Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner oder Malware eingefangen? Gimp Updater wird als Malware erkannt (https://www.trojaner-board.de/208698-trojaner-malware-eingefangen-gimp-updater-malware-erkannt.html)

Hylian 27.02.2024 14:44
Trojaner oder Malware eingefangen? Gimp Updater wird als Malware erkannt
 
Hallo zusammen,

ich glaube ich habe mir Malware eingefangen und diese sind nicht durch Malwarebytes erfolgreich gelöscht worden.
Würdet ihr bitte einmal über mein System drüberschauen und mir sagen ob noch Probleme bestehen. Die Malware war wohl Gimp Updater.
Ich kann bei Bedarf auch gerne noch die Logdaten von Malwarebytes posten.



Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
durchgeführt von Lil Vamp (Administrator) auf DESKTOP-M7EP8UC (Micro-Star International Co., Ltd. MS-7A38) (27-02-2024 14:09:26)
Gestartet von C:\Users\Lil Vamp\Downloads\FRST64.exe
Geladene Profile: Lil Vamp
Plattform: Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGTool.exe
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\Lil Vamp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Lil Vamp\AppData\Local\Microsoft\OneDrive\24.020.0128.0003\Microsoft.SharePoint.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (geek software GmbH -> geek software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2fe7c165c5dd3267\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\XboxGameBarSpotify.exe
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2311.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.124.1221.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.124.1221.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Lil Vamp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin) [Datei ist nicht signiert]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [486464 2020-10-01] (geek software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2008856 2021-12-08] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Lil Vamp\AppData\Local\slack\Update.exe [1584656 2018-11-11] (Slack Technologies, Inc. -> )
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [90952568 2020-10-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Lil Vamp\AppData\Local\Microsoft\Teams\Update.exe [1789768 2019-08-18] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [Blizz] => C:\Users\Lil Vamp\AppData\Roaming\Blizz\Blizz.exe [39442048 2020-04-08] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [] => [X]
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (Keine Datei)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [24017528 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [MicrosoftEdgeAutoLaunch_449EB040EEE76013652793F6BD8242E1] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70921216 2024-02-23] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\MountPoints2: {cd4c5bc6-a9a0-11e9-9e1c-309c238a2d04} - "D:\pushinst.exe"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\MountPoints2: {d31c1a6d-d2ed-11e8-9dd9-309c238a2d04} - "E:\LaunchU3.exe" -a
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exe [2024-02-26] (Google LLC -> Google LLC)
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {394EE2A1-C6B1-404B-A2C9-9C483745E46D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {BAF21D80-2C0B-4E0D-B7DF-0444D8D280B7} - System32\Tasks\Avira_FallbackUpdater => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start AviraFallbackUpdater Delayed=false
Task: {25B07876-369B-4166-8729-B1544CCED3B5} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {25B07876-369B-4166-8729-B1544CCED3B5} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {25B07876-369B-4166-8729-B1544CCED3B5} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {7EFA9FB7-91D0-496F-BDF7-A3608C39CDF3} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [260832 2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {D3397E0E-6F45-4364-B82F-FC309017DE45} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1825360 2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {1CA6C108-1B14-4955-AF05-5D406232A7CD} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {794D9557-9332-4649-84DE-BA1677E3823F} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [37097112 2023-12-15] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {520C8626-A525-489A-829B-F7DA508E227A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-19] (Google Inc -> Google LLC)
Task: {19FD6700-1A0D-4C82-9711-8A186144E11A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-19] (Google Inc -> Google LLC)
Task: {9AA5C09B-DC10-4EF9-852B-5D11A86151FD} - System32\Tasks\HPCustParticipation HP ColorLaserJet MFP M178-M181 => C:\Program Files\HP\HP ColorLaserJet MFP M178-M181\Bin\HPCustPartic.exe [6659488 2020-01-22] (HP Inc -> HP Inc.)
Task: {DAD5E68A-8176-4425-B5CC-A15B451CE242} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {A4E18C6C-43BF-4724-81E6-CA9E0C8DA743} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7E0F84D-E243-4B4B-9756-E82F3852A3CC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {79C67321-B852-422A-B931-91F28A2596DB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A01470B-6C6F-4E45-826A-02190C3A4081} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4436272 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {2801E170-EE59-4E99-9241-4F7F3C4ACC79} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [362192 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {389C3A98-131B-4AD3-9031-2782EA53C291} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-20] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {EC01A875-54B4-4303-AB2E-5F0438A3F31E} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2168636311-4045087428-3637539368-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-20] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {A56EDA1E-65DE-47FE-B447-5E7CAC01B76C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {8B70E5F4-C069-4327-9F49-FCA133C942A1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {7467276E-B594-42CA-B89D-3CB83B33F3AA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {09E6DFAA-DC8D-44CF-949E-7C26E3CE0478} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DEE5ED77-B0A6-4D5A-A92B-E61860898523} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0920731-367A-4F7D-AE3C-DD5A599C0ACE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A7A7D487-EFDE-43B0-9571-C1538F85C3F9} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6E2130CB-6228-45FD-A7A0-ED9DC851E6BD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DA042E0E-783E-4A39-9E26-AF1B67C47F62} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {145D5E10-471F-47BC-890D-AB8EF5F73528} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {85AC4649-8BE3-4665-B185-5B287B96A590} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [412568 2020-06-26] (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.) -> "C:\Program Files (x86)\SogouInput\9.8.0.3746\SGTool.exe" --appid=pinyinrepair /t /v

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ffe0d0b-5d73-435a-982e-76bce369bc6c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ffe0d0b-5d73-435a-982e-76bce369bc6c}\64259445A51224F68702733363230235C4: [DhcpNameServer] 192.168.188.1
Tcpip\..\Interfaces\{2ffe0d0b-5d73-435a-982e-76bce369bc6c}\64259445A51224F68702733363230235C4: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{31fbf6cc-82fa-4fae-ae6d-7f563f36c899}: [DhcpNameServer] 8.8.8.8 208.67.222.222
Tcpip\..\Interfaces\{5b3bc9bb-799c-4fd9-ad7e-d516cfda8258}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b7251a39-74b2-41c7-8037-7d0df0f6e85e}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\Lil Vamp\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-27]
Edge Extension: (Google Docs Offline) - C:\Users\Lil Vamp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-22]
Edge Extension: (Edge relevant text changes) - C:\Users\Lil Vamp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]

FireFox:
========
FF DefaultProfile: esnoyytm.default
FF ProfilePath: C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default [2024-02-27]
FF Notifications: Mozilla\Firefox\Profiles\esnoyytm.default -> hxxps://tinder.com
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\@windscribeff.xpi [2023-11-10]
FF Extension: (Avira Browserschutz) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\abs@avira.com.xpi [2019-01-08] [UpdateUrl:hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (BetterTTV) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\firefox@betterttv.net.xpi [2024-02-19]
FF Extension: (FrankerFaceZ) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\frankerfacez@frankerfacez.com.xpi [2019-06-22] [UpdateUrl:hxxps://cdn.frankerfacez.com/script/firefox-updates.json]
FF Extension: (MyJDownloader Browser Erweiterung) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2021-10-15] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (uBlock Origin) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\uBlock0@raymondhill.net.xpi [2024-02-23]
FF Extension: (MetaMask) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\webextension@metamask.io.xpi [2024-02-09]
FF Extension: (10ten Japanese Reader (Rikaichamp)) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\{59812185-ea92-4cca-8ab7-cfcacee81281}.xpi [2024-01-08]
FF Extension: (Perapera Chinese Popup Dictionary) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\{90089c2c-9ab9-4d7b-a612-47c04c85c90e}.xpi [2021-02-26]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default [2024-02-05]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-01-30]
CHR Extension: (Rajiko) - C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcfdikabeebbgbopoagpabbdokepnff [2023-09-29]
CHR Extension: (Avira Browserschutz) - C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2022-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6782232 2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3004688 2022-07-22] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [389096 2023-09-06] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [268600 2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [298400 2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-04-21] (BattlEye Innovations e.K. -> )
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1134624 2023-06-26] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11364008 2024-02-26] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11364008 2024-02-26] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-18] (Epic Games Inc. -> Epic Games, Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-22] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2fe7c165c5dd3267\Display.NvContainer\NVDisplay.Container.exe [1275528 2024-01-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [22384 2023-11-16] (Microsoft Windows -> Microsoft Corporation)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [486464 2020-10-01] (geek software GmbH -> geek software GmbH)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [403048 2023-07-05] (Proton Technologies AG -> ProtonVPN)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SogouSvc; C:\Program Files (x86)\SogouInput\SogouExe\SogouSvc.exe [469912 2020-06-26] (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11660528 2018-12-07] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-04-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-04-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1337216 2022-04-12] (Windscribe Limited -> Windscribe Limited)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 acsock; C:\WINDOWS\system32\DRIVERS\acsock64.sys [293264 2021-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.)
S3 avmeject; C:\WINDOWS\System32\drivers\avmeject.sys [14120 2018-08-22] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [190712 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [233560 2023-05-26] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 fwlanusb6_nv2; C:\WINDOWS\system32\DRIVERS\fwlanusb6_nv2.sys [2235152 2018-08-22] (WDKTestCert rstolz,131417395005862431 -> AVM GmbH)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-02-27] (Malwarebytes Inc. -> Malwarebytes)
R1 netprotection_network_filter; C:\WINDOWS\System32\drivers\netprotection_network_filter.sys [100128 2022-05-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S3 ProtonVPNCallout; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [28784 2023-11-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
U5 rtp_filesystem_filter; C:\Windows\System32\Drivers\rtp_filesystem_filter.sys [219448 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_filter; C:\WINDOWS\System32\DRIVERS\rtp_filter.sys [379264 2024-02-26] (Avira Operations GmbH -> Avira Operations GmbH)
U5 rtp_process_monitor; C:\Windows\System32\Drivers\rtp_process_monitor.sys [199992 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_traverse; C:\WINDOWS\system32\DRIVERS\rtp_traverse.sys [41984 2023-11-10] (Avira Operations GmbH -> Avira Operations GmbH)
S3 sonics_WaveExtensible; C:\WINDOWS\system32\drivers\vrtaupipe.sys [28976 2018-05-09] (CLOSED LOOP LABS LTD -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2022-04-12] (Windscribe Limited -> The OpenVPN Project)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBAudioVMAUXVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmauxvaio64_win10.sys [71920 2019-05-25] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2019-02-09] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74064 2021-12-08] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49608 2023-04-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [495896 2023-04-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-04-02] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\WINDOWS\system32\DRIVERS\WindscribeSplitTunnel.sys [35752 2022-04-12] (Windscribe Limited -> )
R3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2022-04-12] (Windscribe Limited -> WireGuard LLC)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-11-30] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-05-28] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776 2021-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited Corporation)
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-02-27 14:09 - 2024-02-27 14:10 - 000035073 _____ C:\Users\Lil Vamp\Downloads\FRST.txt
2024-02-27 14:09 - 2024-02-27 14:10 - 000000000 ____D C:\FRST
2024-02-27 14:08 - 2024-02-27 14:08 - 002386944 _____ (Farbar) C:\Users\Lil Vamp\Downloads\FRST64.exe
2024-02-27 14:06 - 2024-02-27 14:06 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-02-26 15:35 - 2024-02-27 01:15 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\Malwarebytes
2024-02-26 15:35 - 2024-02-26 15:35 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-26 15:35 - 2024-02-26 15:35 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-26 15:35 - 2024-02-26 15:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-26 15:35 - 2024-02-26 15:35 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-26 15:22 - 2024-02-26 15:23 - 000000000 ____D C:\Users\Lil Vamp\Desktop\Bilder von kaputten Staubsauger
2024-02-26 15:16 - 2024-02-26 15:16 - 002585496 _____ (Malwarebytes) C:\Users\Lil Vamp\Downloads\MBSetup.exe
2024-02-26 15:16 - 2024-02-26 15:16 - 002585496 _____ (Malwarebytes) C:\Users\Lil Vamp\Downloads\MBSetup(2).exe
2024-02-26 15:16 - 2024-02-26 15:16 - 002585496 _____ (Malwarebytes) C:\Users\Lil Vamp\Downloads\MBSetup(1).exe
2024-02-24 10:26 - 2024-02-24 10:26 - 000246526 _____ C:\Users\Lil Vamp\Documents\Aufnahmeantrag.pdf
2024-02-24 03:20 - 2024-02-24 03:20 - 000073133 _____ C:\Users\Lil Vamp\Downloads\65d7d947aadd7931306ed2ed_AIXCSC Aufnahmeantrag+Satzung 0224 1e.pdf
2024-02-20 15:18 - 2024-02-20 15:18 - 001138687 _____ C:\Users\Lil Vamp\Documents\Bewilligungsbescheid_2024.pdf
2024-02-20 15:11 - 2024-02-20 19:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-18 14:20 - 2024-02-18 14:23 - 000000000 ___HD C:\$WinREAgent
2024-02-17 14:37 - 2024-02-17 14:37 - 000000051 _____ C:\Users\Lil Vamp\Desktop\NZBgeek.txt
2024-02-17 14:29 - 2024-02-17 14:29 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-17 14:29 - 2024-02-17 14:29 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-15 18:37 - 2024-02-15 18:37 - 000740652 _____ C:\Users\Lil Vamp\Documents\STAWAG_Schlussrechnung.pdf
2024-02-15 13:01 - 2024-02-15 13:01 - 000104715 _____ C:\Users\Lil Vamp\Downloads\Paketschein_244046527024_Brandstätter_150224.pdf
2024-02-07 18:09 - 2024-02-07 18:09 - 000001230 _____ C:\Users\Public\Desktop\Proton VPN.lnk
2024-02-07 18:09 - 2024-02-07 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2024-02-04 18:45 - 2024-02-04 18:45 - 000000448 __RSH C:\ProgramData\ntuser.pol
2024-02-04 18:42 - 2024-02-04 18:42 - 3033710592 _____ C:\Users\Lil Vamp\Downloads\linuxmint-21.3-xfce-64bit.iso
2024-02-01 17:51 - 2024-01-19 00:25 - 002095360 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-02-01 17:51 - 2024-01-19 00:25 - 002095360 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-02-01 17:51 - 2024-01-19 00:25 - 001655656 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-02-01 17:51 - 2024-01-19 00:25 - 001655656 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-02-01 17:51 - 2024-01-19 00:25 - 001487376 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-02-01 17:51 - 2024-01-19 00:25 - 001434480 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-02-01 17:51 - 2024-01-19 00:25 - 001434480 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-02-01 17:51 - 2024-01-19 00:25 - 001278720 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-02-01 17:51 - 2024-01-19 00:25 - 001278720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-02-01 17:51 - 2024-01-19 00:25 - 001226872 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-02-01 17:51 - 2024-01-19 00:22 - 001040400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-02-01 17:51 - 2024-01-19 00:22 - 000670240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-02-01 17:51 - 2024-01-19 00:22 - 000505992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-02-01 17:51 - 2024-01-19 00:21 - 002173984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-02-01 17:51 - 2024-01-19 00:21 - 001625632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-02-01 17:51 - 2024-01-19 00:21 - 001542280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-02-01 17:51 - 2024-01-19 00:21 - 001199112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-02-01 17:51 - 2024-01-19 00:21 - 000841848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-02-01 17:51 - 2024-01-19 00:20 - 016032888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 012928120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 006780960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 003721224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 001023608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 000787064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 000459912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-02-01 17:51 - 2024-01-19 00:19 - 005907464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-02-01 17:51 - 2024-01-19 00:19 - 005772816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-02-01 17:51 - 2024-01-19 00:18 - 000853000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-02-01 17:51 - 2024-01-18 12:32 - 000120271 _____ C:\WINDOWS\system32\nvinfo.pb
2024-02-01 15:13 - 2024-02-01 15:13 - 000259665 _____ C:\Users\Lil Vamp\Downloads\47_262331321_000000001_47LM202400000363ER_20240131.pdf

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-02-27 14:10 - 2021-12-19 11:45 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-27 14:10 - 2019-07-19 14:16 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-27 14:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-27 14:09 - 2018-08-19 21:24 - 000000000 ____D C:\ProgramData\NVIDIA
2024-02-27 14:08 - 2022-02-12 19:02 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-27 14:07 - 2018-12-24 01:20 - 000000000 ____D C:\Users\Lil Vamp\AppData\LocalLow\SogouPY
2024-02-27 14:06 - 2020-08-13 22:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-27 14:06 - 2020-08-13 22:39 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-27 14:06 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-27 14:06 - 2018-12-21 23:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-02-27 01:25 - 2023-02-15 09:25 - 005780576 _____ C:\WINDOWS\system32\rtp.db
2024-02-27 01:25 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-02-27 01:17 - 2020-08-13 22:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-26 22:41 - 2019-07-19 14:16 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-26 22:41 - 2019-07-19 14:16 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-26 16:19 - 2018-08-19 21:32 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\D3DSCache
2024-02-26 15:35 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-26 15:35 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-26 15:20 - 2020-08-13 23:22 - 000475978 _____ C:\WINDOWS\system32\perfh011.dat
2024-02-26 15:20 - 2020-08-13 23:22 - 000131662 _____ C:\WINDOWS\system32\perfc011.dat
2024-02-26 15:20 - 2020-08-13 22:44 - 002321176 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-26 15:20 - 2019-12-07 15:51 - 000739414 _____ C:\WINDOWS\system32\perfh007.dat
2024-02-26 15:20 - 2019-12-07 15:51 - 000149046 _____ C:\WINDOWS\system32\perfc007.dat
2024-02-26 15:13 - 2018-09-14 16:40 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\CrashDumps
2024-02-26 12:27 - 2023-04-24 15:38 - 000379264 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_filter.sys
2024-02-25 23:37 - 2018-08-23 19:50 - 000000000 ____D C:\ProgramData\Riot Games
2024-02-25 23:24 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-25 19:34 - 2020-06-19 17:39 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-25 19:34 - 2020-06-19 17:39 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-24 19:37 - 2022-10-13 23:21 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-24 19:37 - 2022-10-13 23:21 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-02-24 19:37 - 2020-08-13 22:46 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-23 20:58 - 2018-09-07 18:44 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\JDownloader 2.0
2024-02-21 17:51 - 2020-08-13 22:46 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-21 17:51 - 2020-08-13 22:46 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-20 19:17 - 2018-08-23 19:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-20 17:01 - 2018-09-02 23:07 - 000000000 ____D C:\Users\Lil Vamp\AppData\Roaming\vlc
2024-02-20 16:27 - 2021-10-11 10:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-02-20 16:27 - 2018-08-23 19:23 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-17 18:40 - 2020-08-13 22:39 - 000515336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-17 18:39 - 2019-12-07 15:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-17 14:32 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-17 14:29 - 2020-08-13 22:41 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-17 14:26 - 2021-12-12 18:20 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2168636311-4045087428-3637539368-1001
2024-02-17 14:26 - 2020-08-13 22:46 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2168636311-4045087428-3637539368-1001
2024-02-17 14:26 - 2020-08-13 22:40 - 000002408 _____ C:\Users\Lil Vamp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-17 14:26 - 2018-08-23 21:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-02-17 14:17 - 2018-08-23 19:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-17 14:14 - 2018-08-23 19:23 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-07 18:09 - 2021-11-30 17:18 - 000000000 ____D C:\Users\Lil Vamp\AppData\Roaming\Proton Technologies AG
2024-02-07 18:09 - 2021-11-30 17:18 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\ProtonVPN
2024-02-07 18:09 - 2021-11-30 17:18 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2024-02-01 17:55 - 2018-08-23 19:40 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\NVIDIA
2024-01-31 17:41 - 2020-08-13 22:40 - 000000000 ____D C:\Users\Lil Vamp

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2023-11-01 12:49 - 2023-11-01 12:49 - 000000211 _____ () C:\Users\Lil Vamp\AppData\Roaming\com.reolink.app.client
2018-08-30 20:22 - 2019-02-10 19:53 - 000007662 _____ () C:\Users\Lil Vamp\AppData\Roaming\SpeedRunnersLog.txt
2019-02-09 20:20 - 2019-05-25 23:02 - 000004694 _____ () C:\Users\Lil Vamp\AppData\Roaming\VoiceMeeterDefault.xml
2023-06-03 16:25 - 2023-06-03 16:25 - 000006441 _____ () C:\Users\Lil Vamp\AppData\Local\recently-used.xbel
2018-08-19 21:33 - 2018-08-29 16:27 - 000007602 _____ () C:\Users\Lil Vamp\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
Addition.txt in zweiten Beitrag.

Hylian 27.02.2024 14:44
Code:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
durchgeführt von Lil Vamp (27-02-2024 14:13:02)
Gestartet von C:\Users\Lil Vamp\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) (2020-08-13 21:47:02)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-2168636311-4045087428-3637539368-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2168636311-4045087428-3637539368-503 - Limited - Disabled)
Gast (S-1-5-21-2168636311-4045087428-3637539368-501 - Limited - Disabled)
Lil Vamp (S-1-5-21-2168636311-4045087428-3637539368-1001 - Administrator - Enabled) => C:\Users\Lil Vamp
WDAGUtilityAccount (S-1-5-21-2168636311-4045087428-3637539368-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Security (Enabled - Up to date) {CB408250-37A2-2C1F-D758-D2D76CFB0FCB}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Avira Security (Enabled) {BE55A40C-05CA-1096-36EB-CCA92DEAF539}
FW: Avira Security (Enabled) {877B141C-E73B-9A54-223E-108CC963426A}
FW: Avira Security (Enabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
FW: Avira Security (Enabled) {12CE3622-C811-64DE-1773-AA1774F2B8E1}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 23.008.20555 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Games (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.3.8425.2 - Amazon.com Services, Inc.)
A-PDF Merger (HKLM-x32\...\A-PDF Merger_is1) (Version:  - A-PDF.com)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version:  - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.43.1.16819 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.98.1 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version:  - Avira Operations GmbH)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.27.0.19 - Avira Operations GmbH) Hidden
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blackmagic RAW Common Components (HKLM\...\{BF73F11D-8A70-438B-A357-38E1F1A62164}) (Version: 2.8 - Blackmagic Design)
Blizz (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Blizz) (Version: 15.2.20039 - TeamViewer)
BOX4 3 (HKLM\...\{1C3C74BA-2D30-494A-8D3D-31A49423421A}_is1) (Version: 3.0.0.0 - clone.AD)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.04071 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{6B6C5D99-59FB-4B3A-B80A-7FA882769358}) (Version: 4.10.04071 - Cisco Systems, Inc.) Hidden
Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU)
DaVinci Resolve (HKLM\...\{7A0D85EC-72B0-4060-943C-169B1EF74C62}) (Version: 18.1.40009 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{7FA59352-9416-49BB-A98F-FDF3C95C8214}) (Version: 2.0.6.0 - Blackmagic Design)
DeezLoader 3.1.1 (only current user) (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\8675f592-6f7d-534e-a92f-1cdf755ecc58) (Version: 3.1.1 - ExtendLord)
Dentsply Sirona Sidexis 4 - Viewer (HKLM\...\{015DC716-DFAA-4AD4-AE56-92665E4A8714}) (Version: 4.3.1.0 - Sirona Dental Systems GmbH) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Discord) (Version: 0.0.310 - Discord Inc.)
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2206.2902 - Avira Operations GmbH & Co. KG) Hidden
Epic Games Launcher (HKLM-x32\...\{04DDD9BF-6B7B-4858-9AA4-D3C868169D70}) (Version: 1.1.163.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FlyVPN (HKLM-x32\...\FlyVPN) (Version: 4.8.0.1 - FlyVPN)
GIMP 2.10.34 (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\GIMP-2_is1) (Version: 2.10.34 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.70 - Google LLC)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Color LaserJet MFP M178-M181 Hilfe (HKLM-x32\...\{BC6B7CFE-E6DB-4965-B675-77F481CDD500}) (Version: 0.00.0005 - HP)
HP ColorLaserJet MFP M178-M181 - Grundlegende Software für das Gerät (HKLM\...\{0EE84CB0-4047-4B32-8680-8B43B84E3A9B}) (Version: 44.7.2712.2022 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{0A9CC01F-D879-4C38-9CAD-FE00069E52C0}) (Version: 44.5.501.81934 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{C81E4240-9280-4954-BC08-F95DE943EAA0}) (Version: 44.5.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{683CB3DB-AA1A-414C-82FC-EF1F2F1B49D0}) (Version: 44.5.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{A87DA792-B9B6-4367-BC9F-71CE6BF66491}) (Version: 44.5.501.81934 - HP)
HP OneDrive Plugin (HKLM-x32\...\{936D840F-D274-40DD-97DC-2024E18AAA9E}) (Version: 44.5.0.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{FFB85384-C54C-45C4-9515-78F9945A7945}) (Version: 44.5.0.0 - HP)
I.R.I.S OCR (HKLM-x32\...\{C5E64A12-F3D8-4735-8A3B-F9B07C071AFE}) (Version: 15.2.10.1114 - HP Inc.)
International GunZ Installer (HKLM-x32\...\{F5F73DCD-B812-4FD3-B0B9-C1022739864F}) (Version: 1.1.8.0 - International GunZ)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
King Arthur's Gold Classic (HKLM-x32\...\{643B056F-61C1-4489-9797-4D846D101A7A}) (Version: 0.95.590.0 - THD)
Knuddels Standalone App (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Knuddels App ) (Version: "2015.12.6.0" - "Knuddels App")
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
League of Legends (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
League of Legends PBE (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Riot Game league_of_legends.pbe) (Version:  - Riot Games, Inc)
Malwarebytes version 5.0.17.99 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.17.99 - Malwarebytes)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.17231.20236 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Teams) (Version: 1.2.00.19260 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MINA Overwatch 2 Server Selector (HKLM-x32\...\MINA Overwatch 2 Server Selector) (Version: 5.3.0 - MINA Overwatch 2 Server Selector)
MKVToolNix 68.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 68.0.0 - Moritz Bunkus)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 123.0 (x64 de)) (Version: 123.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
Mp3tag v2.97 (HKLM-x32\...\Mp3tag) (Version: 2.97 - Florian Heidenreich)
Nicotine+ (HKLM\...\{E619F19F-A833-4FD1-B2C0-8D8585D16B1D}) (Version: 3.2.7 - Nicotine+ Team)
NoxPlayer (HKLM-x32\...\Nox) (Version: 7.0.1.0 - Duodian Technology Co. Ltd.)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Grafiktreiber 551.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 551.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NZBGet (HKLM-x32\...\NZBGet) (Version:  - nzbget.net)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
OnTopReplica (HKLM-x32\...\{F149C020-D121-45B2-A630-5DB052413244}) (Version: 3.5.1 - OnTopReplica)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PDF24 Creator 9.2.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 9.2.2 - PDF24.org)
Plex (HKLM-x32\...\Plex) (Version: 1.79.1 - Plex, Inc.)
ProtonVPN (HKLM-x32\...\{5D0F40C5-4278-4AA0-A06C-7BD24B088624}) (Version: 2.4.3 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 2.4.3) (Version: 2.4.3 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{87BDF456-9882-44E6-8FFC-F73B83E42EAD}) (Version: 1.1.4 - Proton Technologies AG)
ProtonVPNTun (HKLM-x32\...\{B1EBF050-CC3E-45B0-9DE5-339C6241F3DA}) (Version: 0.13.1 - Proton Technologies AG)
Quivi 1.2.1 (HKLM-x32\...\Quivi) (Version: 1.2.1 - )
ReaPlugs/x64 (HKLM\...\ReaPlugs) (Version:  - )
Reolink 8.14.0 (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\3e633401-0468-5835-935c-33d2b4b2a764) (Version: 8.14.0 - Shenzhen Reolink Technology Co., Ltd.)
Reolink 8.8.5 (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\{3e633401-0468-5835-935c-33d2b4b2a764}) (Version: 8.8.5 - Shenzhen Reolink Technology Co., Ltd.)
Sidexis 4 - Viewer (HKLM-x32\...\{18ba8b0a-c5a6-473c-a3a5-45e2a2c8d648}) (Version: 4.3.1.0 - Dentsply Sirona)
Skype Version 8.65 (HKLM-x32\...\Skype_is1) (Version: 8.65 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\slack) (Version: 3.3.3 - Slack Technologies)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs Chatbot version 1.0.2.52 (HKLM-x32\...\{08D3C5BB-C492-4916-B111-725081845380}_is1) (Version: 1.0.2.52 - Streamlabs)
Streamlabs OBS 0.15.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.15.1 - General Workings, Inc.)
Stremio (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Stremio) (Version: 4.4.164 - Smart Code Ltd)
Studie zur Verbesserung von HP ColorLaserJet MFP M178-M181 (HKLM\...\{109F0C3A-84FB-4F7E-9C80-C1A34478710D}) (Version: 44.7.2712.2022 - HP Inc.)
synedra View Personal 22.0.0.2 (HKLM-x32\...\synedraViewPersonal) (Version: 22.0.0.2 - synedra it GmbH)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.19260 - Microsoft Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.2.1 - TeamSpeak Systems GmbH)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.3399 - TeamViewer)
Telegram Desktop Version 1.8.15 (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC)
Twitch Leecher 1.8.4 (HKLM\...\{4871CA2A-E8D6-429D-B3AD-DA09410AF346}) (Version: 1.8.4.0 - Franiac) Hidden
Twitch Leecher 1.8.4 (HKLM-x32\...\{904941a6-1120-4eaa-a150-30df49e3939c}) (Version: 1.8.4.0 - Franiac)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
Uninstall (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\1D0BD56FF25A52B0DFB9626A5AA9FE1D_is1) (Version: 1.0.0.1 - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
USBHelperLauncher (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\USBHelperLauncher) (Version: 0.17d - FailedShack)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
ViewSonic Windows 8 and 10 64bit Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\WinDirStat) (Version:  - )
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.3 Build 16 - Windscribe Limited)
WinRAR 5.60 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
WizTree v3.33 (HKLM\...\WizTree_is1) (Version: 3.33 - Antibody Software)
XMedia Recode 64bit Version 3.5.7.8 (HKLM\...\{D31E6E69-4C6A-42CC-926F-CC7B186864EB}_is1) (Version: 3.5.7.8 - XMedia Recode 64bit)
Zoom (HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\ZoomUMX) (Version: 5.13.4 (11835) - Zoom Video Communications, Inc.)
搜狗输入法 9.8正式版 (HKLM-x32\...\Sogou Input) (Version: 9.8.0.3746 - Sogou.com)

Packages:
=========

Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-02-15] ()
ALDI life Musik by Napster -> C:\Program Files\WindowsApps\RhapsodyInternationalInc.2133691459C33_1.11.0.0_x64__zddp1e08a7b6t [2018-09-11] (Rhapsody International Inc)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2701.1.0_x64__kgqvnymyfvs32 [2024-02-03] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.261.200.0_x64__kgqvnymyfvs32 [2024-02-11] (king.com)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-04] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-01-22] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa [2024-02-05] (Apple Inc.) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe [2023-12-13] (Microsoft) [Startup Task]
Moodle Desktop -> C:\Program Files\WindowsApps\3312ADB7.MoodleDesktop_3.9.2.0_x64__t8q4t8fsbshw4 [2020-08-04] (Moodle Pty Ltd.)
MyIPTV Player -> C:\Program Files\WindowsApps\41879VbfnetApps.MyIPTVPlayer_4.8.2.0_x64__7casf8sqhfy78 [2023-11-04] (Vbfnet Apps) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2024-02-01] (NVIDIA Corp.)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-04-12] (Adobe Systems Incorporated)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0 [2024-02-12] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm [2024-02-03] (WhatsApp Inc.) [Startup Task]
WinAppRuntime.Main.1.2-p1 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.2-p1_2000.609.1413.0_x64__8wekyb3d8bbwe [2023-10-07] (Microsoft Corp.)
WinAppRuntime.Singleton-p1 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton-p1_2000.609.1413.0_x64__8wekyb3d8bbwe [2023-10-07] (Microsoft Corp.)
Windows App Runtime DDLM 2000.609.1413.0-x6-p1 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.609.1413.0-x6-p1_2000.609.1413.0_x64__8wekyb3d8bbwe [2023-10-07] (Microsoft Corporation)
Windows App Runtime DDLM 2000.609.1413.0-x8-p1 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.609.1413.0-x8-p1_2000.609.1413.0_x86__8wekyb3d8bbwe [2023-10-07] (Microsoft Corporation)
WindowsAppRuntime.1.2-preview1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2-preview1_2000.609.1413.0_x64__8wekyb3d8bbwe [2023-10-07] (Microsoft Corporation)
WindowsAppRuntime.1.2-preview1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2-preview1_2000.609.1413.0_x86__8wekyb3d8bbwe [2023-10-07] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-06-05] (New Work SE)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Lil Vamp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19163.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Lil Vamp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19163.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe (Proton Technologies AG -> ProtonVPN)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-07-15] (Florian Heidenreich) [Datei ist nicht signiert]
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-12-11] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-07-15] (Florian Heidenreich) [Datei ist nicht signiert]
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-07-15] (Florian Heidenreich) [Datei ist nicht signiert]
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-12-11] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2fe7c165c5dd3267\nvshext.dll [2024-01-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-12-11] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2024-02-11 16:01 - 2024-02-11 16:01 - 003092992 _____ (Newtonsoft) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\fc1c5ee021829954b481ddac49b8210f\Newtonsoft.Json.ni.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Lil Vamp\Anwendungsdaten:.grab_device_id [32]
AlternateDataStreams: C:\Users\Lil Vamp\Downloads\FRST64.exe:MBAM.Zone.Identifier [193]
AlternateDataStreams: C:\Users\Lil Vamp\AppData\Roaming:.grab_device_id [32]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [484]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\sharepoint.com -> hxxps://rwthaachende-files.sharepoint.com

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2024-02-07 13:38 - 2024-02-07 13:38 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\HP\IdrsOCR_15.2.10.1114\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "AVMWlanClient"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "GIMP Updater"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "Blizz"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "RiotClient"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{5C062452-3A7F-46BF-8D99-483F5AD23A06}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{7E6E1B68-F46A-40A3-AE46-B964DC2C2064}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{EE29D28A-9B0E-422A-8885-1ECB0A0A0D9C}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe => Keine Datei
FirewallRules: [{C64CD62C-A554-4919-ABB3-81A78DF31384}] => (Allow) C:\Program Files (x86)\FlyVPN\FlyVPN.exe (FLYVPN LIMITED -> )
FirewallRules: [UDP Query User{12F6D194-2526-4D48-9B1A-04E6E34BF8AE}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{47CBD840-214E-416C-84AB-37222D86D384}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{D0E1B67C-1E0D-4DBC-B657-67CE61EA6A15}C:\users\lil vamp\appdata\local\microsoft\onedrive\onedrive.exe] => (Allow) C:\users\lil vamp\appdata\local\microsoft\onedrive\onedrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{10494BDE-D6D5-41C4-B7C2-83EF8214C56C}C:\users\lil vamp\appdata\local\microsoft\onedrive\onedrive.exe] => (Allow) C:\users\lil vamp\appdata\local\microsoft\onedrive\onedrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{230B6B82-A7AE-42F7-A26A-08D6378DFAA8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{00D7944B-1704-4D1F-89AB-01F693E03C60}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7782EC0B-F9F0-42E0-BD86-3F206D6CCCC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{898B6ABD-4E88-432C-8439-09417798EE77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{550414B6-EF8C-4CC6-B2A6-518547EA2826}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B7418149-4E5E-4CD9-A756-2B90C127B41C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D51A75E9-1937-4B72-85B1-D693DC552744}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A1108C91-3F1E-49D3-98F3-973B2C87170B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{20336788-2D48-4191-A2DA-3DA63B178307}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9BEE1794-CDDC-448B-88BC-896F07CF4C37}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4851500E-A0CF-4530-BCDC-39C2075CBD05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe (DoubleDutch Games) [Datei ist nicht signiert]
FirewallRules: [{F076FDDA-9F12-4159-B1AE-74387B58B120}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe (DoubleDutch Games) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{CBEFBAC2-090F-4380-878A-395470436970}C:\users\lil vamp\appdata\local\programs\deezloader\deezloader.exe] => (Allow) C:\users\lil vamp\appdata\local\programs\deezloader\deezloader.exe (ExtendLord) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{387B05AD-E889-4219-8DF3-EE882E202345}C:\users\lil vamp\appdata\local\programs\deezloader\deezloader.exe] => (Allow) C:\users\lil vamp\appdata\local\programs\deezloader\deezloader.exe (ExtendLord) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{298E910B-E808-4FB8-BBE4-5BD20C979738}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D57088DB-4B55-4087-9864-E1412DB29647}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{DF4AFC1E-598C-4968-B9CD-8609211FE991}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{5103E224-8114-4CB8-A6B0-8606693E7510}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{BDDFDBC3-A4A7-4E3C-97D5-297FB603FEE7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{67DD84AE-45FA-4AAA-A774-5C0034242ED7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{1588DEE3-5D1E-4785-BC5E-6F2E81284D4A}C:\users\lil vamp\appdata\local\programs\deezloader\deezloader.exe] => (Allow) C:\users\lil vamp\appdata\local\programs\deezloader\deezloader.exe (ExtendLord) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{101C7444-4668-4B7B-A1F5-761D38BCE8DB}C:\users\lil vamp\appdata\local\programs\deezloader\deezloader.exe] => (Allow) C:\users\lil vamp\appdata\local\programs\deezloader\deezloader.exe (ExtendLord) [Datei ist nicht signiert]
FirewallRules: [{5D9475CE-9A3B-47D0-80D1-611B4AC4C4EE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5A9774EC-E001-44F8-B3F4-8ACD36DA945B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{61E34FAA-6B1B-4759-B61A-B90180E71916}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe (General Workings Inc (Streamlabs) -> hxxps://www.Streamlabs.com)
FirewallRules: [{3B0EEF71-A124-47E8-B6E4-DC474F3BB078}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe (General Workings Inc (Streamlabs) -> hxxps://www.Streamlabs.com)
FirewallRules: [{A5AFF265-5D75-4264-8AE9-C844B23738D9}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe (General Workings Inc (Streamlabs) -> hxxps://www.Streamlabs.com)
FirewallRules: [{820D6A8E-664D-47A3-8850-83A06E3DDC6A}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe (General Workings Inc (Streamlabs) -> hxxps://www.Streamlabs.com)
FirewallRules: [{F16770A1-96C6-498F-9789-7DD6634CC157}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe (General Workings Inc (Streamlabs) -> hxxps://www.Streamlabs.com)
FirewallRules: [{CC080795-74FE-41D3-83E8-3B1047E5738C}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\Streamlabs\Streamlabs Chatbot\Streamlabs Chatbot.exe (General Workings Inc (Streamlabs) -> hxxps://www.Streamlabs.com)
FirewallRules: [TCP Query User{A808C6C2-DD43-461A-B77B-F1256B78CB70}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{DDE5E886-3D51-4A42-8EC3-83A9F7447C9A}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{61BD1048-CD09-4361-ACFE-E016F388D103}C:\users\lil vamp\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\lil vamp\downloads\downloader_diablo2_enus.exe (Blizzard Entertainment) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{48EC2976-5B97-4B73-A8BF-29045820FB5D}C:\users\lil vamp\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\lil vamp\downloads\downloader_diablo2_enus.exe (Blizzard Entertainment) [Datei ist nicht signiert]
FirewallRules: [{35C33C23-C836-4636-8550-292216376201}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{753C9A73-2265-414B-9F4E-EDFD3E2DCA01}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{BF7BE969-F728-4EC8-A11A-BB1950E63469}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3E008615-76E9-4533-924D-45C58EADEF2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6E17A76C-C902-415C-B3F5-60FC24D1197D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe => Keine Datei
FirewallRules: [{8467028D-03AF-437E-9E12-94D9BA11FBC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe => Keine Datei
FirewallRules: [TCP Query User{302CBC8D-22EC-431B-9CFD-AA1979D4B93D}C:\program files (x86)\sogouinput\9.2.0.2785\sgdownload.exe] => (Allow) C:\program files (x86)\sogouinput\9.2.0.2785\sgdownload.exe => Keine Datei
FirewallRules: [UDP Query User{C8A591F1-2962-4978-891C-E905C379ED10}C:\program files (x86)\sogouinput\9.2.0.2785\sgdownload.exe] => (Allow) C:\program files (x86)\sogouinput\9.2.0.2785\sgdownload.exe => Keine Datei
FirewallRules: [TCP Query User{48DE9DFB-1746-4F02-8CFA-E7966A0A95E1}C:\program files (x86)\sogouinput\9.3.0.3129\sgdownload.exe] => (Block) C:\program files (x86)\sogouinput\9.3.0.3129\sgdownload.exe => Keine Datei
FirewallRules: [UDP Query User{758326B5-C7A9-45C9-846F-E93CF2D50479}C:\program files (x86)\sogouinput\9.3.0.3129\sgdownload.exe] => (Block) C:\program files (x86)\sogouinput\9.3.0.3129\sgdownload.exe => Keine Datei
FirewallRules: [TCP Query User{1BDA2FC8-1EAF-42B4-AB9F-E5D692D922CB}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{F59B9F66-E08B-4DC2-A372-BB786DE5FE05}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{44DDFEE0-FDA6-48AA-957B-722846884298}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => Keine Datei
FirewallRules: [UDP Query User{AF249E01-F995-4CE8-AEDC-FB212669BA51}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => Keine Datei
FirewallRules: [TCP Query User{1281C2EF-7C11-41E7-91E4-94DFB0359E53}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [UDP Query User{AD1737EC-82D8-485C-982C-3B5CC9E96AB6}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [{B89ECD93-E08B-4B48-B17E-DAA167B4B838}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{84F534E1-5080-4F0A-B6D7-841E97903DE5}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{C16C9FF3-5B06-40D9-A102-C6C03A6D260F}] => (Allow) C:\Users\Lil Vamp\AppData\Local\SogouExplorer\SogouExplorer.exe => Keine Datei
FirewallRules: [{AABD9128-412E-408A-B2EE-832450F1E7C2}] => (Allow) C:\Users\Lil Vamp\AppData\Local\SogouExplorer\SogouExplorer.exe => Keine Datei
FirewallRules: [{156A8C4F-0239-46E0-86E0-D64D84F323DB}] => (Allow) C:\Users\Lil Vamp\AppData\Local\SogouExplorer\10.0.2.33514\SGRepairTool.exe => Keine Datei
FirewallRules: [{6DD78823-F25A-42BB-B6CE-E304A0AE9F1F}] => (Allow) C:\Users\Lil Vamp\AppData\Local\SogouExplorer\10.0.2.33514\SGRepairTool.exe => Keine Datei
FirewallRules: [{3542DFD1-E641-4056-8A90-0D2678004C0E}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.2.102.1343\QyClient.exe => Keine Datei
FirewallRules: [{9E28D2F3-D48C-4507-BE39-39D952E0F7CA}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.2.102.1343\QyKernel.exe => Keine Datei
FirewallRules: [{B33D541F-5F79-4DAD-B737-C4070B3E1D24}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.2.102.1343\QyPlayer.exe => Keine Datei
FirewallRules: [{4AFB3B56-29F0-4AB2-9CF7-A3A3EA1FFAF8}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.2.102.1343\QyFragment.exe => Keine Datei
FirewallRules: [{B16F574A-583A-450A-964D-053A956F9207}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe => Keine Datei
FirewallRules: [{F07A2C87-35FC-47D4-810B-3591F6349DD2}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.2.102.1343\QYAppPlugin\xPlayer\QyClient.exe => Keine Datei
FirewallRules: [{841F4A17-046A-4FE7-A798-B0F815F45095}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.2.102.1343\QYAppPlugin\qixiu\QXClient.exe => Keine Datei
FirewallRules: [TCP Query User{61762DD8-3B01-4BAE-8D58-A74DC62286D4}C:\users\lil vamp\appdata\local\temp\sogouinput\medal\iqiyisetup_sogou_20200320.exe] => (Block) C:\users\lil vamp\appdata\local\temp\sogouinput\medal\iqiyisetup_sogou_20200320.exe => Keine Datei
FirewallRules: [UDP Query User{0DB17D4F-21DE-4EA2-BB60-8939254EF147}C:\users\lil vamp\appdata\local\temp\sogouinput\medal\iqiyisetup_sogou_20200320.exe] => (Block) C:\users\lil vamp\appdata\local\temp\sogouinput\medal\iqiyisetup_sogou_20200320.exe => Keine Datei
FirewallRules: [{1579937D-6CC7-4BD5-995B-CAC27F9BBE36}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{B5E387F9-624A-4847-B06C-405584BC1B5C}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGTool.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{FCF954A6-96EB-484D-8B04-E02287071653}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{9D759E6D-40DF-4767-9520-DB3E40DAB743}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{F4437A66-60D2-47FD-9D39-F61C8E2703AE}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{F631FC2C-6BD9-49CC-91CC-0C9B1BFF3D64}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\PinyinUp.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{B7BE7A9E-D5A6-4DA5-8C69-8840C069DEB5}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{F73058C5-DB61-4510-B74F-8BA06C0F24F3}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{9BD47FF3-211D-4533-B6DE-4AC67A4A426D}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{84BB8D53-1107-4163-A71A-240E1B3AD92A}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGDownload.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{A9DDF742-7F1E-4087-9A46-8E90C79A4C8E}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{8A5E8A20-8C38-489E-8A59-494F0791297B}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{ED376062-D78C-483C-B11F-A02ECB5A6151}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{0821C081-F374-4F9E-A0B3-CA54F1A83B8C}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SogouCloud.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{A1D574B4-E9B1-4C5C-BB2E-BBBC4649C875}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{2ED76201-259B-45AB-8C2F-4AD6A4E6ECC2}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{B978E010-2F38-483E-AB6D-B8A62111DE0B}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{5F9086EA-B13F-449F-B63B-9D289D025B03}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{DB36B714-7244-4A89-BD50-83401B2B743E}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{BC10145E-4B94-42FF-BAAA-7B12B0922A7B}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{DD70289C-D052-46EB-BBDF-239D60821534}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{9E4DF835-3868-49B9-A051-0CEFD1E7D73B}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\userNetSchedule.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{705536FF-7D99-4153-8BE0-F988D4A33366}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{B9C63225-0708-4E94-8F26-D37ED336A215}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{6786EE1D-C69C-4038-A58D-40A8B201D69F}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{509A4366-FDB0-4EAB-B16D-4C7A0D4500D0}] => (Allow) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGMedalLoader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{E0410788-2BC8-4AE2-8833-71DC12925F40}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{E9A3BEA2-0D98-4C1D-B9D4-95381F96429D}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{77F5D147-730F-4BAF-A2D7-6CB57A10428E}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{BE9A495B-1024-40D5-A7AB-6279E2B7098A}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
FirewallRules: [{DA533F42-DAD0-4A84-87A3-0CEAB9939023}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyKernel.exe => Keine Datei
FirewallRules: [{64B01C82-F8B8-4AC7-B4FE-43B331F02B56}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyPlayer.exe => Keine Datei
FirewallRules: [{5B195F3C-E5B1-4FFA-B3F0-3B26C2EB6BF7}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyFragment.exe => Keine Datei
FirewallRules: [{74026FA5-6529-430C-816F-0EE3C2423572}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyClient.exe => Keine Datei
FirewallRules: [{E30CC349-77B4-4C1A-859D-4EC3996D24A8}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe => Keine Datei
FirewallRules: [{5DA8CD45-0528-4E6A-A7B7-73C963154A58}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QYAppPlugin\xPlayer\QyClient.exe => Keine Datei
FirewallRules: [{85274B85-B2B4-4F99-92C5-A5A8B3FD4D4E}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QYAppPlugin\qixiu\QXClient.exe => Keine Datei
FirewallRules: [{D82D56B8-F043-4686-B152-14745EBF115A}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyClient.exe => Keine Datei
FirewallRules: [{4CFD5B76-46D9-421B-AB43-9F23781D3944}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyKernel.exe => Keine Datei
FirewallRules: [{4F551EDD-59C3-463B-9BFE-F43BBAE56DCC}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyPlayer.exe => Keine Datei
FirewallRules: [{43BF91F6-F642-4A7A-909F-73A7F1C5616F}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyFragment.exe => Keine Datei
FirewallRules: [{43A2E456-4E94-4847-AA10-DEBF794AAD1B}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe => Keine Datei
FirewallRules: [{10FA7C0E-D216-4159-BF87-8113D9AB7CF2}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QYAppPlugin\xPlayer\QyClient.exe => Keine Datei
FirewallRules: [{9174C102-A7BB-4E62-970B-7C8C413DE901}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QYAppPlugin\qixiu\QXClient.exe => Keine Datei
FirewallRules: [{B98AD0B3-89A9-4865-87B0-E1C6BE705012}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyClient.exe => Keine Datei
FirewallRules: [{7553E01C-84B8-4D93-88CC-AE09FF271738}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyKernel.exe => Keine Datei
FirewallRules: [{CD040C58-65B6-4665-8F04-50FA22C5C824}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyPlayer.exe => Keine Datei
FirewallRules: [{E82A8B42-3AC3-4D30-9F61-8FF2C548B736}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QyFragment.exe => Keine Datei
FirewallRules: [{7B54DF59-7FAC-4E86-9C30-EA3906FF52AF}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe => Keine Datei
FirewallRules: [{24610DB9-8A46-4240-B6C2-1B12264B717E}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QYAppPlugin\xPlayer\QyClient.exe => Keine Datei
FirewallRules: [{AF054538-5C27-4B8D-B2FB-CAD3AF2594BE}] => (Allow) C:\Program Files (x86)\IQIYI Video\LStyle\7.11.124.2447\QYAppPlugin\qixiu\QXClient.exe => Keine Datei
FirewallRules: [TCP Query User{8C525251-731D-4C87-AD7E-A66AE85B1643}C:\program files\synedra\viewpersonal\synedraviewpersonal.exe] => (Block) C:\program files\synedra\viewpersonal\synedraviewpersonal.exe (synedra information technologies GmbH -> synedra IT GmbH)
FirewallRules: [UDP Query User{6D3D201F-F8C0-425E-9AA3-1E4F5D6DA220}C:\program files\synedra\viewpersonal\synedraviewpersonal.exe] => (Block) C:\program files\synedra\viewpersonal\synedraviewpersonal.exe (synedra information technologies GmbH -> synedra IT GmbH)
FirewallRules: [{9098F35D-F8D9-424D-AF91-D73C32E8E3C9}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{5F64A598-1915-4591-95C5-6DB2F3697671}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Nox Limited -> Nox Limited Corporation)
FirewallRules: [TCP Query User{87D4AE50-8D35-4ED8-99B9-058E7D2BC0AD}C:\users\lil vamp\desktop\emus\cemu_1.24.0\usb helper\usbhelperlauncher.exe] => (Allow) C:\users\lil vamp\desktop\emus\cemu_1.24.0\usb helper\usbhelperlauncher.exe => Keine Datei
FirewallRules: [UDP Query User{6486D202-E9E8-4630-9D4D-949B9C8D6310}C:\users\lil vamp\desktop\emus\cemu_1.24.0\usb helper\usbhelperlauncher.exe] => (Allow) C:\users\lil vamp\desktop\emus\cemu_1.24.0\usb helper\usbhelperlauncher.exe => Keine Datei
FirewallRules: [TCP Query User{E0B3CF07-BC6E-4C9C-8630-93FCE2273A41}C:\users\lil vamp\desktop\emus\cemu_1.24.0\usb helper\wiiu_usb_helper_.exe] => (Allow) C:\users\lil vamp\desktop\emus\cemu_1.24.0\usb helper\wiiu_usb_helper_.exe => Keine Datei
FirewallRules: [UDP Query User{877066A6-68EF-4AA6-BD45-37A7D5E8479D}C:\users\lil vamp\desktop\emus\cemu_1.24.0\usb helper\wiiu_usb_helper_.exe] => (Allow) C:\users\lil vamp\desktop\emus\cemu_1.24.0\usb helper\wiiu_usb_helper_.exe => Keine Datei
FirewallRules: [{88A1984D-69F1-4094-B80E-2A6F1EC5844D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{13C86197-9292-423A-B038-F915C73B00DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{2BBE27BE-F4B2-4DEF-9BC3-651D01F6CFE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{622A2155-4949-4A92-8F4D-031C463CFD45}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{19008ACA-21CB-4F2C-9621-E668FA41C020}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{E01FBD2B-F74E-47DB-9757-E86D3F8C0F70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{325DC56F-82CE-4345-ABD1-22A2CA9FD42F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{C8B09469-583A-4AE5-BB52-57939ED9B182}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [TCP Query User{713DE507-DD5A-41D2-BDB4-5D31A73527F4}C:\users\lil vamp\desktop\restored\2021-08-03_03-53-38\gunz.exe] => (Allow) C:\users\lil vamp\desktop\restored\2021-08-03_03-53-38\gunz.exe (International GunZ) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{C1F9C6D1-D5BA-4194-B40A-CAA3F6C4EACC}C:\users\lil vamp\desktop\restored\2021-08-03_03-53-38\gunz.exe] => (Allow) C:\users\lil vamp\desktop\restored\2021-08-03_03-53-38\gunz.exe (International GunZ) [Datei ist nicht signiert]
FirewallRules: [{A3119703-8292-439A-97DD-E3138DCF0A78}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7C678890-07CF-4ECB-8E10-602BD796AB34}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9189A633-F08F-474D-8053-BFC20ED1406F}] => (Allow) C:\Users\Lil Vamp\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{2DEDA73B-58C2-4E39-8696-5F565083C541}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{DFE480ED-AC34-4DF3-932D-956A556A5770}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{469FAC34-44E6-4CAD-9D00-58D9520037D0}] => (Allow) C:\Users\Lil Vamp\AppData\Local\Temp\7zS21AD\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{A98D99DB-77A7-4C44-B605-FC991816BAA2}] => (Allow) C:\Users\Lil Vamp\AppData\Local\Temp\7zS21AD\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{CCF38E85-B3AE-41CB-80E7-7EFD0E869151}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{0573F29F-AB34-4A92-9BCA-E9884C198722}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{BAD75B50-2C0F-495C-9493-96D3062FE222}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M178-M181\bin\EWSProxy.exe (HP Inc -> HP Inc.)
FirewallRules: [{3DE68202-4368-4AF6-AB71-CCBC1E5C9825}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M178-M181\bin\FaxApplications.exe (HP Inc -> HP Inc.)
FirewallRules: [{801FA282-F0C1-4E94-8418-0F1F140652BF}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M178-M181\bin\DigitalWizards.exe (HP Inc -> HP Inc.)
FirewallRules: [{B60FD591-F1A9-42E6-9CA4-213748C3212B}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M178-M181\bin\SendAFax.exe (HP Inc -> HP Inc.)
FirewallRules: [{F6CC7160-DF83-48EF-B33E-545D0D56D83A}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M178-M181\bin\FaxPrinterUtility.exe (HP Inc -> HP Inc.)
FirewallRules: [{365A34D2-AC1C-448A-8F8F-47B81AC1A94F}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M178-M181\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
FirewallRules: [{01E92565-8754-4C92-905F-89D1E2F3EDC3}] => (Allow) LPort=5357
FirewallRules: [{DB527B0B-A09A-4D54-8D38-13CCC405745E}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M178-M181\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
FirewallRules: [{3470DE61-99FB-4EE3-AFB5-5B706767D5CA}] => (Allow) C:\Users\Lil Vamp\AppData\Local\Temp\7zS459F\HP.EasyStart.exe => Keine Datei
FirewallRules: [TCP Query User{945CA70E-A15A-4041-967C-7405A30F55FF}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{57EDCC30-768A-4D12-8B30-8A1538381FD6}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{EBDFEF6E-E3E3-48A0-9A90-23FD89562CEE}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{88FAC1AF-E0EC-437D-8797-F4751E2393EF}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{659E286E-FEC1-4DCF-95AA-377A2CE6D8B8}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{28793D3D-493F-410B-A8E1-5031E499F0AA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B8CFAAB-1F7C-48E8-8978-59EDF20123EA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{3C93F91E-A36A-4016-A504-DC1C03D9FBE8}C:\program files\epic games\smite\binaries\win64\smite.exe] => (Allow) C:\program files\epic games\smite\binaries\win64\smite.exe => Keine Datei
FirewallRules: [UDP Query User{56CD0082-39E0-4459-AC5E-1BF2A865A6AD}C:\program files\epic games\smite\binaries\win64\smite.exe] => (Allow) C:\program files\epic games\smite\binaries\win64\smite.exe => Keine Datei
FirewallRules: [TCP Query User{06002120-9D8D-40E2-9672-5825691F25C1}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{A6794715-8B46-4240-BC63-A045ECA11A13}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{73EAC156-0A33-4F2D-AC8F-3F01F894621C}C:\users\lil vamp\downloads\ocr manga\power-source\node12\node.exe] => (Allow) C:\users\lil vamp\downloads\ocr manga\power-source\node12\node.exe => Keine Datei
FirewallRules: [UDP Query User{E651A64E-7B15-4588-85A9-A12B7BA8B08E}C:\users\lil vamp\downloads\ocr manga\power-source\node12\node.exe] => (Allow) C:\users\lil vamp\downloads\ocr manga\power-source\node12\node.exe => Keine Datei
FirewallRules: [TCP Query User{E613AEAA-5DA5-4910-8033-A638ECFF781F}C:\users\lil vamp\downloads\ocr manga\power-source\python39\python.exe] => (Allow) C:\users\lil vamp\downloads\ocr manga\power-source\python39\python.exe => Keine Datei
FirewallRules: [UDP Query User{C6EE6AEE-4A6A-4408-A0DF-B0C09F4A7297}C:\users\lil vamp\downloads\ocr manga\power-source\python39\python.exe] => (Allow) C:\users\lil vamp\downloads\ocr manga\power-source\python39\python.exe => Keine Datei
FirewallRules: [TCP Query User{F96F0261-6AA2-477C-BBF9-04003FA2397B}C:\program files\nicotine+\nicotine+.exe] => (Allow) C:\program files\nicotine+\nicotine+.exe (Nicotine+ Team) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{68234774-9FE4-436E-B82F-1A1EC6B830D2}C:\program files\nicotine+\nicotine+.exe] => (Allow) C:\program files\nicotine+\nicotine+.exe (Nicotine+ Team) [Datei ist nicht signiert]
FirewallRules: [{7EC32E06-EB0C-428C-860C-F95D9F5CD83D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sailwind\Sailwind.exe () [Datei ist nicht signiert]
FirewallRules: [{A9D199A4-C969-4EE2-8905-ECF8F7D5AE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sailwind\Sailwind.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{E99DCF5C-2D06-433C-AD78-BD903CCE23A4}C:\users\lil vamp\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\lil vamp\appdata\local\discord\app-1.0.9011\discord.exe => Keine Datei
FirewallRules: [UDP Query User{BD43322D-419A-4E29-B67D-0E18EE8662B8}C:\users\lil vamp\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\lil vamp\appdata\local\discord\app-1.0.9011\discord.exe => Keine Datei
FirewallRules: [{BEEB2FC8-D121-4E16-AD91-FCFCA429E797}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0EB380D8-89D7-49E1-8A57-A8F317CA3973}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34B193B3-49A2-4E99-9659-D6CBB45D4A00}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{120A0F93-2D94-4159-98B7-E4C9582268DC}C:\users\lil vamp\appdata\local\programs\reolink\reolink.exe] => (Allow) C:\users\lil vamp\appdata\local\programs\reolink\reolink.exe (Reolink Innovation Inc. -> Shenzhen Reolink Technology Co., Ltd.)
FirewallRules: [UDP Query User{06720B5D-C289-4E5B-8385-0BE4C6080962}C:\users\lil vamp\appdata\local\programs\reolink\reolink.exe] => (Allow) C:\users\lil vamp\appdata\local\programs\reolink\reolink.exe (Reolink Innovation Inc. -> Shenzhen Reolink Technology Co., Ltd.)
FirewallRules: [{C39E7A34-3A5E-488D-B521-B2CDF0D9A020}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{9BFF6F07-C4AE-4DE5-B156-50BD0C07FE6E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{67BDB869-319D-4751-A3E9-2211A7C9D627}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{7676A61F-5A9C-4891-9DE1-27C7BB0409EA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{F8887AE7-22BA-4613-A46E-0D30FB31E660}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{CADB58C3-B37B-4CF3-B6D5-614465EB97FF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{6A11552B-80AD-4D72-91E1-BCCC49D0DDA5}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => Keine Datei
FirewallRules: [{4FBF1956-77DA-48ED-B31C-E7F7E361B201}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{A5B974CD-D1CA-46ED-83D1-A47D90262327}] => (Allow) D:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{ADE29B65-51F7-4A68-84F2-3359FC40E6E1}] => (Allow) D:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [TCP Query User{22B9EAFD-E22A-4AC4-A5A5-254FDD6BF67F}C:\users\lil vamp\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\lil vamp\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [UDP Query User{A15A2FC6-89E1-4ABE-9838-5887E2D6CC46}C:\users\lil vamp\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\lil vamp\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [TCP Query User{47B5C673-3B4F-41DA-B98B-23B9A6E6B5FC}C:\program files\nzbget\nzbget.exe] => (Block) C:\program files\nzbget\nzbget.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{F2237EF5-AB63-4984-9BD6-5FCDC1D9D0C9}C:\program files\nzbget\nzbget.exe] => (Block) C:\program files\nzbget\nzbget.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{9DA8AB1B-62C3-4287-8522-D8D3434296D6}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe (Plex, Inc. -> )
FirewallRules: [UDP Query User{A29F7A63-C5C4-4786-BC2E-380B95A982E4}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe (Plex, Inc. -> )
FirewallRules: [TCP Query User{BAB9BB50-79F0-4900-9435-858CF7CF7798}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe (Plex, Inc. -> )
FirewallRules: [UDP Query User{FC3ECD4E-DB65-4FD8-9C48-B7F262C77062}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe (Plex, Inc. -> )
FirewallRules: [TCP Query User{24FCA7F1-5224-4D81-B217-B43ED5175796}C:\program files\nzbget\nzbget.exe] => (Allow) C:\program files\nzbget\nzbget.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{B72DBE59-9A6F-45D8-B2CE-386FB109799D}C:\program files\nzbget\nzbget.exe] => (Allow) C:\program files\nzbget\nzbget.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{A832A8DC-9977-4F4F-A7F3-DF6DF0EFA408}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe => Keine Datei
FirewallRules: [UDP Query User{8537BA67-78C8-42A8-B891-8687CCABC7B3}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe => Keine Datei
FirewallRules: [{80FC43C8-2442-4253-A01A-0262452B4EF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4B607E4C-A274-4B9F-B4CB-C62A631F38C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{35F7B438-CC20-40A6-9930-2BFD18356F5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C59D1BA3-D204-4596-AC82-03231BF39FAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3CDD4499-AC2F-427E-89DA-1885C53B0771}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26BA130C-5D71-4103-A45E-A414D98E77D2}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78CC2056-6F01-43F1-A1B0-607CE8FA904A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{4532F7A2-5487-4C2D-A6C6-5BB9FBF9A2B2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{DB90C302-0499-41B5-ABC6-EA8250366F64}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{EBEB392F-1804-4F2D-AF91-F0DEE04482C5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A9AC27AE-F161-40B3-9587-31BE4F08B516}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B836CBFB-A7B7-4DB8-B1BE-99F7B917B81E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A92B5336-68BD-4432-88AC-ADEA59269F82}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{9114F218-CCD7-4B80-BBC0-2024B6AF8CE5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{50315A0E-4098-4D63-84C6-679BF80AA33E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F8428CE4-3A3F-47E9-9867-A65F20A6949E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{33FDDEAE-8FB0-44FE-8246-6F1AF29B96B2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{508F58D2-B913-4F1E-8EB5-796E00AD1317}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5103C307-01E8-4E78-A485-8673734414E0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{70CDBE71-6B8C-41F8-A3BC-4ADAF717C465}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C1F9D948-3A2D-4435-9AFD-CC2C4B605195}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8D953730-E449-4689-A33D-4CCB05817560}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F3B024BE-CAC5-43CD-A1E8-8D7AEC801831}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1D80E874-F17F-4360-9FC6-5ABF6B3F7F90}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B2207776-D6F5-4D1D-A508-941CE323F5E9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1A3D8D21-C2B9-4102-87E7-3668FF64356D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E7907301-F829-4DAF-80D6-37ADE4C82E66}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4DE5E706-DBBB-4280-ABA4-E5D17E793A0A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F1BEB83D-28C9-4590-A922-66FBFBE4A381}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FE8F25E7-1039-49F8-B535-E7887910E5DD}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{C14B9D13-4F5D-47E2-B09C-872D22D187C6}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FB855482-2D17-4957-B618-0285874CB6F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Wiederherstellungspunkte =========================

26-02-2024 16:20:39 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager ============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (02/27/2024 02:08:32 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Der Windows-Sicherheitscenterdienst konnte keine Instanzen von FirewallProduct aus dem Datastore laden.

Error: (02/27/2024 02:06:57 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-M7EP8UC$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 27 Feb 2024 13:06:55 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d88635f9-4d25-431e-9467-ff97ced39983

Methode: GET(1110ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/26/2024 03:16:04 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Der Windows-Sicherheitscenterdienst konnte keine Instanzen von FirewallProduct aus dem Datastore laden.

Error: (02/26/2024 03:14:19 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-M7EP8UC$ über https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 26 Feb 2024 14:14:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 30018656-004b-4565-8d3a-25ae25ba01fc

Methode: GET(297ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/26/2024 03:13:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchApp.exe, Version: 10.0.19041.3996, Zeitstempel: 0x517a9e5f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.3996, Zeitstempel: 0xb756c9ff
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000012d952
ID des fehlerhaften Prozesses: 0x1ae0
Startzeit der fehlerhaften Anwendung: 0x01da68bdf30dec70
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 3cbb6c91-f906-4569-825a-10a3e856e606
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Search_1.14.12.19041_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CortanaUI

Error: (02/26/2024 03:06:58 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).

Error: (02/26/2024 03:06:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchApp.exe, Version: 10.0.19041.3996, Zeitstempel: 0x517a9e5f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.3996, Zeitstempel: 0xb756c9ff
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000012d952
ID des fehlerhaften Prozesses: 0x3e1c
Startzeit der fehlerhaften Anwendung: 0x01da68bcf553f4e2
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 0f36c7a5-1ea5-47eb-959f-5f20cb280d7c
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Search_1.14.12.19041_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CortanaUI

Error: (02/26/2024 03:06:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchApp.exe, Version: 10.0.19041.3996, Zeitstempel: 0x517a9e5f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.3996, Zeitstempel: 0xb756c9ff
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000012d952
ID des fehlerhaften Prozesses: 0x26d0
Startzeit der fehlerhaften Anwendung: 0x01da68bcf2c76f16
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 900ccf32-7108-4e59-8346-15fbe74e2936
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Search_1.14.12.19041_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CortanaUI


Systemfehler:
=============
Error: (02/27/2024 02:08:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Security Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (02/27/2024 02:08:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Security Updater erreicht.

Error: (02/26/2024 03:26:39 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/26/2024 03:16:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Security Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (02/26/2024 03:16:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Security Updater erreicht.

Error: (02/26/2024 02:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Security Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (02/26/2024 02:56:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Security Updater erreicht.

Error: (02/26/2024 12:26:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Security Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


Windows Defender:
================Event[0]:

Date: 2023-04-03 00:17:52
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.385.1188.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.20100.6
Fehlercode: 0x80004004
Fehlerbeschreibung: Vorgang abgebrochen

Date: 2023-04-03 00:17:52
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.385.1188.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.20100.6
Fehlercode: 0x80004004
Fehlerbeschreibung: Vorgang abgebrochen

Date: 2023-04-03 00:17:52
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.385.1188.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.20100.6
Fehlercode: 0x80004004
Fehlerbeschreibung: Vorgang abgebrochen

Date: 2023-04-03 00:17:52
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.385.1891.0
%Vorherige Version der Sicherheitsinformationen: 1.385.1188.0
Update Source: Benutzer
Sicherheitstyp: AntiSpyware
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.20100.6
%Vorherige Modulversion: 1.1.20100.6
Fehlercode: 0x80004004
Fehlerbeschreibung: Vorgang abgebrochen

Date: 2023-04-03 00:17:52
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.385.1891.0
%Vorherige Version der Sicherheitsinformationen: 1.385.1188.0
Update Source: Benutzer
Sicherheitstyp: AntiVirus
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.20100.6
%Vorherige Modulversion: 1.1.20100.6
Fehlercode: 0x80004004
Fehlerbeschreibung: Vorgang abgebrochen

CodeIntegrity:
===============
Date: 2024-02-27 14:12:47
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen ===========================

BIOS: American Megatrends Inc. A.D0 07/07/2018
Hauptplatine: Micro-Star International Co., Ltd. B350M PRO-VDH (MS-7A38)
Prozessor: AMD Ryzen 5 2600X Six-Core Processor
Prozentuale Nutzung des RAM: 71%
Installierter physikalischer RAM: 8142.89 MB
Verfügbarer physikalischer RAM: 2328.93 MB
Summe virtueller Speicher: 15566.89 MB
Verfügbarer virtueller Speicher: 7285.71 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.29 GB) (Free:24.99 GB) (Model: Samsung SSD 860 EVO 250GB) NTFS
Drive d: (Platten) (Fixed) (Total:447.11 GB) (Free:302.16 GB) (Model: KIOXIA-EXCERIA SATA SSD) NTFS

\\?\Volume{d0c478ff-89da-4f55-9f67-b2baa7b40cef}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{115519b0-2b16-4ea1-8db5-cc85af6e70ea}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 447.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt =======================

M-K-D-B 27.02.2024 20:40
:hallo:



Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen.



Zitat:
Ich kann bei Bedarf auch gerne noch die Logdaten von Malwarebytes posten.
Ja, mach das bitte. Postedie Logdatei von Malwarebytes (MBAM).






Zudem bitte AdwCleaner ausführen.

Schritt 1
Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.

Hylian 29.02.2024 14:34
Hier die benötigten Logdateien.

Code:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build:    01-29-2024
# Database: 2024-01-29.3 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-29-2024
# Duration: 00:00:03
# OS:      Windows 10 (Build 19045.4046)
# Cleaned:  29
# Failed:  0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted      C:\ProgramData\Microsoft\Windows\Start Menu\???
Deleted      C:\Users\Lil Vamp\AppData\Local\SogouExplorer
Deleted      C:\Users\Lil Vamp\AppData\Roaming\SogouExplorer
Deleted      C:\Users\Public\QiYi
Deleted      C:\qycache

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted      HKCU\Software\GIMP Updater
Deleted      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|GIMP Updater
Deleted      HKCU\Software\csastats
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{10FA7C0E-D216-4159-BF87-8113D9AB7CF2}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{24610DB9-8A46-4240-B6C2-1B12264B717E}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3542DFD1-E641-4056-8A90-0D2678004C0E}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{43A2E456-4E94-4847-AA10-DEBF794AAD1B}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4CFD5B76-46D9-421B-AB43-9F23781D3944}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4F551EDD-59C3-463B-9BFE-F43BBAE56DCC}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5DA8CD45-0528-4E6A-A7B7-73C963154A58}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{64B01C82-F8B8-4AC7-B4FE-43B331F02B56}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{74026FA5-6529-430C-816F-0EE3C2423572}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7553E01C-84B8-4D93-88CC-AE09FF271738}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7B54DF59-7FAC-4E86-9C30-EA3906FF52AF}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9E28D2F3-D48C-4507-BE39-39D952E0F7CA}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B16F574A-583A-450A-964D-053A956F9207}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B33D541F-5F79-4DAD-B737-C4070B3E1D24}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B98AD0B3-89A9-4865-87B0-E1C6BE705012}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CD040C58-65B6-4665-8F04-50FA22C5C824}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D82D56B8-F043-4686-B152-14745EBF115A}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DA533F42-DAD0-4A84-87A3-0CEAB9939023}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E30CC349-77B4-4C1A-859D-4EC3996D24A8}
Deleted      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F07A2C87-35FC-47D4-810B-3591F6349DD2}
Deleted      HKLM\Software\Wow6432Node\QiYi

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5275 octets] - [29/02/2024 14:26:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Code:

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 26.02.2024
Scan-Zeit: 15:36
Protokolldatei: 7c141162-d4b4-11ee-82d3-309c238a2d04.json

-Softwaredaten-
Version: 5.0.17.99
Komponentenversion: 1.0.1169
Version des Aktualisierungspakets: 1.0.81447
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 19045.4046)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-M7EP8UC\Lil Vamp

-Scan-Übersicht-
Scan-Typ: Benutzerdefinierter Scan
Scan gestartet von: Manuell
Ergebnis: Abgebrochen
Gescannte Objekte: 861779
Erkannte Bedrohungen: 7
In die Quarantäne verschobene Bedrohungen: 7
Abgelaufene Zeit: STRING-NOT-ADDED

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.InstallCore, HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\SOFTWARE\CSASTATS\ic, In Quarantäne, 66, 586068, 1.0.81447, , ame, , ,
PUP.Optional.GimpUpdaterDe.ShrtCln, HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GIMP Updater, In Quarantäne, 8594, 728127, 1.0.81447, , ame, , ,

Registrierungswert: 1
PUP.Optional.GimpUpdaterDe.ShrtCln, HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GIMP UPDATER, In Quarantäne, 8594, 728126, 1.0.81447, , ame, , ,

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 1
PUP.Optional.QwebDe.ShrtCln, C:\USERS\LIL VAMP\APPDATA\ROAMING\GIMP UPDATER, In Quarantäne, 7379, 728125, 1.0.81447, , ame, , ,

Datei: 3
PUP.Optional.GimpUpdaterDe.ShrtCln, C:\USERS\LIL VAMP\APPDATA\ROAMING\GIMP UPDATER\UPDATER.EXE, In Quarantäne, 8594, 728126, 1.0.81447, , ame, , 33D3D6579F8DAD37A310907B0CED9DA1, 3325568FBECB35F6B61C0D12FEC2E0DF68CED0235A9B4BC76E6AF1F4895CC2F4
PUP.Optional.QwebDe.ShrtCln, C:\USERS\LIL VAMP\APPDATA\ROAMING\GIMP UPDATER\GIMP.ICO, In Quarantäne, 7379, 728125, 1.0.81447, , ame, , 3A502781380607A40C507EB316BB5D96, 9165E8721AC00B0E2235F018181B2383F42BA1451B8365A918BDFC82F6E0B63E
PUP.Optional.QwebDe.ShrtCln, C:\Users\Lil Vamp\AppData\Roaming\GIMP Updater\uninst.exe, In Quarantäne, 7379, 728125, 1.0.81447, , ame, , 30A74D9E8F6086EE7F8EA56C921E5952, 4BD7448BBE8162958F48C767CE9C4B4A8EC12DABB0707F89DCB40C07AE2AE4EF

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)

M-K-D-B 29.02.2024 14:52
Gut gemacht.


Wofür nutzt die die Software "Sogou"? Was kannst du mir zu dieser Software sagen?

Hylian 01.03.2024 18:18
Sogou Pinyin-Methode ist ein beliebter Editor für die chinesische Pinyin-Eingabemethode. Damit kann ich einfacher auf dem Keyboard chinesisch schreiben.
Falls jedoch diese Software mein System kompromittiert, werde ich sie lieber löschen.
Es gibt ja auch eine Alternative von Windows. Ist denn sonst mit dem System alles ok?

M-K-D-B 01.03.2024 20:32
Vielen Dank für die Rückmeldung.

Ich wollte nur sicherstellen, dass du das Programm auch bewusst/absichtlich installiert hast und nutzt.
AdwCleaner hat noch ein paar unerwünschte Einträge entfernt.



Ich würde gerne eine kleine Reparatur mit FRST ausführen, um verwaiste Einträge zu entfernen.

Anschließend kommt noch eine Kontrolle mit SecurityCheck.





Schritt 1
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Markiere den gesamten Inhalt der folgenden Code-Box mit der Maus und kopiere ihn (gleichzeitiges Drücken der beiden Tasten "STRG" + "C"):
    Code:
    Start::
    SystemRestore: On
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [] => [X]
    HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (Keine Datei)
    GroupPolicy: Beschränkung ? <==== ACHTUNG
    GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
    Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
    FF Notifications: Mozilla\Firefox\Profiles\esnoyytm.default -> hxxps://tinder.com
    CHR Notifications: Default -> hxxps://www.youtube.com
    AlternateDataStreams: C:\Users\Lil Vamp\Anwendungsdaten:.grab_device_id [32]
    AlternateDataStreams: C:\Users\Lil Vamp\Downloads\FRST64.exe:MBAM.Zone.Identifier [193]
    AlternateDataStreams: C:\Users\Lil Vamp\AppData\Roaming:.grab_device_id [32]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [484]
    HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "GIMP Updater"
    CMD: netsh winsock reset
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: netsh winhttp reset proxy
    CMD: Bitsadmin /Reset /Allusers
    CMD: Winmgmt /salvagerepository
    CMD: Winmgmt /verifyrepository
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    Hosts:
    RemoveProxy:
    EmptyTemp:
    End::
  • Starte nun FRST und klicke direkt auf den Button Reparieren.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!

  • Wichtig:
    • Bitte gedulde dich, sobald du die Reparatur gestartet hast. Je nach Art und Umfang der notwendigen Reparaturen kann dies einige Minuten dauern.
      Eventuell erhältst du während der Reparatur auch die Information "keine Rückmeldung" von FRST. Das ist normal, du musst nichts weiter tun, nur warten.
    • Mit dieser Reparatur werden alle temporären Dateien/Browserdaten sowie der Papierkorb gelöscht.
    • Mit dieser Reparatur werden die Windows Firewall-Einstellungen zurückgesetzt. Du wirst möglicherweise später aufgefordert, legitimen Programmen eine Erlaubnis/Ausnahme für die Firewall zu erteilen. Dies solltest du dann erlauben/zulassen.

  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.






Schritt 2
Führe SecurityCheck (SC) gemäß der bebilderten Anleitung aus und füge die Logdatei als Anhang hinzu.

Hylian 02.03.2024 19:11
Code:

Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
durchgeführt von Lil Vamp (02-03-2024 18:43:29) Run:1
Gestartet von C:\Users\Lil Vamp\Downloads
Geladene Profile: Lil Vamp
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [] => [X]
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (Keine Datei)
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
FF Notifications: Mozilla\Firefox\Profiles\esnoyytm.default -> hxxps://tinder.com
CHR Notifications: Default -> hxxps://www.youtube.com
AlternateDataStreams: C:\Users\Lil Vamp\Anwendungsdaten:.grab_device_id [32]
AlternateDataStreams: C:\Users\Lil Vamp\Downloads\FRST64.exe:MBAM.Zone.Identifier [193]
AlternateDataStreams: C:\Users\Lil Vamp\AppData\Roaming:.grab_device_id [32]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [484]
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\StartupApproved\Run: => "GIMP Updater"
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository
CMD: Winmgmt /verifyrepository
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
Hosts:
RemoveProxy:
EmptyTemp:
End::
*****************

SystemRestore: On => abgeschlossen
Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozesse erfolgreich geschlossen.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Genshin Impact_Launcher" => erfolgreich entfernt
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
"HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon" => erfolgreich entfernt
"HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
"HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Synchronizer" => erfolgreich entfernt

"C:\WINDOWS\system32\GroupPolicy\Machine" Ordner verschieben:

C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\Program Files\Mozilla Firefox\distribution\policies.json => erfolgreich verschoben
C:\ProgramData\NTUSER.pol => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => erfolgreich entfernt
"FF Notifications:" => erfolgreich entfernt
"Chrome Notifications" => erfolgreich entfernt
C:\Users\Lil Vamp\Anwendungsdaten => ":.grab_device_id" ADS erfolgreich entfernt
C:\Users\Lil Vamp\Downloads\FRST64.exe => ":MBAM.Zone.Identifier" ADS erfolgreich entfernt
"C:\Users\Lil Vamp\AppData\Roaming" => ":.grab_device_id" ADS nicht gefunden.
C:\Users\Public\Shared Files => ":VersionCache" ADS erfolgreich entfernt
"HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GIMP Updater" => nicht gefunden
"HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GIMP Updater" => nicht gefunden

========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.



========= Ende von CMD: =========


========= netsh advfirewall reset =========

OK.



========= Ende von CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.



========= Ende von CMD: =========


========= netsh winhttp reset proxy =========


Aktuelle WinHTTP-Proxyeinstellungen:

    DirectAccess (kein Proxyserver).



========= Ende von CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{F0312DDB-1A6E-4EAB-871A-0B3AAC8991ED} canceled.
{3549B50C-5079-4DB0-BFB6-A0F233E4D5DE} canceled.
{759E6F6D-DC11-4E67-8AB6-AEA638C15DE1} canceled.
{1A3BCADD-75A1-4B8B-8531-3A5734329872} canceled.
{DFEE5EFB-8459-4829-B06B-6CB1841CB32C} canceled.
{79799315-729A-45B3-B2A4-9CBE5C0C38BD} canceled.
6 out of 6 jobs canceled.


========= Ende von CMD: =========


========= Winmgmt /salvagerepository =========

Das WMI-Repository ist konsistent.


========= Ende von CMD: =========


========= Winmgmt /verifyrepository =========

Das WMI-Repository ist konsistent.


========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

========= Ende von CMD: =========

C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========== EmptyTemp: ==========

FlushDNS => abgeschlossen
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 672957850 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 776354291 B
Windows/system/drivers => 1214741374 B
Edge => 0 B
Chrome => 417169935 B
Firefox => 2071652125 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7168 B
ProgramData => 7168 B
Public => 7168 B
systemprofile => 7188 B
systemprofile32 => 7200 B
LocalService => 7611382 B
NetworkService => 26081660 B
Lil Vamp => 3130832137 B

RecycleBin => 0 B
EmptyTemp: => 7.7 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 19:01:37 ====
Code:

SecurityCheck by glax24 & Severnyj v.1.4.0.57 [24.01.24]
WebSite: www.safezone.cc
DateLog: 02.03.2024 19:03:24
Path starting: C:\Users\Lil Vamp\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Lil Vamp
VersionXML: 10.98is-02.03.2024
___________________________________________________________________________

Windows 10(6.3.19045) (x64) Professional Release: 2009 Lang: German(0407)
Installation date OS: 13.08.2020 21:47:02
LicenseStatus: Office 16, Office16O365ProPlusR_Subscription1 edition Windows is in Notification mode
LicenseStatus: Office 16, Office16O365ProPlusR_Grace edition Windows is in Notification mode
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [232.3 Gb] Used: [202.7 Gb] Free: [29.6 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Sicherheitscenter (wscsvc) - The service has stopped
Remoteregistrierung (RemoteRegistry) - The service has stopped
SSDP-Suche (SSDPSRV) - The service is running
Remotedesktopdienste (TermService) - The service has stopped
Windows-Remoteverwaltung (WS-Verwaltung) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avira Security (enabled and up to date)
Malwarebytes (disabled and up to date)
Windows Defender (disabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Avira Security (enabled)
Avira Security (enabled)
Avira Security (enabled)
Avira Security (enabled)
Avira Security (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Avira Antivirus (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 5.0.17.99 v.5.0.17.99
Avira Fallback Updater
Avira Security v.1.1.98.1
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 Apps for Enterprise - de-de v.16.0.17231.20236
NVIDIA GeForce Experience 3.27.0.120 v.3.27.0.120
Steam v.2.10.91.91
TeamViewer 14 v.14.1.3399 Warning! Download Update
Epic Games Launcher v.1.1.163.0
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 v.14.36.32532.0 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 v.14.36.32532.0 Warning! Download Update
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.24.020.0128.0003
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 5.60 (64-Bit) v.5.60.0 Warning! Download Update
------------------------------- [ Imaging ] -------------------------------
GIMP 2.10.34 v.2.10.34 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.0.0.310 Warning! Download Update
Slack v.3.3.3 Warning! Download Update
Microsoft Teams v.1.2.00.19260 Warning! Download Update
Zoom v.5.13.4 (11835) Warning! Download Update
Telegram Desktop Version 1.8.15 v.1.8.15 Warning! Download Update
Skype Version 8.65 v.8.65 Warning! Download Update
---------------------------- [ ProxyAndVPNs ] -----------------------------
Avira Phantom VPN v.2.43.1.16819
ProtonVPN v.2.4.3 Warning! Download Update
Windscribe v.2.3 Build 16 [+]
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 191 v.8.0.1910.12 Warning! Download Update
Uninstall old version and install new one (jre-8u401-windows-i586.exe).
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.3 Warning! Download Update
Mp3tag v2.97 v.2.97 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat (64-bit) v.23.008.20555
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 de) v.123.0
Google Chrome v.122.0.6261.95
Microsoft Edge v.122.0.2365.59 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1269
Microsoft Defender Antivirus-Dienst (WinDefend) - The service has stopped
Microsoft Defender Antivirus-Netzwerkinspektionsdienst (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
Avira System Speedup v.6.27.0.19 << Hidden Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
JDownloader 2 v.2.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------

M-K-D-B 02.03.2024 19:33
Die von SecurityCheck beanstandeten Programme solltest du updaten.
Die Downloadlinks findest du in der Logdatei von SecurityCheck.





Entfernung der verwendeten Tools
Führe KpRm gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:
Vielleicht möchtest du das Forum mit einer kleinen Spende https://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:





Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen:

Lesestoff:
Anleitung: Maßnahmen zur Absicherung des Rechners



Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Hylian 05.03.2024 02:10
Vielen Dank für deine Hilfe Matthias. Ich werde in den nächsten Tagen KpRm ausführen und die Logdatei dazu in diesen Thread posten.

M-K-D-B 05.03.2024 14:28
Alles klar, ich lass das Thema noch ein paar Tage offen.

M-K-D-B 09.03.2024 21:52
Wir sind froh, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131