Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 11 - Windows Defender meldet Trojaner? (https://www.trojaner-board.de/205479-windows-11-windows-defender-meldet-trojaner.html)

DragonBaster 04.11.2022 11:16
Windows 11 - Windows Defender meldet Trojaner?
 
Hallo.

Seit vorgestern fiel mir auf, dass der Defender ein Problem meldet, welches ich nicht beseitigen kann.

Bedrohung gefunden: Trojan:XML/Phish.J!eml
Die angegebene Datei hab ich im Zielordner gelöscht, Meldung besteht weiterhin.

Danke im Voraus!

FRST:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-10-2022 02
durchgeführt von Matthias (Administrator) auf DESKTOP-V6D1Q80 (Micro-Star International Co., Ltd. MS-7C37) (04-11-2022 10:51:28)
Gestartet von C:\Users\Matthias\Downloads
Geladene Profile: Matthias
Plattform: Microsoft Windows 11 Pro Version 22H2 22621.674 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Matthias\AppData\Roaming\Elgato\StreamDeck\Plugins\tv.twitch.studio.sdPlugin\twitchstudiostreamdeck.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (com.barraider.obstools) [Datei ist nicht signiert] C:\Users\Matthias\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\com.barraider.obstools.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (Frederick Emmott -> ) C:\Users\Matthias\AppData\Roaming\Elgato\StreamDeck\Plugins\com.fredemmott.micmutetoggle.sdPlugin\sdmicmute.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (The Qt Company Oy -> The Qt Company Ltd.) C:\Program Files\Elgato\StreamDeck\QtWebEngineProcess.exe <5>
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (Voicemod Sociedad Limitada -> ) C:\Users\Matthias\AppData\Roaming\Elgato\StreamDeck\Plugins\net.voicemod.windowsdesktop.sdPlugin\voicemodplugin.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.765.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.26\msedgewebview2.exe <6>
(explorer.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <23>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (Endor AG -> ) C:\Program Files\Fanatec\Fanatec Wheel\FWPnpService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ade64cd54ec2f9ed\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS3\GameManagerService3.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncherService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_03ae49260a64ff68\RtkAudUService64.exe <2>
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\SaferWeb\rsDNSClientSvc.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\SaferWeb\rsDNSResolver.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\SaferWeb\rsDNSSvc.exe
(services.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgc.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.765.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControlEngine.exe
(svchost.exe ->) (Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\XboxGameBarSpotify.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_03ae49260a64ff68\RtkAudUService64.exe [3495880 2022-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3163248 2022-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3071192 2022-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [12837240 2022-09-15] (SteelSeries ApS -> SteelSeries ApS)
HKLM\...\Run: [Stream Deck] => C:\Program Files\Elgato\StreamDeck\StreamDeck.exe [11144232 2022-09-29] (Corsair Memory, Inc. -> Corsair Memory, Inc)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [851928 2022-08-22] (DIVX LLC -> DivX, LLC)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [543736 2022-10-08] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2630016 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234088 2022-10-19] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1802584 2022-09-22] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3538440 2022-10-06] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Run: [FanaLab] => C:\Program Files (x86)\Fanatec\FanaLab\Control\FanaLab.exe [98381792 2022-03-31] (Endor AG -> Endor Fanatec)
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32659920 2022-07-02] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Run: [MicrosoftEdgeAutoLaunch_CF3A0B5AD32FE1AD6A7C3F142C8929DE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-10-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3538440 2022-10-06] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.88\Installer\chrmstp.exe [2022-11-03] (Google LLC -> Google LLC)
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00A8CABC-47F3-4C55-A222-F5A13046E00F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {00BAE98E-6CF1-487D-A65D-7933E5102A80} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {03B94A46-69C7-402A-8926-15190BDF9C1A} - System32\Tasks\GoogleUpdateTaskMachineUA{199E7407-D83B-49D7-A45D-3FD4434F68BB} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-14] (Google LLC -> Google LLC)
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {08BD09F4-BBD5-4759-9418-2A6680D41823} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => C:\WINDOWS\system32\SecureBootEncodeUEFI.exe [49152 2022-05-07] (Microsoft Windows -> )
Task: {0DF8C101-4DB5-4C5C-B555-CCCE6C68E053} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0F060AD2-42E7-4E7E-AA51-3AF565709659} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {1DD457B4-4B5B-4F13-B5B4-205BD0E55FF2} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" konnte nicht entsperrt werden. <==== ACHTUNG
Task: {27CE9D59-9D48-4D29-99BC-64657AEBA494} - System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask
Task: {2FBB6100-648C-4B0A-BF11-66BB18B7E99D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {3651ABFE-D963-48F3-9B8E-A13B07021AC3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {38143CC3-6155-4CE0-A202-BFAC565C668E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-08-30] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4C832FA8-A059-43E6-91B9-2109ECDF66C8} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe [2011440 2022-03-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {53A0F1ED-301E-45DB-9F75-787E47F4EF57} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2960260898-141030721-2575920888-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4166528 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {5535C0EC-5C3C-46FA-9A9E-11EE5B40A1DA} - System32\Tasks\RazerCortexScheduleClean => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [543736 2022-10-08] (Razer USA Ltd. -> Razer Inc.)
Task: {5B1D4BA9-EDF9-49C0-8DDD-603FDDDCB40A} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68056 2022-08-22] (DIVX LLC -> DivX, LLC)
Task: {5C341C7B-FC62-4F53-BC0F-F863529DEF1A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6ECDE7A3-3E14-4C7B-A71E-F0B702344021} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {70BC3109-A094-4832-AF62-7F7F2E459F89} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {779FDA8B-148E-4CA9-A8B4-641969EDB656} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Matthias\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-11-03] (ESET, spol. s r.o. -> ESET)
Task: {7D1B697E-218A-4E1A-A48F-63293DFAB7A1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-10-17] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8B165469-52C9-452F-8C2F-FABABB590FE9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D68A696-3E48-4931-95D4-A76CFE3F52BC} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\106.0.1370.34\Installer\setup.exe --handle-crash="$(ProcessPath)" (Keine Datei)
Task: {8EB94DE7-2F0B-4CD6-B180-06BBE612B07E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {907E2715-2A58-491B-A87E-20AE5D8C1FDD} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9B40449D-6F77-4B7A-AA58-F7CE2954AC8A} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2577752 2022-09-22] (Overwolf Ltd -> Overwolf LTD)
Task: {BEE9753A-4C03-4613-929C-03B89D50D792} - System32\Tasks\Microsoft\Windows\CloudRestore\Restore => {B4BCFA6F-948D-46B8-BF27-E8B1117E23B3} C:\WINDOWS\system32\CloudRestoreLauncher.dll [245760 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
Task: {C2A48BA8-56EA-412C-AD54-C64790727FE1} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Matthias\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-11-03] (ESET, spol. s r.o. -> ESET)
Task: {C375B8E7-1D4F-4E57-90E7-3BEFD0DFCE06} - System32\Tasks\Microsoft\Windows\WlanSvc\MoProfileManagement => {085EDA12-CF4A-4944-8222-8ADCADE137CB} C:\Windows\System32\WlanMediaManager.dll [897024 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
Task: {D66B04FB-9C5F-404F-B7C7-566AED7A2F78} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {DD06ABB4-4A2B-417A-A21E-F704DC5B9DDD} - System32\Tasks\GoogleUpdateTaskMachineCore{C09CDA25-2DA4-4D88-B1D9-F2BBE5EB8F98} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-14] (Google LLC -> Google LLC)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Keine Datei)
Task: {E2D08D41-09FA-4082-94FB-A381D5B7E197} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {E43A8253-978F-40F3-9FAB-847F1742284A} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4166528 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA390717-CA52-45B4-BC4E-D5C77CC58B36} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{16ef1cc3-2b3e-43a4-96d4-68b39509f631}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Matthias\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-31]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default [2022-11-04]
CHR Notifications: Default -> hxxps://euw.op.gg; hxxps://www.lieferando.at; hxxps://www.wetter.at
CHR Extension: (Just Black) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2022-04-14]
CHR Extension: (WOT Website-Sicherheit und Schutz für sicheres Surfen) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2022-10-26]
CHR Extension: (Honey: Automatische Coupons & Prämien) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2022-10-26]
CHR Extension: (Avira Password Manager) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2022-11-02]
CHR Extension: (Avira Safe Shopping) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2022-11-02]
CHR Extension: (Watch2Gether) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2022-10-07]
CHR Extension: (Dark Mode) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmghijelimhndkbmpgbldicpogfkceaj [2022-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-02]
CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-10-22]
CHR Extension: (Shoop Cashback & Gutscheine) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacngjmphfcjdfpmfmlngemhddjdncpe [2022-11-02]
CHR Extension: (Nehmen Sie vollständige Webseiten auf - FireShot) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2022-06-13]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-14]
CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKU\S-1-5-21-2960260898-141030721-2575920888-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-09-24] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12516280 2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
R2 CortexLauncherService; C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncherService.exe [588200 2022-10-08] (Razer USA Ltd. -> Razer Inc.)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [802816 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1134624 2022-10-10] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-08-23] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncHelper.exe [3475328 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
R2 FWPnpService; C:\Program Files\Fanatec\Fanatec Wheel\FWPnpService.exe [467832 2022-02-17] (Endor AG -> )
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
R2 LightKeeperService; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe [86776 2020-12-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8842536 2022-11-02] (Malwarebytes Inc. -> Malwarebytes)
R2 MSI_Central_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [150840 2021-06-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [36152 2021-08-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe [39760 2021-05-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.212.1009.0004\OneDriveUpdaterService.exe [3840896 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2579272 2022-08-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3497808 2022-08-09] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2577752 2022-09-22] (Overwolf Ltd -> Overwolf LTD)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [2032040 2022-09-27] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [480176 2022-09-19] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1354232 2022-06-15] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. -> Razer Inc)
R2 Razer Game Manager Service 3; C:\Program Files (x86)\Razer\Razer Services\GMS3\GameManagerService3.exe [362760 2022-09-21] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [300552 2022-10-05] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1908688 2022-06-12] (Rockstar Games, Inc. -> Rockstar Games)
R2 rsDNSClientSvc; C:\Program Files\SaferWeb\rsDNSClientSvc.exe [743040 2022-10-30] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsDNSResolver; C:\Program Files\SaferWeb\rsDNSResolver.exe [10939008 2022-10-30] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsDNSSvc; C:\Program Files\SaferWeb\rsDNSSvc.exe [335488 2022-10-30] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [537912 2022-08-12] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [249328 2022-10-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182392 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [35200 2022-09-15] (SteelSeries ApS -> )
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe [5936680 2022-09-24] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10420944 2022-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\NisSrv.exe [3191224 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe [133536 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137544 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [10099288 2022-09-24] (PUBG CORPORATION -> KRAFTON, Inc)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ade64cd54ec2f9ed\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ade64cd54ec2f9ed\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
S1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 FWVirtualInputDevice; C:\WINDOWS\System32\drivers\FWVirtualInputDevice.sys [34816 2022-02-17] (Endor AG -> Endor AG)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S2 inpoutx64; C:\WINDOWS\System32\Drivers\inpoutx64.sys [15008 2022-04-13] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
S3 ksophon_x64; C:\Windows\system32\drivers\ksophon_x64.sys [9966728 2022-08-26] (PROXIMA BETA PTE. LIMITED -> PROXIMA BETE)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193992 2022-11-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-11-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-11-03] (Malwarebytes Inc. -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [29576 2021-11-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\NTIOLib_X64.sys [14288 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S3 rsDwf; C:\WINDOWS\system32\DRIVERS\rsDwf.sys [54144 2022-10-30] (Reason CyberSecurity Inc. -> Reason CyberSecurity Inc.)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_007e; C:\WINDOWS\System32\drivers\RzDev_007e.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0086; C:\WINDOWS\System32\drivers\RzDev_0086.sys [53288 2021-09-28] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0088; C:\WINDOWS\System32\drivers\RzDev_0088.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_026c; C:\WINDOWS\System32\drivers\RzDev_026c.sys [56152 2021-05-02] (Razer USA Ltd. -> Razer Inc)
R3 SC0710.X64; C:\WINDOWS\System32\drivers\SC0710.X64.SYS [3707448 2021-09-29] (Corsair Memory, Inc. -> )
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [47784 2022-05-03] (SteelSeries ApS -> SteelSeries ApS)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43640 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteelSeries_Sonar_VAD; C:\WINDOWS\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_ab95c13003d9c50f\SteelSeries-Sonar-VAD.sys [92912 2022-07-18] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8736232 2022-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-11-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469280 2022-11-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-01] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-10-12] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1445920 2022-10-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
U3 aswbdisk; kein ImagePath
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)

==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2022-11-04 10:51 - 2022-11-04 10:51 - 000036846 _____ C:\Users\Matthias\Downloads\FRST.txt
2022-11-04 10:51 - 2022-11-04 10:51 - 000000000 ____D C:\FRST
2022-11-04 10:50 - 2022-11-04 10:50 - 002374144 _____ (Farbar) C:\Users\Matthias\Downloads\FRST64.exe
2022-11-04 10:21 - 2022-11-04 10:21 - 000000000 ____D C:\Users\Matthias\AppData\LocalLow\IGDump
2022-11-03 19:02 - 2022-11-03 19:02 - 000000000 ____D C:\Users\Matthias\Documents\Benutzerdefinierte Office-Vorlagen
2022-11-03 01:07 - 2022-11-03 01:07 - 000758838 _____ C:\WINDOWS\system32\perfh007.dat
2022-11-03 01:07 - 2022-11-03 01:07 - 000157058 _____ C:\WINDOWS\system32\perfc007.dat
2022-11-03 01:01 - 2022-11-03 01:01 - 000193992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-11-03 01:01 - 2022-11-03 01:01 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-11-03 01:01 - 2022-11-03 01:01 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-11-03 00:56 - 2022-11-03 00:57 - 000000000 ____D C:\AdwCleaner
2022-11-03 00:55 - 2022-11-03 00:55 - 000003870 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-11-03 00:55 - 2022-11-03 00:55 - 000003428 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2022-11-03 00:07 - 2022-11-03 23:05 - 000001387 _____ C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-11-03 00:07 - 2022-11-03 23:05 - 000001281 _____ C:\Users\Matthias\Desktop\ESET Online Scanner.lnk
2022-11-03 00:07 - 2022-11-03 00:07 - 000000000 ____D C:\Users\Matthias\AppData\Local\ESET
2022-11-02 23:41 - 2022-11-02 23:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2022-11-02 23:23 - 2022-11-02 23:23 - 000000000 ____D C:\Users\Public\Security Sessions
2022-11-02 23:22 - 2022-11-02 23:41 - 000658032 _____ C:\WINDOWS\system32\rtp.db
2022-11-02 23:22 - 2022-11-02 23:23 - 000000000 ____D C:\Users\Matthias\AppData\Local\Avira
2022-11-02 23:22 - 2022-11-02 23:22 - 000000000 ____D C:\WINDOWS\SysWOW64\statReporter
2022-11-02 23:21 - 2022-11-02 23:43 - 000000000 ____D C:\ProgramData\Avira
2022-11-02 23:21 - 2022-11-02 23:43 - 000000000 ____D C:\Program Files (x86)\Avira
2022-11-02 23:20 - 2022-11-02 23:20 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2022-11-02 22:48 - 2022-11-02 23:57 - 000000000 ____D C:\ProgramData\Avast Software
2022-11-02 22:40 - 2022-11-02 22:40 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-11-02 20:56 - 2022-11-02 20:56 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-11-02 20:56 - 2022-11-02 20:56 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-11-02 20:56 - 2022-11-02 20:56 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-11-02 20:56 - 2022-11-02 20:56 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-11-02 20:56 - 2022-11-02 20:56 - 000002039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-11-02 20:56 - 2022-11-02 20:56 - 000002027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-11-02 20:56 - 2022-11-02 20:56 - 000000000 ____D C:\Users\Matthias\AppData\Local\mbam
2022-11-02 20:56 - 2022-11-02 20:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-11-02 20:55 - 2022-11-02 20:56 - 000000000 ____D C:\Program Files\Malwarebytes
2022-11-02 20:47 - 2022-11-02 20:47 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2022-11-02 20:44 - 2022-10-26 23:30 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-11-02 20:44 - 2022-10-26 23:30 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-11-02 20:44 - 2022-10-26 23:30 - 001642600 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-11-02 20:44 - 2022-10-26 23:30 - 001642600 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-11-02 20:44 - 2022-10-26 23:30 - 001444448 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-11-02 20:44 - 2022-10-26 23:30 - 001444448 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-11-02 20:44 - 2022-10-26 23:30 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-11-02 20:44 - 2022-10-26 23:30 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-11-02 20:44 - 2022-10-26 23:29 - 001487880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-11-02 20:44 - 2022-10-26 23:29 - 001226744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-11-02 20:44 - 2022-10-26 23:26 - 000865272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-11-02 20:44 - 2022-10-26 23:26 - 000672280 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-11-02 20:44 - 2022-10-26 23:26 - 000507440 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-11-02 20:44 - 2022-10-26 23:25 - 002161640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-11-02 20:44 - 2022-10-26 23:25 - 001618944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-11-02 20:44 - 2022-10-26 23:25 - 001530864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-11-02 20:44 - 2022-10-26 23:25 - 001190912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-11-02 20:44 - 2022-10-26 23:25 - 000746496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-11-02 20:44 - 2022-10-26 23:24 - 012451824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-11-02 20:44 - 2022-10-26 23:24 - 010219016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-11-02 20:44 - 2022-10-26 23:24 - 005891080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-11-02 20:44 - 2022-10-26 23:23 - 005856760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2022-11-02 20:44 - 2022-10-26 23:23 - 005816312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-11-02 20:44 - 2022-10-26 23:23 - 000853016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-11-02 20:44 - 2022-10-26 01:15 - 000100589 _____ C:\WINDOWS\system32\nvinfo.pb
2022-11-02 20:43 - 2022-07-14 00:32 - 000060112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2022-10-30 19:28 - 2022-11-04 09:52 - 000000000 ____D C:\ProgramData\SaferWebService
2022-10-30 19:28 - 2022-11-03 00:57 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\SaferWeb
2022-10-30 19:28 - 2022-10-30 19:28 - 000054144 _____ (Reason CyberSecurity Inc.) C:\WINDOWS\system32\Drivers\rsDwf.sys
2022-10-30 19:28 - 2022-10-30 19:28 - 000001181 _____ C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Safer Web.lnk
2022-10-30 19:28 - 2022-10-30 19:28 - 000000000 ____D C:\Program Files\SaferWeb
2022-10-28 15:02 - 2022-11-02 20:52 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-10-27 14:22 - 2022-11-02 19:31 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-10-27 14:22 - 2022-11-02 19:31 - 000002154 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-27 14:22 - 2022-10-27 14:22 - 000000000 ___RD C:\Users\Default\OneDrive
2022-10-27 14:22 - 2022-10-27 14:22 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-10-27 14:21 - 2022-10-31 23:22 - 000002543 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-10-27 14:21 - 2022-10-31 23:22 - 000002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-10-27 14:21 - 2022-10-27 14:21 - 000002547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-10-27 14:21 - 2022-10-27 14:21 - 000002522 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-10-27 14:21 - 2022-10-27 14:21 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2022-10-27 14:21 - 2022-10-27 14:21 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-10-27 14:21 - 2022-10-27 14:21 - 000002433 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-10-27 14:21 - 2022-10-27 14:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-10-27 14:20 - 2022-11-01 18:03 - 000000000 ____D C:\Program Files\Microsoft Office
2022-10-27 14:20 - 2022-10-27 14:20 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-10-18 18:09 - 2022-10-18 18:09 - 000001163 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2022-10-15 18:00 - 2022-10-15 18:00 - 000000000 ____D C:\Users\Matthias\AppData\LocalLow\Blueplant Studios
2022-10-15 17:24 - 2022-10-15 17:24 - 000000223 _____ C:\Users\Matthias\Desktop\Inside the Backrooms.url
2022-10-13 13:58 - 2022-10-13 13:58 - 000000000 ____D C:\Users\Matthias\Documents\Overwatch
2022-10-13 10:12 - 2022-10-13 10:12 - 000049893 _____ C:\Users\Matthias\Downloads\DinersClub_Kontoauszuege_20221013_111214.pdf
2022-10-13 08:49 - 2022-10-13 08:49 - 000076416 _____ C:\Users\Matthias\Downloads\umsatzliste.pdf
2022-10-12 18:45 - 2022-10-07 04:01 - 000041984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-10-12 18:33 - 2022-10-26 23:25 - 000950272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-10-12 18:33 - 2022-10-26 23:24 - 000734720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-10-12 18:33 - 2022-10-26 23:24 - 000458248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-10-12 18:32 - 2022-10-26 23:24 - 003334656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-10-12 14:40 - 2022-10-12 14:40 - 000000563 _____ C:\Users\Public\Desktop\Overwatch.lnk
2022-10-12 14:40 - 2022-10-12 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2022-10-12 14:23 - 2022-10-12 14:23 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2022-10-12 14:22 - 2022-10-21 20:14 - 000000000 ____D C:\Users\Matthias\AppData\Local\Battle.net
2022-10-12 14:22 - 2022-10-21 20:14 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-10-12 14:22 - 2022-10-13 13:58 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\Battle.net
2022-10-12 14:22 - 2022-10-12 14:24 - 000000000 ____D C:\Users\Matthias\AppData\Local\Blizzard Entertainment
2022-10-12 14:22 - 2022-10-12 14:22 - 000000950 _____ C:\Users\Public\Desktop\Battle.net.lnk
2022-10-12 14:22 - 2022-10-12 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2022-10-12 14:21 - 2022-10-12 14:22 - 000000000 ____D C:\ProgramData\Battle.net
2022-10-12 14:21 - 2022-10-12 14:21 - 004838352 _____ (Blizzard Entertainment) C:\Users\Matthias\Downloads\Battle.net-Setup.exe
2022-10-12 13:33 - 2022-10-12 13:33 - 007540143 _____ C:\Users\Matthias\Downloads\Unterlagen.zip
2022-10-12 13:29 - 2022-10-12 13:33 - 000000000 ____D C:\Users\Matthias\Downloads\Kredit
2022-10-12 07:54 - 2022-10-12 07:54 - 002575632 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-12 07:54 - 2022-10-12 07:54 - 002088728 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-12 07:54 - 2022-10-12 07:54 - 000327680 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-12 07:54 - 2022-10-12 07:54 - 000296448 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-10-12 07:54 - 2022-10-12 07:54 - 000157008 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2022-10-12 07:54 - 2022-10-12 07:54 - 000105312 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2022-10-12 07:54 - 2022-10-12 07:54 - 000062800 _____ C:\WINDOWS\system32\AppInstallerBackgroundUpdate.exe
2022-10-12 07:54 - 2022-10-12 07:54 - 000055144 _____ C:\WINDOWS\system32\SFAPE.dll
2022-10-12 07:54 - 2022-10-12 07:54 - 000046888 _____ C:\WINDOWS\system32\wow64base.dll
2022-10-12 07:54 - 2022-10-12 07:54 - 000016565 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 07:53 - 2022-10-12 07:53 - 000000000 ___HD C:\$WinREAgent
2022-10-10 08:49 - 2022-10-10 08:49 - 000000222 _____ C:\Users\Matthias\Desktop\Dead by Daylight.url
2022-10-07 10:16 - 2022-11-03 01:07 - 001754660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-07 10:14 - 2022-10-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-07 10:14 - 2022-10-07 10:14 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-07 10:12 - 2022-11-03 01:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-07 10:12 - 2022-11-02 20:43 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-07 10:12 - 2022-11-02 20:43 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-07 10:12 - 2022-11-02 20:43 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-07 10:12 - 2022-11-02 20:43 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-07 10:12 - 2022-11-02 20:43 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-07 10:12 - 2022-11-02 20:43 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-07 10:12 - 2022-11-02 20:43 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-07 10:12 - 2022-11-02 20:43 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-07 10:12 - 2022-11-02 20:43 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-07 10:12 - 2022-11-02 19:31 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2960260898-141030721-2575920888-1001
2022-10-07 10:12 - 2022-10-31 17:31 - 000003984 _____ C:\WINDOWS\system32\Tasks\RazerCortexScheduleClean
2022-10-07 10:12 - 2022-10-30 19:29 - 000003708 _____ C:\WINDOWS\system32\Tasks\DivXUpdate
2022-10-07 10:12 - 2022-10-08 10:09 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-07 10:12 - 2022-10-08 10:09 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-07 10:12 - 2022-10-07 10:12 - 000003866 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-10-07 10:12 - 2022-10-07 10:12 - 000003636 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{199E7407-D83B-49D7-A45D-3FD4434F68BB}
2022-10-07 10:12 - 2022-10-07 10:12 - 000003412 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{C09CDA25-2DA4-4D88-B1D9-F2BBE5EB8F98}
2022-10-07 10:12 - 2022-10-07 10:12 - 000003270 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2022-10-07 10:12 - 2022-10-07 10:12 - 000002266 _____ C:\WINDOWS\system32\Tasks\MSI Task Host - LEDKeeper2_Host
2022-10-07 10:12 - 2022-10-07 10:12 - 000000020 ___SH C:\Users\Matthias\ntuser.ini
2022-10-07 10:11 - 2022-10-07 10:12 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2022-10-07 10:11 - 2022-10-07 10:12 - 000011433 _____ C:\WINDOWS\diagerr.xml
2022-10-07 10:09 - 2022-11-04 10:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-07 10:09 - 2022-11-02 23:58 - 000761576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-07 10:09 - 2022-10-07 10:09 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2022-10-07 09:23 - 2022-11-01 22:58 - 000000000 ____D C:\Users\Matthias
2022-10-07 09:23 - 2022-10-07 10:09 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\Vorlagen
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\Startmenü
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\Netzwerkumgebung
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\Lokale Einstellungen
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\Eigene Dateien
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\Druckumgebung
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\Documents\Eigene Videos
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\Documents\Eigene Musik
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\Documents\Eigene Bilder
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\AppData\Local\Verlauf
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\AppData\Local\Anwendungsdaten
2022-10-07 09:23 - 2022-10-07 09:23 - 000000000 _SHDL C:\Users\Matthias\Anwendungsdaten
2022-10-07 09:23 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-07 09:23 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-07 09:22 - 2022-10-07 09:23 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-07 09:22 - 2022-10-07 09:22 - 000000000 ____D C:\WINDOWS\system32\SteelSeries
2022-10-07 09:22 - 2022-10-07 09:22 - 000000000 ____D C:\WINDOWS\system32\Samsung
2022-10-07 09:22 - 2022-10-07 09:22 - 000000000 ____D C:\WINDOWS\system32\DTS
2022-10-07 09:22 - 2022-10-07 09:22 - 000000000 ____D C:\WINDOWS\SC0710
2022-10-07 09:20 - 2022-10-07 09:20 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-07 09:20 - 2022-10-07 09:20 - 000133120 _____ C:\WINDOWS\SysWOW64\stordiag.exe
2022-10-07 09:19 - 2022-10-07 09:19 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-07 09:19 - 2022-10-07 09:19 - 000192512 _____ C:\WINDOWS\system32\CloudExperienceHostRedirection.dll
2022-10-07 09:19 - 2022-10-07 09:19 - 000180224 _____ C:\WINDOWS\system32\stordiag.exe
2022-10-07 09:19 - 2022-10-07 09:19 - 000098304 _____ C:\WINDOWS\system32\dplcsp.dll
2022-10-07 09:18 - 2022-10-07 09:18 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-10-07 09:18 - 2022-10-07 09:18 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-07 09:18 - 2022-10-07 09:18 - 000000000 ____D C:\Program Files\MSBuild
2022-10-07 09:18 - 2022-10-07 09:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-07 09:18 - 2022-10-07 09:18 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-07 09:17 - 2022-10-07 09:17 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2022-10-07 09:17 - 2022-10-07 09:17 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-10-07 09:17 - 2022-10-07 09:17 - 000000000 ____D C:\WINDOWS\addins
2022-10-07 09:12 - 2022-10-07 09:12 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-07 08:58 - 2022-10-18 18:07 - 000000000 ___DC C:\WINDOWS\Panther
2022-10-05 22:41 - 2022-10-06 17:48 - 000000049 _____ C:\Users\Matthias\Documents\pokemon.txt

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2022-11-04 10:50 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-04 10:37 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-11-04 10:33 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-04 10:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-04 10:32 - 2022-04-13 07:25 - 000000000 ____D C:\Users\Matthias\AppData\Local\D3DSCache
2022-11-04 09:56 - 2022-04-14 18:27 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-04 09:50 - 2022-04-13 09:48 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-03 23:09 - 2022-04-16 20:35 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\discord
2022-11-03 23:09 - 2022-04-14 18:27 - 000000000 ____D C:\Program Files (x86)\Steam
2022-11-03 23:07 - 2022-04-16 20:35 - 000000000 ____D C:\Users\Matthias\AppData\Local\Discord
2022-11-03 22:03 - 2022-04-13 07:25 - 000000000 ____D C:\Users\Matthias\AppData\Local\Packages
2022-11-03 22:03 - 2022-04-13 07:25 - 000000000 ____D C:\ProgramData\Packages
2022-11-03 21:05 - 2022-04-14 18:27 - 000000000 ____D C:\temp
2022-11-03 20:57 - 2022-04-14 23:08 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\KeePass
2022-11-03 16:34 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2022-11-03 12:30 - 2022-08-11 15:57 - 000000000 ____D C:\Users\Matthias\Desktop\Neuer Ordner
2022-11-03 10:05 - 2022-08-10 17:23 - 000000000 ____D C:\ProgramData\USVFS
2022-11-03 10:05 - 2022-08-10 17:21 - 000000000 ____D C:\Modded Skyrim Special Edition
2022-11-03 01:04 - 2022-05-06 08:58 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2022-11-03 01:01 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-03 01:01 - 2022-05-07 06:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-03 01:01 - 2022-04-12 16:59 - 000012288 ___SH C:\DumpStack.log.tmp
2022-11-03 00:47 - 2022-04-14 18:27 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-02 23:41 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-11-02 20:43 - 2022-04-13 07:48 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-11-02 20:43 - 2022-04-13 07:48 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-11-02 20:43 - 2022-04-13 07:48 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-11-01 22:58 - 2022-07-01 15:55 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\Origin
2022-11-01 22:58 - 2022-07-01 15:55 - 000000000 ____D C:\ProgramData\Origin
2022-11-01 22:55 - 2022-07-01 15:55 - 000000000 ____D C:\Users\Matthias\AppData\Local\Origin
2022-11-01 19:10 - 2022-07-02 11:13 - 000000000 ____D C:\Program Files (x86)\Origin Games
2022-11-01 11:57 - 2022-04-12 16:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-31 23:22 - 2022-06-02 11:25 - 000001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2022-10-31 23:22 - 2022-05-16 15:10 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk
2022-10-31 23:22 - 2022-04-22 12:26 - 000000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.30.lnk
2022-10-31 23:22 - 2022-04-16 09:55 - 000001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fanatec Control Panel.lnk
2022-10-31 23:22 - 2022-04-14 23:07 - 000000969 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2022-10-31 23:21 - 2022-04-15 18:07 - 000000000 ____D C:\ProgramData\Riot Games
2022-10-31 21:40 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-10-31 16:03 - 2022-04-12 16:59 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-31 16:03 - 2022-04-12 16:59 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-10-30 22:05 - 2022-08-26 20:37 - 000000000 ____D C:\Users\Matthias\AppData\Local\Ubisoft Game Launcher
2022-10-30 19:29 - 2022-07-19 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2022-10-30 19:29 - 2022-07-19 17:25 - 000000000 ____D C:\ProgramData\DivX
2022-10-30 19:29 - 2022-07-19 17:25 - 000000000 ____D C:\Program Files (x86)\DivX
2022-10-30 19:28 - 2022-07-19 17:26 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\DivX
2022-10-30 19:28 - 2022-04-13 07:28 - 000000000 ____D C:\ProgramData\Package Cache
2022-10-30 10:42 - 2022-08-15 14:10 - 000000204 _____ C:\Users\Matthias\Documents\Orte_Urlaub.txt
2022-10-27 19:28 - 2022-04-13 09:50 - 000000000 ____D C:\Users\Matthias\AppData\Local\NVIDIA Corporation
2022-10-27 14:22 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-26 23:21 - 2022-08-10 08:05 - 007642784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-10-26 23:21 - 2022-08-10 08:05 - 006512336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-10-26 21:10 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-25 21:48 - 2022-04-16 13:15 - 000000000 ____D C:\Users\Matthias\AppData\Local\CrashDumps
2022-10-23 16:04 - 2022-09-24 18:10 - 000000000 ____D C:\Program Files\Common Files\PUBG
2022-10-23 15:13 - 2022-09-24 18:10 - 001445920 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2022-10-21 18:11 - 2022-04-16 12:04 - 000001276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FanaLab.lnk
2022-10-21 18:11 - 2022-04-14 18:30 - 000000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2022-10-21 15:54 - 2022-04-14 18:31 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\TS3Client
2022-10-18 18:09 - 2022-08-31 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2022-10-18 18:09 - 2022-04-14 18:27 - 000000000 ____D C:\Users\Matthias\AppData\Local\Razer
2022-10-18 18:09 - 2022-04-14 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-10-18 18:07 - 2022-04-14 18:26 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2022-10-17 07:25 - 2022-04-13 09:48 - 002890296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2022-10-17 07:25 - 2022-04-13 09:48 - 002224696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2022-10-17 07:25 - 2022-04-13 09:48 - 001297464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2022-10-15 17:24 - 2022-04-14 18:29 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-10-14 22:19 - 2022-08-10 17:30 - 000000815 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2022-10-12 21:41 - 2022-05-07 11:39 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-10-12 21:41 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-12 21:41 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-12 07:58 - 2022-04-15 09:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 07:57 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-12 07:57 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-12 07:57 - 2022-04-15 09:23 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-11 15:42 - 2022-05-17 18:42 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\EasyAntiCheat
2022-10-07 17:51 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-07 14:53 - 2022-04-13 07:47 - 000000000 ____D C:\Users\Matthias\AppData\Local\PlaceholderTileLogoFolder
2022-10-07 10:12 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows NT
2022-10-07 10:12 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-07 10:12 - 2022-05-06 09:06 - 000000990 __RSH C:\ProgramData\ntuser.pol
2022-10-07 10:12 - 2022-04-13 07:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-10-07 10:11 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries
2022-10-07 10:09 - 2022-08-11 08:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tower of Fantasy
2022-10-07 10:09 - 2022-08-10 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mod Organizer
2022-10-07 10:09 - 2022-08-10 16:19 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-10-07 10:09 - 2022-08-10 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-10-07 10:09 - 2022-08-10 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-10-07 10:09 - 2022-07-06 17:53 - 000000000 ____D C:\Program Files\Common Files\logishrd
2022-10-07 10:09 - 2022-07-04 15:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-10-07 10:09 - 2022-06-12 16:43 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2022-10-07 10:09 - 2022-05-16 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.eu
2022-10-07 10:09 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-07 10:09 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-07 10:09 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-07 10:09 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2022-10-07 10:09 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ModemLogs
2022-10-07 10:09 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-07 10:09 - 2022-04-16 20:35 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2022-10-07 10:09 - 2022-04-15 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2022-10-07 10:09 - 2022-04-14 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2022-10-07 10:09 - 2022-04-14 21:23 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky
2022-10-07 10:09 - 2022-04-14 18:31 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2022-10-07 10:09 - 2022-04-14 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2022-10-07 10:09 - 2022-04-14 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RazerCentral
2022-10-07 10:09 - 2022-04-14 18:17 - 000000000 ____D C:\Program Files (x86)\Razer
2022-10-07 10:09 - 2022-04-13 09:51 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XtremeTuner
2022-10-07 10:09 - 2022-04-13 09:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2022-10-07 10:09 - 2021-06-05 13:10 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-10-07 10:09 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-10-07 10:09 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-07 09:27 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup
2022-10-07 09:25 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-07 09:23 - 2022-08-26 20:37 - 000000000 ____D C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2022-10-07 09:23 - 2022-06-06 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2022-10-07 09:23 - 2022-04-22 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2022-10-07 09:23 - 2022-04-15 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2022-10-07 09:23 - 2022-04-14 18:18 - 000000000 ____D C:\Program Files\Common Files\Logitech
2022-10-07 09:21 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Globalization
2022-10-07 09:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-10-07 09:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-10-07 09:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR
2022-10-07 09:17 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-07 09:17 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-07 09:17 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-10-07 09:17 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-10-07 09:17 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-10-07 09:17 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-10-07 09:17 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-10-07 09:17 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-10-07 09:17 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-10-07 09:17 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-10-07 09:17 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-10-07 09:17 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-10-07 09:17 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-10-07 09:17 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-10-07 09:17 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-10-07 09:17 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-10-07 09:17 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2022-10-07 09:17 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-10-07 09:17 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-07 09:17 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2022-10-07 04:01 - 2022-08-10 08:06 - 000129000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2022-08-11 08:45 - 2022-08-11 08:45 - 000001004 _____ () C:\Users\Matthias\AppData\Roaming\tof_launcher.reg
2022-04-13 10:24 - 2022-04-13 10:24 - 001065984 _____ () C:\Users\Matthias\AppData\Local\file__0.localstorage

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================

DragonBaster 04.11.2022 11:18
Addition:FRST Additions Logfile:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-10-2022 02
durchgeführt von Matthias (04-11-2022 10:52:18)
Gestartet von C:\Users\Matthias\Downloads
Microsoft Windows 11 Pro Version 22H2 22621.674 (X64) (2022-10-07 09:12:31)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-2960260898-141030721-2575920888-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2960260898-141030721-2575920888-503 - Limited - Disabled)
Gast (S-1-5-21-2960260898-141030721-2575920888-501 - Limited - Disabled)
Matthias (S-1-5-21-2960260898-141030721-2575920888-1001 - Administrator - Enabled) => C:\Users\Matthias
WDAGUtilityAccount (S-1-5-21-2960260898-141030721-2575920888-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4K Capture Utility (HKLM\...\{6FDA64CE-998B-4B08-B0E5-02681C9A008A}) (Version: 1.7.6.4888 - Elgato Systems)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.83 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.4 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.7.0.1851 - Advanced Micro Devices, Inc.)
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{cf77cf6b-71ff-4a71-802d-43adb9b271b7}) (Version: 3.10.22.706 - Advanced Micro Devices, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 10.8.10.0 - DivX, LLC)
Elgato Stream Deck (HKLM\...\{D2A26B85-6DA9-40F7-8717-CB8F78E3AFEA}) (Version: 5.3.3.15214 - Elgato Systems GmbH)
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.12 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{97f3a665-a91b-4def-91e2-97fec9f22bfa}) (Version: 1.0.9.12 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{5F15891E-8342-47CD-AFFF-89211CFC04D0}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
Facecheck (HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Overwolf_fiekjlgoffmlmgfmggnoeoljkmfkcapcdmcgcfgm) (Version: 1.0.0.38 - Overwolf app)
FanaLab (HKLM-x32\...\{E46A1E5E-3EDB-4259-BD47-C54CADCEC982}) (Version: 1.63.6 - Endor AG)
FANATEC driver package (HKLM\...\{29DF8CC2-09C3-4CF9-AF42-1D78B0A5FD7C}) (Version: 8.44.9 - Endor AG Fanatec)
GIMP 2.10.30 (HKLM\...\GIMP-2_is1) (Version: 2.10.30 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.88 - Google LLC)
KeePass Password Safe 2.50 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.50 - Dominik Reichl)
Kinect for Windows Speech Recognition Language Pack (de-DE) (HKLM-x32\...\{898AA67F-99B8-4C7F-9611-B11F98EF6E78}) (Version: 11.0.7413.611 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (es-ES) (HKLM-x32\...\{F49AF755-A5C3-4252-A190-5772B2669C3B}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (fr-CA) (HKLM-x32\...\{7D179500-CA0C-4456-B624-C15876B15F39}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (it-IT) (HKLM-x32\...\{969D900A-3481-4A77-B888-D24160D4D727}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (ja-JP) (HKLM-x32\...\{EDA8693D-9E82-4FD1-98C8-0DC4F9141E0F}) (Version: 11.0.7400.336 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
LOOT Version 0.18.3 (HKLM\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.18.3 - LOOT Team)
MAGIX Speed burnR (HKLM\...\{301EB2C0-9696-47F9-8B8B-5939DB6407D2}) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{301EB2C0-9696-47F9-8B8B-5939DB6407D2}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Demo) (HKLM\...\{F8988722-0945-4E70-80DE-8DEC94CCEB12}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Demo) (HKLM\...\MX.{F8988722-0945-4E70-80DE-8DEC94CCEB12}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Designelemente) (HKLM\...\{0E16D946-C81B-415E-8DBB-056D052A9C81}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Designelemente) (HKLM\...\MX.{0E16D946-C81B-415E-8DBB-056D052A9C81}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Filmvorlagen 1) (HKLM\...\{BB9ABEE0-62FA-4BFE-8ADD-25CEA6E78B8A}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Filmvorlagen 1) (HKLM\...\MX.{BB9ABEE0-62FA-4BFE-8ADD-25CEA6E78B8A}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Filmvorlagen 2) (HKLM\...\{69365D37-1707-4370-ACA4-B437E3EBC0ED}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Filmvorlagen 2) (HKLM\...\MX.{69365D37-1707-4370-ACA4-B437E3EBC0ED}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Filmvorlagen 3) (HKLM\...\{C54919DC-840F-4583-A764-3BC23B739C60}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Filmvorlagen 3) (HKLM\...\MX.{C54919DC-840F-4583-A764-3BC23B739C60}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Filmvorlagen 4) (HKLM\...\{F25B76A6-3A41-4CB8-A8A4-62CC8BCD01C8}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Filmvorlagen 4) (HKLM\...\MX.{F25B76A6-3A41-4CB8-A8A4-62CC8BCD01C8}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Filmvorlagen 5) (HKLM\...\{15004B86-AB3C-4D21-9C25-08210709236C}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Filmvorlagen 5) (HKLM\...\MX.{15004B86-AB3C-4D21-9C25-08210709236C}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Filmvorlagen 6) (HKLM\...\{C1AFB926-6EA4-4316-8A2B-4EDADA73BBE9}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Filmvorlagen 6) (HKLM\...\MX.{C1AFB926-6EA4-4316-8A2B-4EDADA73BBE9}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Filmvorlagen 7) (HKLM\...\{DB4DDCD9-C266-422C-ADFC-44D8C40E1A0A}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Filmvorlagen 7) (HKLM\...\MX.{DB4DDCD9-C266-422C-ADFC-44D8C40E1A0A}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Fotoshow Maker-Stile 1) (HKLM\...\{2D1CF0D9-0086-4188-8A85-A44166EFA2D7}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Fotoshow Maker-Stile 1) (HKLM\...\MX.{2D1CF0D9-0086-4188-8A85-A44166EFA2D7}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Fotoshow Maker-Stile 2) (HKLM\...\{50B6E792-8C30-4CC3-A300-FBC0868AC841}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Fotoshow Maker-Stile 2) (HKLM\...\MX.{50B6E792-8C30-4CC3-A300-FBC0868AC841}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (HKLM\...\{DC4FD10F-549C-4B58-8C99-5BAEE5104604}) (Version: 16.0.1.22 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (HKLM\...\MX.{DC4FD10F-549C-4B58-8C99-5BAEE5104604}) (Version: 16.0.1.22 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Individuelle Menüvorlagen) (HKLM\...\{5A8804A5-69FB-4B32-9FD7-8F6C1A868D53}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Individuelle Menüvorlagen) (HKLM\...\MX.{5A8804A5-69FB-4B32-9FD7-8F6C1A868D53}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Menüvorlagen 1) (HKLM\...\{58F9F8BB-7E28-41FB-9FB7-19FADAB56C16}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Menüvorlagen 1) (HKLM\...\MX.{58F9F8BB-7E28-41FB-9FB7-19FADAB56C16}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Menüvorlagen 2) (HKLM\...\{3AD510A7-7232-4551-9774-5D7869F2CB9C}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Menüvorlagen 2) (HKLM\...\MX.{3AD510A7-7232-4551-9774-5D7869F2CB9C}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Soundtrack Maker-Stile) (HKLM\...\{C2E8A858-40B2-4378-BE26-32E73D2FC64F}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Soundtrack Maker-Stile) (HKLM\...\MX.{C2E8A858-40B2-4378-BE26-32E73D2FC64F}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Titeleffekte) (HKLM\...\{C3261ADD-9A16-4E79-B329-5A33CF970AC8}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Titeleffekte) (HKLM\...\MX.{C3261ADD-9A16-4E79-B329-5A33CF970AC8}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Plus (Überblendeffekte) (HKLM\...\{24F0F9C1-5CE4-4B78-9CF7-1A424E8CF5DB}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Plus (Überblendeffekte) (HKLM\...\MX.{24F0F9C1-5CE4-4B78-9CF7-1A424E8CF5DB}) (Version: 16.0.0.0 - MAGIX Software GmbH)
Malwarebytes version 4.5.16.217 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.16.217 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.15726.20174 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.26 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.26 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.212.1009.0004 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pl-PL) (HKLM-x32\...\{BEFB9378-5E88-4266-8EB1-C92869449885}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pt-BR) (HKLM-x32\...\{F6B5EB21-0ABF-487C-B9A9-D9DB259C4403}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ru-RU) (HKLM-x32\...\{9419B7EA-6A4B-4A57-8E2A-3BDD4676118F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-CN) (HKLM-x32\...\{BAD2A75A-1708-47BA-A498-20890D2C78A7}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30133 (HKLM\...\{E699E009-1C3C-4E50-9B57-2B39F0954C7F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30133 (HKLM\...\{6CD9E9ED-906D-4196-8DC3-F987D2F6615F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30135 (HKLM-x32\...\{77EB1EA9-8E1B-459D-8CDC-1984D0FF15B6}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30135 (HKLM-x32\...\{36A1E79B-581A-4FE5-843D-84C2D3C9431E}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2021.1126.01 - MSI)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.154 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.154 - NVIDIA Corporation)
NVIDIA Grafiktreiber 526.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 526.47 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.115.51547 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.204.2.2 - Overwolf Ltd.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 10.3.7.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.1015.100615 - Razer Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9257.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.051.0811.2021 - Realtek)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.59.842 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.3.7 - Rockstar Games)
Safer Web (HKLM\...\SaferWeb) (Version: 2.3.0 - Reason Cybersecurity Inc.)
Sky X 22.7.1.0 (HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\com.bskyb.skyxplayer_is1) (Version: 22.7.1.0 - Sky)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 24.0.0 (HKLM\...\SteelSeries GG) (Version: 24.0.0 - SteelSeries ApS)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
TeamSpeak Overlay (HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.2 - Overwolf app)
Tower of Fantasy (HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\tof_launcher) (Version:  - Hotta Studio)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VALORANT (HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
win-capture-audio version 2.2.2 (HKLM-x32\...\{406FD363-BC38-47EE-AF53-7F6FB4D56ECE}_is1) (Version: 2.2.2 - bozbez)
WinRAR 6.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
XtremeTuner (HKLM-x32\...\XtremeTuner) (Version: 1.0.6.6 - Galaxy Microsystems Ltd.)

Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.1.0_neutral__yxz26nhyzhsrt [2022-10-25] (Microsoft Corp.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.41.5.0_x64__6rarf9sa4v8jt [2022-11-03] (Disney)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-14] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-10-25] (Microsoft Studios) [MS Ad]
MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_1.0.61.0_x64__kzh8wxbdkxb8p [2022-10-25] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe [2022-10-09] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.32791.0_x64__8wekyb3d8bbwe [2022-11-02] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-10-07] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-11-02] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.36.273.0_x64__dt26b99r8h8gj [2022-10-07] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0 [2022-10-30] (Spotify AB) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-10-12] (Microsoft Windows)
WinRAR -> C:\Program Files\WinRAR [2022-08-10] (0)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2022-01-23] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2022-01-23] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.212.1009.0004\FileSyncShell64.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ade64cd54ec2f9ed\nvshext.dll [2022-10-26] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-02] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2022-09-29 13:11 - 2022-09-29 13:11 - 000038400 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\giflib5.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000098816 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\QtZeroConf.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000720384 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\turbojpeg.dll
2022-04-13 07:54 - 2018-11-15 13:08 - 002200784 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\IcMSIDll.dll
2022-04-13 07:54 - 2018-08-31 06:26 - 000053760 _____ (MS) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\MsIo32_Galax.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 001742848 _____ (SQLite Development Team) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\sqlite3.dll
2022-07-01 15:55 - 2022-07-01 15:55 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\LIBEAY32.dll
2022-07-01 15:55 - 2022-07-01 15:55 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\ssleay32.dll
2022-04-15 12:45 - 2020-04-26 13:10 - 003000832 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Users\Matthias\AppData\Roaming\Elgato\StreamDeck\Plugins\net.voicemod.windowsdesktop.sdPlugin\libcrypto-1_1-x64.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 002696704 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\libcrypto-1_1-x64.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000642560 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\libssl-1_1-x64.dll
2022-07-01 15:55 - 2022-07-01 15:55 - 001611264 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2022-08-12 08:29 - 2022-07-01 15:55 - 005487104 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Core.dll
2022-08-12 08:29 - 2022-07-01 15:55 - 005841920 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Gui.dll
2022-08-12 08:29 - 2022-07-01 15:55 - 001179136 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Network.dll
2022-08-12 08:29 - 2022-07-01 15:55 - 000146432 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2022-08-12 08:29 - 2022-07-01 15:55 - 005089792 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2022-08-12 08:29 - 2022-07-01 15:55 - 000184832 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Xml.dll
2022-04-13 07:54 - 2016-10-04 03:43 - 000399872 _____ (TODO: <公司名稱>) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\SDKDLL.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.eu.lnk:4CECF3C42D [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FanaLab.lnk:55111C87F9 [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fanatec Control Panel.lnk:FE5F516C8E [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.30.lnk:8495649500 [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk:CF2917E869 [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk:B021ADA33C [4306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk:F208FC6732 [4306]
AlternateDataStreams: C:\Users\Matthias\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Matthias\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\DivX Shared\DesktopService
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\Control Panel\Desktop\\Wallpaper -> D:\Privat\Wallpaper\Anime\Kirishima.Touka.600.1830065.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: on)
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\Run: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run: => "nwiz"
HKLM\...\StartupApproved\Run: => "SteelSeriesGG"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\StartupApproved\Run: => "FanaLab"
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_CF3A0B5AD32FE1AD6A7C3F142C8929DE"
HKU\S-1-5-21-2960260898-141030721-2575920888-1001\...\StartupApproved\Run: => "EADM"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{6179286E-93B1-419C-8334-A90142CDEB1F}] => (Allow) F:\SteamLibrary\steamapps\common\Perfect Heist 2\PerfectHeist2.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{71CD10D4-0143-4D6D-ABDF-4C5ADD2DEEAE}] => (Allow) F:\SteamLibrary\steamapps\common\Perfect Heist 2\PerfectHeist2.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{C970FF67-86ED-4D8C-8308-009DBA0D9A83}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{75E25704-14AB-49B9-A1FE-A4C09A6EB8FA}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22227.300.1508.3394_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{899B0219-536F-4E10-93EB-1B6B0A178032}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{3EC8D003-6A4E-483F-87F3-0D41A7073B8A}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{229B7B70-97DA-4467-A5C9-EAA58A774006}] => (Block) C:\Program Files (x86)\Overwolf\0.195.0.18\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{B67C6E92-1185-4E2C-A496-B84A9FE2F5E1}] => (Block) C:\Program Files (x86)\Overwolf\0.195.0.18\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{BF780E29-3E98-4E2D-A952-ACF2E0013769}] => (Allow) C:\Program Files (x86)\Overwolf\0.195.0.18\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{855CDAEE-678B-4EF4-A940-E5FF3A57622F}] => (Allow) C:\Program Files (x86)\Overwolf\0.195.0.18\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{523ED26C-A163-4770-A8F2-91A9CC3A1FA9}] => (Allow) C:\Program Files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [{6164CC86-0086-4C74-92B1-E096426D578A}] => (Allow) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe (Corsair Memory, Inc. -> Corsair Memory, Inc)
FirewallRules: [{B7726D0A-1406-494B-A7B1-A3DCA0E16CBE}] => (Allow) F:\SteamLibrary\steamapps\common\Joggernauts\joggernauts.exe () [Datei ist nicht signiert]
FirewallRules: [{0FE3D92B-7185-4E4A-A4FF-21214504892C}] => (Allow) F:\SteamLibrary\steamapps\common\Joggernauts\joggernauts.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{9BBD3102-2BFD-455E-81A1-F496C8897389}F:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [TCP Query User{379B5095-0E83-416F-BB4A-BCF2B35976D7}F:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [{6612BF86-AE1A-464D-A85C-F73DA5330CB3}] => (Allow) F:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG CORPORATION -> KRAFTON, Inc.)
FirewallRules: [{553636CB-F1CA-424D-BE1C-03F3488FCFD3}] => (Allow) F:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG CORPORATION -> KRAFTON, Inc.)
FirewallRules: [{469990AC-9611-48A0-95FF-4835A05A8A29}] => (Allow) F:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{BEEFD967-494D-47A5-AE34-5643D0288181}] => (Allow) F:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{AA123B78-63A4-45E1-BA3C-1E495F03BA5F}] => (Allow) F:\SteamLibrary\steamapps\common\The Isle\TheIsle.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{BF7C521E-E2DA-4D8D-A8A4-4C905E842C5E}] => (Allow) F:\SteamLibrary\steamapps\common\The Isle\TheIsle.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{9AD65CEA-C764-47D8-A098-763C5DDD40F3}] => (Allow) F:\SteamLibrary\steamapps\common\INSIDE\INSIDE.exe () [Datei ist nicht signiert]
FirewallRules: [{084DC416-1C80-4965-BDBD-84D04E62406F}] => (Allow) F:\SteamLibrary\steamapps\common\INSIDE\INSIDE.exe () [Datei ist nicht signiert]
FirewallRules: [{CC1357D3-5094-4EA8-B533-B200D8BD62CA}] => (Allow) F:\SteamLibrary\steamapps\common\Roosevelt\Morkredd.exe () [Datei ist nicht signiert]
FirewallRules: [{BD54C259-D7A2-4979-A145-90E4BABDD2C9}] => (Allow) F:\SteamLibrary\steamapps\common\Roosevelt\Morkredd.exe () [Datei ist nicht signiert]
FirewallRules: [{9ED880B8-5A97-44EB-84F5-F4A0983573BA}] => (Allow) F:\SteamLibrary\steamapps\common\Uno\UNO.exe (Chengdu Ubisoft Software Co., Ltd. -> )
FirewallRules: [{530B47AE-8494-4476-87D2-3E567413632E}] => (Allow) F:\SteamLibrary\steamapps\common\Uno\UNO.exe (Chengdu Ubisoft Software Co., Ltd. -> )
FirewallRules: [{F3967CD7-887E-4EDB-BCAE-91C84BF959B0}] => (Allow) G:\Tower Of Fantasy\Hotta\Binaries\Win64\INTLWebViewHelper.exe () [Datei ist nicht signiert]
FirewallRules: [{A4449AAA-AA04-460F-AF6E-BB572D31878E}] => (Allow) F:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe (Blue Mammoth Games) [Datei ist nicht signiert]
FirewallRules: [{AAC23F92-5AF3-4436-8AD8-5212B4D571C7}] => (Allow) F:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe (Blue Mammoth Games) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{E2CFA284-E787-4333-B0A2-B055469FE129}F:\steamlibrary\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe] => (Allow) F:\steamlibrary\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{AD8D88E0-BD35-4977-B6F2-90C030A081C7}F:\steamlibrary\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe] => (Allow) F:\steamlibrary\steamapps\common\ben and ed - blood party\baebloodparty\binaries\win32\baebloodparty.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{D3465993-7E60-4F40-907D-1DD6E1C275F2}] => (Allow) F:\SteamLibrary\steamapps\common\Ben and Ed - Blood Party\BaEBloodParty.exe () [Datei ist nicht signiert]
FirewallRules: [{06B2A721-8287-48DD-BD84-30D27B6490A0}] => (Allow) F:\SteamLibrary\steamapps\common\Ben and Ed - Blood Party\BaEBloodParty.exe () [Datei ist nicht signiert]
FirewallRules: [{F5B4EC25-586F-49BB-AD01-FE5E4B97987C}] => (Allow) F:\SteamLibrary\steamapps\common\Pummel Party\PummelParty.exe () [Datei ist nicht signiert]
FirewallRules: [{4E3E69B4-C5ED-47E5-B359-757EBF61DCC5}] => (Allow) F:\SteamLibrary\steamapps\common\Pummel Party\PummelParty.exe () [Datei ist nicht signiert]
FirewallRules: [{F7921328-D006-4316-ABBC-3A7E2298EA78}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [Datei ist nicht signiert]
FirewallRules: [{75B9FA39-F05D-4938-ADBC-B6567287233D}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [Datei ist nicht signiert]
FirewallRules: [{D3FE4607-EBD4-4F7B-A3C1-5D6B6776DA7C}] => (Allow) F:\SteamLibrary\steamapps\common\Ghost Watchers\Ghost Watchers.exe () [Datei ist nicht signiert]
FirewallRules: [{9A8B35AE-F86C-49B3-A471-89EFA7EF97FB}] => (Allow) F:\SteamLibrary\steamapps\common\Ghost Watchers\Ghost Watchers.exe () [Datei ist nicht signiert]
FirewallRules: [{0283B379-4234-4E95-B286-CA661D0E09FB}] => (Allow) F:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{73650B33-12E6-4901-A6E3-0233A4B81733}] => (Allow) F:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{4A68670A-4088-4598-AC74-06549D01DD6B}] => (Allow) C:\Users\Matthias\AppData\Local\tofMiniLoader\tofMiniLoader.exe (PROXIMA BETA PTE. LIMITED -> )
FirewallRules: [{2CCD2093-92A2-46F7-A941-984A0DA8A694}] => (Allow) C:\Users\Matthias\AppData\Local\tofMiniLoader\tofMiniLoader.exe (PROXIMA BETA PTE. LIMITED -> )
FirewallRules: [{0E3372F6-C7AE-490E-9076-188825448E36}] => (Allow) F:\SteamLibrary\steamapps\common\skyrim\skse_steam_boot.exe () [Datei ist nicht signiert]
FirewallRules: [{7B714CA2-04D9-41DE-B631-5FD936D03B91}] => (Allow) F:\SteamLibrary\steamapps\common\skyrim\skse_steam_boot.exe () [Datei ist nicht signiert]
FirewallRules: [{EF7F0DD6-5BF5-40C2-8F0E-E263F1033159}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [Datei ist nicht signiert]
FirewallRules: [{A19518B2-7D35-491C-9B21-0EB947EB20E5}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{DF6886E9-745D-49D4-A266-BDFB16CA8313}F:\steamlibrary\steamapps\common\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe (Kunos Simulazioni) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{077A455D-D7E3-41F2-AC57-0B432186034B}F:\steamlibrary\steamapps\common\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe (Kunos Simulazioni) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{FA8EA282-C5DF-4393-BEFB-4B946B543D6D}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe (DIVX LLC -> DivX, LLC)
FirewallRules: [TCP Query User{82DCE184-1906-4C75-AE1E-C06D90452529}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe (DIVX LLC -> DivX, LLC)
FirewallRules: [UDP Query User{AA1F3158-5F2F-4303-A4BA-EA3FA9935729}F:\steamlibrary\steamapps\common\videohorrorsociety\game\binaries\win64\game-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\videohorrorsociety\game\binaries\win64\game-win64-shipping.exe (Hellbent Games) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{F9346D1D-D9EF-44AA-B495-AAF5C68FFC51}F:\steamlibrary\steamapps\common\videohorrorsociety\game\binaries\win64\game-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\videohorrorsociety\game\binaries\win64\game-win64-shipping.exe (Hellbent Games) [Datei ist nicht signiert]
FirewallRules: [{55BEE47D-A23F-423A-B8F2-224DD5EDE52F}] => (Allow) F:\SteamLibrary\steamapps\common\VideoHorrorSociety\VideoHorrorSociety.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{0342A386-40BA-47A3-87D0-180D04618524}] => (Allow) F:\SteamLibrary\steamapps\common\VideoHorrorSociety\VideoHorrorSociety.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{E7C341A0-2A11-4070-B6B6-29F23F402090}] => (Allow) F:\SteamLibrary\steamapps\common\Dinkum\Dinkum.exe () [Datei ist nicht signiert]
FirewallRules: [{EBAF88B4-3455-4FDD-B8A7-2F43D1F8C7B8}] => (Allow) F:\SteamLibrary\steamapps\common\Dinkum\Dinkum.exe () [Datei ist nicht signiert]
FirewallRules: [{5BD7644C-12A5-4654-930B-33F4D6C1F632}] => (Allow) F:\SteamLibrary\steamapps\common\Assetto Corsa Competizione\acc.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{50009D16-925C-4CFC-BDB8-3F54106F8039}] => (Allow) F:\SteamLibrary\steamapps\common\Assetto Corsa Competizione\acc.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{CBCD6EF4-9C25-41DC-ACFB-C72F8C589109}] => (Allow) F:\SteamLibrary\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [{23353BB4-969C-4A7D-8278-0849EEEBF2B5}] => (Allow) F:\SteamLibrary\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [{E7A9B4DC-C24B-41C0-A941-2432ECF04137}] => (Allow) F:\SteamLibrary\steamapps\common\Golf It!\GolfIt.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{257F6A2A-EE92-446A-BD69-4C123EA6D7C1}] => (Allow) F:\SteamLibrary\steamapps\common\Golf It!\GolfIt.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{6E64C554-C63B-4C55-96F6-39CEFFDF1935}] => (Allow) F:\SteamLibrary\steamapps\common\Scribble It!\ScribbleIt\Binaries\Win64\ScribbleIt-Win64-Shipping.exe (Detach Entertainment) [Datei ist nicht signiert]
FirewallRules: [{BB256346-19AA-41D1-B732-3E61DF485982}] => (Allow) F:\SteamLibrary\steamapps\common\Scribble It!\ScribbleIt\Binaries\Win64\ScribbleIt-Win64-Shipping.exe (Detach Entertainment) [Datei ist nicht signiert]
FirewallRules: [{BD4419F1-DC95-47F0-9C22-C6C1423676FC}] => (Allow) F:\SteamLibrary\steamapps\common\Scribble It!\ScribbleIt.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{A7B7CDF3-603E-4D7B-8CBE-E5CDDA92655A}] => (Allow) F:\SteamLibrary\steamapps\common\Scribble It!\ScribbleIt.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{3C485AC9-A822-4CFC-BFF0-8D5CD8CA70E7}] => (Allow) F:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [Datei ist nicht signiert]
FirewallRules: [{68412994-9757-488A-9829-89F86E7932B1}] => (Allow) F:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [Datei ist nicht signiert]
FirewallRules: [{FF6AA093-481E-48B0-8BCE-A3ABD33C51AD}] => (Allow) F:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [Datei ist nicht signiert]
FirewallRules: [{30DA3163-9A47-49F2-B578-EF996065BAF3}] => (Allow) F:\SteamLibrary\steamapps\common\Terraria\Terraria.exe (Re-Logic) [Datei ist nicht signiert]
FirewallRules: [{13CB71FC-8815-4A9E-B847-8BFF59580192}] => (Allow) F:\SteamLibrary\steamapps\common\Goose Goose Duck\Goose Goose Duck.exe (Gaggle Studios, Inc -> )
FirewallRules: [{09B75B0D-D5F0-4F85-82DE-22B2761B55CF}] => (Allow) F:\SteamLibrary\steamapps\common\Goose Goose Duck\Goose Goose Duck.exe (Gaggle Studios, Inc -> )
FirewallRules: [{62599DFF-A5D0-468D-898D-1B237BD31FC6}] => (Allow) F:\SteamLibrary\steamapps\common\We Were Here Together\We Were Here Together.exe () [Datei ist nicht signiert]
FirewallRules: [{F0D35C8F-02DB-45A7-A09E-39DC06C0FDF1}] => (Allow) F:\SteamLibrary\steamapps\common\We Were Here Together\We Were Here Together.exe () [Datei ist nicht signiert]
FirewallRules: [{28FA898D-FFE1-4299-9B94-999731A85C1A}] => (Allow) F:\SteamLibrary\steamapps\common\For The King\FTK.exe () [Datei ist nicht signiert]
FirewallRules: [{E4E44682-D548-4C09-A554-46678648360D}] => (Allow) F:\SteamLibrary\steamapps\common\For The King\FTK.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{EF73462A-13B9-437B-84A5-339A4B99EA0C}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{FD4E0AB3-09F9-43DA-8E57-2640C616BB54}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{9B2D6E77-9557-4EA0-8448-8AB744589BCA}F:\steamlibrary\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{3FF6010C-62B6-43A1-8042-F7B7BAFC10BC}F:\steamlibrary\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\satisfactory\engine\binaries\win64\factorygame-win64-shipping.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{49156577-B8B5-43C6-927E-EEAEED2F29BC}] => (Allow) F:\SteamLibrary\steamapps\common\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{D1EFCFE9-6385-400B-90FD-0B78B14C171E}] => (Allow) F:\SteamLibrary\steamapps\common\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{33D1D8B9-92B3-4313-B3AD-F31C22F798D8}] => (Allow) F:\SteamLibrary\steamapps\common\Ring of Pain\Ring Of Pain.exe () [Datei ist nicht signiert]
FirewallRules: [{D741703C-49D6-4E66-B92C-6F33F4DA9FF0}] => (Allow) F:\SteamLibrary\steamapps\common\Ring of Pain\Ring Of Pain.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{267ADD05-215B-419A-B2FA-F35F5A82559D}C:\program files (x86)\pokerstars.eu\br\pokerstarsbr.exe] => (Allow) C:\program files (x86)\pokerstars.eu\br\pokerstarsbr.exe (TSG INTERACTIVE SERVICES LIMITED -> Flutter Entertainment plc)
FirewallRules: [TCP Query User{F491200F-660B-418D-8B2D-8CAB5E312E5F}C:\program files (x86)\pokerstars.eu\br\pokerstarsbr.exe] => (Allow) C:\program files (x86)\pokerstars.eu\br\pokerstarsbr.exe (TSG INTERACTIVE SERVICES LIMITED -> Flutter Entertainment plc)
FirewallRules: [UDP Query User{7C12B751-9E62-4074-A763-36536CA8A4A1}F:\steamlibrary\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) F:\steamlibrary\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe (Crytek GmbH) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{8076011A-B804-401F-876E-F0E1820E680A}F:\steamlibrary\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe] => (Allow) F:\steamlibrary\steamapps\common\hunt showdown\bin\win_x64\huntgame.exe (Crytek GmbH) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{BF723347-93C3-486F-93FC-7A2979C561C7}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{4138699C-7FC6-4784-A8B4-092522260D90}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{EC7A79C1-5EDD-492D-BA75-EAEDF6DE0B90}] => (Allow) F:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{813C30B4-3704-49FB-B0CD-1D8825222F84}] => (Allow) F:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{46D8C8EB-C521-4004-B320-AA64368EEF3B}] => (Allow) F:\SteamLibrary\steamapps\common\Sea of Thieves\Athena\Binaries\Win64\SoTGame.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5E08D09-6016-4E18-83A4-779CE6771E9F}] => (Allow) F:\SteamLibrary\steamapps\common\Sea of Thieves\Athena\Binaries\Win64\SoTGame.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5F42F6A7-065B-4806-B1E3-73ECFB5564D7}] => (Allow) C:\Program Files\Elgato\4KCaptureUtility\4KCaptureUtility.exe (Corsair Memory, Inc. -> Elgato Systems)
FirewallRules: [{E99D9D26-E062-46D9-8876-2D0B331514E3}] => (Allow) C:\Program Files\MAGIX\Video deluxe Plus\2017\Videodeluxe.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{62FB9B0D-8D5B-48FB-9812-82F596F38D40}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{186840AE-111C-4C8D-B7AC-55CD3F9DE2C7}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{32F3EB0A-169F-4A49-B7ED-3E4D23E40DDD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BB0406EF-AB54-419A-A81E-F1DE0B5A1B37}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{53ED69F3-0D5D-4CAC-A5F9-A553B0B839E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2F87AF7B-D5DB-48EC-95A2-FFCA5CE7AD53}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{4781688D-2840-4FFD-827D-3943CDAD5CE3}C:\program files (x86)\xtremetuner\xtremetuner\xtreme tuner.exe] => (Allow) C:\program files (x86)\xtremetuner\xtremetuner\xtreme tuner.exe (Galaxy Microsystems Ltd) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{D98088B5-30CB-40E4-A06A-FCE176438819}C:\program files (x86)\xtremetuner\xtremetuner\xtreme tuner.exe] => (Allow) C:\program files (x86)\xtremetuner\xtremetuner\xtreme tuner.exe (Galaxy Microsystems Ltd) [Datei ist nicht signiert]
FirewallRules: [{889F7A54-FBDF-44EC-9157-A00A4A997468}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{5A66BC57-BE9B-475A-BE5B-EC9A31AAC1D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9BB5097B-ACEC-4375-98C4-0DC9A36678B3}] => (Allow) F:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{6BDECB43-D809-4787-9BC4-9D736D46D72C}] => (Allow) F:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [TCP Query User{89944FA5-7BEA-4286-89C8-7F99A332925E}G:\battlenet\overwatch\_retail_\overwatch.exe] => (Allow) G:\battlenet\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{249C9CBC-F5A1-4C49-9CFF-492C0285B7DD}G:\battlenet\overwatch\_retail_\overwatch.exe] => (Allow) G:\battlenet\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{2469E286-4247-4277-B2BA-11911DF08398}] => (Allow) F:\SteamLibrary\steamapps\common\Inside The Backrooms\Inside the Backrooms.exe (Unity Technologies ApS) [Datei ist nicht signiert]
FirewallRules: [{2E566F06-CBC4-4660-AF06-EE5D75487754}] => (Allow) F:\SteamLibrary\steamapps\common\Inside The Backrooms\Inside the Backrooms.exe (Unity Technologies ApS) [Datei ist nicht signiert]
FirewallRules: [{2F7E21F8-AEA4-45DB-871B-4DDC57BD228B}] => (Allow) F:\SteamLibrary\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{8F66D2DC-F9C9-4357-87EB-E784D4B111D1}] => (Allow) F:\SteamLibrary\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{C8B70F83-1B9D-47EC-A344-C01AA7043F1B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{258C1E36-863B-483B-ABD1-56371D0CCDD3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1B80B9B4-A430-461B-B8B5-7DF912919038}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{17EC7AB2-0A3D-4944-AC46-DAF10FC5369F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0A6F3D83-71E5-49A4-8C7C-ED156B0B5D09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FF1B3AC5-58B4-4306-AC60-6CE5CCDF5AE6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{61FB624E-D9C2-491F-B22F-519664A68C81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3685969A-527B-49E2-BD57-B0DE43F017BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FDD62B7A-FDFD-4BD6-A219-54049CD87E27}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6427DC8A-F71F-4EC0-B413-A2DE21286AAB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.26\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D59315B3-1932-4EE8-92B2-6FE5C0AD179D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{099D2FD5-BAF3-44E6-A595-213558CB60A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{41E7E96C-D3E6-4A9C-A7D7-8C5102747E93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D60FA637-5841-4431-81A1-DED917BA2F88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{AB63F4CC-130E-4B54-9925-A3DC1CFDB0A0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{78FA1C59-E434-417C-BB0C-88C0F9243A64}] => (Allow) LPort=32682
FirewallRules: [{685BFB57-D812-4CBD-8F47-90DD5543AC13}] => (Allow) LPort=26822

==================== Wiederherstellungspunkte =========================

30-10-2022 19:27:47 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
02-11-2022 22:46:17 TotalAV-Installation

==================== Fehlerhafte Geräte im Gerätemanager ============


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (11/04/2022 10:37:01 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SecurityHealthService.exe, Version: 10.0.22621.608, Zeitstempel: 0x45a7fb3f
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.22621.608, Zeitstempel: 0xf5fc15a3
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000007f61e
ID des fehlerhaften Prozesses: 0x0x42e4
Startzeit der fehlerhaften Anwendung: 0x0x1d8ef177e2b6439
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\SecurityHealthService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ucrtbase.dll
Berichtskennung: 3bcc6171-b69a-47fc-84cc-c81bee822a86
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/03/2022 01:01:51 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-V6D1Q80$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 03 Nov 2022 00:01:50 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 58106c33-dd21-4d6e-81df-e32ee0eb3605

Methode: GET(219ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/03/2022 01:01:51 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 03 Nov 2022 00:01:49 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 32d8bbce-ef78-456f-97f0-d8b07b184c45

Methode: GET(437ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/03/2022 12:59:23 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-V6D1Q80$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 02 Nov 2022 23:59:21 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: ac774fcc-482f-4484-a6aa-908195109c92

Methode: GET(250ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/03/2022 12:59:22 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 02 Nov 2022 23:59:21 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 653a12ca-9fcb-425c-8931-c0c4c1ac911e

Methode: GET(516ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/03/2022 12:58:00 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-V6D1Q80$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 02 Nov 2022 23:57:59 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 7b0d9e27-0619-4740-a3b3-9d2efa830f82

Methode: GET(234ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/03/2022 12:58:00 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 02 Nov 2022 23:57:58 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: de841058-a0c4-4966-be16-c5afdfb6e106

Methode: GET(406ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/02/2022 11:58:13 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-V6D1Q80$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 02 Nov 2022 22:58:12 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 52145711-fa6c-4b82-ab42-ce9dbeef7980

Methode: GET(250ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)


Systemfehler:
=============
Error: (11/04/2022 10:37:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Sicherheitsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/04/2022 09:51:28 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-V6D1Q80)
Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/03/2022 11:06:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (11/03/2022 11:06:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Matthias\AppData\Local\Temp\ehdrv.sys

Error: (11/03/2022 11:06:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (11/03/2022 11:06:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Matthias\AppData\Local\Temp\ehdrv.sys

Error: (11/03/2022 11:06:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (11/03/2022 11:06:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Matthias\AppData\Local\Temp\ehdrv.sys


Windows Defender:
================
Date: 2022-11-03 13:28:55
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {18D95231-4B76-4860-827E-7BA8BAE7F586}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2022-11-02 22:35:04
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.H!ml&threatid=2147814524&enterprise=0
Name: Trojan:Script/Wacatac.H!ml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Amazon-Service-Center[2083].docx
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Benutzer
Benutzer: DESKTOP-V6D1Q80\Matthias
Prozessname: Unknown
Sicherheitsversion: AV: 1.377.1208.0, AS: 1.377.1208.0, NIS: 1.377.1208.0
Modulversion: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-11-02 18:00:52
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {B4274816-859D-40EA-83AA-49A34DD890E6}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2022-10-31 23:57:52
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {E182AB9F-57E5-494D-99DD-B74871E43F5D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2022-10-31 22:00:31
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:XML/Phish.J!eml&threatid=2147745319&enterprise=0
Name: Trojan:XML/Phish.J!eml
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Amazon-Service-Center[2083].docx
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Benutzer
Benutzer: DESKTOP-V6D1Q80\Matthias
Prozessname: Unknown
Sicherheitsversion: AV: 1.377.1037.0, AS: 1.377.1037.0, NIS: 1.377.1037.0
Modulversion: AM: 1.1.19700.3, NIS: 1.1.19700.3

CodeIntegrity:
===============
Date: 2022-11-04 10:52:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen ===========================

BIOS: American Megatrends International, LLC. A.F0 12/16/2021
Hauptplatine: Micro-Star International Co., Ltd. MPG X570 GAMING PLUS (MS-7C37)
Prozessor: AMD Ryzen 9 5900X 12-Core Processor
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 32689.01 MB
Verfügbarer physikalischer RAM: 23140.9 MB
Summe virtueller Speicher: 34737.01 MB
Verfügbarer virtueller Speicher: 22654.45 MB

==================== Laufwerke ================================

Drive c: (System) (Fixed) (Total:465.05 GB) (Free:165.84 GB) (Model: KIOXIA-EXCERIA SSD) NTFS
Drive d: (Daten) (Fixed) (Total:927.49 GB) (Free:840.15 GB) (Model: TOSHIBA HDWD110) NTFS
Drive e: (HI-TECH Treiber) (Fixed) (Total:4 GB) (Free:2.2 GB) (Model: TOSHIBA HDWD110) NTFS
Drive f: (Games) (Fixed) (Total:931.5 GB) (Free:198.19 GB) (Model: CT1000MX500SSD1) NTFS
Drive g: (Games 2) (Fixed) (Total:931.02 GB) (Free:844.47 GB) (Model: CT1000MX500SSD1) NTFS

\\?\Volume{4a1d83a8-a8d4-4c38-9a98-3b3d2f653224}\ (Wiederherstellung) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{3c21b2b5-63e0-41e4-b414-23a746633e5e}\ () (Fixed) (Total:0.59 GB) (Free:0.06 GB) NTFS
\\?\Volume{75719950-ca3e-4fc8-9563-11283dbf2d84}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 52A1EBBD)

Partition: GPT.

==========================================================
Disk: 3 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt =======================
--- --- ---


Mit Malwarebytes hatte ich auch 2 Läufe, wo etwas gefunden wurde:
Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 02.11.22
Scan-Zeit: 20:56
Protokolldatei: 7aa9a9dc-5ae8-11ed-9cc2-2cf05d9ca228.json

-Softwaredaten-
Version: 4.5.16.217
Komponentenversion: 1.0.1792
Version des Aktualisierungspakets: 1.0.61808
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 11 (Build 22621.674)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-V6D1Q80\Matthias

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 303310
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 1
Abgelaufene Zeit: 1 Min., 13 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUP.Optional.DotSetupIo, C:\USERS\MATTHIAS\APPDATA\LOCAL\TEMP\DXA93D9.TMP\DXA93DA.TMP, In Quarantäne, 841, 1016023, 1.0.61808, , ame, , 784324F3CA8C6AAEE99632BF7842B8A9, C6CB0A91CB433BBA19A5486B03E437FD83EAE05DBC2E10B45236777046B62AD7

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
Lauf 2:
Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 02.11.22
Scan-Zeit: 23:48
Protokolldatei: 79da223b-5b00-11ed-9c45-2cf05d9ca228.json

-Softwaredaten-
Version: 4.5.16.217
Komponentenversion: 1.0.1792
Version des Aktualisierungspakets: 1.0.61814
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 11 (Build 22621.674)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-V6D1Q80\Matthias

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 304548
Erkannte Bedrohungen: 2
In die Quarantäne verschobene Bedrohungen: 2
Abgelaufene Zeit: 0 Min., 35 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 2
PUP.Optional.TotalAV, C:\USERS\PUBLIC\DESKTOP\TOTALAV.LNK, In Quarantäne, 9128, 795103, 1.0.61814, , ame, , CBB87048DE8B8CCBED1C9F63616E1880, 473B283098BBDD5C9D2049EB49C20FFAA8C32273B21CCFA9DD407D048E419E88
PUP.Optional.TotalAV, C:\PROGRAM FILES (X86)\TOTALAV\PASSWORDEXTENSION.WIN.EXE, In Quarantäne, 9128, 849702, 1.0.61814, , ame, , 1FBB99353646E27091C024992441FA3C, B6A82791FB9E11D06B9F1F467F1A5930676AB4CFCB2C973E6B985BAE64E68534

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
Jeder weitere Lauf war ohne Bedrohung.

Hoffe ich hab nichts vergessen.

cosinus 04.11.2022 12:29
Zitat:
Kategorie: Trojaner
Pfad: file:_C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Amazon-Service-Center[2083].docx
Du hast da eine Phishingmail bekommen. Nichts weiter.


Zitat:
Die angegebene Datei hab ich im Zielordner gelöscht, Meldung besteht weiterhin.
Wird Onedrive genutzt? Welche Mailclient hast du?

DragonBaster 04.11.2022 13:40
Bekomme ich die Meldung wieder weg?

Nein, sowas benutze ich nicht. Und Mails sind ganz normal übers Internet. Outlook benutze ich in dem Fall nicht.

cosinus 04.11.2022 13:44
Scripting/Repair mit FRST64

WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    Folder: C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\
    C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Amazon-Service-Center[2083].docx
    emptytemp:
    End::
  • Starte nun FRST und klicke direkt den Reparieren Button.Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

DragonBaster 04.11.2022 15:22
Die fixlog.txt datei ist mit 540kb zu groß. Soll ich diese aufteilen oder wie hättest du diese gerne?

cosinus 04.11.2022 15:26
lad mal bei https://pastebin.com/ hoch und verlink das hier

DragonBaster 04.11.2022 15:34
https://pastebin.com/Jp6eBzp0

und die restlichen zeilen, da es dort ebenso zu groß war:
Code:
2022-04-18 16:02 - 2022-04-18 16:02 - 000026678 ____R [659F075F25B492B3BC0FBC87A57E05E9] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[386].p7m
2022-04-18 16:02 - 2022-04-18 16:02 - 000034403 ____R [D75D4A92CFC38FD1C19284C94309734E] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[387].p7m
2022-04-18 16:02 - 2022-04-18 16:02 - 000029451 ____R [0A09802617803EB66A2119E4462B1E84] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[388].p7m
2022-04-18 16:02 - 2022-04-18 16:02 - 000034258 ____R [B9A7A56A24161140B3A2CEA50FFBB343] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[390].p7m
2022-04-18 16:02 - 2022-04-18 16:02 - 000030321 ____R [08BD3D25BC5D8E31B8817A1BA8BE0A8D] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[397].p7m
2022-04-18 16:02 - 2022-04-18 16:02 - 000052062 ____R [BD452298E6D46C3561AB57EBD214FD55] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[413].p7m
2022-04-18 16:02 - 2022-04-18 16:02 - 000020587 ____R [D0104114B538F17128A69BC57D74C1C4] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[420].p7m
2022-04-18 16:02 - 2022-04-18 16:02 - 000055998 ____R [CC46FD306C93E8E534942467E5C9FE77] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[438].p7m
2022-04-18 15:47 - 2022-04-18 15:47 - 000030480 ____R [F12DA113EBEB3FFF2CEC75E02DD2C004] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[613].p7m
2022-04-18 15:47 - 2022-04-18 15:47 - 000031873 ____R [97416F7F45DD36D80FED48DC90892006] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[614].p7m
2022-04-18 15:47 - 2022-04-18 15:47 - 000064869 ____R [2E2535A5BE99674F25900FE15F0FAA34] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[735].p7m
2022-04-18 15:47 - 2022-04-18 15:47 - 000065108 ____R [280435766104F9E266463AEAE00C9939] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[778].p7m
2022-04-18 16:06 - 2022-04-18 16:06 - 000052579 ____R [44848C350D27C08DCE3942ABC914F779] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\smime[80].p7m
2022-04-18 17:31 - 2022-04-18 17:31 - 000012553 ____R [6486DBB22CDAA133AF14ED7AD0F47ABD] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Sport[2545].docx
2022-04-18 19:51 - 2022-04-18 19:51 - 000505813 ____R [49F8E4BD82F27DFD3F3CB518D885BFF4] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Staatsbuergerschaft[1701].pdf
2022-04-18 19:39 - 2022-04-18 19:39 - 000215872 ____R [BC38C8A4ACDB28B518C8D5EA6DB0837C] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Staatsbürgerschaft[2064].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000094945 ____R [C045C9553C2E64AD3AC9289C2934F185] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\TAXINVOICE_0852865[593].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000000717 ____R [37031FF4254739A14AB9E8091AF4904E] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Termin_2020-10-01_08_40[786].ics
2022-04-18 15:47 - 2022-04-18 15:47 - 000000720 ____R [90F915D5C21F5DD6CC0BAB600BAA19BC] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Termin_2021-02-17_08_08[643].ics
2022-04-18 16:02 - 2022-04-18 16:02 - 000210466 ____R [1502AA3ABD0383B099BBC743B3BE281C] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Terms of Service[353].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000219795 ____R [BC8A99D6E83307D2075D315857F290B1] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Terms of Service[400].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000210466 ____R [1502AA3ABD0383B099BBC743B3BE281C] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Terms of Service[50].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000210466 ____R [1502AA3ABD0383B099BBC743B3BE281C] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Terms of Service[594].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000210466 ____R [1502AA3ABD0383B099BBC743B3BE281C] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Terms of Service[601].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000210466 ____R [1502AA3ABD0383B099BBC743B3BE281C] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Terms of Service[78].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000210466 ____R [1502AA3ABD0383B099BBC743B3BE281C] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Terms of Service[90].pdf
2022-05-03 09:49 - 2022-05-03 09:49 - 000005623 ____R [ED39954546616F7C0FC67B2F5095AD39] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Terms_and_Conditions[2750].html
2022-04-18 15:47 - 2022-04-18 15:47 - 000133793 ____R [45A401002269E88A259A97D91DB1D544] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\test[501].mp3
2022-04-18 17:32 - 2022-04-18 17:32 - 000177059 ____R [535FB2B05B0378E3B977EE4E2E5E395B] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_001[2397].jpg
2022-04-18 17:32 - 2022-04-18 17:32 - 000177059 ____R [535FB2B05B0378E3B977EE4E2E5E395B] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_001[2399].jpg
2022-04-18 17:32 - 2022-04-18 17:32 - 000170326 ____R [8AB86699D60A614E3551CAB541D0B2CA] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_002[2398].jpg
2022-04-18 17:32 - 2022-04-18 17:32 - 000170326 ____R [8AB86699D60A614E3551CAB541D0B2CA] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_002[2400].jpg
2022-04-18 16:02 - 2022-04-18 16:02 - 000177909 ____R [2533F34DBE8A014E9B0868D6816770C0] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_20210830_185528[395].jpg
2022-04-18 19:18 - 2022-04-18 19:18 - 000191990 ____R [81ED4042EE4170D8BA92CF3FC430B50D] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0036[2235].jpg
2022-04-18 19:51 - 2022-04-18 19:51 - 000158626 ____R [8AB5986A34305D58BB52E91123D24721] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0262[1713].jpg
2022-04-18 19:51 - 2022-04-18 19:51 - 000153129 ____R [EE2C63A3F1B20896AD15BDD13F777537] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0263[1712].jpg
2022-04-18 19:52 - 2022-04-18 19:52 - 000322115 ____R [CF56893F9873DB067B215DBE0CDDB4D5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0277[1587].jpg
2022-04-18 19:52 - 2022-04-18 19:52 - 000236910 ____R [FF448550CDF43C7DD858E9DD886C79C2] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0278[1589].jpg
2022-04-18 19:52 - 2022-04-18 19:52 - 000295086 ____R [B81736BFA2757AE8A32A96FB2D613949] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0279[1588].jpg
2022-04-18 20:05 - 2022-04-18 20:05 - 000187255 ____R [BFA3A288589BA95B3941B16169B58F81] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0389[1417].jpg
2022-04-18 20:05 - 2022-04-18 20:05 - 000190896 ____R [787979AB0B0E963544DDB6EDBAEF504A] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0390[1418].jpg
2022-04-18 20:05 - 2022-04-18 20:05 - 000211213 ____R [CD0F088619D91581468F0F0712C54418] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0391[1415].jpg
2022-04-18 20:05 - 2022-04-18 20:05 - 000266022 ____R [95DC65D565612DA371B6263A80A55BDF] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0392[1416].jpg
2022-04-18 20:05 - 2022-04-18 20:05 - 000220403 ____R [84128D89B7505F550776573345769651] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0393[1419].jpg
2022-04-18 20:05 - 2022-04-18 20:05 - 000228645 ____R [E2AB818ABC6036DEF9A810307009603A] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0396[1376].jpg
2022-04-18 20:05 - 2022-04-18 20:05 - 000249032 ____R [EB286CBD0088CD65C82841296135CCFA] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMAG0397[1384].jpg
2022-04-18 20:05 - 2022-04-18 20:05 - 000601732 ____R [4EED21A942F12F392A337169B34F8D0E] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMG-20171020-WA0004 - Kopie (2)[1381].jpg
2022-04-18 20:05 - 2022-04-18 20:05 - 000515810 ____R [55931CB22D44DAED118CF8209999AEF6] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\thumbnail_IMG-20171101-WA0004 - Kopie[1382].jpg
2022-04-18 15:38 - 2022-04-18 15:38 - 000173294 ____R [02C4E479B526609BCAE9A1D133234C3B] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\toptipp-6503232980[1033].pdf
2022-04-18 19:51 - 2022-04-18 19:51 - 000001870 ____R [9E57BF5E33B032F0B5A22900E44C4D9D] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Twitter[1708].jpg
2022-04-18 15:19 - 2022-04-18 15:19 - 000001733 ____R [FF3CB232B14DDFA8104AC1B888776A63] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\twitter_social[1288].jpg
2022-04-18 17:31 - 2022-04-18 17:31 - 003205200 ____R [E13FA24530E6ADCFDEAFDA95B519A3EC] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\tz[2484].png
2022-04-18 17:31 - 2022-04-18 17:31 - 003205200 ____R [E13FA24530E6ADCFDEAFDA95B519A3EC] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\tz[2492].png
2022-04-18 19:18 - 2022-04-18 19:18 - 000056091 ____R [0FB449DEE1F35327896CF592FD02FEB0] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umsatzliste (1)[2279].pdf
2022-04-18 19:18 - 2022-04-18 19:18 - 000042203 ____R [651F5104041A9160B1A8095805C1302B] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umsatzliste (2)[2272].pdf
2022-04-18 19:39 - 2022-04-18 19:39 - 000073922 ____R [1A8302DFDD57B634AE228BDABA45279D] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umsatzliste[2054].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000001452 ____R [71FAE1D4B389A0353F7B3227BBBB82FB] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umtausch[117].gif
2022-04-18 16:06 - 2022-04-18 16:06 - 000001452 ____R [71FAE1D4B389A0353F7B3227BBBB82FB] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umtausch[197].gif
2022-04-18 16:06 - 2022-04-18 16:06 - 000001452 ____R [71FAE1D4B389A0353F7B3227BBBB82FB] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umtausch[222].gif
2022-04-18 16:06 - 2022-04-18 16:06 - 000001452 ____R [71FAE1D4B389A0353F7B3227BBBB82FB] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umtausch[24].gif
2022-04-18 16:06 - 2022-04-18 16:06 - 000001452 ____R [71FAE1D4B389A0353F7B3227BBBB82FB] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umtausch[294].gif
2022-04-18 16:06 - 2022-04-18 16:06 - 000001452 ____R [71FAE1D4B389A0353F7B3227BBBB82FB] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umtausch[321].gif
2022-04-18 16:02 - 2022-04-18 16:02 - 000001452 ____R [71FAE1D4B389A0353F7B3227BBBB82FB] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umtausch[473].gif
2022-04-18 15:47 - 2022-04-18 15:47 - 000001452 ____R [71FAE1D4B389A0353F7B3227BBBB82FB] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umtausch[761].gif
2022-04-18 15:38 - 2022-04-18 15:38 - 000001452 ____R [71FAE1D4B389A0353F7B3227BBBB82FB] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\umtausch[841].gif
2022-04-18 20:05 - 2022-04-18 20:05 - 005375429 ____R [9478006E506848D53441B8A69F443DCD] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Unbenannt[1509].PNG
2022-04-18 15:38 - 2022-04-18 15:38 - 005375429 ____R [9478006E506848D53441B8A69F443DCD] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Unbenannt[827].PNG
2022-04-18 20:05 - 2022-04-18 20:05 - 000007102 ____R [73BAE91FBF2C3ECB1B0D73B90FF133CB] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Unbenanntes Dokument[1521].docx
2022-04-18 15:19 - 2022-04-18 15:19 - 000175434 ____R [AE09F36ECCB874D38FD5E1B8E3F908AC] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20160907_44442378[1300].pdf
2022-04-18 15:19 - 2022-04-18 15:19 - 000205267 ____R [C7907C626E19C01ED1758A46DBCD70CE] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20170207_44442378[1280].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000139241 ____R [4A87116F11B8349BC840900B6298C4DF] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20200808_44442378[851].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000139298 ____R [BC1693D137841F55F6122EA281F5F633] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20201008_44442378[775].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000139255 ____R [71303F3920930B9C375C34FC7C42960D] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20201109_44442378[714].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000174324 ____R [9FA8975C9262349A192C8FB14E52CA55] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20201207_44442378[700].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000174316 ____R [E75B6D038FB98FD705812B1B4F9F5A8E] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20210408_44442378[599].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000179043 ____R [91A06667231D827F99258FB741612F58] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20210608_44442378[489].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000179051 ____R [1B859E22786C35CCD206774EE36A660C] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20210708_44442378[441].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000177066 ____R [8051083DB29DC56727A4E5798DE5D89F] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20211008_44442378[350].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000177015 ____R [7515A3CD223494D4A1739AB29A922210] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20220108_44442378[161].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000177243 ____R [F5351880A63FC010A94F8B63367ED405] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20220208_44442378[133].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000177008 ____R [FDBFFB09D1B85DDAC0BF818108944E30] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20220308_44442378[88].pdf
2022-05-09 09:09 - 2022-05-09 09:09 - 000177154 ____R [7F5BF65CD2C2604ED37087015C7EE727] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Universal_KAZ_20220509_44442378[2762].pdf
2022-04-18 19:18 - 2022-04-18 19:18 - 021661070 ____R [EEC001FEE9E7CE3AEBB78FE26ED0511D] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Unterlagen[2206].zip
2022-04-18 19:18 - 2022-04-18 19:18 - 021661070 ____R [EEC001FEE9E7CE3AEBB78FE26ED0511D] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Unterlagen[2207].zip
2022-04-18 19:18 - 2022-04-18 19:18 - 000778120 ____R [3C5B3F578E15E3C62F065FAB91F9ED5A] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\unterschrieben_Kreditantrag[2248].pdf
2022-04-18 19:39 - 2022-04-18 19:39 - 000024716 ____R [CD06A017E86D48C4FB2C9CD4D3C90657] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\UPS_7769562[2058].PDF
2022-04-18 20:05 - 2022-04-18 20:05 - 000492147 ____R [C0933036261CBFC2CA1BFE2A078FE35B] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\v_04bZuYcGLWOM8UrpkIWMkofbiCAHegiW[1488].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000492147 ____R [C0933036261CBFC2CA1BFE2A078FE35B] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\v_04bZuYcGLWOM8UrpkIWMkofbiCAHegiW[779].pdf
2022-04-18 15:19 - 2022-04-18 15:19 - 000482801 ____R [E13A3935F07477CAAEA683888BA7E436] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VERKAUFSBEDINGUNGEN UBISOFT STORE[1247].PDF
2022-04-18 15:19 - 2022-04-18 15:19 - 000054657 ____R [AECF1C577143C89E788BD01995CE8002] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Verkaufsschild[1275].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000024489 ____R [FE657F161079AB5BB64A132621F2CCEA] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Versandbestaetigung518490280[382].pdf
2022-04-18 19:39 - 2022-04-18 19:39 - 000073917 ____R [1894725CF4CF54D5AF691D0144B4C4D4] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Versicherungsdatenauszug[2053].pdf
2022-04-18 19:18 - 2022-04-18 19:18 - 000241221 ____R [62C39576F68D43949A04A0EC8CCF724B] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Versicherungsdatenauszug[2205].zip
2022-04-18 15:19 - 2022-04-18 15:19 - 002070027 ____R [937DE6960387986B22216083EDEEFF3A] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Vertrag[1276].pdf
2022-04-18 20:09 - 2022-04-18 20:09 - 010316042 ____R [8D963993CE90766A831B3E65FBD8E33A] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VID-20210814-WA0015[1367].mp4
2022-04-18 20:09 - 2022-04-18 20:09 - 018975097 ____R [7936ED6DBDAD7A5E264033D966F655B8] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VID-20210814-WA0027[1365].mp4
2022-04-18 15:47 - 2022-04-18 15:47 - 002199456 ____R [11E777D6FEDFE5139BD7A0BE3A253CDE] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Visa Kartenauftrag Mader Matthias[597].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000052061 ____R [A588C795EB0445EF051125EFB1B1BA00] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2021_04_REF_NR_81824732903[556].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000083879 ____R [B8CAE2D3481D4F027F32DE69802814B6] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2021_05_REF_NR_81824732903[508].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000084220 ____R [776F75A21383120312C50970666A4048] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2021_06_REF_NR_81824732903[454].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000084991 ____R [6B589355596C2117ECDCDCCAC45BA7A9] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2021_07_REF_NR_81824732903[430].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000084117 ____R [5CE3BD7F7958977FC970236C6B677E2B] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2021_08_REF_NR_81824732903[412].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000084884 ____R [3DC4F9CF8C66A4A12F1E6AA71033DBEE] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2021_09_REF_NR_81824732903[376].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000084079 ____R [75425A8DFA2744BDEFCEB9814E1F8B06] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2021_10_REF_NR_81824732903[338].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000084375 ____R [470DBBE2B3F4AFAA0E7396239D839CB5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2021_11_REF_NR_81824732903[266].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000083910 ____R [9D8EB69F351E5DE9376973ADDB8E7E59] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2021_12_REF_NR_81824732903[183].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000084703 ____R [AD193BA2EB03B0011CCC39C9C45CCCCE] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2022_01_REF_NR_81824732903[151].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000084643 ____R [63B521BC1F733ED2FD8B36A864F0F2FA] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2022_02_REF_NR_81824732903[127].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000084192 ____R [B9E2B2E2BD3698A92B1FAF2A74194AF3] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2022_03_REF_NR_81824732903[71].pdf
2022-04-20 16:50 - 2022-04-20 16:50 - 000084362 ____R [9F6A167F215E1018CAD7D30807E9860F] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2022_04_REF_NR_81824732903[2643].pdf
2022-05-18 16:09 - 2022-05-18 16:09 - 000083807 ____R [F04394DD82080AC6980114BEDB9B9BA2] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VISA_2022_05_REF_NR_81824732903[2813].pdf
2022-04-18 20:05 - 2022-04-18 20:05 - 002387443 ____R [D7047F2675F6EC00B24A26539CC789B0] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Vorschlag Wohnungsversicherung Mader Matthias[1568].pdf
2022-04-18 19:40 - 2022-04-18 19:40 - 000560507 ____R [1CF4C6AB28204EBBBC7C346884C14BD0] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VRUG[1981].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000058769 ____R [5B310213CA8DD2B0D1BEAFEDECA3448D] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\VSt-Bescheinigung_OEBB-Ticket_0858657985984210[641].pdf
2022-04-18 19:51 - 2022-04-18 19:51 - 000794547 ____R [A0E6D4734750DF896AF8A334160C801C] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Weiterleitung_Überweisung HV_Mader[1918].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000052779 ____R [402882782D25FEECFDD9C51C09D8141F] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\WH_OUT_40926[356].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000052673 ____R [F1937B9033326C39E5EE3F024404C54B] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\WH_OUT_40978[351].pdf
2022-04-18 15:19 - 2022-04-18 15:19 - 000073886 ____R [17C85C2C7C5041E88AA7706778A7E9BE] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\WICHTIGE INFO - FAQ[1295].pdf
2022-04-18 15:19 - 2022-04-18 15:19 - 000091774 ____R [7E0CCC142CE8EBAA33C16490DA9775CC] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[1251].pdf
2022-04-18 15:19 - 2022-04-18 15:19 - 000091774 ____R [7E0CCC142CE8EBAA33C16490DA9775CC] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[1254].pdf
2022-04-18 15:19 - 2022-04-18 15:19 - 000025807 ____R [54B43A53D6EC1AC5FE3BA0BFA9B8B269] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[1271].pdf
2022-04-18 15:19 - 2022-04-18 15:19 - 000025788 ____R [6DD3FFA923A1E3397B849D27861F541F] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[1277].pdf
2022-04-18 15:19 - 2022-04-18 15:19 - 000025788 ____R [DDF7E4A2B314F688397537A95E794807] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[1278].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000007108 ____R [FB53EEC05EF1BD2CDA5A4712E807B4AE] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[245].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000007112 ____R [10774DB11E65222A76AA6613E8023A23] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[247].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000029510 ____R [E541EC6C1408A69F7C7AFCBDEFBFAF9A] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[498].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000022982 ____R [9E7BF54FC9BF5D4B5278CB36C9CADA24] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[516].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000026681 ____R [FDF22D9838A52995549B49E68CC16BCF] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[666].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000023636 ____R [A5CED37ABB0335ABE21F53E652133775] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[683].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000023621 ____R [1A9D838FC8C7BA306D03D375686F1657] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung[811].pdf
2022-05-03 09:49 - 2022-05-03 09:49 - 000003252 ____R [9112C0A4E35447552A25A276B36150AC] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung_&_Widerrufsformular[2749].html
2022-04-18 16:06 - 2022-04-18 16:06 - 000138364 ____R [32C8CB0E14BA66FEF68C524CFB1513A5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung_Widerrufsformular_BILLA_Onlineshop[147].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000138364 ____R [32C8CB0E14BA66FEF68C524CFB1513A5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung_Widerrufsformular_BILLA_Onlineshop[168].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000138364 ____R [32C8CB0E14BA66FEF68C524CFB1513A5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung_Widerrufsformular_BILLA_Onlineshop[264].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000138364 ____R [32C8CB0E14BA66FEF68C524CFB1513A5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung_Widerrufsformular_BILLA_Onlineshop[269].pdf
2022-05-04 15:23 - 2022-05-04 15:23 - 000138364 ____R [32C8CB0E14BA66FEF68C524CFB1513A5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung_Widerrufsformular_BILLA_Onlineshop[2754].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000138364 ____R [32C8CB0E14BA66FEF68C524CFB1513A5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung_Widerrufsformular_BILLA_Onlineshop[481].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000138364 ____R [32C8CB0E14BA66FEF68C524CFB1513A5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung_Widerrufsformular_BILLA_Onlineshop[63].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000138364 ____R [32C8CB0E14BA66FEF68C524CFB1513A5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung_Widerrufsformular_BILLA_Onlineshop[709].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000138364 ____R [32C8CB0E14BA66FEF68C524CFB1513A5] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsbelehrung_Widerrufsformular_BILLA_Onlineshop[787].pdf
2022-04-18 15:47 - 2022-04-18 15:47 - 000064441 ____R [4A6DCC910907C2506677E05AC91E47D2] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\widerrufsbelehrung-widerrufsformular-mymuesli[607].pdf
2022-04-18 15:19 - 2022-04-18 15:19 - 000111462 ____R [5F20B7A4149DC02494F2E5C0CF0728DD] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsformular[1292].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000021303 ____R [FAAD6B317A91B0FA3676619E8CC28BF9] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsrecht_LS[346].pdf
2022-04-18 16:02 - 2022-04-18 16:02 - 000021303 ____R [FAAD6B317A91B0FA3676619E8CC28BF9] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Widerrufsrecht_LS[347].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000160166 ____R [D3C8308D44B7BB6148AB0E9688A70227] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-AGB-20200626[805].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000160166 ____R [D3C8308D44B7BB6148AB0E9688A70227] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-AGB-20200626[812].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000160166 ____R [D3C8308D44B7BB6148AB0E9688A70227] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-AGB-20200626[816].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000160166 ____R [D3C8308D44B7BB6148AB0E9688A70227] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-AGB-20200626[820].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000158790 ____R [E5802BE5BDDE9570C4775409A261A6E0] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-datenschutzerklaerung-20200626[807].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000158790 ____R [E5802BE5BDDE9570C4775409A261A6E0] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-datenschutzerklaerung-20200626[814].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000158790 ____R [E5802BE5BDDE9570C4775409A261A6E0] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-datenschutzerklaerung-20200626[818].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000158790 ____R [E5802BE5BDDE9570C4775409A261A6E0] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-datenschutzerklaerung-20200626[822].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000132707 ____R [98C282239321F19B53B4449609A1DD60] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-impressum-20200626[808].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000132707 ____R [98C282239321F19B53B4449609A1DD60] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-impressum-20200626[815].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000132707 ____R [98C282239321F19B53B4449609A1DD60] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-impressum-20200626[819].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000132707 ____R [98C282239321F19B53B4449609A1DD60] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-impressum-20200626[823].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000112320 ____R [E03A386E7966A3D4053FDC4AB22F9CBA] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-widerrufsbelehrung[806].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000112320 ____R [E03A386E7966A3D4053FDC4AB22F9CBA] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-widerrufsbelehrung[813].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000112320 ____R [E03A386E7966A3D4053FDC4AB22F9CBA] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-widerrufsbelehrung[817].pdf
2022-04-18 15:38 - 2022-04-18 15:38 - 000112320 ____R [E03A386E7966A3D4053FDC4AB22F9CBA] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Wiesbauer-Gourmet-widerrufsbelehrung[821].pdf
2022-04-18 17:31 - 2022-04-18 17:31 - 000001046 ____R [BF0E5FFC46C61AD4CE0B7FA91B24E324] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\wlEmoticon-smile[1][2536].png
2022-04-18 19:51 - 2022-04-18 19:51 - 000001811 ____R [D270C4E336FEA231B6364CB0E7CF22C4] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Xing[1709].jpg
2022-04-18 19:51 - 2022-04-18 19:51 - 000001833 ____R [E4126696A98F1DACBE1ACFFCFA93FDF1] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Youtube[1710].jpg
2022-04-18 15:19 - 2022-04-18 15:19 - 000001898 ____R [1D891CCDA61E37421F97550D7893302E] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\youtube_social[1289].jpg
2022-04-18 16:06 - 2022-04-18 16:06 - 000236256 ____R [C16D651CFD6460331E74A713AB9B6D3F] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\YPVPHJ_packzettel_paket_01[141].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000091138 ____R [6F0429E7C845622DD300A671AB56189A] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\YPVPHJ_retourenetikette_01[143].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000091135 ____R [B01BC1759CECD94C27F0FAF4D66B177D] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\YPVPHJ_retourenetikette_02[144].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000540501 ____R [8B61EF83648B04B85AD103EB98C889C3] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\YPVPHJ_retoureninformation[142].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000009680 ____R [4A1C73E48AE140129422D7E14AD13C6E] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Zahlscheine[205].eml
2022-04-18 16:06 - 2022-04-18 16:06 - 000012520 ____R [6A65B7FE963CE5E444A1E855C7CD83EE] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Zahlungserinnerung[101].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000012494 ____R [B74295E658D6514C182CD24D7597C970] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Zahlungserinnerung[126].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000202970 ____R [0006B5F0EBFDD94D86CA9773445C86AA] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Zahlungserinnerung[132].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000202972 ____R [E30771D02BFFA24F392249C8EB43A327] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Zahlungserinnerung[41].pdf
2022-04-18 16:06 - 2022-04-18 16:06 - 000202969 ____R [A074D7E2479D0C95B8BA9E25E4EF31F6] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Zahlungserinnerung[5].pdf
2022-04-18 19:52 - 2022-04-18 20:05 - 000062501 ____R [460090FA67D45C3FFA1F52F7C5138175] () C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\zooplus_Rechnung_Bestellung_160136809[1572].pdf

====== Ende von Folder: ======

"C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Amazon-Service-Center[2083].docx" => nicht gefunden

=========== EmptyTemp: ==========

FlushDNS => abgeschlossen
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54207916 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1425708320 B
Windows/system/drivers => 157191818 B
Edge => 0 B
Chrome => 905573221 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 9093 B
LocalService => 56681 B
NetworkService => 159281 B
Matthias => 98976270 B

RecycleBin => 175080941 B
EmptyTemp: => 2.6 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 15:16:01 ====

cosinus 04.11.2022 15:46
Zitat:
"C:\Users\Matthias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Amazon-Service-Center[2083].docx" => nicht gefunden
Die Datei jedenfalls gibt es nicht mehr.

DragonBaster 04.11.2022 16:01
Jetzt habe ich nochmals einen Fullscan via Defender gemacht.

Dieses Mal sagt dieser:
"Bedrohungen gefunden. Starten Sie die empfohlenen Aktionen."

Steht aber nicht da was.

Darunter ist der Button "Aktionen starten". Ein Klick darauf bewirkt nichts.

Weiß nicht ob ich einen Screenshot hier hochladen soll, deshalb hab ichs mal beschrieben.

Edit: jetzt steht die Bedrohung da. Wieder die selbe Bedrohung. Datum und Uhrzeit auch.

cosinus 04.11.2022 19:45
Damit kann ich echt nichts anfangen. Diese docx-Datei ist jedenfall NICHT MEHR da!

adwCleaner

Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags.

adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.

DragonBaster 04.11.2022 20:26
Laut dem Log scheint es so, als würde das cleanen nicht funktionieren. Hab es 2 mal durchlaufen lassen, kommt auch beim 3. Mal wieder.

Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-04-2022
# Duration: 00:00:03
# OS:      Windows 11 (Build 22621.674)
# Scanned:  32100
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.MultiPlug          C:\Program Files\SAFERWEB
PUP.Optional.MultiPlug          C:\ProgramData\SAFERWEBSERVICE

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-04-2022
# Duration: 00:00:00
# OS:      Windows 11 (Build 22621.674)
# Cleaned:  2
# Awaiting reboot:2
# Failed:  0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Needs Reboot  C:\Program Files\SAFERWEB
Needs Reboot  C:\ProgramData\SAFERWEBSERVICE

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed  C:\Program Files\SAFERWEB
Cleaning failed  C:\ProgramData\SAFERWEBSERVICE

*************************

AdwCleaner[S00].txt - [1513 octets] - [04/11/2022 20:17:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-04-2022
# Duration: 00:00:03
# OS:      Windows 11 (Build 22621.674)
# Scanned:  32100
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.MultiPlug          C:\Program Files\SAFERWEB
PUP.Optional.MultiPlug          C:\ProgramData\SAFERWEBSERVICE

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1513 octets] - [04/11/2022 20:17:52]
AdwCleaner[C00].txt - [1884 octets] - [04/11/2022 20:21:20]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-04-2022
# Duration: 00:00:00
# OS:      Windows 11 (Build 22621.674)
# Cleaned:  2
# Awaiting reboot:2
# Failed:  0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Needs Reboot  C:\Program Files\SAFERWEB
Needs Reboot  C:\ProgramData\SAFERWEBSERVICE

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed  C:\Program Files\SAFERWEB
Cleaning failed  C:\ProgramData\SAFERWEBSERVICE

*************************

AdwCleaner[S00].txt - [1513 octets] - [04/11/2022 20:17:52]
AdwCleaner[C00].txt - [1884 octets] - [04/11/2022 20:21:20]
AdwCleaner[S01].txt - [1635 octets] - [04/11/2022 20:22:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

cosinus 04.11.2022 20:39
Scripting/Repair mit FRST64

WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    Start::
    CloseProcesses:
    GroupPolicy: Beschränkung ? <==== ACHTUNG
    Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
    "C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" konnte nicht entsperrt werden. <==== ACHTUNG
    Task: {27CE9D59-9D48-4D29-99BC-64657AEBA494} - System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask
    R2 rsDNSClientSvc; C:\Program Files\SaferWeb\rsDNSClientSvc.exe [743040 2022-10-30] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
    R2 rsDNSResolver; C:\Program Files\SaferWeb\rsDNSResolver.exe [10939008 2022-10-30] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
    R2 rsDNSSvc; C:\Program Files\SaferWeb\rsDNSSvc.exe [335488 2022-10-30] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
    C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll
    C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh
    C:\Users\Matthias\AppData\Local\ESET
    C:\WINDOWS\system32\Tasks\Avira
    C:\Users\Matthias\AppData\Local\Avira
    C:\ProgramData\Avira
    C:\Program Files (x86)\Avira
    C:\ProgramData\Avast Software
    C:\Program Files\SaferWeb
    C:\ProgramData\SaferWebService
    C:\Users\Matthias\AppData\Roaming\SaferWeb
    C:\Program Files (x86)\TOTALAV
    emptytemp:
    End::
  • Starte nun FRST und klicke direkt den Reparieren Button.Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

DragonBaster 04.11.2022 20:52
Code:
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-11-2022
durchgeführt von Matthias (04-11-2022 20:49:12) Run:2
Gestartet von C:\Users\Matthias\Downloads
Geladene Profile: Matthias
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start::
CloseProcesses:
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
"C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" konnte nicht entsperrt werden. <==== ACHTUNG
Task: {27CE9D59-9D48-4D29-99BC-64657AEBA494} - System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask
R2 rsDNSClientSvc; C:\Program Files\SaferWeb\rsDNSClientSvc.exe [743040 2022-10-30] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsDNSResolver; C:\Program Files\SaferWeb\rsDNSResolver.exe [10939008 2022-10-30] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsDNSSvc; C:\Program Files\SaferWeb\rsDNSSvc.exe [335488 2022-10-30] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh
C:\Users\Matthias\AppData\Local\ESET
C:\WINDOWS\system32\Tasks\Avira
C:\Users\Matthias\AppData\Local\Avira
C:\ProgramData\Avira
C:\Program Files (x86)\Avira
C:\ProgramData\Avast Software
C:\Program Files\SaferWeb
C:\ProgramData\SaferWebService
C:\Users\Matthias\AppData\Roaming\SaferWeb
C:\Program Files (x86)\TOTALAV
emptytemp:
End::
*****************

Prozesse erfolgreich geschlossen.
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\ProgramData\NTUSER.pol => erfolgreich verschoben
"C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" konnte nicht entsperrt werden. <==== ACHTUNG" => nicht gefunden
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27CE9D59-9D48-4D29-99BC-64657AEBA494}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27CE9D59-9D48-4D29-99BC-64657AEBA494}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\rsDNSClientSvc => erfolgreich entfernt
rsDNSClientSvc => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\rsDNSResolver => erfolgreich entfernt
rsDNSResolver => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\rsDNSSvc => erfolgreich entfernt
rsDNSSvc => Dienst erfolgreich entfernt
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll => erfolgreich verschoben
C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh => erfolgreich verschoben
C:\Users\Matthias\AppData\Local\ESET => erfolgreich verschoben
C:\WINDOWS\system32\Tasks\Avira => erfolgreich verschoben
C:\Users\Matthias\AppData\Local\Avira => erfolgreich verschoben
C:\ProgramData\Avira => erfolgreich verschoben
C:\Program Files (x86)\Avira => erfolgreich verschoben
C:\ProgramData\Avast Software => erfolgreich verschoben
C:\Program Files\SaferWeb => erfolgreich verschoben
C:\ProgramData\SaferWebService => erfolgreich verschoben
C:\Users\Matthias\AppData\Roaming\SaferWeb => erfolgreich verschoben
"C:\Program Files (x86)\TOTALAV" => nicht gefunden

=========== EmptyTemp: ==========

FlushDNS => abgeschlossen
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9560252 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 135803514 B
Windows/system/drivers => 2279495 B
Edge => 0 B
Chrome => 393985509 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 3084 B
LocalService => 26260 B
NetworkService => 34944 B
Matthias => 576271 B

RecycleBin => 25193 B
EmptyTemp: => 517.9 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 20:49:16 ====

cosinus 04.11.2022 20:58
Dieser SaferWeb-Müll sollte nun weg sein. Mach nochmal nen Lauf mit adwCleaner.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:19 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19