14:59 - 000000000 ____D C:\Program Files\Oracle
2024-01-07 14:59 - 2023-10-12 11:05 - 001060600 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxSup.sys
2024-01-07 14:59 - 2023-10-12 11:05 - 000201328 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2024-01-07 14:41 - 2024-01-07 14:41 - 000000396 _____ C:\Users\krümel\Documents\officespy.reg
2024-01-05 20:44 - 2024-01-05 20:44 - 000000000 ____D C:\Users\krümel\AppData\Local\OO Software
2024-01-05 20:36 - 2024-01-05 20:45 - 000000000 ____D C:\ProgramData\ChocolateyHttpCache
2024-01-05 20:36 - 2024-01-05 20:45 - 000000000 ____D C:\ProgramData\chocolatey
2024-01-05 16:43 - 2024-01-05 16:43 - 000003683 _____ C:\Users\krümel\Downloads\GraphCmdLets.txt
2024-01-05 16:30 - 2024-01-05 19:49 - 000000000 ____D C:\Users\krümel\Documents\Note++
2024-01-05 16:28 - 2024-01-30 17:45 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Notepad++
2024-01-05 16:28 - 2024-01-27 19:36 - 000000000 ____D C:\Users\krümel\AppData\Local\CrashDumps
2024-01-05 16:28 - 2024-01-05 16:28 - 004816456 _____ (Don HO don.h@free.fr) C:\Users\krümel\Downloads\npp.8.6.Installer.x64.exe
2024-01-05 16:28 - 2024-01-05 16:28 - 000000888 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-01-05 16:28 - 2024-01-05 16:28 - 000000000 ____D C:\Program Files\Notepad++
2024-01-05 16:19 - 2024-01-30 17:30 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Word
2024-01-05 16:02 - 2024-01-05 16:02 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\UProof
2024-01-05 16:01 - 2024-01-05 16:01 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\OneNote
2024-01-05 15:58 - 2024-01-05 15:58 - 000000000 ____D C:\Users\krümel\Documents\OneNote-Notizbücher
2024-01-05 15:57 - 2024-01-09 20:07 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Office
2024-01-05 15:57 - 2024-01-05 16:10 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Outlook
2024-01-05 15:57 - 2024-01-05 15:57 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\AddIns
2024-01-05 15:29 - 2024-01-05 15:29 - 000000000 ____D C:\Users\yok01\AppData\Local\PeerDistRepub
2024-01-05 15:28 - 2024-01-05 15:28 - 000000000 ____D C:\Users\yok01\AppData\Local\CrashDumps
2024-01-05 02:03 - 2024-01-05 02:04 - 000000000 ____D C:\ProgramData\WPSInstallerTemp1
2024-01-05 02:03 - 2024-01-05 02:03 - 000027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-02-03 17:41 - 2022-05-25 20:06 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-03 17:41 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-03 17:41 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness
2024-02-03 17:41 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-03 17:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp
2024-02-03 17:25 - 2023-11-17 04:04 - 001754668 _____ C:\Windows\system32\PerfStringBackup.INI
2024-02-03 17:25 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF
2024-02-03 17:17 - 2022-05-25 20:05 - 000012288 ___SH C:\DumpStack.log.tmp
2024-02-03 17:17 - 2022-05-25 20:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-02-03 17:17 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-02-03 17:17 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ServiceState
2024-02-03 17:17 - 2022-05-07 06:17 - 001048576 _____ C:\Windows\system32\config\BBI
2024-02-03 17:09 - 2022-05-25 20:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-02-03 09:02 - 2024-01-02 21:00 - 000000000 ____D C:\Users\krümel\AppData\Roaming\KeePass
2024-02-03 01:21 - 2024-01-02 18:17 - 000000000 ___SD C:\Users\krümel\AppData\Roaming\Microsoft\Credentials
2024-02-03 01:17 - 2024-01-03 23:44 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2024-02-03 01:17 - 2024-01-02 18:17 - 000000000 ____D C:\Users\krümel
2024-02-03 01:14 - 2023-11-17 03:50 - 001039939 ____N C:\Windows\Minidump\020324-15390-01.dmp
2024-02-03 01:10 - 2023-11-17 03:50 - 000850597 ____N C:\Windows\Minidump\020324-21062-01.dmp
2024-02-03 01:01 - 2024-01-03 15:57 - 000000000 ____D C:\Users\krümel\Downloads\pkeyuibx_v1.5.1
2024-02-03 00:53 - 2024-01-02 18:03 - 000000000 ___RD C:\Users\yok01\OneDrive
2024-02-03 00:45 - 2024-01-02 18:01 - 000000000 ____D C:\Users\yok01\AppData\Local\Packages
2024-02-03 00:44 - 2024-01-02 18:06 - 000000000 ____D C:\Users\yok01\AppData\Local\Lenovo
2024-02-03 00:36 - 2024-01-02 17:40 - 000000000 ___SD C:\Users\yok01\AppData\Roaming\Microsoft\Protect
2024-02-03 00:34 - 2023-11-17 03:51 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-02-03 00:10 - 2024-01-02 19:45 - 000000000 ____D C:\Users\krümel\Documents\Berichtshefte.usb.ORDNER
2024-02-02 23:28 - 2024-01-03 22:16 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\MMC
2024-02-02 23:06 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp
2024-02-02 22:53 - 2024-01-02 18:03 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4201263534-3633762348-2776426445-1001
2024-02-02 16:32 - 2023-11-17 03:50 - 001140460 ____N C:\Windows\Minidump\020224-16125-01.dmp
2024-02-02 16:30 - 2023-11-17 03:50 - 002417821 ____N C:\Windows\Minidump\020224-15609-01.dmp
2024-02-02 03:35 - 2022-05-25 20:06 - 000003756 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-02 03:35 - 2022-05-25 20:06 - 000003632 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-01 21:48 - 2024-01-03 23:39 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Code
2024-02-01 18:46 - 2024-01-03 23:39 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2024-01-31 22:53 - 2024-01-02 18:29 - 000002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-01-30 18:08 - 2024-01-02 19:45 - 000014398 ____H C:\Users\krümel\Documents\Database.kdbx
2024-01-30 17:36 - 2024-01-02 18:17 - 000000000 ____D C:\Users\krümel\AppData\Local\D3DSCache
2024-01-30 16:07 - 2024-01-02 18:19 - 000000000 ___RD C:\Users\krümel\OneDrive
2024-01-30 16:07 - 2024-01-02 18:17 - 000000000 ____D C:\Users\krümel\AppData\Local\Packages
2024-01-30 16:06 - 2023-11-17 03:55 - 000000000 ____D C:\Program Files\Microsoft Office
2024-01-30 16:06 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-01-30 15:51 - 2023-11-17 03:56 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-01-29 23:17 - 2023-11-17 03:50 - 002401687 ____N C:\Windows\Minidump\012924-15750-01.dmp
2024-01-28 19:01 - 2024-01-03 23:44 - 000000000 ____D C:\Program Files\CCleaner
2024-01-28 18:59 - 2024-01-02 18:18 - 000000000 ____D C:\Users\krümel\AppData\Local\PlaceholderTileLogoFolder
2024-01-28 18:59 - 2022-05-25 20:06 - 000000000 ____D C:\ProgramData\Packages
2024-01-27 20:35 - 2024-01-02 17:55 - 000079344 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsc.sys
2024-01-27 20:35 - 2024-01-02 17:55 - 000079328 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsp.sys
2024-01-27 20:14 - 2024-01-02 18:18 - 000000000 ____D C:\Users\krümel\AppData\Local\Lenovo
2024-01-27 20:13 - 2023-11-17 03:55 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2024-01-27 20:11 - 2023-11-17 04:02 - 000000000 ____D C:\Program Files (x86)\Lenovo
2024-01-27 20:11 - 2023-11-17 03:55 - 000000000 ____D C:\ProgramData\Lenovo
2024-01-27 19:56 - 2022-05-07 06:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-01-27 19:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\LiveKernelReports
2024-01-26 07:20 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemResources
2024-01-25 21:56 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-01-25 21:39 - 2024-01-03 22:05 - 000000000 ___SD C:\Windows\system32\AppV
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\UUS
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\setup
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\oobe
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellComponents
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\Provisioning
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\BrowserCore
2024-01-25 21:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\bcastdvr
2024-01-25 21:35 - 2022-05-25 20:08 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-01-25 21:19 - 2023-11-17 03:55 - 000000000 ____D C:\Windows\TempInst
2024-01-25 21:18 - 2023-11-17 03:55 - 000000000 ____D C:\Program Files\Lenovo
2024-01-22 17:46 - 2024-01-03 23:44 - 000002886 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - krümel
2024-01-22 17:44 - 2022-05-07 06:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-01-22 16:48 - 2024-01-02 22:16 - 000000000 ____D C:\Users\krümel\AppData\Local\Steam
2024-01-22 16:05 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\MUI
2024-01-22 16:05 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\MUI
2024-01-22 15:44 - 2024-01-02 22:15 - 000000000 ____D C:\Program Files (x86)\Steam
2024-01-18 23:15 - 2024-01-03 23:44 - 000000666 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2024-01-17 16:16 - 2024-01-03 23:44 - 000003382 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2024-01-16 18:40 - 2024-01-03 22:45 - 000000000 ____D C:\Windows\system32\MRT
2024-01-12 17:52 - 2024-01-02 17:58 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-01-12 17:52 - 2022-05-07 06:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-01-12 17:52 - 2022-05-07 06:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-01-12 17:52 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-01-12 17:26 - 2022-05-25 21:03 - 000000000 ____D C:\Windows\panther
2024-01-12 17:20 - 2024-01-03 22:45 - 189718008 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-01-12 17:20 - 2024-01-02 19:20 - 000000000 ____D C:\ProgramData\Package Cache
2024-01-12 17:19 - 2024-01-02 20:30 - 000918944 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2024-01-06 23:59 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\OCR
2024-01-06 23:59 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\Globalization
2024-01-06 22:15 - 2023-11-17 04:04 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2024-01-05 20:35 - 2024-01-02 18:17 - 000000000 ____D C:\Users\krümel\AppData\Roaming\Microsoft\Windows
2024-01-05 15:24 - 2024-01-02 18:17 - 000000000 ____D C:\Users\krümel\AppData\Local\ConnectedDevicesPlatform
2024-01-05 00:07 - 2022-05-25 20:09 - 000000000 __RHD C:\Users\Public\AccountPictures

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2024-01-26 17:52 - 2024-01-26 18:24 - 000000128 _____ () C:\Users\krümel\AppData\Local\PUTTY.RND
2024-01-12 22:54 - 2024-01-12 22:54 - 000007611 _____ () C:\Users\krümel\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
Die Addition.txt hat nicht reingepasst.

Subzer00 03.02.2024 18:23
Hier die Addition.txt:

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03.02.2024 01
durchgeführt von krümel (03-02-2024 17:46:42)
Gestartet von C:\Users\krümel\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.3085 (X64) (2024-01-02 23:24:21)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-4201263534-3633762348-2776426445-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4201263534-3633762348-2776426445-503 - Limited - Disabled)
Gast (S-1-5-21-4201263534-3633762348-2776426445-501 - Limited - Disabled)
krümel (S-1-5-21-4201263534-3633762348-2776426445-1002 - Administrator - Enabled) => C:\Users\krümel
WDAGUtilityAccount (S-1-5-21-4201263534-3633762348-2776426445-504 - Limited - Disabled)
yok01 (S-1-5-21-4201263534-3633762348-2776426445-1001 - Administrator - Enabled) => C:\Users\yok01

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502}
FW: ZoneAlarm NextGen Firewall (Enabled) {319A450A-F6AA-7392-36CD-10C9B542E56D}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 23.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2301-000001000000}) (Version: 23.01.00.0 - Igor Pavlov)
7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 121.1.62.156 - Die Brave-Autoren)
CCleaner (HKLM\...\CCleaner) (Version: 6.20 - Piriform)
Discord (HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\Discord) (Version: 1.0.9028 - Discord Inc.)
GitMind 1.0.9 (HKLM-x32\...\a0e10d84-6512-552f-a0ec-5dd2e61ffe64) (Version: 1.0.9 - Wangxu Technology Co.,Ltd.)
HWiNFO64 (HKLM\...\HWiNFO64_is1) (Version: 7.68 - Martin Malik, REALiX s.r.o.)
KeePass Password Safe 2.55 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.55 - Dominik Reichl)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.0.52.0 - Lenovo Group Ltd.)
Lenovo Voice Service (HKLM\...\{C59A85F5-DB04-4D09-BE1F-1B49B49EA9DA}_is1) (Version: 3.0.26.0 - Lenovo Group Ltd.)
LM Studio (HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\LM-Studio) (Version: 0.2.10 - LM Studio)
Microsoft .NET Host - 7.0.15 (x64) (HKLM\...\{2EB0BDB4-BD7D-4E10-A8CE-5135290DA16B}) (Version: 56.60.5674 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.15 (x64) (HKLM\...\{D0210A10-A37D-4B32-B1EE-BB02E519C76C}) (Version: 56.60.5674 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.15 (x64) (HKLM\...\{C4FF47FF-99CD-4699-8B6D-10834B3F0554}) (Version: 56.60.5674 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.15 (x64) (HKLM-x32\...\{0331d3a0-8fc1-4154-bd6d-2a34e98de45b}) (Version: 7.0.15.33122 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.98 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.144 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.17231.20182 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.010.0114.0001 - Microsoft Corporation)
Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.17231.20182 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.86.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.15 (x64) (HKLM\...\{727E0F2E-97AA-4723-93C2-A7E55A09338E}) (Version: 56.60.5778 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.15 (x64) (HKLM-x32\...\{678ecfdb-8552-4dd3-9bd7-ed16b0f23ae2}) (Version: 7.0.15.33129 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 122.0 (x64 de)) (Version: 122.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 122.0 - Mozilla)
MySQL Documents 5.7 (HKLM-x32\...\{65D6BB70-4A33-49A8-829F-08FE587B2E94}) (Version: 5.7.44 - Oracle Corporation)
MySQL Examples and Samples 5.7 (HKLM-x32\...\{2B1560EC-AA24-4BFF-9565-B676FEFB6969}) (Version: 5.7.44 - Oracle Corporation)
MySQL Installer - Community (HKLM-x32\...\{AA6FE595-7638-4EFD-8661-F18F3580764A}) (Version: 1.6.8.0 - Oracle Corporation)
MySQL Router 8.0 (HKLM\...\{CB5A2D45-EF29-4C12-AAED-86BD99D40363}) (Version: 8.0.35 - Oracle Corporation)
MySQL Server 5.7 (HKLM\...\{CDB413E3-A52D-4FBE-9C2D-BF916FE598DA}) (Version: 5.7.44 - Oracle Corporation)
MySQL Shell 8.0.35 (HKLM\...\{A4208398-C5FC-4739-9B71-93B6A921EF74}) (Version: 8.0.35 - Oracle and/or its affiliates)
MySQL Workbench 8.0 CE (HKLM\...\{F7FFB7C8-1738-4FE0-A80B-61E5ED01B033}) (Version: 8.0.34 - Oracle Corporation)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.132 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.18.5.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.78 - Nmap Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20036 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20084 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.17231.20036 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 7.0.12 (HKLM\...\{09581F4C-7DBB-473B-A6BB-D4A317D108A9}) (Version: 7.0.12 - Oracle and/or its affiliates)
PDF24 Creator 11.15.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.15.2 - geek software GmbH)
PowerShell 7-x64 (HKLM\...\{AD700148-DD32-4283-8C07-ED1F8AF876CD}) (Version: 7.4.0.0 - Microsoft Corporation)
PuTTY release 0.80 (64-bit) (HKLM\...\{98B86AF9-EC3E-49F8-8B34-B48837CC5719}) (Version: 0.80.0.0 - Simon Tatham)
Python 3.12.1 (64-bit) (HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\{86e52725-ef45-452f-ac4c-b8958718bfea}) (Version: 3.12.1150.0 - Python Software Foundation)
Python 3.12.1 Core Interpreter (64-bit) (HKLM\...\{AC82C1A3-9597-40F2-893D-F02F778FBA4D}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Development Libraries (64-bit) (HKLM\...\{8C53CBDD-4DAF-426F-9478-6C7C2920CDDA}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Documentation (64-bit) (HKLM\...\{62667662-A580-409C-8044-55B06F774AE2}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Executables (64-bit) (HKLM\...\{44BC9F9C-15C2-46C1-B88D-3135A9DA555F}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 pip Bootstrap (64-bit) (HKLM\...\{1662F43B-2337-4FD8-8CE6-BEA38FC94DD4}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Standard Library (64-bit) (HKLM\...\{47957EE3-0E23-4075-B825-F202E913670F}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Tcl/Tk Support (64-bit) (HKLM\...\{926CDC62-3AE2-422B-9858-D6EC3BAD473F}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python 3.12.1 Test Suite (64-bit) (HKLM\...\{E309AE00-4FB1-4817-9172-7E198668375D}) (Version: 3.12.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{4C8D4EC3-F620-4CEE-8BAD-B59A3C6815F3}) (Version: 3.12.1150.0 - Python Software Foundation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.85.5 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Universal x86 Tuning Utility (HKLM\...\{7AAAD49A-B6D5-41D1-9AEF-BCA287DC5DC4}) (Version: 2.2.3 - JamesCJ60)
USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.26.7 - IDRIX)
Wireshark 4.2.2 x64 (HKLM-x32\...\Wireshark) (Version: 4.2.2 - The Wireshark developer community, hxxps://www.wireshark.org)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m [2024-01-25] (Advanced Micro Devices Inc.) [Startup Task]
FMAPOControl2 -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl2_2.1.31.0_x64__4pejv7q2gmsnr [2024-02-02] (Fortemedia)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23306.1292.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corporation)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2312.17.0_x64__k1h2ywk1493x8 [2024-02-03] (LENOVO INC.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2311.21003.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corporation) [Startup Task]
Microsoft Defender Application Guard Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsDefenderApplicationGuard_1.0.11.0_x64__8wekyb3d8bbwe [2024-01-27] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corp.)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-01-23] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2024-01-05] (Netflix, Inc.)
Notepad++ -> C:\Program Files\Notepad++\contextMenu [2024-01-05] (Notepad++)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.153.0_x64__pwbj9vvecjh7j [2024-01-05] (Amazon Development Centre (London) Ltd)
Python 3.11 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.11_3.11.2032.0_x64__qbz5n2kfra8p0 [2024-01-28] (Python Software Foundation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Studios) [MS Ad]
Sysinternals Suite -> C:\Program Files\WindowsApps\Microsoft.SysinternalsSuite_2024.1.0.0_x64__8wekyb3d8bbwe [2024-01-10] (Microsoft Corporation)
WinAppRuntime.Main.1.2 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.2_2000.802.31.0_x64__8wekyb3d8bbwe [2024-01-05] (Microsoft Corp.)
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1082.2259.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.1082.2259.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corp.)
Windows App Runtime DDLM 2000.802.31.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.802.31.0-x6_2000.802.31.0_x64__8wekyb3d8bbwe [2024-01-05] (Microsoft Corporation)
Windows App Runtime DDLM 2000.802.31.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.802.31.0-x8_2000.802.31.0_x86__8wekyb3d8bbwe [2024-01-05] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x6_4000.964.11.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x8_4000.964.11.0_x86__8wekyb3d8bbwe [2024-02-03] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-01-25] (Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
CustomCLSID: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 ->  => Keine Datei
CustomCLSID: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002_Classes\CLSID\{BEA218D2-6950-497B-9434-61683EC065FE}\InprocServer32 -> C:\Users\krümel\AppData\Local\Programs\Python\Launcher\pyshellext.amd64.dll (Python Software Foundation -> Python Software Foundation)
CustomCLSID: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002_Classes\CLSID\{c9399f73-5ef0-8178-7fa4-bf2d237061cb}\localserver32 -> C:\Program Files\JamesCJ60\Universal x86 Tuning Utility\Universal x86 Tuning Utility.exe (JamesCJ60) [Datei ist nicht signiert]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [ZANGShExt] -> {3c97ffb1-30b1-42f2-8d2d-f843f72bf986} =>  -> Keine Datei
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.010.0114.0001\FileSyncShell64.dll [2024-02-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> Keine Datei
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [ZANGShExt] -> {3c97ffb1-30b1-42f2-8d2d-f843f72bf986} =>  -> Keine Datei

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2023-11-17 03:55 - 2023-02-10 10:51 - 000393216 _____ () [Datei ist nicht signiert] C:\Program Files\Lenovo\LVA Pro Service\libglog.dll
2024-01-07 16:19 - 2023-06-20 09:00 - 000101376 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll
2023-11-17 03:56 - 2023-11-17 03:56 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-11-17 03:56 - 2023-11-17 03:56 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2024-01-26 20:02 - 2022-12-28 21:28 - 001111883 _____ (SQLite Development Team) [Datei ist nicht signiert] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2024-01-26 20:02 - 2019-12-21 11:55 - 001380864 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2024-01-26 20:02 - 2019-12-21 11:55 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\krümel\Desktop\FRST64.exe:shield [85]
AlternateDataStreams: C:\Users\krümel\Downloads\#01_Doku.docx:shield [88]
AlternateDataStreams: C:\Users\krümel\Downloads\#01_KostenNutzenFaktor.xlsx:shield [102]
AlternateDataStreams: C:\Users\krümel\Downloads\2023_Frühjahr_AP1.pdf:shield [81]
AlternateDataStreams: C:\Users\krümel\Downloads\2023_Frühjahr_AP1_Loesung.pdf:shield [81]
AlternateDataStreams: C:\Users\krümel\Downloads\2312.16171v1.pdf:shield [91]
AlternateDataStreams: C:\Users\krümel\Downloads\AP1_4x.7z:shield [84]
AlternateDataStreams: C:\Users\krümel\Downloads\DokuVorgehensweise.docx:shield [98]
AlternateDataStreams: C:\Users\krümel\Downloads\Fortsetzung Praktikum .pdf:shield [106]
AlternateDataStreams: C:\Users\krümel\Downloads\GA1-FISI-Frühjahr2023.docx:shield [85]
AlternateDataStreams: C:\Users\krümel\Downloads\GA1-FISI-Frühjahr2023.pdf:shield [85]
AlternateDataStreams: C:\Users\krümel\Downloads\GA1-FISI-Frühjahr2023Losungen.pdf:shield [85]
AlternateDataStreams: C:\Users\krümel\Downloads\gitmind-setup.exe:shield [92]
AlternateDataStreams: C:\Users\krümel\Downloads\image0.png:shield [85]
AlternateDataStreams: C:\Users\krümel\Downloads\image1.png:shield [85]
AlternateDataStreams: C:\Users\krümel\Downloads\image2.png:shield [85]
AlternateDataStreams: C:\Users\krümel\Downloads\mysqlsampledatabase.zip:shield [98]
AlternateDataStreams: C:\Users\krümel\Downloads\new_employees.zip:shield [90]
AlternateDataStreams: C:\Users\krümel\Downloads\NordVPNSetup(1).exe:shield [154]
AlternateDataStreams: C:\Users\krümel\Downloads\NOV.23-JAN.24.KW.44-04.docx:shield [102]
AlternateDataStreams: C:\Users\krümel\Downloads\OfficeSetup.exe:shield [90]
AlternateDataStreams: C:\Users\krümel\Downloads\pdf24-creator-11.15.2-x64.exe:shield [104]
AlternateDataStreams: C:\Users\krümel\Downloads\Projekt_Antrag_Terminalserver 3.docx:shield [111]
AlternateDataStreams: C:\Users\krümel\Downloads\Projekt_Antrag_Terminalserver.docx:shield [109]
AlternateDataStreams: C:\Users\krümel\Downloads\python-3.12.1-amd64.exe:shield [98]
AlternateDataStreams: C:\Users\krümel\Downloads\readyboot.PNG:shield [88]
AlternateDataStreams: C:\Users\krümel\Downloads\SecurityCheck.exe:shield [142]
AlternateDataStreams: C:\Users\krümel\Downloads\Seminar Grundlagen Datenbanksystem - Aufgabe 2 Versicherung Lösung.pdf:shield [145]
AlternateDataStreams: C:\Users\krümel\Downloads\Seminar Grundlagen Datenbanksystem - Aufgabe 2 Versicherung.pdf:shield [138]
AlternateDataStreams: C:\Users\krümel\Downloads\sql_01.PNG:shield [85]
AlternateDataStreams: C:\Users\krümel\Downloads\VeraCrypt Setup 1.26.7.exe:shield [158]
AlternateDataStreams: C:\Users\krümel\Downloads\ÜbungsaufgabenElektrischeLeistungUndArbeit.docx-1.pdf:shield [255]
AlternateDataStreams: C:\Users\krümel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asphalt 9: Legends.lnk [3530]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo -> Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo -> Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7942 mehr Seiten.

IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7942 mehr Seiten.

IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\123simsen.com -> www.123simsen.com

Da befinden sich 7942 mehr Seiten.


==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2022-05-07 06:24 - 2024-01-26 21:34 - 000456543 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

Da befinden sich 15649 zusätzliche Einträge.


2024-01-27 22:40 - 2024-01-27 22:40 - 000000432 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.24.64.1 Keks.mshome.net # 2029 1 4 25 21 40 32 678

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4201263534-3633762348-2776426445-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img19.jpg
DNS Servers: 9.9.9.11 - 149.112.112.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
 ist aktiviert.

Network Binding:
=============
NordLynx: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 5: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 5: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 5: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 3: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 4: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 4: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 4: NordVPN LightWeight Firewall -> NordLwf (enabled)
WLAN: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
WLAN: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
WLAN: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
WLAN: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\Run: => "BraveVpnWireguardService"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\StartupApproved\Run: => "LenovoVantage"
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_5DF05707A8A0977F46B97D144206D7B7"
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\StartupApproved\Run: => "LenovoVantageToolbar"
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4201263534-3633762348-2776426445-1002\...\StartupApproved\Run: => "Discord"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{27A511DC-E35F-4E50-9A6B-048742B2C6B2}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21D37E56-C71F-4800-A741-4D4122E13AD8}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33A9C46F-CF05-44C7-B34B-91900E940A3A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4040066B-B7D9-47BF-80C3-244339077F2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8F287F48-3FA8-4502-A11A-CC2C00B7CFF9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5735A74F-D153-418B-97D0-27023AC24027}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{99B536F5-7534-4C33-8052-F6F2AB366DD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Asphalt 9 Legends\Asphalt9_Steam_x64_rtl.exe () [Datei ist nicht signiert]
FirewallRules: [{7BAF2296-5DD6-4269-AAF3-1FEA3882B4AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Asphalt 9 Legends\Asphalt9_Steam_x64_rtl.exe () [Datei ist nicht signiert]
FirewallRules: [{8B496C23-0757-41B0-84DD-248C3DF16D2F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ABF5AA9C-0F58-4BEA-ACD7-B4CDC4411A30}] => (Allow) LPort=3306
FirewallRules: [{864DB50A-2F4B-4FD2-85B2-9C7D5E8E317F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{61531C03-DC15-4136-8C9F-7821B188C612}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A63C0EE8-E3F4-4B73-9879-8743DD82FD7B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2A235D31-3740-40CE-899A-2EF92FAC004B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BFA988CD-FE3A-4DAB-B356-94754F65BA2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{49DAB39B-65F5-4E08-B030-21775D4AB839}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{22AEE92C-2E8D-4DB3-9D9C-57055B0C3446}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BA525247-E9D6-4A2A-A262-0FDB333AD49E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8FE3F60F-12A9-452F-BAE9-5D982A9E94B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{02185FC1-26F4-4637-99AF-BEC7461DBAD1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{125F701F-CF38-4783-86CA-DA4D907D883F}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{2D73E3A0-4611-4CA4-B8FC-608032C143E6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{994ECDB7-E2CD-48FC-8C2A-C7024C001F17}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{750252A4-1CB7-46A0-BBB3-2643AD5183F3}C:\program files (x86)\apowersoft\gitmind\gitmind.exe] => (Allow) C:\program files (x86)\apowersoft\gitmind\gitmind.exe (Apowersoft Ltd -> Wangxu Technology Co.,Ltd.)
FirewallRules: [UDP Query User{A710336C-9928-45BD-869D-CECF23C09791}C:\program files (x86)\apowersoft\gitmind\gitmind.exe] => (Allow) C:\program files (x86)\apowersoft\gitmind\gitmind.exe (Apowersoft Ltd -> Wangxu Technology Co.,Ltd.)
FirewallRules: [{11577CC1-0F01-47EA-91D1-DD0B6934AF6F}] => (Allow) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{9AF1F7CB-6F5C-4F11-9C1F-E4A99314E912}] => (Allow) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{9E9404BB-1994-48A0-BDFD-41C5567A159B}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{6AAA5C70-3D3F-4119-A0EC-880510A4ECA0}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Wiederherstellungspunkte =========================

25-01-2024 18:52:38 Windows Update
26-01-2024 07:20:24 Windows Modules Installer
26-01-2024 14:42:45 Installed MySQL Installer - Community
26-01-2024 17:49:20 Installed PuTTY release 0.80 (64-bit)
27-01-2024 20:34:57 Windows Modules Installer
27-01-2024 23:45:10 Windows Modules Installer
28-01-2024 18:05:44 Windows Modules Installer
01-02-2024 21:34:38 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager ============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Universal Device Client Device
Description: Universal Device Client Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (02/03/2024 05:17:06 PM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SDFSSvc.exe, Version: 2.9.85.231, Zeitstempel: 0x63ebb1a4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3085, Zeitstempel: 0x9c6cda2f
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x00149472
ID des fehlerhaften Prozesses: 0x0x133c
Startzeit der fehlerhaften Anwendung: 0x0x1da56bb677d62a7
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 194fe404-e6ff-4e3e-90a9-06503db50841
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2024 09:19:01 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: nordvpn-service.exe, Version: 1.1.0.34, Zeitstempel: 0x65112d57
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3085, Zeitstempel: 0x98257e11
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000064d8c
ID des fehlerhaften Prozesses: 0x0xdfc
Startzeit der fehlerhaften Anwendung: 0x0x1da567899173510
Pfad der fehlerhaften Anwendung: C:\Program Files\NordVPN\nordvpn-service.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 2591be43-7105-4dd4-95fa-c3074c5d6c15
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2024 09:19:00 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SDFSSvc.exe, Version: 2.9.85.231, Zeitstempel: 0x63ebb1a4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3085, Zeitstempel: 0x9c6cda2f
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x00149472
ID des fehlerhaften Prozesses: 0x0x12c8
Startzeit der fehlerhaften Anwendung: 0x0x1da56789929f87c
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 92bc0d2c-4453-4aaa-a4fa-0617bbce5c65
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2024 09:03:02 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SDFSSvc.exe, Version: 2.9.85.231, Zeitstempel: 0x63ebb1a4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3085, Zeitstempel: 0x9c6cda2f
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x00149472
ID des fehlerhaften Prozesses: 0x0x1260
Startzeit der fehlerhaften Anwendung: 0x0x1da5676b0e96ce1
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: e32f9da3-96d5-4de3-9c60-d5f0a73bbc19
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2024 01:57:42 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: nordvpn-service.exe, Version: 1.1.0.34, Zeitstempel: 0x65112d57
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3085, Zeitstempel: 0x98257e11
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000064d8c
ID des fehlerhaften Prozesses: 0x0x2494
Startzeit der fehlerhaften Anwendung: 0x0x1da5636a8e9beed
Pfad der fehlerhaften Anwendung: C:\Program Files\NordVPN\nordvpn-service.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 3f84b455-dd18-40e7-a158-89fefc6266cb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2024 01:57:41 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SDFSSvc.exe, Version: 2.9.85.231, Zeitstempel: 0x63ebb1a4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3085, Zeitstempel: 0x9c6cda2f
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x00149472
ID des fehlerhaften Prozesses: 0x0x121c
Startzeit der fehlerhaften Anwendung: 0x0x1da56367ab24dae
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 9dc92d6d-9201-4a32-90d3-72398bb7852f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2024 01:17:35 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SDFSSvc.exe, Version: 2.9.85.231, Zeitstempel: 0x63ebb1a4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3085, Zeitstempel: 0x9c6cda2f
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x00149472
ID des fehlerhaften Prozesses: 0x0x11a8
Startzeit der fehlerhaften Anwendung: 0x0x1da5635ef22b117
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: cd3929bf-3d19-4c0e-8071-ead9c1d2735a
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2024 01:02:16 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SDFSSvc.exe, Version: 2.9.85.231, Zeitstempel: 0x63ebb1a4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.3085, Zeitstempel: 0x9c6cda2f
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x00149472
ID des fehlerhaften Prozesses: 0x0x1228
Startzeit der fehlerhaften Anwendung: 0x0x1da56306c63ed20
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 6583ae60-5b70-421e-8f89-39b5eaec6ec3
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (02/03/2024 05:18:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NordVPN LightWeight Firewall" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (02/03/2024 05:18:20 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: Die IPv6 TCP/IP-Schnittstelle mit dem Index 22 konnte nicht an den Anbieter gebunden werden.

Error: (02/03/2024 05:18:20 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: Die IPv4 TCP/IP-Schnittstelle mit dem Index 22 konnte nicht an den Anbieter gebunden werden.

Error: (02/03/2024 05:18:01 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden.

Error: (02/03/2024 05:17:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SgrmBroker" wurde mit folgendem Fehler beendet:
%%2147942402 = Das System kann die angegebene Datei nicht finden.

Error: (02/03/2024 05:17:49 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (02/03/2024 05:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "nordsec-threatprotection-service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/03/2024 05:10:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NordVPN LightWeight Firewall" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.


Windows Defender:
================
Date: 2024-02-03 17:18:00
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Schweregrad: Mittel
Kategorie: Einstellungsveränderer
Pfad: file:_C:\Windows\System32\drivers\etc\hosts
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
Sicherheitsversion: AV: 1.403.3115.0, AS: 1.403.3115.0, NIS: 1.403.3115.0
Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2

Date: 2024-02-03 17:09:55
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Schweregrad: Mittel
Kategorie: Einstellungsveränderer
Pfad: file:_C:\Windows\System32\drivers\etc\hosts
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
Sicherheitsversion: AV: 1.403.3115.0, AS: 1.403.3115.0, NIS: 1.403.3115.0
Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2

Date: 2024-02-03 09:11:43
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Schweregrad: Mittel
Kategorie: Einstellungsveränderer
Pfad: file:_C:\Windows\System32\drivers\etc\hosts
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
Sicherheitsversion: AV: 1.403.3115.0, AS: 1.403.3115.0, NIS: 1.403.3115.0
Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2

Date: 2024-02-03 08:58:04
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Schweregrad: Mittel
Kategorie: Einstellungsveränderer
Pfad: file:_C:\Windows\System32\drivers\etc\hosts
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
Sicherheitsversion: AV: 1.403.3115.0, AS: 1.403.3115.0, NIS: 1.403.3115.0
Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2

Date: 2024-02-03 01:18:24
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Schweregrad: Mittel
Kategorie: Einstellungsveränderer
Pfad: file:_C:\Windows\System32\drivers\etc\hosts
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer:
Prozessname: C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
Sicherheitsversion: AV: 1.403.3115.0, AS: 1.403.3115.0, NIS: 1.403.3115.0
Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2
Event[0]

Date: 2024-01-18 23:25:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.403.2316.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.23110.2
Fehlercode: 0x8024402c
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

CodeIntegrity:
===============
Date: 2024-01-22 16:47:31
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\76219404.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}).

Date: 2024-01-22 16:47:31
Description:
The driver \Device\HarddiskVolume3\Windows\System32\drivers\76219404.sys is blocked from loading as the driver has been revoked by Microsoft.

Date: 2024-01-07 14:18:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.13.209.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.

Date: 2024-01-07 13:19:31
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.13.209.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen ===========================

BIOS: LENOVO JVCN38WW 09/21/2023
Hauptplatine: LENOVO LNVNB161216
Prozessor: AMD Ryzen 7 6800HS Creator Edition
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 14020.95 MB
Verfügbarer physikalischer RAM: 7600.44 MB
Summe virtueller Speicher: 17860.95 MB
Verfügbarer virtueller Speicher: 8292.47 MB

==================== Laufwerke ================================

Drive c: (Windows-SSD) (Fixed) (Total:951.65 GB) (Free:693.96 GB) (Model: SAMSUNG MZVL21T0HCLR-00BL2) (Protected) NTFS

\\?\Volume{c250d027-fc32-47f6-b5d3-5211db0f7328}\ (WINRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.24 GB) NTFS
\\?\Volume{bf03a2a8-a7aa-4225-9925-f69bfd9375b7}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 26DB2968)

Partition: GPT.

==================== Ende von Addition.txt =======================

cosinus 03.02.2024 21:04
Neues Gerät? Dann ist da eh nix drauf und kann einfach neu installiert werden.

Subzer00 03.02.2024 22:15
Zitat:
Zitat von cosinus (Beitrag 1779131)
Neues Gerät? Dann ist da eh nix drauf und kann einfach neu installiert werden.
Ein Monat hab ich den jetzt schon, ist eigentlich alles drauf wie ich es haben wollte.

Wird der Aufwand den so groß sein?

cosinus 03.02.2024 22:29
Ja je nachdem was du alles so einrichten musst.
Aber warum ist dein Einrichtungsproblem nun eine Malwarefrage?

Subzer00 03.02.2024 22:56
Ich hab Probleme mit dem Rechner, weis nicht ob es Malware ist.

Aber wenn du mir nicht helfen kannst muss ich wohl neu einrichten.

Wenn du kannst, lösch einfach den gesamten Thread raus. Wenn ich nach dem neu einrichten Probleme immer noch Probleme haben sollte schreib ich einfach nochmal.

cosinus 03.02.2024 23:12
Deine Probleme sind doch selbstverursacht? Kaspersky, NordVPN? Warum installierst du so einen Müll?

Nochmal: was hat das mit Schädlingen zu tun? Und wieso lallerst du was von nicht helfen können wenn es garnicht darum geht?

Subzer00 03.02.2024 23:34
Zitat:
Zitat von cosinus (Beitrag 1779138)
Deine Probleme sind doch selbstverursacht? Kaspersky, NordVPN? Warum installierst du so einen Müll?

Nochmal: was hat das mit Schädlingen zu tun? Und wieso lallerst du was von nicht helfen können wenn es garnicht darum geht?
Nun ja ich hab halt leider nicht so viel Ahnung und wusste nicht das die oben genannten Anwendungen Müll sind.

Ich hab Malware vermutet weil eben Kaspersky Malware gefunden hatte. Aber das steht ja auch da oben.

Und ich glaube das jeder der hier ein Problem hat, das Problem zu 98% selber verursacht hat.

Bevor du so Worte wie "lallerst" benutzt solltest du lesen.

Lösch den Thread.

cosinus 03.02.2024 23:38
Kann alles hier drin bleiben. FRST ist ein Tool um Malware aufzuspüren. Aber da es fast es protokolliert kann man damit auch auch auch andere Dinge machen. Zaubern kann es leider nicht.

Ich würde generell neue Rechner immer manuell neu installieren.

hurius 07.02.2024 13:01
Zitat:
Zitat von Subzer00 (Beitrag 1779139)
Nun ja ich hab halt leider nicht so viel Ahnung und wusste nicht das die oben genannten Anwendungen Müll sind.

Ich hab Malware vermutet weil eben Kaspersky Malware gefunden hatte. Aber das steht ja auch da oben.

Und ich glaube das jeder der hier ein Problem hat, das Problem zu 98% selber verursacht hat.

Bevor du so Worte wie "lallerst" benutzt solltest du lesen.

Lösch den Thread.
Wieso vertraust du überhaupt dein Internet dem VPN Anbieter an? Wer hat dir das eingeflüstert?
Frage nur aus Interesse... vong Interesse der Quelle der Schlangenbalsamverkäufer usw her.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131