| |
| |||||||
Log-Analyse und Auswertung: Windows PC laut Telekom mit gootkit infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.12.2020, 12:19
| #1 |
 |  Windows PC laut Telekom mit gootkit infiziert Hallo, ich habe eine eMail von der Telekom erhalten das mein Rechner eine gootkit Infektion hätte. Habe mit der Telekom gesprochen und sie sagten das etwas in deren Honyspots Liste aufgetaucht sei das die öffentliche IP hatte die meinen Anschluß zugeordnet werden konnte. Jetzt habe ich schon mit Malwarebytes einen Scan gemacht (dieses Forum zu entdeckt), dieser fand Pup.optional Sachen. Jetzt weiß ich nicht ob das mit dem eigentlichen gootkit zu tun haben könnte. Die Logfiles von dem malwarebytes, also das was er in Quarantäne verschoben hat, kann ich zwar im Programm selbst sehen aber nicht wo er diese abgelegt hat, bzw. kann ich diese im nachhinein nicht erzeugen. vielen Dank im voraus Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2020
durchgeführt von kaihi (Administrator) auf DESKTOP-1KF7GS2 (MSI MS-7A63) (03-12-2020 11:38:28)
Gestartet von C:\Users\kaihi\Downloads
Geladene Profile: kaihi
Platform: Windows 10 Pro Version 20H2 19042.630 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() [Datei ist nicht signiert] C:\Users\kaihi\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.shadowplay.sdPlugin\com.barraider.shadowplay.exe
() [Datei ist nicht signiert] C:\Users\kaihi\AppData\Roaming\Elgato\StreamDeck\Plugins\com.elgato.cpu.sdPlugin\cpu.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\kaihi\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_1e5aa28740c131d2\RstMwService.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Logitech Inc -> ) C:\Program Files\LGHUB\logi_analytics_client.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2008.2.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12010.1001.2.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\DPC Latency Tuner\DPCLT_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(NaturalPoint, Inc -> NaturalPoint, Inc.) C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe
(ND_Apps -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_fe92a8457e8d540c\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Shanghai Microvirt Software Technology Co., Ltd. -> ) D:\Program Files\Microvirt\MEmu\MemuService.exe
(Siemens Switzerland Ltd -> Siemens Switzerland Ltd) C:\Program Files (x86)\Siemens\ACS790\ACSCat.exe
(Siemens Switzerland Ltd -> Siemens Switzerland Ltd) C:\Program Files (x86)\Siemens\ACS790\ACSConfigurationInterface.exe
(Siemens Switzerland Ltd -> Siemens Switzerland Ltd) C:\Program Files (x86)\Siemens\ACS790\ACSSubSystems.exe
(Siemens Switzerland Ltd -> Siemens Switzerland Ltd) C:\Program Files (x86)\Siemens\ACS790\ACSTrendAndTaskExecutorHost.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(The Qt Company Oy -> The Qt Company Ltd.) C:\Program Files\Elgato\StreamDeck\QtWebEngineProcess.exe <4>
(Xerox Corporation -> Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [NahimicVRSvc32] => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990256 2018-02-05] (A-Volute -> A-Volute)
HKLM\...\Run: [NahimicVRSvc64] => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142320 2018-02-05] (A-Volute -> A-Volute)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2020-09-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Stream Deck] => C:\Program Files\Elgato\StreamDeck\StreamDeck.exe [10151272 2020-10-13] (Corsair Memory, Inc. -> Corsair Memory, Inc)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3074752 2020-05-07] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
HKLM-x32\...\Run: [MSI Gaming Lan Manager] => C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe [4568736 2018-12-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835760 2019-11-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26310800 2020-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1028280 2017-11-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Run: [Amazon Music Helper] => C:\Users\kaihi\AppData\Local\Amazon Music\Amazon Music Helper.exe [2106312 2020-09-05] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [104586376 2020-11-26] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Run: [Amazon Music] => C:\Users\kaihi\AppData\Local\Amazon Music\Amazon Music.exe [20254152 2020-09-05] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Run: [NaturalPoint] => C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe [19412160 2016-04-06] (NaturalPoint, Inc -> NaturalPoint, Inc.)
HKLM\...\Windows x64\Print Processors\sst9cPC: C:\Windows\System32\spool\prtprocs\x64\sst9cpc.dll [43520 2015-04-14] (Windows (R) Codename Longhorn DDK provider) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\DYMO DUO D1 450 Monitor: C:\Windows\System32\DUO_450MON.DLL [16896 2018-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Sanford L.P.)
HKLM\...\Print\Monitors\DYMO LabelWriter Monitor: C:\Windows\System32\LW400MON.DLL [16384 2018-07-26] (Microsoft Windows Hardware Compatibility Publisher -> DYMO Corp.)
HKLM\...\Print\Monitors\HCR Client Port Monitor: C:\Windows\System32\csrportmon.dll [73416 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Print\Monitors\sst9c Langmon: C:\Windows\System32\sst9clm.dll [22528 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\us008 Langmon: C:\Windows\System32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{5355DA8C-FE32-49b4-A567-A67535C86592}] -> C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BLEtokenCredentialProvider.dll [2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy\User: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
Policies: C:\Users\kaihi\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0B4A568A-5F7D-467E-91DF-5622597CD8B1} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16A34CEC-4035-4DBF-BB75-7EB629D56D11} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {17E07AE3-EED7-4C80-A42F-8408B8C31E29} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {226BFED2-0827-4CF7-8CCA-4E3E5EFC5534} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3354296 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {228CD913-F0C3-43A0-847C-5DA35065B9EF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1526680 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2443B6A3-A006-4C7E-91E6-AC83FCF3786C} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2571704 2020-02-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {2798AA6B-C63B-49DC-9C5F-70E78153370E} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2487640 2020-11-03] (Overwolf Ltd -> Overwolf LTD)
Task: {31A24AC1-1F92-4CAF-8C65-CBF52FD92234} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {395C7D9A-3484-414A-88FF-C0C258B3DA86} - System32\Tasks\Amazon Music Helper => C:\Users\kaihi\AppData\Local\Amazon Music\Amazon Music Helper.exe [2106312 2020-09-05] (Amazon.com Services LLC -> Amazon.com Services LLC)
Task: {3DC69CF3-2864-42BA-A7A9-1B461012766D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-19] (Google LLC -> Google LLC)
Task: {3E7EC89A-5B03-4700-AF8E-86CE87C025FC} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {416AA6D4-4C9A-4AA9-B9C6-E4C86DF1688E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {47F76D20-1787-40A2-A64E-8C4EEA7668C2} - System32\Tasks\SIMDB_75b6e096fc79c825286efd6614b8d0f4 => C:\Program Files (x86)\SIMDashboardServer\SIMDashboardServer.exe [6582728 2020-06-17] (Christian Hausmann -> stryder-it)
Task: {512EFED8-0F50-49C2-B0A3-B083E1B057E4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {67F9D975-CB1B-469F-8D93-A885700E4887} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AC70FE8-8C2B-4D1F-A5CE-19DEA4D8D7D3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {73F27D64-FE90-4E71-89F6-BA541D184923} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {7972D841-26DD-4693-8A92-EED4B417D07A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {87779D9D-8A11-482C-A8C9-3FB1DEACEB52} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {8C04AC51-F941-4A75-8170-17867E5981A6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {9C65B64A-F9E9-40C4-9995-DD5CC16CA6EA} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9D081571-AC87-4263-8383-8B415B458060} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142320 2018-02-05] (A-Volute -> A-Volute)
Task: {9FCBEA55-6439-4147-8F9C-B0DFAAA49B70} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A66827F3-1B70-4024-BE6A-F75F354A2192} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB11CCBC-A7C9-469D-8A19-7D5B7B2B2080} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-19] (Google LLC -> Google LLC)
Task: {D105B1B3-9324-4CEE-BB1E-BD97CA625873} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1FA93C0-6169-44F7-9D2C-1BA98FDE1AE0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E40D6343-F4B7-4CDF-BDEB-FAFBEAA03D95} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2E8D20E-84E4-4F3D-9188-80E18DBF3B34} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {F8F9666C-08BF-4C0D-826B-3CD86AA9BAB1} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2015-11-20] (Intel(R) Software -> Intel Corporation)
Task: {FED179BD-DEFE-4B28-AE86-D8978D50F468} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FF26D5D8-0E20-46A4-957F-7FA9DEBA5DD8} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990256 2018-02-05] (A-Volute -> A-Volute)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2b1d2eb5-9bde-413d-a852-d73f9c142711}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{95718f63-3133-4ef0-b6c0-f1e030ef7d0a}: [DhcpNameServer] 192.168.2.1
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2393625349-2809001659-2935058265-1001 -> hxxp://www.google.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\kaihi\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-03]
Edge HomePage: Default -> hxxp://www.go-setting.com/
Edge StartupUrls: Default -> "hxxp://www.go-setting.com/"
Edge DefaultSearchURL: Default -> hxxp://www.go-setting.com/search?q={searchTerms}
Edge DefaultSearchKeyword: Default -> go-setting.com
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: gkwkqvp3.default-1566052526425
FF ProfilePath: C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425 [2020-12-03]
FF user.js: detected! => C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\user.js [2020-09-09]
FF Notifications: Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425 -> hxxps://steamstat.us; hxxps://forum.discovergy.com; hxxps://ntcloud.proppower.de
FF Extension: (Facebook Container) - C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\Extensions\@contain-facebook.xpi [2020-09-30]
FF Extension: (Enhancer for YouTube™) - C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2020-03-31]
FF Extension: (Online-Übersetzer) - C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\Extensions\{14e7e7c0-cb2b-4113-bcc2-c1d279032a2e}.xpi [2020-01-03]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default [2020-11-27]
CHR Extension: (Präsentationen) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-01-19]
CHR Extension: (Docs) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-01-19]
CHR Extension: (Google Drive) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-27]
CHR Extension: (YouTube) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-19]
CHR Extension: (Tabellen) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-27]
CHR Extension: (Piggy - Automatische Gutscheine & Cashback) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2020-11-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-19]
CHR Extension: (Google Mail) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-27]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ACSCatService; C:\Program Files (x86)\Siemens\ACS790\ACSCat.exe [213992 2015-07-14] (Siemens Switzerland Ltd -> Siemens Switzerland Ltd)
R2 ACSConfigurationInterfaceService; C:\Program Files (x86)\Siemens\ACS790\ACSConfigurationInterface.exe [120808 2015-07-14] (Siemens Switzerland Ltd -> Siemens Switzerland Ltd)
R2 ACSSubSystemService; C:\Program Files (x86)\Siemens\ACS790\ACSSubSystems.exe [291816 2015-07-14] (Siemens Switzerland Ltd -> Siemens Switzerland Ltd)
R2 ACSTrendAndTaskExecutorService; C:\Program Files (x86)\Siemens\ACS790\ACSTrendAndTaskExecutorHost.exe [15848 2015-07-14] (Siemens Switzerland Ltd -> Siemens Switzerland Ltd)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8628224 2020-06-12] (BattlEye Innovations e.K. -> )
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 CsrBtOBEX-Dienst; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2019-11-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10896008 2020-11-26] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
R2 MEmuSVC; D:\Program Files\Microvirt\MEmu\MemuService.exe [85304 2019-07-02] (Shanghai Microvirt Software Technology Co., Ltd. -> )
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343600 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255544 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507952 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2740912 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_DPCLTSERVICE; C:\Program Files (x86)\MSI\DPC Latency Tuner\DPCLT_Service.exe [2166968 2018-09-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [113336 2017-12-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2333328 2020-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [183472 2020-03-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2487640 2020-11-03] (Overwolf Ltd -> Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13103632 2020-09-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [513920 2020-10-30] (Xerox Corporation -> Xerox Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_fe92a8457e8d540c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_fe92a8457e8d540c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 csravrcp; C:\WINDOWS\System32\drivers\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 CsrBthAudioHF; C:\WINDOWS\System32\drivers\CsrBthAudioHF.sys [39120 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 CsrBtPort; C:\WINDOWS\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrhfgcc; C:\WINDOWS\System32\drivers\csrhfgcc.sys [38080 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrpan; C:\WINDOWS\System32\drivers\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrserial; C:\WINDOWS\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusb; C:\WINDOWS\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csr_bthav; C:\WINDOWS\system32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R1 EneIo; C:\WINDOWS\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2020-09-05] (Martin Malik - REALiX -> REALiX(tm))
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R0 idisplayfilter; C:\WINDOWS\System32\DRIVERS\idisplayfilter.sys [35352 2017-06-23] (SHAPE GmbH -> )
R3 iDisplayWDDM; C:\WINDOWS\System32\drivers\idisplay.sys [40040 2017-06-30] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\71013\driver_cpu_temperature\logi_core_temp.sys [25448 2020-11-26] (Logitech Inc. -> Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 logi_generic_hid_filter; C:\WINDOWS\system32\drivers\logi_generic_hid_filter.sys [56376 2020-08-07] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2019-11-03] (Logitech Inc -> Logitech)
S3 logi_joy_hid_filter; C:\WINDOWS\system32\drivers\logi_joy_hid_filter.sys [57400 2020-08-07] (Logitech Inc -> Logitech)
S3 logi_joy_hid_lo; C:\WINDOWS\system32\drivers\logi_joy_hid_lo.sys [46648 2020-08-07] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2020-05-20] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2019-11-03] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-12-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-12-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [138904 2020-12-03] (Malwarebytes Inc -> Malwarebytes)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [319192 2019-09-21] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 npusbio; C:\WINDOWS\System32\Drivers\npusbio_x64.sys [38400 2015-12-11] (NaturalPoint, Inc -> )
R3 NTIOLib_DPC; C:\Program Files (x86)\MSI\DPC Latency Tuner\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [57976 2017-04-06] (Shaul Eizikovich -> Shaul Eizikovich)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]
U4 npcap_wifi; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-12-03 11:38 - 2020-12-03 11:38 - 000039090 _____ C:\Users\kaihi\Downloads\FRST.txt
2020-12-03 11:38 - 2020-12-03 11:38 - 000000000 ____D C:\FRST
2020-12-03 11:37 - 2020-12-03 11:37 - 002288640 _____ (Farbar) C:\Users\kaihi\Downloads\FRST64.exe
2020-12-03 11:31 - 2020-12-03 11:31 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-12-03 11:31 - 2020-12-03 11:31 - 000138904 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-12-03 11:31 - 2020-12-03 11:31 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-12-03 11:29 - 2020-12-03 11:30 - 000000000 ____D C:\AdwCleaner
2020-12-03 11:29 - 2020-12-03 11:29 - 008447152 _____ (Malwarebytes) C:\Users\kaihi\Downloads\adwcleaner_8.0.8.exe
2020-12-02 16:05 - 2020-12-02 16:05 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-02 16:05 - 2020-12-02 16:05 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-12-02 16:05 - 2020-12-02 16:05 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-12-02 16:05 - 2020-12-02 16:05 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-02 16:05 - 2020-12-02 16:05 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-02 16:05 - 2020-12-02 16:05 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-02 16:05 - 2020-12-02 16:05 - 000002029 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-02 16:05 - 2020-12-02 16:05 - 000000000 ____D C:\Users\kaihi\AppData\Local\mbam
2020-12-02 16:05 - 2020-12-02 16:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-02 16:04 - 2020-12-02 16:04 - 002077136 _____ (Malwarebytes) C:\Users\kaihi\Downloads\MBSetup.exe
2020-12-02 16:04 - 2020-12-02 16:04 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-02 15:53 - 2020-12-02 15:53 - 000000000 ____D C:\Users\kaihi\Downloads\RusMap_v2.3.1_1.39
2020-12-02 15:52 - 2020-12-02 15:52 - 026558777 _____ C:\Users\kaihi\Downloads\PM251_RM2.3.1_roadconnection.scs
2020-12-02 15:51 - 2020-12-02 15:53 - 1170088429 _____ C:\Users\kaihi\Downloads\RusMap_v2.3.1_1.39.7z
2020-12-02 13:55 - 2020-12-02 14:00 - 000000000 ____D C:\Users\kaihi\Downloads\Virtual_Speditor2_14
2020-12-02 13:55 - 2020-12-02 13:55 - 003343988 _____ C:\Users\kaihi\Downloads\Virtual_Speditor2_14.rar
2020-11-28 20:18 - 2020-11-28 20:18 - 012402010 _____ C:\Users\kaihi\Downloads\ETSP_x64__2_.zip
2020-11-27 21:36 - 2020-11-27 21:36 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\NaturalPoint
2020-11-27 21:35 - 2020-11-27 21:35 - 000002193 _____ C:\Users\Public\Desktop\TrackIR v5.lnk
2020-11-27 21:35 - 2020-11-27 21:35 - 000002193 _____ C:\ProgramData\Desktop\TrackIR v5.lnk
2020-11-27 21:35 - 2020-11-27 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackIR v5
2020-11-27 21:34 - 2020-11-27 21:35 - 000000000 ____D C:\Program Files (x86)\NaturalPoint
2020-11-27 21:00 - 2020-11-27 21:31 - 029368848 _____ (NaturalPoint) C:\Users\kaihi\Downloads\TrackIR_5.4.2(1).exe
2020-11-27 17:26 - 2020-11-27 17:26 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2020-11-27 17:26 - 2020-11-27 17:26 - 000000650 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2020-11-27 17:26 - 2020-11-27 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2020-11-27 17:26 - 2020-11-27 17:26 - 000000000 ____D C:\Program Files\LGHUB
2020-11-24 20:14 - 2020-11-24 20:14 - 000681166 _____ C:\Users\kaihi\Downloads\mapSet_ProMods251ME.txt
2020-11-24 20:04 - 2020-12-01 14:27 - 000000000 ____D C:\Users\kaihi\Downloads\Virtual_Speditor2_13
2020-11-24 20:04 - 2020-11-24 20:04 - 005006435 _____ C:\Users\kaihi\Downloads\Virtual_Speditor2_13.rar
2020-11-24 19:46 - 2020-11-24 19:46 - 000000000 ____D C:\Users\kaihi\Downloads\Virtual_Speditor2_1
2020-11-24 19:36 - 2020-11-24 19:37 - 003717538 _____ C:\Users\kaihi\Downloads\Virtual_Speditor2_1.rar
2020-11-24 19:22 - 2020-11-24 19:25 - 064617793 _____ C:\Users\kaihi\Downloads\promods-me-v251.7z
2020-11-24 14:43 - 2020-11-24 15:07 - 000000000 ____D C:\Users\kaihi\Downloads\ProMods_2_51
2020-11-23 15:11 - 2020-11-23 15:11 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-23 15:11 - 2020-11-23 15:11 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-21 21:52 - 2020-11-21 21:52 - 000004284 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon
2020-11-21 21:52 - 2020-11-21 21:52 - 000004154 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed
2020-11-21 21:52 - 2020-11-21 21:52 - 000004064 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh
2020-11-21 21:51 - 2020-11-21 21:51 - 029969816 _____ C:\Users\kaihi\Downloads\XeroxSmartStart_1.4.28.0(1).exe
2020-11-21 18:59 - 2020-11-21 18:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-11-20 22:45 - 2020-11-24 20:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-17 10:56 - 2020-11-17 10:56 - 000007605 _____ C:\Users\kaihi\AppData\Local\Resmon.ResmonCfg
2020-11-15 21:05 - 2020-11-15 21:05 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\Ookla
2020-11-15 00:02 - 2020-11-15 00:02 - 000000000 ____D C:\Users\kaihi\AppData\Local\Corsair
2020-11-14 23:36 - 2020-11-14 23:36 - 000000000 ____D C:\Users\kaihi\Downloads\drive-download-20201114T222951Z-001
2020-11-14 23:35 - 2020-11-14 23:35 - 000205239 _____ C:\Users\kaihi\Downloads\drive-download-20201114T222951Z-001.zip
2020-11-14 23:27 - 2020-11-14 23:27 - 000000000 ____D C:\Users\kaihi\Downloads\Streamdeckbuttons_mit Vorlage für Affinity Foto
2020-11-14 23:26 - 2020-11-14 23:26 - 010870545 _____ C:\Users\kaihi\Downloads\Streamdeckbuttons_mit Vorlage für Affinity Foto.zip
2020-11-14 14:33 - 2020-11-15 19:44 - 000000000 ____D C:\Users\kaihi\Downloads\Cattle and Crops
2020-11-14 14:08 - 2020-11-14 14:08 - 003548340 _____ C:\Users\kaihi\Downloads\Cattle and Crops.zip
2020-11-14 13:09 - 2020-11-14 13:09 - 000001149 _____ C:\Users\Public\Desktop\Stream Deck.lnk
2020-11-14 13:09 - 2020-11-14 13:09 - 000001149 _____ C:\ProgramData\Desktop\Stream Deck.lnk
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\Elgato
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\ProgramData\Elgato
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\Program Files\obs-studio
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\Program Files\Elgato
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\Program Files (x86)\OBS Studio - FTL
2020-11-14 13:08 - 2020-11-14 13:09 - 100532224 _____ C:\Users\kaihi\Downloads\Stream_Deck_4.9.0.13177.msi
2020-11-12 16:14 - 2020-11-12 16:14 - 000267868 _____ C:\Users\kaihi\Documents\Kindkrankschein_Hilbert_Kai.pdf
2020-11-12 14:49 - 2020-12-03 11:31 - 000008192 ___SH C:\DumpStack.log.tmp
2020-11-12 14:49 - 2020-11-12 14:49 - 002048940 _____ C:\WINDOWS\Minidump\111220-7843-01.dmp
2020-11-12 14:49 - 2020-11-12 14:49 - 000000000 ____D C:\WINDOWS\Minidump
2020-11-12 11:38 - 2020-11-12 11:38 - 009599960 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlane.sys
2020-11-12 11:38 - 2020-11-12 11:38 - 001421688 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorAC.sys
2020-11-12 11:38 - 2020-11-12 11:38 - 000094129 _____ C:\WINDOWS\system32\Drivers\rtldata.txt
2020-11-12 11:38 - 2020-11-12 11:38 - 000026488 _____ (Intel Corporation) C:\WINDOWS\system32\RstMwEventLogMsg.dll
2020-11-12 11:32 - 2020-11-12 11:32 - 000000000 ____D C:\Users\kaihi\Downloads\Phaser6510_WC6515_7.95.0.0_PS_x64
2020-11-12 09:46 - 2020-11-12 09:46 - 002694550 _____ C:\Users\kaihi\Downloads\fwdl5.3.6.19ww-20201006-1.zip
2020-11-12 09:43 - 2020-11-12 09:43 - 013570048 _____ C:\Users\kaihi\Downloads\XrxSetup_7.132.20.0_x64(1).msi
2020-11-12 08:12 - 2020-11-12 08:12 - 029969816 _____ C:\Users\kaihi\Downloads\XeroxSmartStart_1.4.28.0.exe
2020-11-12 08:11 - 2020-11-12 08:11 - 014192640 _____ C:\Users\kaihi\Downloads\XeroxScanExperience_7.4.43.0_x64.msi
2020-11-12 08:11 - 2020-11-12 08:11 - 002676603 _____ C:\Users\kaihi\Downloads\Phaser6510_WC6515_7.95.0.0_PS_x64.zip
2020-11-12 08:09 - 2020-11-12 08:09 - 013570048 _____ C:\Users\kaihi\Downloads\XrxSetup_7.132.20.0_x64.msi
2020-11-12 08:02 - 2020-11-12 08:02 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-12 08:02 - 2020-11-12 08:02 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-12 08:02 - 2020-11-12 08:02 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-12 08:02 - 2020-11-12 08:02 - 000152576 _____ C:\WINDOWS\system32\EoAExperiences.exe
2020-11-12 08:02 - 2020-11-12 08:02 - 000009265 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-11-12 08:01 - 2020-11-07 18:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-11-12 08:01 - 2020-11-07 18:41 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-11-12 08:01 - 2020-11-07 18:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-11-12 08:01 - 2020-11-07 18:41 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-11-12 08:01 - 2020-11-07 18:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-11-12 08:01 - 2020-11-07 18:41 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-11-12 08:01 - 2020-11-07 18:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-11-12 08:01 - 2020-11-07 18:41 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-11-12 08:01 - 2020-11-07 18:41 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-11-12 08:01 - 2020-11-07 18:41 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 001506032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 001027992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 000590576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2020-11-12 08:01 - 2020-11-07 18:38 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-11-12 08:01 - 2020-11-07 18:38 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-11-12 08:01 - 2020-11-07 18:37 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-11-12 08:01 - 2020-11-07 18:37 - 006858992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-11-12 08:01 - 2020-11-07 18:37 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-11-12 08:01 - 2020-11-07 18:37 - 002509720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-11-12 08:01 - 2020-11-07 18:37 - 000849648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2020-11-12 08:01 - 2020-11-07 18:37 - 000445848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2020-11-12 08:01 - 2020-11-07 18:36 - 007005008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-11-12 08:01 - 2020-11-07 18:36 - 005976296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-11-12 08:01 - 2020-11-07 05:01 - 000080930 _____ C:\WINDOWS\system32\nvinfo.pb
2020-11-11 21:06 - 2020-11-11 21:08 - 1131631870 _____ C:\Users\kaihi\Downloads\LS19_Ebsdorder_Heide.zip
2020-11-11 19:36 - 2020-11-11 19:36 - 005960352 _____ C:\Users\kaihi\Downloads\FS19_Animal_Goods_Transport.zip
2020-11-11 15:55 - 2020-11-11 15:56 - 761693075 _____ C:\Users\kaihi\Downloads\FS19_MVP19.zip
2020-11-11 14:29 - 2020-11-11 14:29 - 000015580 _____ C:\Users\kaihi\Documents\Mod_List_Warnung.txt
2020-11-06 20:58 - 2020-11-06 20:58 - 000130204 _____ C:\Users\kaihi\Documents\SallyKontakte.vcf
2020-11-06 20:56 - 2020-11-06 20:51 - 000034034 _____ C:\Users\kaihi\Documents\KaiKontakte.vcf
2020-11-06 18:51 - 2020-11-06 18:52 - 003207880 _____ (Dominik Reichl ) C:\Users\kaihi\Downloads\KeePass-2.46-Setup.exe
2020-11-05 20:18 - 2020-11-05 20:18 - 021101454 _____ C:\Users\kaihi\Downloads\FS19_Deutz_AgroStar6x8.zip
2020-11-05 20:18 - 2020-11-05 20:18 - 006931111 _____ C:\Users\kaihi\Downloads\FS19_MaizePlus.zip
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-12-03 11:38 - 2020-05-28 18:15 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-03 11:38 - 2019-12-07 15:51 - 000743650 _____ C:\WINDOWS\system32\perfh007.dat
2020-12-03 11:38 - 2019-12-07 15:51 - 000150072 _____ C:\WINDOWS\system32\perfc007.dat
2020-12-03 11:38 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-03 11:33 - 2019-02-05 10:07 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-03 11:33 - 2018-09-29 11:32 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-03 11:32 - 2020-09-09 18:55 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\LGHUB
2020-12-03 11:32 - 2020-09-09 18:55 - 000000000 ____D C:\Users\kaihi\AppData\Local\LGHUB
2020-12-03 11:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-03 11:32 - 2018-09-29 11:15 - 000000000 ____D C:\Users\kaihi\AppData\LocalLow\Mozilla
2020-12-03 11:31 - 2020-05-28 18:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-03 11:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-12-03 11:31 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-03 11:31 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-12-03 11:31 - 2018-10-08 17:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-12-03 11:30 - 2020-09-05 17:12 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\IObit
2020-12-03 11:30 - 2020-09-05 17:12 - 000000000 ____D C:\Users\kaihi\AppData\LocalLow\IObit
2020-12-03 11:30 - 2020-09-05 17:12 - 000000000 ____D C:\ProgramData\IObit
2020-12-03 11:30 - 2020-09-05 17:12 - 000000000 ____D C:\Program Files (x86)\IObit
2020-12-03 11:25 - 2020-09-05 17:12 - 000000000 ____D C:\ProgramData\ProductData
2020-12-03 11:25 - 2019-08-08 19:53 - 000000000 ____D C:\Users\kaihi\AppData\Local\TeamSpeak 3 Client
2020-12-03 11:17 - 2020-01-19 21:03 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 18:37 - 2019-09-18 11:21 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\Discord
2020-12-02 18:37 - 2018-09-29 14:32 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-02 18:37 - 2018-09-29 14:18 - 000000000 ____D C:\Users\kaihi\Documents\Outlook-Dateien
2020-12-02 18:36 - 2020-05-28 18:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-02 16:05 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-02 16:03 - 2018-12-05 10:04 - 000000000 ____D C:\Users\kaihi\Documents\Euro Truck Simulator 2
2020-12-02 15:39 - 2018-10-02 09:23 - 000000000 ____D C:\Users\kaihi\AppData\Local\CrashDumps
2020-12-02 14:28 - 2019-02-03 10:16 - 000000000 ____D C:\Users\kaihi\Documents\SpedV
2020-12-02 14:00 - 2019-08-06 11:44 - 000000747 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2020-12-02 13:23 - 2020-08-10 21:08 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-02 13:23 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-30 13:06 - 2019-05-11 19:52 - 000000000 ____D C:\ProgramData\TruckersMP
2020-11-29 22:20 - 2018-10-02 09:30 - 000000000 ____D C:\Users\kaihi\AppData\Local\D3DSCache
2020-11-29 13:12 - 2019-08-15 21:31 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\WhatsApp
2020-11-29 12:31 - 2020-05-10 12:53 - 000000000 ____D C:\Users\kaihi\AppData\Local\WhatsApp
2020-11-28 23:58 - 2020-05-28 18:07 - 000000000 ____D C:\Users\kaihi
2020-11-28 10:28 - 2020-08-10 21:08 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-28 10:28 - 2020-08-10 21:08 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 18:26 - 2019-02-03 10:16 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\Microsoft\Windows\Start Menu\FPH SpedV
2020-11-27 17:25 - 2020-01-24 16:57 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2020-11-25 16:52 - 2018-09-29 14:05 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\KeePass
2020-11-24 20:33 - 2018-09-29 11:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-23 15:07 - 2018-09-29 11:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-21 21:52 - 2020-04-06 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox
2020-11-21 21:52 - 2020-01-30 12:39 - 000000000 ____D C:\Program Files\Xerox
2020-11-21 18:59 - 2018-09-29 11:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-21 18:27 - 2020-08-28 13:28 - 001562560 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2020-11-21 18:27 - 2020-08-28 13:28 - 000170424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2020-11-21 18:27 - 2020-08-28 13:28 - 000158136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2020-11-21 18:27 - 2020-08-28 13:28 - 000154032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2020-11-21 18:27 - 2020-08-28 13:28 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2020-11-21 18:27 - 2020-08-28 13:28 - 000033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2020-11-14 14:45 - 2018-11-27 16:26 - 000000000 ____D C:\Users\kaihi\AppData\Local\cache
2020-11-14 13:10 - 2018-10-29 14:45 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-14 13:09 - 2018-09-29 11:32 - 000000000 ____D C:\Users\kaihi\AppData\Local\NVIDIA
2020-11-14 13:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-11-12 14:49 - 2018-09-29 11:06 - 2127249022 _____ C:\WINDOWS\MEMORY.DMP
2020-11-12 09:36 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-12 09:36 - 2018-09-29 11:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-12 09:34 - 2018-09-29 11:24 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-12 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-11-12 08:14 - 2020-05-28 18:06 - 000440912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-12 08:13 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-12 08:12 - 2020-06-29 19:40 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\XeroxScanReport
2020-11-12 08:02 - 2020-05-28 18:08 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-11 23:18 - 2018-09-29 20:34 - 000000000 ____D C:\Users\kaihi\Documents\My Games
2020-11-08 19:53 - 2019-08-08 19:53 - 000000000 ____D C:\Program Files (x86)\Overwolf
2020-11-06 13:33 - 2018-09-29 11:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2018-12-19 10:16 - 2018-12-19 10:16 - 000000617 _____ () C:\Users\kaihi\AppData\Roaming\SolarServiceLicenseRequest.xml
2018-10-04 13:55 - 2020-10-19 12:58 - 000000128 _____ () C:\Users\kaihi\AppData\Roaming\winscp.rnd
2018-10-04 11:00 - 2020-02-09 09:51 - 000000600 _____ () C:\Users\kaihi\AppData\Local\PUTTY.RND
2020-04-06 16:46 - 2020-04-06 16:46 - 000002078 _____ () C:\Users\kaihi\AppData\Local\recently-used.xbel
2020-11-17 10:56 - 2020-11-17 10:56 - 000007605 _____ () C:\Users\kaihi\AppData\Local\Resmon.ResmonCfg
2019-08-05 07:18 - 2019-08-05 07:18 - 000000056 _____ () C:\Users\kaihi\AppData\Local\X-Plane 11 Preferences.prf
2019-08-05 07:19 - 2019-08-05 07:19 - 000000015 _____ () C:\Users\kaihi\AppData\Local\X-Plane_drm_11.prf
2019-08-05 07:18 - 2019-08-05 07:18 - 000000039 _____ () C:\Users\kaihi\AppData\Local\x-plane_install_11.txt
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
03.12.2020, 12:31
| #2 |
| | Windows PC laut Telekom mit gootkit infiziert FRST Additions Logfile:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-12-2020
durchgeführt von kaihi (03-12-2020 11:39:23)
Gestartet von C:\Users\kaihi\Downloads
Windows 10 Pro Version 20H2 19042.630 (X64) (2020-05-28 17:14:02)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2393625349-2809001659-2935058265-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2393625349-2809001659-2935058265-503 - Limited - Disabled)
Gast (S-1-5-21-2393625349-2809001659-2935058265-501 - Limited - Disabled)
kaihi (S-1-5-21-2393625349-2809001659-2935058265-1001 - Administrator - Enabled) => C:\Users\kaihi
muell (S-1-5-21-2393625349-2809001659-2935058265-1002 - Limited - Enabled) => C:\Users\muell
robin (S-1-5-21-2393625349-2809001659-2935058265-1003 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2393625349-2809001659-2935058265-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ACS790 (HKLM-x32\...\{371bac71-ca25-49b2-a7b1-f847f68ca1bc}) (Version: 10.1.66.31 - Siemens Switzerland Ltd)
ACS790 (HKLM-x32\...\{9611085B-4833-4DEB-99CF-07A7E92800B6}) (Version: 10.01.066.31 - Siemens Switzerland Ltd) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
AIDA64 Extreme v6.20 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.20 - FinalWire Ltd.)
Aiseesoft Data Recovery 1.2.6 (HKLM-x32\...\{E67DD0BA-233F-4EA9-B010-9B0A3D58F690}_is1) (Version: 1.2.6 - Aiseesoft Studio)
Amazon Music (HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Amazon Amazon Music) (Version: 7.13.0.2210 - Amazon.com Services LLC)
APOInstallerMSISetup (HKLM\...\{6D8108E5-FBDD-4547-9C04-B052336E4046}) (Version: 1.0.19 - Nahimic) Hidden
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{A6A8AE0B-30CC-4641-8BE4-8A70E44A2448}) (Version: 1.0.1901 - Nahimic) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CPUID CPU-Z 1.93 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.93 - CPUID, Inc.)
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - CSR Plc.)
Discord (HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Elgato Stream Deck (HKLM\...\{845BFE3B-1D3D-441B-9341-423068B5D895}) (Version: 4.9.0.13177 - Elgato Systems GmbH)
EndpointMonitoring Install MSISetup (HKLM\...\{F1F90F23-6FFC-481E-B72A-B2D51C6DA257}) (Version: 1.0.1901 - Nahimic) Hidden
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Expert PDF Demo (HKLM-x32\...\{EF0B188B-6C1F-4573-8979-DAB1C66266CD}) (Version: 12.00 - Avanquest)
Farming Simulator 19 (HKLM-x32\...\FarmingSimulator2019_is1) (Version: 1.2 - GIANTS Software)
Fronius Datalogger Finder (HKLM-x32\...\{6D8B3164-184D-4206-AA6D-72D58D310F6E}) (Version: 1.00.0001 - Fronius International)
Fronius Solar.access (HKLM-x32\...\{FCE439E9-D6DC-44E7-B104-7B52F13F91C6}) (Version: 1.60.1 - Fronius International GmbH)
Fronius Solar.configurator (HKLM-x32\...\{695EDDA4-D07F-416B-B467-AE02925E19C4}) (Version: 3.3.10 - Fronius International)
Fronius Solar.service 1.2.51.1824 (HKLM-x32\...\{FEFF9DEE-215A-465B-9CE1-DFD1EC6585D1}) (Version: 1.2.51.1824 - Fronius International GmbH) Hidden
Fronius Solar.web live (HKLM-x32\...\{27c09b72-f1fd-4e16-88e9-7364acc3a068}) (Version: 1.0.78.17195 - Fronius International GmbH)
Fronius Solar.web live (HKLM-x32\...\{348A9D53-A7FF-499E-A160-020B7B6FF7D5}) (Version: 1.0.78.17195 - Fronius International GmbH) Hidden
GIMP 2.10.6 (HKLM\...\GIMP-2_is1) (Version: 2.10.6 - The GIMP Team)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.15 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Gpg4win (3.1.7) (HKLM-x32\...\Gpg4win) (Version: 3.1.7 - The Gpg4win Project)
iDisplay 3.1.2 (HKLM-x32\...\iDisplay_is1) (Version: 3.1.2 - SHAPE)
Intel Extreme Tuning Utility (HKLM-x32\...\{79E98F35-0524-446C-8EF5-4E863C4D87E2}) (Version: 6.2.0.24 - Intel Corporation) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{7afa48c7-9901-40fa-8f9b-f0707e2bc5b6}) (Version: 6.2.0.24 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1068 - Intel Corporation)
Intel(R) Network Connections 25.0.0.0 (HKLM\...\PROSetDX) (Version: 25.0.0.0 - Intel)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation)
KeePass Password Safe 2.45 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.45 - Dominik Reichl)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
MEmu (HKLM-x32\...\MEmu) (Version: 7.1.2.0 - Microvirt Software Technology Co. Ltd.)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 de) (HKLM\...\Mozilla Firefox 83.0 (x64 de)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.2 - Mozilla)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.1.02 - MSI)
MSI DPC Latency Tuner (HKLM-x32\...\{1AAC56F3-3F60-47DB-BE6B-088F36ADFDC5}_is1) (Version: 1.0.0.36 - MSI)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.15 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.98 - MSI)
MSI Gaming Lan Manager (HKLM-x32\...\{3318282C-D4D6-4B29-BBD5-95FC34B54FF0}_is1) (Version: 1.0.0.69 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.69 - MSI)
MSI Smart Tool (HKLM-x32\...\{DDCCA038-DAB1-4D09-B85C-848020AA75D6}}_is1) (Version: 1.0.0.45 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.29 - MSI)
MSI X Boost (HKLM-x32\...\{515143BB-7A11-4D85-B941-D520AAAA099C}_is1) (Version: 1.0.0.46 - MSI)
Nahimic VR (HKLM-x32\...\{3d84610f-4cfb-4165-aa15-bb859bd0f0e3}) (Version: 1.0.19 - Nahimic)
NaturalPoint USB Drivers x64 (HKLM\...\{533773B8-9AC1-4C0F-A2BF-57466A45C6F5}) (Version: 2.70.0000 - NaturalPoint)
NineEarsSettings Install Configurator (HKLM\...\{A909659E-FC98-4D8F-AC40-8C5344C86F7A}) (Version: 1.0.1901 - Nahimic) Hidden
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 457.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.157.2.17 - Overwolf Ltd.)
Parkour Version 1.2.1 (HKLM-x32\...\{FBF6759A-30E7-4040-9942-6BA46472FB3D}}_is1) (Version: 1.2.1 - 3DMRS)
ProductDaemon Install Setup (HKLM\...\{32D62D40-F8F6-408E-8F8C-6A6593E3ACE9}) (Version: 1.0.1901 - Nahimic) Hidden
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8746.1 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.1.0.170 - Samsung Electronics)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
Siemens RNDIS Driver x64 (HKLM\...\{646E8751-988C-4C51-BAA5-A0F82B700B70}) (Version: 8.2.0.0 - Siemens Switzerland Ltd) Hidden
Siemens USB Interfaces Driver x64 (HKLM\...\{3E3A1126-5DA9-489B-881E-D5BBF75C2AA2}) (Version: 0.0.9.1 - Siemens Switzerland Ltd) Hidden
SIMDashboardServer (HKLM-x32\...\{233EAE42-6BB9-48A3-AB74-EC700440EEB5}) (Version: 3.1.5.0 - stryder-it)
SSAudioDaemon Install MSISetup (HKLM\...\{F77EA0C2-B0EB-47C7-990D-EACA981D75E8}) (Version: 1.0.19 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak Overlay (HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.2 - Overwolf app)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.10.5 - TeamViewer)
tiptoi® Manager 4.2.1 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 4.2.1 - Ravensburger AG)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
Tom Clancy's The Division 2 (HKLM-x32\...\Uplay Install 4932) (Version: - Ubisoft)
TrackIR 5 (HKLM-x32\...\{6984ac4b-af1a-46af-bb10-ca1d3b7d4aba}) (Version: 5.4.2.0000 - NaturalPoint)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
TrucksBook Client version 1.3.6 (HKLM-x32\...\TrucksBook Client_is1) (Version: 1.3.6 - TrucksBook)
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
vJoy Device Driver 2.1.8.38 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 2.1.8.38 - Shaul Eizikovich)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WhatsApp (HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\WhatsApp) (Version: 2.2047.11 - WhatsApp)
Windows-Treiberpaket - Fronius Fronius Driver Package (10/22/2009 2.06.00) (HKLM\...\3EC78FCD0C322EF4AC0C3C181305091AFC8A0730) (Version: 10/22/2009 2.06.00 - Fronius)
Windows-Treiberpaket - Fronius Fronius Driver Package (10/22/2009 2.06.00) (HKLM\...\48407F45E4DA37FDCA298D385C66807894A0BB64) (Version: 10/22/2009 2.06.00 - Fronius)
Windows-Treiberpaket - Siemens Switzerland Ltd HIDClass (03/25/2015 1.0.1.3) (HKLM\...\75CA40A30BCA5C49B560F9483B7D2C0ED92D05C9) (Version: 03/25/2015 1.0.1.3 - Siemens Switzerland Ltd)
Windows-Treiberpaket - Siemens Switzerland Ltd USB Remote NDIS Network Device (01/15/2014 8.2.0.0) (HKLM\...\9D451121CA9556345F01F4D75D0085999804077D) (Version: 01/15/2014 8.2.0.0 - Siemens Switzerland Ltd)
WinMerge 2.16.4.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.16.4.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
WinSCP 5.17.7 (HKLM-x32\...\winscp3_is1) (Version: 5.17.7 - Martin Prikryl)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{3E1B1FA9-E565-4CFF-A685-FD0E36292D5A}) (Version: 25.10.1912 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{1882C943-D44D-43CC-9297-FB4287A0B549}) (Version: 26.00.1588 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2020 (HKLM-x32\...\{FEC36D0C-1A26-4C71-8FD5-C4A31DD4F5F2}) (Version: 27.07.1862 - Buhl Data Service GmbH)
Xerox Desktop Print Experience 5.0 (HKLM\...\{F69C2056-BC8D-EC77-49FB-E9F863F8C9AA}) (Version: 7.192.8.0 - Xerox Corporation)
Xerox Font Management Utility (HKLM-x32\...\{732A016D-FE04-4143-AEEF-2A538C2ECE4A}) (Version: 3.1.37.0 - Xerox Corporation)
Xerox Scanner Management Utility (HKLM\...\{74DECE2F-861F-4352-9493-EC1E693D4C08}) (Version: 7.4.43.0 - Xerox Corporation)
Packages:
=========
1938 MG TA Midget -> C:\Program Files\WindowsApps\Microsoft.MGTA38_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
1966 Volkswagen Double Cab Pick-Up -> C:\Program Files\WindowsApps\Microsoft.VWDoubleCab61_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
1970 Triumph TR6 PI -> C:\Program Files\WindowsApps\Microsoft.TRITR670_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
1972 Lamborghini Jarama S -> C:\Program Files\WindowsApps\Microsoft.LAMJarama76_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
2017 Ferrari GTC4Lusso -> C:\Program Files\WindowsApps\Microsoft.ERGTC4Lusso_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
2018 Chevrolet Camaro ZL1 1LE -> C:\Program Files\WindowsApps\Microsoft.CHECamaro1LE18_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
2018 Morgan Aero GT -> C:\Program Files\WindowsApps\Microsoft.MORAeroGT19_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
2019 Chevrolet Corvette ZR1 -> C:\Program Files\WindowsApps\Microsoft.CHECorvetteZR_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1965 Peel Trident -> C:\Program Files\WindowsApps\Microsoft.PEETrident_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2005 Honda NSX-R GT -> C:\Program Files\WindowsApps\Microsoft.HONNSXRGT_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.443.701.2_x64__8wekyb3d8bbwe [2020-10-15] (Microsoft Studios)
Forza Horizon 4 1929 Mercedes-Benz SSK -> C:\Program Files\WindowsApps\Microsoft.MercedesBenzSSK_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1953 Jaguar C-Type -> C:\Program Files\WindowsApps\Microsoft.JAGCType_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1959 Cadillac Eldorado Biarritz Convertible -> C:\Program Files\WindowsApps\Microsoft.CADElDorado_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1959 Porsche 356A Coupe -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon41959Porsche356ACoupe_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1962 Triumph TR3B -> C:\Program Files\WindowsApps\Microsoft.TriumphTR3B_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1963 Opel Kadett A -> C:\Program Files\WindowsApps\Microsoft.OpelKadettA_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1965 Ford Transit -> C:\Program Files\WindowsApps\Microsoft.FORTransit_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1966 Hillman Imp -> C:\Program Files\WindowsApps\Microsoft.SUNImp_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1968 Ford Mustang GT 2+2 Fastback -> C:\Program Files\WindowsApps\Microsoft.FORMustangGT390_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1974 Honda Civic RS -> C:\Program Files\WindowsApps\Microsoft.HONCivicRS_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1977 Hoonigan Ford Gymkhana 10 F-150 -> C:\Program Files\WindowsApps\Microsoft.FordGymkhana_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1985 Porsche #186 959 Paris-Dakar -> C:\Program Files\WindowsApps\Microsoft.Porsche186ParisDakar_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1993 Hoonigan Ford Escort Cosworth Group A -> C:\Program Files\WindowsApps\Microsoft.HooniganFordEscort_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1993 Porsche 968 Turbo S -> C:\Program Files\WindowsApps\Microsoft.POR968TurboS_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2002 Mazda RX-7 Spirit R Type-A -> C:\Program Files\WindowsApps\Microsoft.MazdaRX7SpiritR_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2003 Honda S2000 -> C:\Program Files\WindowsApps\Microsoft.HondaS2000_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2004 Vauxhall VX220 -> C:\Program Files\WindowsApps\Microsoft.VauxhallVX220_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2005 Ferrari FXX -> C:\Program Files\WindowsApps\Microsoft.FerrariFXX_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2010 Vauxhall Insignia VXR -> C:\Program Files\WindowsApps\Microsoft.VauxhallInsigniaVXR_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2012 Lamborghini Gallardo LP570-4 Spyder Performante -> C:\Program Files\WindowsApps\Microsoft.LamborghiniGallardoLP5704_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2014 McLaren 650S Spider -> C:\Program Files\WindowsApps\Microsoft.MCL650SSpider_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2016 Honda Civic Coupe GRC -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon42016HondaCivicCoupeGRC_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2017 Koenigsegg Agera RS -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon42017KoenigseggAgeraRS_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Alfa Romeo Stelvio Quadrifoglio -> C:\Program Files\WindowsApps\Microsoft.AlfaStevio_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Aston Martin Vantage -> C:\Program Files\WindowsApps\Microsoft.ASTVantage18_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Can-Am Maverick X3 X RS Turbo R -> C:\Program Files\WindowsApps\Microsoft.CanAmMaverick_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Chevrolet Silverado 1500 DeBerti Design Drift Truck -> C:\Program Files\WindowsApps\Microsoft.CHEDebertiDriftTruck_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Ford Deberti Design Mustang Fastback -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon2018FordDebertiDesignMustang_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Nissan SentraNismo -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon42018NissanSentraNismo_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 TVR Griffith -> C:\Program Files\WindowsApps\Microsoft.TVRGriffith18_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2019 BMW i8 Roadster -> C:\Program Files\WindowsApps\Microsoft.BMWi8Roadster_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2019 Porsche 911 Carrera S -> C:\Program Files\WindowsApps\Microsoft.POR992_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 Barrett Jackson Car Pack -> C:\Program Files\WindowsApps\Microsoft.BJCarPack_1.0.1.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 Best of Bond Car Pack -> C:\Program Files\WindowsApps\Microsoft.Day1CarPackBits_1.0.5.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 Formula Drift Car Pack -> C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 Fortune Island -> C:\Program Files\WindowsApps\Microsoft.Expansion1_1.225.171.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 LEGO Speed Champions -> C:\Program Files\WindowsApps\Microsoft.Expansion2_1.312.645.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 VIP -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon4VIP_1.0.3.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Fronius Solar.web live -> C:\Program Files\WindowsApps\FroniusInternationalGmbH.FroniusSolar.weblive_1.1.0.13_neutral__cgs3ya04m7qhm [2018-10-05] (Fronius International GmbH)
Ihr Smartphone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe [2020-10-10] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-29] (Instagram)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-03] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.11.6.0_x64__8wekyb3d8bbwe [2020-11-24] (Microsoft Studios)
Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2020-08-28] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-25] (NVIDIA Corp.)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-09-30] (Samsung Electronics Co. Ltd.)
Xerox Print Experience -> C:\Program Files\WindowsApps\XeroxCorp.PrintExperience_7.132.19.0_x64__f7egpvdyrs2a8 [2020-03-01] (Xerox Corp)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.5.0_x86__xpfg3f7e9an52 [2020-09-25] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2019-03-28] (g10 Code GmbH) [Datei ist nicht signiert]
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [Datei ist nicht signiert]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [Datei ist nicht signiert]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2019-03-28] (g10 Code GmbH) [Datei ist nicht signiert]
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [Datei ist nicht signiert]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_fe92a8457e8d540c\nvshext.dll [2020-11-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [Datei ist nicht signiert]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\System32\rtvcvfw64.dll [246272 2012-09-28] () [Datei ist nicht signiert]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Datei ist nicht signiert]
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-06-19 10:56 - 2017-08-02 13:48 - 000237568 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Gaming APP\LEDControl.dll
2020-06-19 10:45 - 2005-07-18 12:43 - 000160256 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2018-09-29 11:27 - 2016-04-20 13:12 - 000772608 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2015-12-29 14:21 - 2015-12-29 14:21 - 000492544 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\NaturalPoint\TrackIR5\Styles\TrackIR.cjstyles
2020-09-24 18:21 - 2020-09-24 18:21 - 000038400 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\giflib5.dll
2020-09-24 18:21 - 2020-09-24 18:21 - 000098816 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\QtZeroConf.dll
2020-09-24 18:21 - 2020-09-24 18:21 - 000720384 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\turbojpeg.dll
2020-10-05 07:57 - 2020-04-02 17:15 - 002266624 _____ (Digia Plc and/or its subsidiary(-ies)) [Datei ist nicht signiert] C:\Users\kaihi\AppData\Local\Amazon Music\QtCore4.dll
2020-10-05 07:57 - 2020-04-02 17:25 - 006267392 _____ (Digia Plc and/or its subsidiary(-ies)) [Datei ist nicht signiert] C:\Users\kaihi\AppData\Local\Amazon Music\QtGui4.dll
2020-10-05 07:57 - 2020-04-02 17:16 - 000802816 _____ (Digia Plc and/or its subsidiary(-ies)) [Datei ist nicht signiert] C:\Users\kaihi\AppData\Local\Amazon Music\QtNetwork4.dll
2020-06-19 10:56 - 2015-06-23 15:41 - 000082432 _____ (Fintek) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Gaming APP\Lib\FintekUSBDll.dll
2015-07-14 17:01 - 2015-07-14 17:01 - 000287744 _____ (IntelleSoft) [Datei ist nicht signiert] C:\Program Files (x86)\Siemens\ACS790\BugTrapU.dll
2015-12-29 14:23 - 2015-12-29 14:23 - 001458688 _____ (Microsoft) [Datei ist nicht signiert] C:\Program Files (x86)\NaturalPoint\TrackIR5\cpprest120_2_7.dll
2014-01-29 13:53 - 2014-01-29 13:53 - 000110080 _____ (NaturalPoint) [Datei ist nicht signiert] C:\Program Files (x86)\NaturalPoint\TrackIR5\TIRViews.dll
2015-04-08 16:39 - 2015-04-08 16:39 - 000673521 _____ (SQLite Development Team) [Datei ist nicht signiert] C:\Program Files (x86)\Siemens\ACS790\sqlite3.dll
2020-09-24 18:21 - 2020-09-24 18:21 - 001742848 _____ (SQLite Development Team) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\sqlite3.dll
2020-09-24 18:21 - 2020-09-24 18:21 - 002696704 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\libcrypto-1_1-x64.dll
2020-09-24 18:21 - 2020-09-24 18:21 - 000642560 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\libssl-1_1-x64.dll
2020-06-19 10:56 - 2016-10-03 12:43 - 000399872 _____ (TODO: <公司名稱>) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Gaming APP\Lib\SDKDLL.dll
2018-09-30 20:57 - 2015-04-14 11:39 - 000043520 _____ (Windows (R) Codename Longhorn DDK provider) [Datei ist nicht signiert] C:\WINDOWS\system32\spool\PRTPROCS\x64\sst9cpc.dll
2015-07-14 17:02 - 2015-07-14 17:02 - 003516416 _____ (XLware) [Datei ist nicht signiert] C:\Program Files (x86)\Siemens\ACS790\libxl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2393625349-2809001659-2935058265-1001 -> DefaultScope {95C52930-41BF-4506-B291-276F3268EFFF} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-19] (Skype Technologies SA -> Skype Technologies)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2018-04-12 00:38 - 2020-07-11 20:46 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\PuTTY\;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\GnuPG\bin;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kaihi\Documents\Euro Truck Simulator 2\screenshot\ets2_20201130_232408_00.png
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc64"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc32"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
HKLM\...\StartupApproved\Run32: => "DLSWebSvc"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "MSI Gaming Lan Manager"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "Fast Boot"
HKLM\...\StartupApproved\Run32: => "Super Charger"
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\StartupApproved\Run: => "EEDSpeedLauncher"
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\StartupApproved\Run: => "ACS790ACSTrendAndTaskExecutorViewer"
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\StartupApproved\Run: => "Amazon Music"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{05F89C2B-A452-42E6-BCBA-BE8FC47CEE9E}] => (Allow) C:\Program Files (x86)\SIMDashboardServer\SIMDashboardServer.exe (Christian Hausmann -> stryder-it)
FirewallRules: [{DC45C3DE-DA84-48B3-9DB1-AE2B5C9AFEC8}] => (Allow) C:\Program Files (x86)\Siemens\ACS790\ACSNet.dll (Siemens Switzerland Ltd -> Siemens Switzerland Ltd)
FirewallRules: [{FFC0FFB0-19C8-4967-8D36-A36A504A2C1F}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{AC66CA00-A728-4F6A-9A67-7623C9712BEA}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{48ADDD23-661F-4578-887C-B13CC7153AB7}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{E0430331-01A5-473F-80B9-1619EDB7DD64}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{959FD006-62C1-4952-9EC9-32B03EC58811}] => (Allow) D:\Games\steamapps\common\Fernbus Simulator\Fernbus\Binaries\Win64\Fernbus-Win64-Shipping.exe () [Datei ist nicht signiert]
FirewallRules: [{D4E41F8F-C64E-4EB4-9097-F4F7D4F1E72D}] => (Allow) D:\Games\steamapps\common\Fernbus Simulator\Fernbus\Binaries\Win64\Fernbus-Win64-Shipping.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{B3D7C71B-7313-404F-ADE7-8E676F6E34D4}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{48C12C1C-0B13-40A5-90CB-03F53FEF62FC}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{1C7C6FCB-5906-4AE6-91DC-000590740B08}] => (Allow) LPort=26789
FirewallRules: [{518DD4A9-5379-4613-96DA-BF08EA40E44B}] => (Allow) LPort=26820
FirewallRules: [{EFE71CA8-42A3-43BA-AC15-7B5F3659B875}] => (Allow) LPort=81
FirewallRules: [{4579D339-6906-408B-B4FC-F95C92EEF46D}] => (Block) D:\games\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{2EEB8225-C159-4E63-A3EF-66327A60E639}] => (Block) D:\games\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{CBAC52FD-9E59-440C-BDBA-8B169031B177}D:\games\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\games\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{F0D7B9AB-1BA7-412E-9D95-DDA4ABF1673E}D:\games\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\games\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{7C2ADEFB-DDCB-4806-8F82-28DC39081E9F}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{9A9BB6B4-8B81-4AB8-B70F-3300DE8CFD1D}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{70F51E5D-0B64-4286-850D-15487BA92E86}] => (Allow) D:\Games\steamapps\common\MudRunner\MudRunner.exe (Focus Home Interactive) [Datei ist nicht signiert]
FirewallRules: [{D8689E16-34BC-47FE-8623-9F5642CE4ACF}] => (Allow) D:\Games\steamapps\common\MudRunner\MudRunner.exe (Focus Home Interactive) [Datei ist nicht signiert]
FirewallRules: [{DA32F1E9-EAB4-4819-92E4-329B776E7646}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{03A25823-78BF-4F39-AB3F-AE985B1DBF0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{63BCEA87-21C1-4237-B141-9CFCE7B4CF5B}] => (Allow) F:\Farming Simulator 2019\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{51C96EB6-2315-4415-93DD-35955BD48A6A}] => (Allow) F:\Farming Simulator 2019\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{C18EB740-4E88-46CA-8928-C4430B5B0E62}] => (Allow) F:\Farming Simulator 2019\FarmingSimulator2019.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{341EB2C0-C2BB-4A2F-8AC6-B52CF95AA2EF}] => (Allow) F:\Farming Simulator 2019\FarmingSimulator2019.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{9E0716D8-6BB7-4902-88EF-CC86511F35A7}] => (Allow) F:\SteamLibrary\steamapps\common\Tourist Bus Simulator\TouristBusSimulator\Binaries\Win64\TouristBusSimulator.exe () [Datei ist nicht signiert]
FirewallRules: [{7E240613-F629-49DD-98D8-70AC056496CC}] => (Allow) F:\SteamLibrary\steamapps\common\Tourist Bus Simulator\TouristBusSimulator\Binaries\Win64\TouristBusSimulator.exe () [Datei ist nicht signiert]
FirewallRules: [{B442704C-E9B7-4E06-B44C-F8BC0AF80D64}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A401313A-9B8F-4C4C-9DE3-2B870A0E6F6E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{830268CA-C118-465D-A450-1B082C900CCF}] => (Allow) D:\Games\steamapps\common\FarCry5\bin\ArcadeEditor64.exe => Keine Datei
FirewallRules: [{54747966-8C5D-4CDE-B1AA-8F6775094280}] => (Allow) D:\Games\steamapps\common\FarCry5\bin\ArcadeEditor64.exe => Keine Datei
FirewallRules: [UDP Query User{E576E605-C32C-4605-A0F6-F1637A0ADE82}C:\program files (x86)\common files\fronius\localnetv3\localnetserver.exe] => (Allow) C:\program files (x86)\common files\fronius\localnetv3\localnetserver.exe (Fronius International GmbH) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{B765CAE6-B9A5-42C3-AF29-D06BE5AC72B9}C:\program files (x86)\common files\fronius\localnetv3\localnetserver.exe] => (Allow) C:\program files (x86)\common files\fronius\localnetv3\localnetserver.exe (Fronius International GmbH) [Datei ist nicht signiert]
FirewallRules: [{17ACF916-60D5-416A-9980-125E2009D7B1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7A70D09-CA16-4971-BC68-32297150FAC8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7F3EFE63-04EB-4D55-BE93-11419883D98B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8E1ADDF5-494B-4F98-8EC8-B9EE8EB547AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{80415DE7-8CA3-4652-B525-6F8192F19058}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{34FB519B-F0F3-4DFD-8071-EDD034531295}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D1AC1317-C9F8-462F-B057-DCA9E8B9E6B4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{12B63576-33CC-494A-BAA1-0F1072444CFD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B545884A-B597-4563-9A4E-7320F75F6729}] => (Allow) D:\Games\steamapps\common\ConSim2015\ConSim2015.exe () [Datei ist nicht signiert]
FirewallRules: [{86E7F643-449A-4691-B45F-2B799E2A8105}] => (Allow) D:\Games\steamapps\common\ConSim2015\ConSim2015.exe () [Datei ist nicht signiert]
FirewallRules: [{9AD920A2-3091-430C-897A-A549D7A75188}] => (Allow) F:\SteamLibrary\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{80010579-55E7-491C-903B-2D779690BFDF}] => (Allow) F:\SteamLibrary\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{96433FE1-576C-48BE-B214-D2DE379B2BD1}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division 2\TheDivision2.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [{486B83D0-7128-4DD1-80B0-351AB385ADE7}] => (Allow) D:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{6CEF0AAB-1DE9-4E41-A53A-52AEA5CF0C2D}] => (Allow) D:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{6FE4694D-B1A8-4434-9199-6CE36AE3DF04}] => (Allow) D:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{F3D1CF5D-C44E-4B0A-83C9-D625C7FF52E3}] => (Allow) D:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{9629B586-AC8C-40AE-B183-984F2EBC6CBB}] => (Allow) C:\Program Files (x86)\SIMDashboardServer\SIMDashboardServer.exe (Christian Hausmann -> stryder-it)
FirewallRules: [{002DFEFB-654F-441F-9F42-4A2AF4B3DDF6}] => (Allow) C:\Program Files (x86)\SIMDashboardServer\SIMDashboardServer.exe (Christian Hausmann -> stryder-it)
FirewallRules: [{399A51B5-5523-4FE1-B69C-9962AF7C21D4}] => (Allow) D:\Games\steamapps\common\HEAVY RAIN\HeavyRain.exe () [Datei ist nicht signiert]
FirewallRules: [{0F6723F6-26BC-442C-A560-CA4D05A034C6}] => (Allow) D:\Games\steamapps\common\HEAVY RAIN\HeavyRain.exe () [Datei ist nicht signiert]
FirewallRules: [{6B99470B-9D85-4762-8065-E8C022363F46}] => (Allow) D:\Games\steamapps\common\Detroit Become Human\DetroitBecomeHuman.exe () [Datei ist nicht signiert]
FirewallRules: [{F53F0CEB-7CD4-49BE-8F6E-F43B2D6A65D1}] => (Allow) D:\Games\steamapps\common\Detroit Become Human\DetroitBecomeHuman.exe () [Datei ist nicht signiert]
FirewallRules: [{F2814232-C677-4D67-985E-F5126707C693}] => (Allow) D:\Games\steamapps\common\BEYOND Two Souls\BeyondTwoSouls_Steam.exe () [Datei ist nicht signiert]
FirewallRules: [{78E27C4F-DD6E-43B8-AC87-3FDEF3D042A2}] => (Allow) D:\Games\steamapps\common\BEYOND Two Souls\BeyondTwoSouls_Steam.exe () [Datei ist nicht signiert]
FirewallRules: [{A415046F-86F3-4633-818E-56C9F73ECC9D}] => (Allow) F:\SteamLibrary\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{0BDC95E2-7A73-4E20-A5DC-897B9178843A}] => (Allow) F:\SteamLibrary\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{F08DEDAC-027F-49BE-8410-AD0715B623B8}] => (Allow) D:\Games\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{CA13F2B4-2D14-4858-AFEF-011D5F8D7DF8}] => (Allow) D:\Games\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{202960C2-C7E5-4118-8F4D-F920661F052C}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{C4924806-FF5B-49FD-91E8-9B3EB4A4CF96}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{C28AEB91-AF49-41F9-A59E-1C6EBDD70822}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{DBF4E837-5604-4BED-867B-EBBC8FEA5C0A}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{62A55E34-4BD9-4D62-88C4-B3B10346F6D2}] => (Allow) D:\Games\steamapps\common\Truck and Logistics Simulator\Truck & Logistics Simulator.exe () [Datei ist nicht signiert]
FirewallRules: [{747DBEED-D2FB-42BB-ADBA-C66743B58AD4}] => (Allow) D:\Games\steamapps\common\Truck and Logistics Simulator\Truck & Logistics Simulator.exe () [Datei ist nicht signiert]
FirewallRules: [{B8502BBA-5AB6-4C87-8814-9E7EE697C780}] => (Allow) F:\SteamLibrary\steamapps\common\On The Road\OnTheRoad.exe () [Datei ist nicht signiert]
FirewallRules: [{12B8D64A-96BF-42C6-AB4F-BA5F3E48F62E}] => (Allow) F:\SteamLibrary\steamapps\common\On The Road\OnTheRoad.exe () [Datei ist nicht signiert]
FirewallRules: [{0ADD1BE4-A2AA-41A0-BCD1-9FD4D1B61A70}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei
FirewallRules: [{CCE35543-B4AD-49E4-8DA4-A49B7416DDFC}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei
FirewallRules: [{5BABD0A3-6BBA-4918-A920-6AF3B8B329DC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F565AC88-6F2F-4CAD-8032-DC860C84AAC8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2AF78103-C5B3-4971-BF6D-A174DED6AEB8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DA7A32F0-B1A1-43C6-AE70-C7D5EF701CBF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5DC8C8AC-2D46-4472-BEDA-9B621900F39E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{15F58083-3B3C-45D0-80AA-EFDDAD239906}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei
FirewallRules: [{026FA0F2-AAAE-42ED-A314-6BC7DC14AC39}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei
FirewallRules: [{A34CB619-A4D6-4534-98A2-9E1F7A7EC388}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei
FirewallRules: [{6BDEAEAE-DA56-4D66-BC8F-A0D53ABFC5C9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei
FirewallRules: [{1D844970-18F3-4F3C-8652-65834224C38B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{07A25A72-CEAA-418B-937C-DADAE172F043}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6BC773F8-53E6-48E8-A52F-1B8A39CFE6A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{74D10716-8955-412F-A44B-D763711B7C76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{03F5E770-2CC8-40D2-8AE6-C750EF36D965}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1B81E12A-52A2-473C-A22F-FA3388FA8137}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FC83E307-C97C-4E41-84D3-53DEEB070670}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{24DBC7E5-93F7-4727-A089-592F0E91A7CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0268509E-DDA6-4784-B852-551FB28E5FCF}] => (Allow) C:\Program Files (x86)\Overwolf\0.157.2.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{2F930CD0-4170-4D96-93DE-71212E977D39}] => (Allow) C:\Program Files (x86)\Overwolf\0.157.2.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{7E6C6A2C-F7E1-46F1-8224-D7F603BF59F8}] => (Allow) C:\Program Files (x86)\Overwolf\0.157.2.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{0ED41A33-D137-4C15-8EC0-31D36BFD6BBA}] => (Allow) C:\Program Files (x86)\Overwolf\0.157.2.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{09E4C812-71C5-4836-8195-71176AAC457A}] => (Block) C:\Program Files (x86)\Overwolf\0.157.2.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{4EA40938-C88C-4FF5-9959-BF9939144CC1}] => (Block) C:\Program Files (x86)\Overwolf\0.157.2.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{97D4B32B-40E4-4201-9A16-76B986CF745F}] => (Block) C:\Program Files (x86)\Overwolf\0.157.2.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{B4675C06-A111-47BB-84B7-62CA9639F203}] => (Block) C:\Program Files (x86)\Overwolf\0.157.2.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{3482EA11-F4A3-4723-90A1-CBF9000C6A54}] => (Block) C:\Program Files (x86)\Overwolf\0.157.2.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{E0F31A12-DA8F-49E7-9D8C-C4D64545E7E9}] => (Block) C:\Program Files (x86)\Overwolf\0.157.2.17\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{85397534-5F0A-48C5-8926-2F2F9DA3DB1C}] => (Allow) F:\SteamLibrary\steamapps\common\Cattle and Crops\CattleAndCrops.exe (Masterbrain Bytes GmbH & Co. KG) [Datei ist nicht signiert]
FirewallRules: [{FE21AC76-CB30-4A95-B264-07008CB0DF16}] => (Allow) F:\SteamLibrary\steamapps\common\Cattle and Crops\CattleAndCrops.exe (Masterbrain Bytes GmbH & Co. KG) [Datei ist nicht signiert]
FirewallRules: [{F553F4D1-1B42-4EEC-A2D6-F4C70D917FF8}] => (Allow) F:\SteamLibrary\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{EA7BE04C-ACB0-4B53-9257-DA192B7BE9FD}] => (Allow) F:\SteamLibrary\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{13F206F1-FCC3-4C82-A8A2-A6F44F4C7C24}] => (Allow) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe (Corsair Memory, Inc. -> Corsair Memory, Inc)
FirewallRules: [{956C40CB-7A10-4D5E-8830-B9E998420BCA}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{198BA170-CAC6-47BE-9943-807DD44F12FE}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{2884F383-89F0-457D-95C8-794F7E9C8798}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{DCFD6AE7-3B08-4319-9B53-9ADF3003F114}] => (Allow) D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{71FAA70E-7235-4D4F-87DC-6A0E772637DB}] => (Allow) D:\Games\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{FD8033D0-8935-478A-B885-A8A6ED18306A}] => (Allow) D:\Games\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{CB2DDDE1-84FC-4E4E-BB49-9D151DED4846}] => (Allow) F:\SteamLibrary\steamapps\common\FPH SpedV\Launcher.exe (Nicolas Reuter -> )
FirewallRules: [{BE1BD78E-6654-43F4-9DCE-895D79A422B9}] => (Allow) F:\SteamLibrary\steamapps\common\FPH SpedV\Launcher.exe (Nicolas Reuter -> )
FirewallRules: [{694419B9-4624-4A0B-B2FA-7DEBF4C36662}] => (Allow) LPort=25552
FirewallRules: [{536A6CB4-B58D-43B9-BC10-EB94C4BB59B2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Wiederherstellungspunkte =========================
21-11-2020 19:14:02 Geplanter Prüfpunkt
27-11-2020 21:34:21 Installed NaturalPoint USB Drivers x64.
27-11-2020 21:35:01 Installed TrackIR 5.
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/02/2020 06:37:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Name des fehlerhaften Moduls: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000006f58
ID des fehlerhaften Prozesses: 0xee0
Startzeit der fehlerhaften Anwendung: 0x01d6c8aed1b81398
Pfad der fehlerhaften Anwendung: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Berichtskennung: 0a6bb908-88af-483e-bdc0-01f4ad7a752c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/02/2020 03:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm firefox.exe Version 83.0.0.7621 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 23f8
Startzeit: 01d6c8b9a47c924e
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Bericht-ID: b4af5100-3697-4efd-882a-48a367433313
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Top level window is idle
Error: (12/02/2020 03:39:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: eurotrucks2.exe, Version: 1.39.1.5, Zeitstempel: 0x5fb7b3f6
Name des fehlerhaften Moduls: trucksbook_64.dll, Version: 0.0.0.0, Zeitstempel: 0x5f0ab867
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000058ad
ID des fehlerhaften Prozesses: 0x3cd4
Startzeit der fehlerhaften Anwendung: 0x01d6c8af0df02ddb
Pfad der fehlerhaften Anwendung: D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
Pfad des fehlerhaften Moduls: D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\plugins\trucksbook_64.dll
Berichtskennung: 111d28af-7043-491f-a6fd-037e6c66259e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/02/2020 03:39:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: eurotrucks2.exe, Version: 1.39.1.5, Zeitstempel: 0x5fb7b3f6
Name des fehlerhaften Moduls: MSVCR120.dll, Version: 12.0.40660.0, Zeitstempel: 0x577e0cc7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003c8d3
ID des fehlerhaften Prozesses: 0x3cd4
Startzeit der fehlerhaften Anwendung: 0x01d6c8af0df02ddb
Pfad der fehlerhaften Anwendung: D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\MSVCR120.dll
Berichtskennung: f459d0e9-b84a-4b28-b851-cfc8dc96dab7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/30/2020 08:49:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm eurotrucks2.exe Version 1.39.1.5 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 4a74
Startzeit: 01d6c75142a7fbff
Beendigungszeit: 4294967295
Anwendungspfad: D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
Bericht-ID: 62ee9240-3ca4-4784-842c-0ec8f7b0799a
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Top level window is idle
Error: (11/28/2020 11:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Name des fehlerhaften Moduls: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000006f58
ID des fehlerhaften Prozesses: 0x1024
Startzeit der fehlerhaften Anwendung: 0x01d6c567aec01784
Pfad der fehlerhaften Anwendung: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Berichtskennung: 6487ab9f-aedf-4379-a20f-69ec2ca3acc3
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/28/2020 06:50:25 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Die Speicheroptimierung konnte erneut optimieren auf \\?\Volume{f29033ad-38ad-2470-4ff3-f6fa41058990}\ nicht abschließen. Grund: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A)
Error: (11/28/2020 06:50:24 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Die Speicheroptimierung konnte erneut optimieren auf \\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ nicht abschließen. Grund: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A)
Systemfehler:
=============
Error: (12/03/2020 11:31:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1KF7GS2)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/03/2020 11:31:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1KF7GS2)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/03/2020 11:31:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1KF7GS2)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/03/2020 11:31:03 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1KF7GS2)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/03/2020 11:31:03 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1KF7GS2)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/03/2020 11:30:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "ACS Sub System" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/03/2020 11:30:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/03/2020 11:30:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel® SGX AESM" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.
Windows Defender:
===================================
Date: 2020-12-01 14:07:06.6890000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {5219A425-F4AC-4131-825C-BAF50B102CE0}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2020-11-30 16:18:25.5560000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {F0CE1C80-1678-40BF-B7CB-C228165C4B95}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2020-11-29 21:31:04.8710000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {E4F336BA-FD39-418B-9667-BB954DB78055}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2020-11-24 15:30:48.5140000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {0EE0EAAA-5F72-4DD4-9821-E66826EEA568}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2020-11-23 16:56:14.5570000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {9BC726CB-21CC-43DC-8AA6-C4DC7D210EA5}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
CodeIntegrity:
===================================
Date: 2020-12-03 11:31:41.9700000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-03 11:31:36.8510000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-02 14:27:08.7810000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-02 14:27:03.6850000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-02 13:13:47.7680000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-02 13:13:42.6390000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-11-28 10:20:21.4470000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-11-28 10:20:16.3410000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 1.90 07/03/2018
Hauptplatine: MSI Z270 GAMING PRO CARBON (MS-7A63)
Prozessor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
Prozentuale Nutzung des RAM: 9%
Installierter physikalischer RAM: 65498.46 MB
Verfügbarer physikalischer RAM: 59487.07 MB
Summe virtueller Speicher: 75226.46 MB
Verfügbarer virtueller Speicher: 66850.5 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:464.62 GB) (Free:52.57 GB) NTFS
Drive d: (HDD) (Fixed) (Total:1862.89 GB) (Free:1505.35 GB) NTFS
Drive f: (GameSSD) (Fixed) (Total:931.5 GB) (Free:745.08 GB) NTFS
\\?\Volume{f0842205-2482-4417-804b-7f24e586ac7e}\ () (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{945b0950-d9ad-4407-ac49-9bf4df682077}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS
\\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{f29033ad-38ad-2470-4ff3-f6fa41058990}\ () (Fixed) (Total:1.31 GB) (Free:0 GB) NTFS
\\?\Volume{6373df8b-2292-42c9-bf09-fc46d42898c3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.
==================== Ende von Addition.txt =======================
Vergessene Logfiles Adwcleaner: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-03-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 27
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted C:\Users\kaihi\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\kaihi\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
Deleted C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\invalidprefs.js
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [4084 octets] - [03/12/2020 11:30:47]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-03-2020
# Duration: 00:00:37
# OS: Windows 10 Pro
# Scanned: 31920
# Detected: 27
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\kaihi\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\kaihi\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
***** [ Files ] *****
PUP.Optional.Legacy C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\invalidprefs.js
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-03-2020
# Duration: 00:00:36
# OS: Windows 10 Pro
# Scanned: 31920
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [4084 octets] - [03/12/2020 11:30:47]
AdwCleaner[C00].txt - [3782 octets] - [03/12/2020 11:30:58]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
|
|
03.12.2020, 15:03
| #3 | |
| /// TB-Ausbilder   | Windows PC laut Telekom mit gootkit infiziert Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen. Zitat:
Bitte die Logdatei von MBAM mit den entfernten Funden nachreichen, dann sehen wir weiter. |
|
03.12.2020, 15:07
| #4 |
| | Windows PC laut Telekom mit gootkit infiziertCode:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 02.12.20
Scan-Zeit: 16:05
Protokolldatei: db5ec82c-34af-11eb-9b3a-309c233f8f3d.json
-Softwaredaten-
Version: 4.2.3.96
Komponentenversion: 1.0.1122
Version des Aktualisierungspakets: 1.0.33760
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19041.630)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-1KF7GS2\kaihi
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 340574
Erkannte Bedrohungen: 23
In die Quarantäne verschobene Bedrohungen: 23
Abgelaufene Zeit: 1 Min., 44 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 10
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 193, 236865, , , , , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 193, 236865, , , , , ,
PUP.Optional.Conduit, HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, 193, 236865, 1.0.33760, , ame, , ,
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService13, In Quarantäne, 3854, 380352, 1.0.33760, , ame, , ,
PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, In Quarantäne, 601, 463412, 1.0.33760, , ame, , ,
PUP.Optional.StartPage, HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{95C52930-41BF-4506-B291-276F3268EFFF}, In Quarantäne, 241, 597952, 1.0.33760, , ame, , ,
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IOBIT_MONITOR_SERVER, In Quarantäne, 3854, 580520, 1.0.33760, , ame, , ,
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC_SkipUac_kaihi, In Quarantäne, 3854, 396386, , , , , ,
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C20E597D-AFA9-4179-9A62-799B416710E2}, In Quarantäne, 3854, 396386, , , , , ,
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{C20E597D-AFA9-4179-9A62-799B416710E2}, In Quarantäne, 3854, 396386, , , , , ,
Registrierungswert: 4
PUP.Optional.Conduit, HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, 193, 236865, 1.0.33760, , ame, , ,
PUP.Optional.Conduit, HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, In Quarantäne, 193, 236865, 1.0.33760, , ame, , ,
PUP.Optional.StartPage, HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{95C52930-41BF-4506-B291-276F3268EFFF}|URL, In Quarantäne, 241, 597952, 1.0.33760, , ame, , ,
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IOBIT_MONITOR_SERVER|IMAGEPATH, In Quarantäne, 3854, 580520, 1.0.33760, , ame, , ,
Registrierungsdaten: 1
PUP.Optional.StartPage, HKU\S-1-5-21-2393625349-2809001659-2935058265-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\MICROSOFTEDGE\MAIN|HOMEBUTTONPAGE, Ersetzt, 241, 597950, 1.0.33760, , ame, , ,
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 8
PUP.Optional.AdvancedSystemCare, C:\USERS\KAIHI\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare.lnk, In Quarantäne, 3854, 380340, 1.0.33760, , ame, , 5D927EE1C393EF25C4DD46D1386A946D, 62CA2BC68D3B3CC85F6A56EF919FA2F93B9D4CC43D1A2F2974FBD4187F7ECB74
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, In Quarantäne, 3854, 398206, 1.0.33760, , ame, , EE6EDF771698A5EA143E4E1B0998D5DD, A8BF55C4089FA4F1A460E56E8EA5AC447A98E0C972D5AEF80F4265B31D954F35
PUP.Optional.Amazon1Button, C:\USERS\KAIHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GKWKQVP3.DEFAULT-1566052526425\EXTENSIONS\ABB@AMAZON.COM.XPI, In Quarantäne, 3208, 493346, 1.0.33760, , ame, , 580B9A8F94DA8D6579C35ACA9A7A43AE, 053676C3BB6FC9DAC14AAA29A688CE39680AD263E3F52877E166AA01B293EFD5
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, In Quarantäne, 3854, 380352, , , , , 83DCB31162E4DE2DDA1BFD4C0FE10CC2, 01A8E526637B46B07E58F8FF01E0770F7E7E5A479BBEDC942303C80BB6E57465
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\MONITOR_WIN10_X64.SYS, In Quarantäne, 3854, 580520, , , , , 988DABDCF990B134B0AC1E00512C30C4, E4A7DA2CF59A4A21FC42B611DF1D59CAE75051925A7DDF42BF216CC1A026EADB
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC_SkipUac_kaihi, In Quarantäne, 3854, 396386, , , , , 17512971ED7FA8ED7C0281E631F84138, 7865FC06AE6E012ECEA30E51E978C5CD48CB7BA2B07171BA53DF7205248B8298
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, In Quarantäne, 3854, 396386, 1.0.33760, , ame, , 00CE61F8F3D73808B066DFD04C4DEA48, 53331DD684728254D7AA795EF88C0E048BFD1488DAE9768EC64E472B1E0548CE
PUP.Optional.ChipDe, C:\USERS\KAIHI\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{3BD9A53F-F9BC-44DF-B0FA-6DD88C79F92A}\CHIP INSTALLER.MSI, In Quarantäne, 601, 557991, 1.0.33760, , ame, , DD85FF75F142CFA6B7DD7955DC5914F0, C26A8FF8AD1FC72873EB7C975214D9DD0CD5EE8AFD663E662136677ADB5579FE
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
|
|
03.12.2020, 15:19
| #5 |
| /// TB-Ausbilder | Windows PC laut Telekom mit gootkit infiziert Schritt 1
Schritt 2
Bitte poste mit deiner nächsten Antwort:
|
|
03.12.2020, 15:34
| #6 |
| | Windows PC laut Telekom mit gootkit infiziertCode:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-12-2020
durchgeführt von kaihi (03-12-2020 15:24:10) Run:1
Gestartet von C:\Users\kaihi\Downloads
Geladene Profile: kaihi
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy\User: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
Policies: C:\Users\kaihi\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
Edge HomePage: Default -> hxxp://www.go-setting.com/
Edge StartupUrls: Default -> "hxxp://www.go-setting.com/"
Edge DefaultSearchURL: Default -> hxxp://www.go-setting.com/search?q={searchTerms}
Edge DefaultSearchKeyword: Default -> go-setting.com
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FF user.js: detected! => C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\user.js [2020-09-09]
FF user.js: detected! => C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\user.js [2020-09-09]
FF user.js: detected! => C:\Users\muell\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\user.js [2020-09-09]
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]
U4 npcap_wifi; kein ImagePath
C:\Program Files (x86)\IObit
C:\Users\Default\AppData\Roaming\IObit
C:\Users\kaihi\AppData\Roaming\IObit
C:\Users\muell\AppData\Roaming\IObit
C:\Users\Default\AppData\LocalLow\IObit
C:\Users\kaihi\AppData\LocalLow\IObit
C:\Users\muell\AppData\LocalLow\IObit
C:\ProgramData\IObit
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
SearchScopes: HKU\S-1-5-21-2393625349-2809001659-2935058265-1001 -> DefaultScope {95C52930-41BF-4506-B291-276F3268EFFF} URL =
CMD: reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\Software
CMD: reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\Environment /S
CMD: reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Microsoft\Windows\CurrentVersion\Run /S
CMD: reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1002\Software
CMD: reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1002\Environment /S
CMD: reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1002\Software\Microsoft\Windows\CurrentVersion\Run /S
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
powershell: Set-MpPreference -PUAProtection Enabled
Hosts:
RemoveProxy:
SystemRestore: On
EmptyTemp:
*****************
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\User => erfolgreich verschoben
C:\ProgramData\NTUSER.pol => erfolgreich verschoben
C:\Users\kaihi\NTUSER.pol => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Mozilla => erfolgreich entfernt
"Edge HomePage" => erfolgreich entfernt
"Edge StartupUrls" => erfolgreich entfernt
"Edge DefaultSearchURL" => erfolgreich entfernt
"Edge DefaultSearchKeyword" => erfolgreich entfernt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\ihcjicgdanjaechkgeegckofjjedodee => erfolgreich entfernt
"C:\Users\Default\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\user.js" => nicht gefunden
C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\user.js => erfolgreich verschoben
"C:\Users\muell\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\user.js" => nicht gefunden
HKLM\System\CurrentControlSet\Services\cpuz145 => erfolgreich entfernt
cpuz145 => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\IUFileFilter => erfolgreich entfernt
IUFileFilter => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\IUProcessFilter => erfolgreich entfernt
IUProcessFilter => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\IURegistryFilter => erfolgreich entfernt
IURegistryFilter => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\npcap_wifi => erfolgreich entfernt
npcap_wifi => Dienst erfolgreich entfernt
C:\Program Files (x86)\IObit => erfolgreich verschoben
"C:\Users\Default\AppData\Roaming\IObit" => nicht gefunden
C:\Users\kaihi\AppData\Roaming\IObit => erfolgreich verschoben
"C:\Users\muell\AppData\Roaming\IObit" => nicht gefunden
"C:\Users\Default\AppData\LocalLow\IObit" => nicht gefunden
C:\Users\kaihi\AppData\LocalLow\IObit => erfolgreich verschoben
"C:\Users\muell\AppData\LocalLow\IObit" => nicht gefunden
C:\ProgramData\IObit => erfolgreich verschoben
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => erfolgreich entfernt
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => erfolgreich entfernt
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => erfolgreich entfernt
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => erfolgreich entfernt
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => erfolgreich entfernt
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => erfolgreich entfernt
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => erfolgreich entfernt
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => erfolgreich entfernt
"HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => erfolgreich entfernt
========= reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\Software =========
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\7-Zip
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Adobe
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Aiseesoft Studio
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Amazon
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Amazon.com Services LLC
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\AppDataLow
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\AppInsights
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Avanquest
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Browser Cleanup
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Buhl Data Service GmbH
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\CalDavSynchronizer
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Cambridge Silicon Radio
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Chromium
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Clients
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Cryptic
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Discord
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\DYMO
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\E-Line Media
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Elgato Systems GmbH
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Epic Games
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\EXCiT
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\FinalWire
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\FLEXnet
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Freetrack
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Gaijin
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\GameCenter
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\GNU
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Google
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Intel
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Intel Corporation
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\JavaSoft
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Khronos
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Lavasoft
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Leadertech
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\LogiShrd
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Logitech
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Macromedia
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\MainConcept
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Malwarebytes
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Martin Prikryl
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Microsoft
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Modern UI Test
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Mozilla
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\MSI
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\NaturalPoint
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Netscape
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\NVIDIA Corporation
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\OCS
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\ODBC
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\OpenAutomate
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Overwolf
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Policies
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\QtProject
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Ravensburger AG
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Realtek
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\RegisteredApplications
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Rockstar Games
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Samsung
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\SHAPE
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Siemens
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\SimonTatham
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Simula Games
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\SNMP
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\SSPrint
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\SSScan
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\stryder-it
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\SyncEngines
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\TeamViewer
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\techPowerUp
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Thingamahoochie
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Tobii
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\TomTom
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\TortoiseGit
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\TortoiseSVN
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Toxtronyx
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Trolltech
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\TrucksBook
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Ubisoft
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Unity
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Unwinder
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Valve
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Wargaming.net
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\weltenbauer. Software Entwicklung
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\WinRAR
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\WinRAR SFX
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Wow6432Node
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Xerox
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Xerox Corporation
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Classes
========= Ende von CMD: =========
========= reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\Environment /S =========
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Environment
TEMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp
Path REG_SZ C:\Users\kaihi\AppData\Local\Microsoft\WindowsApps;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
OneDrive REG_EXPAND_SZ C:\Users\kaihi\OneDrive
OneDriveConsumer REG_EXPAND_SZ C:\Users\kaihi\OneDrive
========= Ende von CMD: =========
========= reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Microsoft\Windows\CurrentVersion\Run /S =========
HKEY_USERS\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Microsoft\Windows\CurrentVersion\Run
Amazon Music Helper REG_SZ "C:\Users\kaihi\AppData\Local\Amazon Music\Amazon Music Helper.exe"
LGHUB REG_SZ "C:\Program Files\LGHUB\lghub.exe" --background
Amazon Music REG_SZ C:\Users\kaihi\AppData\Local\Amazon Music\Amazon Music.exe
NaturalPoint REG_SZ C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe
========= Ende von CMD: =========
========= reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1002\Software =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= Ende von CMD: =========
========= reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1002\Environment /S =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= Ende von CMD: =========
========= reg query HKU\S-1-5-21-2393625349-2809001659-2935058265-1002\Software\Microsoft\Windows\CurrentVersion\Run /S =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= Ende von CMD: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
========= netsh advfirewall reset =========
OK.
========= Ende von CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= Ende von CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
0 out of 0 jobs canceled.
========= Ende von CMD: =========
========= Set-MpPreference -PUAProtection Enabled =========
Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -PUAProtection Enabled
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
========= Ende von Powershell: =========
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
========= Ende von RemoveProxy: =========
SystemRestore: On => abgeschlossen
=========== EmptyTemp: ==========
BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 123011174 B
Java, Flash, Steam htmlcache => 602156902 B
Windows/system/drivers => 85436734 B
Edge => 1390187 B
Chrome => 1065276 B
Firefox => 1288947572 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15928 B
NetworkService => 170456 B
kaihi => 236418382 B
muell => 238627115 B
RecycleBin => 10738413 B
EmptyTemp: => 2.4 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 15:26:20 ====
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2020
durchgeführt von kaihi (Administrator) auf DESKTOP-1KF7GS2 (MSI MS-7A63) (03-12-2020 15:30:41)
Gestartet von C:\Users\kaihi\Downloads
Geladene Profile: kaihi
Platform: Windows 10 Pro Version 20H2 19042.630 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() [Datei ist nicht signiert] C:\Users\kaihi\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.shadowplay.sdPlugin\com.barraider.shadowplay.exe
() [Datei ist nicht signiert] C:\Users\kaihi\AppData\Roaming\Elgato\StreamDeck\Plugins\com.elgato.cpu.sdPlugin\cpu.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\kaihi\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_1e5aa28740c131d2\RstMwService.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Logitech Inc -> ) C:\Program Files\LGHUB\logi_analytics_client.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2008.2.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12010.1001.2.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\DPC Latency Tuner\DPCLT_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NaturalPoint, Inc -> NaturalPoint, Inc.) C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe
(ND_Apps -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_75bf38ed2e8d41c9\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Shanghai Microvirt Software Technology Co., Ltd. -> ) D:\Program Files\Microvirt\MEmu\MemuService.exe
(Siemens Switzerland Ltd -> Siemens Switzerland Ltd) C:\Program Files (x86)\Siemens\ACS790\ACSCat.exe
(Siemens Switzerland Ltd -> Siemens Switzerland Ltd) C:\Program Files (x86)\Siemens\ACS790\ACSConfigurationInterface.exe
(Siemens Switzerland Ltd -> Siemens Switzerland Ltd) C:\Program Files (x86)\Siemens\ACS790\ACSSubSystems.exe
(Siemens Switzerland Ltd -> Siemens Switzerland Ltd) C:\Program Files (x86)\Siemens\ACS790\ACSTrendAndTaskExecutorHost.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(The Qt Company Oy -> The Qt Company Ltd.) C:\Program Files\Elgato\StreamDeck\QtWebEngineProcess.exe <4>
(Xerox Corporation -> Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [NahimicVRSvc32] => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990256 2018-02-05] (A-Volute -> A-Volute)
HKLM\...\Run: [NahimicVRSvc64] => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142320 2018-02-05] (A-Volute -> A-Volute)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2020-09-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Stream Deck] => C:\Program Files\Elgato\StreamDeck\StreamDeck.exe [10151272 2020-10-13] (Corsair Memory, Inc. -> Corsair Memory, Inc)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3074752 2020-05-07] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
HKLM-x32\...\Run: [MSI Gaming Lan Manager] => C:\MSI\MSI Gaming Lan Manager\MSI_Gaming_Lan_Manager.exe [4568736 2018-12-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835760 2019-11-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26310800 2020-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1028280 2017-11-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Run: [Amazon Music Helper] => C:\Users\kaihi\AppData\Local\Amazon Music\Amazon Music Helper.exe [2106312 2020-09-05] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [104586376 2020-11-26] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Run: [Amazon Music] => C:\Users\kaihi\AppData\Local\Amazon Music\Amazon Music.exe [20254152 2020-09-05] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Run: [NaturalPoint] => C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe [19412160 2016-04-06] (NaturalPoint, Inc -> NaturalPoint, Inc.)
HKLM\...\Windows x64\Print Processors\sst9cPC: C:\Windows\System32\spool\prtprocs\x64\sst9cpc.dll [43520 2015-04-14] (Windows (R) Codename Longhorn DDK provider) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\DYMO DUO D1 450 Monitor: C:\Windows\System32\DUO_450MON.DLL [16896 2018-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Sanford L.P.)
HKLM\...\Print\Monitors\DYMO LabelWriter Monitor: C:\Windows\System32\LW400MON.DLL [16384 2018-07-26] (Microsoft Windows Hardware Compatibility Publisher -> DYMO Corp.)
HKLM\...\Print\Monitors\HCR Client Port Monitor: C:\Windows\System32\csrportmon.dll [73416 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Print\Monitors\sst9c Langmon: C:\Windows\System32\sst9clm.dll [22528 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\us008 Langmon: C:\Windows\System32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{5355DA8C-FE32-49b4-A567-A67535C86592}] -> C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BLEtokenCredentialProvider.dll [2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0B4A568A-5F7D-467E-91DF-5622597CD8B1} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16A34CEC-4035-4DBF-BB75-7EB629D56D11} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {17E07AE3-EED7-4C80-A42F-8408B8C31E29} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {226BFED2-0827-4CF7-8CCA-4E3E5EFC5534} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3354296 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {228CD913-F0C3-43A0-847C-5DA35065B9EF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1526680 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2443B6A3-A006-4C7E-91E6-AC83FCF3786C} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2571704 2020-02-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {2798AA6B-C63B-49DC-9C5F-70E78153370E} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2487640 2020-11-03] (Overwolf Ltd -> Overwolf LTD)
Task: {31A24AC1-1F92-4CAF-8C65-CBF52FD92234} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {395C7D9A-3484-414A-88FF-C0C258B3DA86} - System32\Tasks\Amazon Music Helper => C:\Users\kaihi\AppData\Local\Amazon Music\Amazon Music Helper.exe [2106312 2020-09-05] (Amazon.com Services LLC -> Amazon.com Services LLC)
Task: {3DC69CF3-2864-42BA-A7A9-1B461012766D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-19] (Google LLC -> Google LLC)
Task: {3E7EC89A-5B03-4700-AF8E-86CE87C025FC} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {416AA6D4-4C9A-4AA9-B9C6-E4C86DF1688E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {47F76D20-1787-40A2-A64E-8C4EEA7668C2} - System32\Tasks\SIMDB_75b6e096fc79c825286efd6614b8d0f4 => C:\Program Files (x86)\SIMDashboardServer\SIMDashboardServer.exe [6582728 2020-06-17] (Christian Hausmann -> stryder-it)
Task: {512EFED8-0F50-49C2-B0A3-B083E1B057E4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {67F9D975-CB1B-469F-8D93-A885700E4887} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AC70FE8-8C2B-4D1F-A5CE-19DEA4D8D7D3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {73F27D64-FE90-4E71-89F6-BA541D184923} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {7972D841-26DD-4693-8A92-EED4B417D07A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {87779D9D-8A11-482C-A8C9-3FB1DEACEB52} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {8C04AC51-F941-4A75-8170-17867E5981A6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {9C65B64A-F9E9-40C4-9995-DD5CC16CA6EA} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9D081571-AC87-4263-8383-8B415B458060} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142320 2018-02-05] (A-Volute -> A-Volute)
Task: {9FCBEA55-6439-4147-8F9C-B0DFAAA49B70} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A66827F3-1B70-4024-BE6A-F75F354A2192} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB11CCBC-A7C9-469D-8A19-7D5B7B2B2080} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-19] (Google LLC -> Google LLC)
Task: {D105B1B3-9324-4CEE-BB1E-BD97CA625873} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1FA93C0-6169-44F7-9D2C-1BA98FDE1AE0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E40D6343-F4B7-4CDF-BDEB-FAFBEAA03D95} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2E8D20E-84E4-4F3D-9188-80E18DBF3B34} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {F8F9666C-08BF-4C0D-826B-3CD86AA9BAB1} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2015-11-20] (Intel(R) Software -> Intel Corporation)
Task: {FED179BD-DEFE-4B28-AE86-D8978D50F468} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FF26D5D8-0E20-46A4-957F-7FA9DEBA5DD8} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990256 2018-02-05] (A-Volute -> A-Volute)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2b1d2eb5-9bde-413d-a852-d73f9c142711}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{95718f63-3133-4ef0-b6c0-f1e030ef7d0a}: [DhcpNameServer] 192.168.2.1
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2393625349-2809001659-2935058265-1001 -> hxxp://www.google.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\kaihi\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-03]
FireFox:
========
FF DefaultProfile: gkwkqvp3.default-1566052526425
FF ProfilePath: C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425 [2020-12-03]
FF Notifications: Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425 -> hxxps://steamstat.us; hxxps://forum.discovergy.com; hxxps://ntcloud.proppower.de
FF Extension: (Facebook Container) - C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\Extensions\@contain-facebook.xpi [2020-09-30]
FF Extension: (Enhancer for YouTube™) - C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2020-03-31]
FF Extension: (Online-Übersetzer) - C:\Users\kaihi\AppData\Roaming\Mozilla\Firefox\Profiles\gkwkqvp3.default-1566052526425\Extensions\{14e7e7c0-cb2b-4113-bcc2-c1d279032a2e}.xpi [2020-01-03]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default [2020-12-03]
CHR Extension: (Präsentationen) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-01-19]
CHR Extension: (Docs) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-01-19]
CHR Extension: (Google Drive) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-27]
CHR Extension: (YouTube) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-19]
CHR Extension: (Tabellen) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-27]
CHR Extension: (Piggy - Automatische Gutscheine & Cashback) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2020-11-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-19]
CHR Extension: (Google Mail) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\kaihi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-27]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ACSCatService; C:\Program Files (x86)\Siemens\ACS790\ACSCat.exe [213992 2015-07-14] (Siemens Switzerland Ltd -> Siemens Switzerland Ltd)
R2 ACSConfigurationInterfaceService; C:\Program Files (x86)\Siemens\ACS790\ACSConfigurationInterface.exe [120808 2015-07-14] (Siemens Switzerland Ltd -> Siemens Switzerland Ltd)
R2 ACSSubSystemService; C:\Program Files (x86)\Siemens\ACS790\ACSSubSystems.exe [291816 2015-07-14] (Siemens Switzerland Ltd -> Siemens Switzerland Ltd)
R2 ACSTrendAndTaskExecutorService; C:\Program Files (x86)\Siemens\ACS790\ACSTrendAndTaskExecutorHost.exe [15848 2015-07-14] (Siemens Switzerland Ltd -> Siemens Switzerland Ltd)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8628224 2020-06-12] (BattlEye Innovations e.K. -> )
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 CsrBtOBEX-Dienst; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2019-11-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10896008 2020-11-26] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
R2 MEmuSVC; D:\Program Files\Microvirt\MEmu\MemuService.exe [85304 2019-07-02] (Shanghai Microvirt Software Technology Co., Ltd. -> )
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343600 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255544 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507952 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2740912 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_DPCLTSERVICE; C:\Program Files (x86)\MSI\DPC Latency Tuner\DPCLT_Service.exe [2166968 2018-09-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [113336 2017-12-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2333328 2020-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [183472 2020-03-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2487640 2020-11-03] (Overwolf Ltd -> Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13103632 2020-09-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [513920 2020-10-30] (Xerox Corporation -> Xerox Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_75bf38ed2e8d41c9\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_75bf38ed2e8d41c9\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 csravrcp; C:\WINDOWS\System32\drivers\csravrcp.sys [26304 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 CsrBthAudioHF; C:\WINDOWS\System32\drivers\CsrBthAudioHF.sys [39120 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 CsrBtPort; C:\WINDOWS\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrhfgcc; C:\WINDOWS\System32\drivers\csrhfgcc.sys [38080 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrpan; C:\WINDOWS\System32\drivers\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrserial; C:\WINDOWS\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusb; C:\WINDOWS\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csr_bthav; C:\WINDOWS\system32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R1 EneIo; C:\WINDOWS\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2020-09-05] (Martin Malik - REALiX -> REALiX(tm))
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R0 idisplayfilter; C:\WINDOWS\System32\DRIVERS\idisplayfilter.sys [35352 2017-06-23] (SHAPE GmbH -> )
R3 iDisplayWDDM; C:\WINDOWS\System32\drivers\idisplay.sys [40040 2017-06-30] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\71013\driver_cpu_temperature\logi_core_temp.sys [25448 2020-11-26] (Logitech Inc. -> Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 logi_generic_hid_filter; C:\WINDOWS\system32\drivers\logi_generic_hid_filter.sys [56376 2020-08-07] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2019-11-03] (Logitech Inc -> Logitech)
S3 logi_joy_hid_filter; C:\WINDOWS\system32\drivers\logi_joy_hid_filter.sys [57400 2020-08-07] (Logitech Inc -> Logitech)
S3 logi_joy_hid_lo; C:\WINDOWS\system32\drivers\logi_joy_hid_lo.sys [46648 2020-08-07] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2020-05-20] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2019-11-03] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-12-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-12-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [138904 2020-12-03] (Malwarebytes Inc -> Malwarebytes)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [319192 2019-09-21] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 npusbio; C:\WINDOWS\System32\Drivers\npusbio_x64.sys [38400 2015-12-11] (NaturalPoint, Inc -> )
R3 NTIOLib_DPC; C:\Program Files (x86)\MSI\DPC Latency Tuner\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [57976 2017-04-06] (Shaul Eizikovich -> Shaul Eizikovich)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-12-03 15:30 - 2020-12-03 15:31 - 000037724 _____ C:\Users\kaihi\Downloads\FRST.txt
2020-12-03 15:30 - 2020-12-03 15:30 - 000000000 ____D C:\Users\kaihi\Downloads\ScanSicherungMalware
2020-12-03 15:27 - 2020-12-03 15:27 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-12-03 15:27 - 2020-12-03 15:27 - 000138904 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-12-03 15:27 - 2020-12-03 15:27 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-12-03 15:27 - 2020-12-03 15:27 - 000000008 __RSH C:\ProgramData\ntuser.pol
2020-12-03 15:24 - 2020-12-03 15:26 - 000020737 _____ C:\Users\kaihi\Downloads\Fixlog.txt
2020-12-03 13:26 - 2020-12-03 13:26 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2020-12-03 13:24 - 2020-11-23 14:47 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-12-03 13:24 - 2020-11-23 14:47 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-12-03 13:24 - 2020-11-23 14:47 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-12-03 13:24 - 2020-11-23 14:47 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-12-03 13:24 - 2020-11-23 14:47 - 001054936 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-12-03 13:24 - 2020-11-23 14:47 - 001054936 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-12-03 13:24 - 2020-11-23 14:47 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-12-03 13:24 - 2020-11-23 14:47 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-12-03 13:24 - 2020-11-23 14:47 - 000456600 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-12-03 13:24 - 2020-11-23 14:47 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-12-03 13:24 - 2020-11-23 14:45 - 001027992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2020-12-03 13:24 - 2020-11-23 14:45 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-12-03 13:24 - 2020-11-23 14:45 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-12-03 13:24 - 2020-11-23 14:45 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-12-03 13:24 - 2020-11-23 14:44 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-12-03 13:24 - 2020-11-23 14:44 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-12-03 13:24 - 2020-11-23 14:44 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-12-03 13:24 - 2020-11-23 14:44 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-12-03 13:24 - 2020-11-23 14:44 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-12-03 13:24 - 2020-11-23 14:44 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-12-03 13:24 - 2020-11-23 14:44 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-12-03 13:24 - 2020-11-23 14:44 - 000590576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2020-12-03 13:24 - 2020-11-23 14:44 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-12-03 13:24 - 2020-11-23 14:44 - 000445848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2020-12-03 13:24 - 2020-11-23 14:43 - 007706352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-12-03 13:24 - 2020-11-23 14:43 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-12-03 13:24 - 2020-11-23 14:43 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-12-03 13:24 - 2020-11-23 14:43 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-12-03 13:24 - 2020-11-23 14:43 - 000849648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2020-12-03 13:24 - 2020-11-23 14:42 - 007006712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-12-03 13:24 - 2020-11-23 14:42 - 005978008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-12-03 13:24 - 2020-11-22 14:36 - 000080930 _____ C:\WINDOWS\system32\nvinfo.pb
2020-12-03 11:38 - 2020-12-03 15:30 - 000000000 ____D C:\FRST
2020-12-03 11:37 - 2020-12-03 11:37 - 002288640 _____ (Farbar) C:\Users\kaihi\Downloads\FRST64.exe
2020-12-03 11:29 - 2020-12-03 11:30 - 000000000 ____D C:\AdwCleaner
2020-12-03 11:29 - 2020-12-03 11:29 - 008447152 _____ (Malwarebytes) C:\Users\kaihi\Downloads\adwcleaner_8.0.8.exe
2020-12-02 16:05 - 2020-12-02 16:05 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-02 16:05 - 2020-12-02 16:05 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-12-02 16:05 - 2020-12-02 16:05 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-12-02 16:05 - 2020-12-02 16:05 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-02 16:05 - 2020-12-02 16:05 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-02 16:05 - 2020-12-02 16:05 - 000002029 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-02 16:05 - 2020-12-02 16:05 - 000002029 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-02 16:05 - 2020-12-02 16:05 - 000000000 ____D C:\Users\kaihi\AppData\Local\mbam
2020-12-02 16:05 - 2020-12-02 16:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-02 16:04 - 2020-12-02 16:04 - 002077136 _____ (Malwarebytes) C:\Users\kaihi\Downloads\MBSetup.exe
2020-12-02 16:04 - 2020-12-02 16:04 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-02 15:53 - 2020-12-02 15:53 - 000000000 ____D C:\Users\kaihi\Downloads\RusMap_v2.3.1_1.39
2020-12-02 15:52 - 2020-12-02 15:52 - 026558777 _____ C:\Users\kaihi\Downloads\PM251_RM2.3.1_roadconnection.scs
2020-12-02 15:51 - 2020-12-02 15:53 - 1170088429 _____ C:\Users\kaihi\Downloads\RusMap_v2.3.1_1.39.7z
2020-12-02 13:55 - 2020-12-02 14:00 - 000000000 ____D C:\Users\kaihi\Downloads\Virtual_Speditor2_14
2020-12-02 13:55 - 2020-12-02 13:55 - 003343988 _____ C:\Users\kaihi\Downloads\Virtual_Speditor2_14.rar
2020-11-28 20:18 - 2020-11-28 20:18 - 012402010 _____ C:\Users\kaihi\Downloads\ETSP_x64__2_.zip
2020-11-27 21:36 - 2020-11-27 21:36 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\NaturalPoint
2020-11-27 21:35 - 2020-11-27 21:35 - 000002193 _____ C:\Users\Public\Desktop\TrackIR v5.lnk
2020-11-27 21:35 - 2020-11-27 21:35 - 000002193 _____ C:\ProgramData\Desktop\TrackIR v5.lnk
2020-11-27 21:35 - 2020-11-27 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackIR v5
2020-11-27 21:34 - 2020-11-27 21:35 - 000000000 ____D C:\Program Files (x86)\NaturalPoint
2020-11-27 21:00 - 2020-11-27 21:31 - 029368848 _____ (NaturalPoint) C:\Users\kaihi\Downloads\TrackIR_5.4.2(1).exe
2020-11-27 17:26 - 2020-11-27 17:26 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2020-11-27 17:26 - 2020-11-27 17:26 - 000000650 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2020-11-27 17:26 - 2020-11-27 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2020-11-27 17:26 - 2020-11-27 17:26 - 000000000 ____D C:\Program Files\LGHUB
2020-11-24 20:14 - 2020-11-24 20:14 - 000681166 _____ C:\Users\kaihi\Downloads\mapSet_ProMods251ME.txt
2020-11-24 20:04 - 2020-12-01 14:27 - 000000000 ____D C:\Users\kaihi\Downloads\Virtual_Speditor2_13
2020-11-24 20:04 - 2020-11-24 20:04 - 005006435 _____ C:\Users\kaihi\Downloads\Virtual_Speditor2_13.rar
2020-11-24 19:46 - 2020-11-24 19:46 - 000000000 ____D C:\Users\kaihi\Downloads\Virtual_Speditor2_1
2020-11-24 19:36 - 2020-11-24 19:37 - 003717538 _____ C:\Users\kaihi\Downloads\Virtual_Speditor2_1.rar
2020-11-24 19:22 - 2020-11-24 19:25 - 064617793 _____ C:\Users\kaihi\Downloads\promods-me-v251.7z
2020-11-24 14:43 - 2020-11-24 15:07 - 000000000 ____D C:\Users\kaihi\Downloads\ProMods_2_51
2020-11-23 15:11 - 2020-11-23 15:11 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-23 15:11 - 2020-11-23 15:11 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-21 21:52 - 2020-11-21 21:52 - 000004284 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon
2020-11-21 21:52 - 2020-11-21 21:52 - 000004154 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed
2020-11-21 21:52 - 2020-11-21 21:52 - 000004064 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh
2020-11-21 21:51 - 2020-11-21 21:51 - 029969816 _____ C:\Users\kaihi\Downloads\XeroxSmartStart_1.4.28.0(1).exe
2020-11-21 18:59 - 2020-11-21 18:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-11-20 22:45 - 2020-11-24 20:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-17 10:56 - 2020-11-17 10:56 - 000007605 _____ C:\Users\kaihi\AppData\Local\Resmon.ResmonCfg
2020-11-15 21:05 - 2020-11-15 21:05 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\Ookla
2020-11-15 00:02 - 2020-11-15 00:02 - 000000000 ____D C:\Users\kaihi\AppData\Local\Corsair
2020-11-14 23:36 - 2020-11-14 23:36 - 000000000 ____D C:\Users\kaihi\Downloads\drive-download-20201114T222951Z-001
2020-11-14 23:35 - 2020-11-14 23:35 - 000205239 _____ C:\Users\kaihi\Downloads\drive-download-20201114T222951Z-001.zip
2020-11-14 23:27 - 2020-11-14 23:27 - 000000000 ____D C:\Users\kaihi\Downloads\Streamdeckbuttons_mit Vorlage für Affinity Foto
2020-11-14 23:26 - 2020-11-14 23:26 - 010870545 _____ C:\Users\kaihi\Downloads\Streamdeckbuttons_mit Vorlage für Affinity Foto.zip
2020-11-14 14:33 - 2020-11-15 19:44 - 000000000 ____D C:\Users\kaihi\Downloads\Cattle and Crops
2020-11-14 14:08 - 2020-11-14 14:08 - 003548340 _____ C:\Users\kaihi\Downloads\Cattle and Crops.zip
2020-11-14 13:09 - 2020-11-14 13:09 - 000001149 _____ C:\Users\Public\Desktop\Stream Deck.lnk
2020-11-14 13:09 - 2020-11-14 13:09 - 000001149 _____ C:\ProgramData\Desktop\Stream Deck.lnk
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\Elgato
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\ProgramData\Elgato
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\Program Files\obs-studio
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\Program Files\Elgato
2020-11-14 13:09 - 2020-11-14 13:09 - 000000000 ____D C:\Program Files (x86)\OBS Studio - FTL
2020-11-14 13:08 - 2020-11-14 13:09 - 100532224 _____ C:\Users\kaihi\Downloads\Stream_Deck_4.9.0.13177.msi
2020-11-12 16:14 - 2020-11-12 16:14 - 000267868 _____ C:\Users\kaihi\Documents\Kindkrankschein_Hilbert_Kai.pdf
2020-11-12 14:49 - 2020-12-03 15:27 - 000008192 ___SH C:\DumpStack.log.tmp
2020-11-12 14:49 - 2020-11-12 14:49 - 002048940 _____ C:\WINDOWS\Minidump\111220-7843-01.dmp
2020-11-12 14:49 - 2020-11-12 14:49 - 000000000 ____D C:\WINDOWS\Minidump
2020-11-12 11:38 - 2020-11-12 11:38 - 009599960 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlane.sys
2020-11-12 11:38 - 2020-11-12 11:38 - 001421688 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorAC.sys
2020-11-12 11:38 - 2020-11-12 11:38 - 000094129 _____ C:\WINDOWS\system32\Drivers\rtldata.txt
2020-11-12 11:38 - 2020-11-12 11:38 - 000026488 _____ (Intel Corporation) C:\WINDOWS\system32\RstMwEventLogMsg.dll
2020-11-12 11:32 - 2020-11-12 11:32 - 000000000 ____D C:\Users\kaihi\Downloads\Phaser6510_WC6515_7.95.0.0_PS_x64
2020-11-12 09:46 - 2020-11-12 09:46 - 002694550 _____ C:\Users\kaihi\Downloads\fwdl5.3.6.19ww-20201006-1.zip
2020-11-12 09:43 - 2020-11-12 09:43 - 013570048 _____ C:\Users\kaihi\Downloads\XrxSetup_7.132.20.0_x64(1).msi
2020-11-12 08:12 - 2020-11-12 08:12 - 029969816 _____ C:\Users\kaihi\Downloads\XeroxSmartStart_1.4.28.0.exe
2020-11-12 08:11 - 2020-11-12 08:11 - 014192640 _____ C:\Users\kaihi\Downloads\XeroxScanExperience_7.4.43.0_x64.msi
2020-11-12 08:11 - 2020-11-12 08:11 - 002676603 _____ C:\Users\kaihi\Downloads\Phaser6510_WC6515_7.95.0.0_PS_x64.zip
2020-11-12 08:09 - 2020-11-12 08:09 - 013570048 _____ C:\Users\kaihi\Downloads\XrxSetup_7.132.20.0_x64.msi
2020-11-12 08:02 - 2020-11-12 08:02 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-12 08:02 - 2020-11-12 08:02 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-12 08:02 - 2020-11-12 08:02 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-12 08:02 - 2020-11-12 08:02 - 000152576 _____ C:\WINDOWS\system32\EoAExperiences.exe
2020-11-12 08:02 - 2020-11-12 08:02 - 000009265 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-11-11 21:06 - 2020-11-11 21:08 - 1131631870 _____ C:\Users\kaihi\Downloads\LS19_Ebsdorder_Heide.zip
2020-11-11 19:36 - 2020-11-11 19:36 - 005960352 _____ C:\Users\kaihi\Downloads\FS19_Animal_Goods_Transport.zip
2020-11-11 15:55 - 2020-11-11 15:56 - 761693075 _____ C:\Users\kaihi\Downloads\FS19_MVP19.zip
2020-11-11 14:29 - 2020-11-11 14:29 - 000015580 _____ C:\Users\kaihi\Documents\Mod_List_Warnung.txt
2020-11-06 20:58 - 2020-11-06 20:58 - 000130204 _____ C:\Users\kaihi\Documents\SallyKontakte.vcf
2020-11-06 20:56 - 2020-11-06 20:51 - 000034034 _____ C:\Users\kaihi\Documents\KaiKontakte.vcf
2020-11-06 18:51 - 2020-11-06 18:52 - 003207880 _____ (Dominik Reichl ) C:\Users\kaihi\Downloads\KeePass-2.46-Setup.exe
2020-11-05 20:18 - 2020-11-05 20:18 - 021101454 _____ C:\Users\kaihi\Downloads\FS19_Deutz_AgroStar6x8.zip
2020-11-05 20:18 - 2020-11-05 20:18 - 006931111 _____ C:\Users\kaihi\Downloads\FS19_MaizePlus.zip
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-12-03 15:29 - 2019-02-05 10:07 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-03 15:29 - 2018-09-29 11:32 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-03 15:28 - 2018-09-29 11:15 - 000000000 ____D C:\Users\kaihi\AppData\LocalLow\Mozilla
2020-12-03 15:27 - 2020-09-09 18:55 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\LGHUB
2020-12-03 15:27 - 2020-09-09 18:55 - 000000000 ____D C:\Users\kaihi\AppData\Local\LGHUB
2020-12-03 15:27 - 2020-05-28 18:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-03 15:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-12-03 15:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-03 15:27 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-03 15:27 - 2018-10-08 17:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-12-03 15:26 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-12-03 15:26 - 2018-11-20 22:46 - 000000000 ____D C:\Users\muell\AppData\LocalLow\Temp
2020-12-03 15:25 - 2018-09-29 19:18 - 000000000 ____D C:\Users\kaihi\AppData\LocalLow\Temp
2020-12-03 15:24 - 2020-05-28 18:07 - 000000000 ____D C:\Users\kaihi
2020-12-03 15:24 - 2018-09-29 14:32 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-03 15:24 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2020-12-03 15:13 - 2018-09-29 14:18 - 000000000 ____D C:\Users\kaihi\Documents\Outlook-Dateien
2020-12-03 15:04 - 2020-05-28 18:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-03 13:27 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-03 13:26 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-03 11:59 - 2019-05-11 19:52 - 000000000 ____D C:\ProgramData\TruckersMP
2020-12-03 11:38 - 2020-05-28 18:15 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-03 11:38 - 2019-12-07 15:51 - 000743650 _____ C:\WINDOWS\system32\perfh007.dat
2020-12-03 11:38 - 2019-12-07 15:51 - 000150072 _____ C:\WINDOWS\system32\perfc007.dat
2020-12-03 11:25 - 2020-09-05 17:12 - 000000000 ____D C:\ProgramData\ProductData
2020-12-03 11:25 - 2019-08-08 19:53 - 000000000 ____D C:\Users\kaihi\AppData\Local\TeamSpeak 3 Client
2020-12-03 11:17 - 2020-01-19 21:03 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 18:37 - 2019-09-18 11:21 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\Discord
2020-12-02 16:05 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-02 16:03 - 2018-12-05 10:04 - 000000000 ____D C:\Users\kaihi\Documents\Euro Truck Simulator 2
2020-12-02 15:39 - 2018-10-02 09:23 - 000000000 ____D C:\Users\kaihi\AppData\Local\CrashDumps
2020-12-02 14:28 - 2019-02-03 10:16 - 000000000 ____D C:\Users\kaihi\Documents\SpedV
2020-12-02 14:00 - 2019-08-06 11:44 - 000000747 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2020-12-02 13:23 - 2020-08-10 21:08 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-29 22:20 - 2018-10-02 09:30 - 000000000 ____D C:\Users\kaihi\AppData\Local\D3DSCache
2020-11-29 13:12 - 2019-08-15 21:31 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\WhatsApp
2020-11-29 12:31 - 2020-05-10 12:53 - 000000000 ____D C:\Users\kaihi\AppData\Local\WhatsApp
2020-11-28 10:28 - 2020-08-10 21:08 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-28 10:28 - 2020-08-10 21:08 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 18:26 - 2019-02-03 10:16 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\Microsoft\Windows\Start Menu\FPH SpedV
2020-11-27 17:25 - 2020-01-24 16:57 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2020-11-25 16:52 - 2018-09-29 14:05 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\KeePass
2020-11-24 20:33 - 2018-09-29 11:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-23 15:07 - 2018-09-29 11:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-21 21:52 - 2020-04-06 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox
2020-11-21 21:52 - 2020-01-30 12:39 - 000000000 ____D C:\Program Files\Xerox
2020-11-21 18:59 - 2018-09-29 11:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-21 18:27 - 2020-08-28 13:28 - 001562560 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2020-11-21 18:27 - 2020-08-28 13:28 - 000170424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2020-11-21 18:27 - 2020-08-28 13:28 - 000158136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2020-11-21 18:27 - 2020-08-28 13:28 - 000154032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2020-11-21 18:27 - 2020-08-28 13:28 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2020-11-21 18:27 - 2020-08-28 13:28 - 000033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2020-11-14 14:45 - 2018-11-27 16:26 - 000000000 ____D C:\Users\kaihi\AppData\Local\cache
2020-11-14 13:10 - 2018-10-29 14:45 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-14 13:09 - 2018-09-29 11:32 - 000000000 ____D C:\Users\kaihi\AppData\Local\NVIDIA
2020-11-14 13:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-11-12 14:49 - 2018-09-29 11:06 - 2127249022 _____ C:\WINDOWS\MEMORY.DMP
2020-11-12 09:36 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-12 09:36 - 2018-09-29 11:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-12 09:34 - 2018-09-29 11:24 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-12 09:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-11-12 08:14 - 2020-05-28 18:06 - 000440912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-12 08:13 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-12 08:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-12 08:12 - 2020-06-29 19:40 - 000000000 ____D C:\Users\kaihi\AppData\Roaming\XeroxScanReport
2020-11-12 08:02 - 2020-05-28 18:08 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-11 23:18 - 2018-09-29 20:34 - 000000000 ____D C:\Users\kaihi\Documents\My Games
2020-11-08 19:53 - 2019-08-08 19:53 - 000000000 ____D C:\Program Files (x86)\Overwolf
2020-11-06 13:33 - 2018-09-29 11:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2018-12-19 10:16 - 2018-12-19 10:16 - 000000617 _____ () C:\Users\kaihi\AppData\Roaming\SolarServiceLicenseRequest.xml
2018-10-04 13:55 - 2020-10-19 12:58 - 000000128 _____ () C:\Users\kaihi\AppData\Roaming\winscp.rnd
2018-10-04 11:00 - 2020-02-09 09:51 - 000000600 _____ () C:\Users\kaihi\AppData\Local\PUTTY.RND
2020-04-06 16:46 - 2020-04-06 16:46 - 000002078 _____ () C:\Users\kaihi\AppData\Local\recently-used.xbel
2020-11-17 10:56 - 2020-11-17 10:56 - 000007605 _____ () C:\Users\kaihi\AppData\Local\Resmon.ResmonCfg
2019-08-05 07:18 - 2019-08-05 07:18 - 000000056 _____ () C:\Users\kaihi\AppData\Local\X-Plane 11 Preferences.prf
2019-08-05 07:19 - 2019-08-05 07:19 - 000000015 _____ () C:\Users\kaihi\AppData\Local\X-Plane_drm_11.prf
2019-08-05 07:18 - 2019-08-05 07:18 - 000000039 _____ () C:\Users\kaihi\AppData\Local\x-plane_install_11.txt
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
03.12.2020, 15:34
| #7 |
| | Windows PC laut Telekom mit gootkit infiziertCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-12-2020
durchgeführt von kaihi (03-12-2020 15:31:29)
Gestartet von C:\Users\kaihi\Downloads
Windows 10 Pro Version 20H2 19042.630 (X64) (2020-05-28 17:14:02)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2393625349-2809001659-2935058265-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2393625349-2809001659-2935058265-503 - Limited - Disabled)
Gast (S-1-5-21-2393625349-2809001659-2935058265-501 - Limited - Disabled)
kaihi (S-1-5-21-2393625349-2809001659-2935058265-1001 - Administrator - Enabled) => C:\Users\kaihi
muell (S-1-5-21-2393625349-2809001659-2935058265-1002 - Limited - Enabled) => C:\Users\muell
robin (S-1-5-21-2393625349-2809001659-2935058265-1003 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2393625349-2809001659-2935058265-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ACS790 (HKLM-x32\...\{371bac71-ca25-49b2-a7b1-f847f68ca1bc}) (Version: 10.1.66.31 - Siemens Switzerland Ltd)
ACS790 (HKLM-x32\...\{9611085B-4833-4DEB-99CF-07A7E92800B6}) (Version: 10.01.066.31 - Siemens Switzerland Ltd) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
AIDA64 Extreme v6.20 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.20 - FinalWire Ltd.)
Aiseesoft Data Recovery 1.2.6 (HKLM-x32\...\{E67DD0BA-233F-4EA9-B010-9B0A3D58F690}_is1) (Version: 1.2.6 - Aiseesoft Studio)
Amazon Music (HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Amazon Amazon Music) (Version: 7.13.0.2210 - Amazon.com Services LLC)
APOInstallerMSISetup (HKLM\...\{6D8108E5-FBDD-4547-9C04-B052336E4046}) (Version: 1.0.19 - Nahimic) Hidden
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{A6A8AE0B-30CC-4641-8BE4-8A70E44A2448}) (Version: 1.0.1901 - Nahimic) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CPUID CPU-Z 1.93 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.93 - CPUID, Inc.)
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - CSR Plc.)
Discord (HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Elgato Stream Deck (HKLM\...\{845BFE3B-1D3D-441B-9341-423068B5D895}) (Version: 4.9.0.13177 - Elgato Systems GmbH)
EndpointMonitoring Install MSISetup (HKLM\...\{F1F90F23-6FFC-481E-B72A-B2D51C6DA257}) (Version: 1.0.1901 - Nahimic) Hidden
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Expert PDF Demo (HKLM-x32\...\{EF0B188B-6C1F-4573-8979-DAB1C66266CD}) (Version: 12.00 - Avanquest)
Farming Simulator 19 (HKLM-x32\...\FarmingSimulator2019_is1) (Version: 1.2 - GIANTS Software)
Fronius Datalogger Finder (HKLM-x32\...\{6D8B3164-184D-4206-AA6D-72D58D310F6E}) (Version: 1.00.0001 - Fronius International)
Fronius Solar.access (HKLM-x32\...\{FCE439E9-D6DC-44E7-B104-7B52F13F91C6}) (Version: 1.60.1 - Fronius International GmbH)
Fronius Solar.configurator (HKLM-x32\...\{695EDDA4-D07F-416B-B467-AE02925E19C4}) (Version: 3.3.10 - Fronius International)
Fronius Solar.service 1.2.51.1824 (HKLM-x32\...\{FEFF9DEE-215A-465B-9CE1-DFD1EC6585D1}) (Version: 1.2.51.1824 - Fronius International GmbH) Hidden
Fronius Solar.web live (HKLM-x32\...\{27c09b72-f1fd-4e16-88e9-7364acc3a068}) (Version: 1.0.78.17195 - Fronius International GmbH)
Fronius Solar.web live (HKLM-x32\...\{348A9D53-A7FF-499E-A160-020B7B6FF7D5}) (Version: 1.0.78.17195 - Fronius International GmbH) Hidden
GIMP 2.10.6 (HKLM\...\GIMP-2_is1) (Version: 2.10.6 - The GIMP Team)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.15 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Gpg4win (3.1.7) (HKLM-x32\...\Gpg4win) (Version: 3.1.7 - The Gpg4win Project)
iDisplay 3.1.2 (HKLM-x32\...\iDisplay_is1) (Version: 3.1.2 - SHAPE)
Intel Extreme Tuning Utility (HKLM-x32\...\{79E98F35-0524-446C-8EF5-4E863C4D87E2}) (Version: 6.2.0.24 - Intel Corporation) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{7afa48c7-9901-40fa-8f9b-f0707e2bc5b6}) (Version: 6.2.0.24 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1068 - Intel Corporation)
Intel(R) Network Connections 25.0.0.0 (HKLM\...\PROSetDX) (Version: 25.0.0.0 - Intel)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation)
KeePass Password Safe 2.45 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.45 - Dominik Reichl)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
MEmu (HKLM-x32\...\MEmu) (Version: 7.1.2.0 - Microvirt Software Technology Co. Ltd.)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 de) (HKLM\...\Mozilla Firefox 83.0 (x64 de)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.2 - Mozilla)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.1.02 - MSI)
MSI DPC Latency Tuner (HKLM-x32\...\{1AAC56F3-3F60-47DB-BE6B-088F36ADFDC5}_is1) (Version: 1.0.0.36 - MSI)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.15 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.98 - MSI)
MSI Gaming Lan Manager (HKLM-x32\...\{3318282C-D4D6-4B29-BBD5-95FC34B54FF0}_is1) (Version: 1.0.0.69 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.69 - MSI)
MSI Smart Tool (HKLM-x32\...\{DDCCA038-DAB1-4D09-B85C-848020AA75D6}}_is1) (Version: 1.0.0.45 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.29 - MSI)
MSI X Boost (HKLM-x32\...\{515143BB-7A11-4D85-B941-D520AAAA099C}_is1) (Version: 1.0.0.46 - MSI)
Nahimic VR (HKLM-x32\...\{3d84610f-4cfb-4165-aa15-bb859bd0f0e3}) (Version: 1.0.19 - Nahimic)
NaturalPoint USB Drivers x64 (HKLM\...\{533773B8-9AC1-4C0F-A2BF-57466A45C6F5}) (Version: 2.70.0000 - NaturalPoint)
NineEarsSettings Install Configurator (HKLM\...\{A909659E-FC98-4D8F-AC40-8C5344C86F7A}) (Version: 1.0.1901 - Nahimic) Hidden
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 457.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.51 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.157.2.17 - Overwolf Ltd.)
Parkour Version 1.2.1 (HKLM-x32\...\{FBF6759A-30E7-4040-9942-6BA46472FB3D}}_is1) (Version: 1.2.1 - 3DMRS)
ProductDaemon Install Setup (HKLM\...\{32D62D40-F8F6-408E-8F8C-6A6593E3ACE9}) (Version: 1.0.1901 - Nahimic) Hidden
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8746.1 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.1.0.170 - Samsung Electronics)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
Siemens RNDIS Driver x64 (HKLM\...\{646E8751-988C-4C51-BAA5-A0F82B700B70}) (Version: 8.2.0.0 - Siemens Switzerland Ltd) Hidden
Siemens USB Interfaces Driver x64 (HKLM\...\{3E3A1126-5DA9-489B-881E-D5BBF75C2AA2}) (Version: 0.0.9.1 - Siemens Switzerland Ltd) Hidden
SIMDashboardServer (HKLM-x32\...\{233EAE42-6BB9-48A3-AB74-EC700440EEB5}) (Version: 3.1.5.0 - stryder-it)
SSAudioDaemon Install MSISetup (HKLM\...\{F77EA0C2-B0EB-47C7-990D-EACA981D75E8}) (Version: 1.0.19 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak Overlay (HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.2 - Overwolf app)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.10.5 - TeamViewer)
tiptoi® Manager 4.2.1 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 4.2.1 - Ravensburger AG)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
Tom Clancy's The Division 2 (HKLM-x32\...\Uplay Install 4932) (Version: - Ubisoft)
TrackIR 5 (HKLM-x32\...\{6984ac4b-af1a-46af-bb10-ca1d3b7d4aba}) (Version: 5.4.2.0000 - NaturalPoint)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
TrucksBook Client version 1.3.6 (HKLM-x32\...\TrucksBook Client_is1) (Version: 1.3.6 - TrucksBook)
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
vJoy Device Driver 2.1.8.38 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 2.1.8.38 - Shaul Eizikovich)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WhatsApp (HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\WhatsApp) (Version: 2.2047.11 - WhatsApp)
Windows-Treiberpaket - Fronius Fronius Driver Package (10/22/2009 2.06.00) (HKLM\...\3EC78FCD0C322EF4AC0C3C181305091AFC8A0730) (Version: 10/22/2009 2.06.00 - Fronius)
Windows-Treiberpaket - Fronius Fronius Driver Package (10/22/2009 2.06.00) (HKLM\...\48407F45E4DA37FDCA298D385C66807894A0BB64) (Version: 10/22/2009 2.06.00 - Fronius)
Windows-Treiberpaket - Siemens Switzerland Ltd HIDClass (03/25/2015 1.0.1.3) (HKLM\...\75CA40A30BCA5C49B560F9483B7D2C0ED92D05C9) (Version: 03/25/2015 1.0.1.3 - Siemens Switzerland Ltd)
Windows-Treiberpaket - Siemens Switzerland Ltd USB Remote NDIS Network Device (01/15/2014 8.2.0.0) (HKLM\...\9D451121CA9556345F01F4D75D0085999804077D) (Version: 01/15/2014 8.2.0.0 - Siemens Switzerland Ltd)
WinMerge 2.16.4.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.16.4.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
WinSCP 5.17.7 (HKLM-x32\...\winscp3_is1) (Version: 5.17.7 - Martin Prikryl)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{3E1B1FA9-E565-4CFF-A685-FD0E36292D5A}) (Version: 25.10.1912 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{1882C943-D44D-43CC-9297-FB4287A0B549}) (Version: 26.00.1588 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2020 (HKLM-x32\...\{FEC36D0C-1A26-4C71-8FD5-C4A31DD4F5F2}) (Version: 27.07.1862 - Buhl Data Service GmbH)
Xerox Desktop Print Experience 5.0 (HKLM\...\{F69C2056-BC8D-EC77-49FB-E9F863F8C9AA}) (Version: 7.192.8.0 - Xerox Corporation)
Xerox Font Management Utility (HKLM-x32\...\{732A016D-FE04-4143-AEEF-2A538C2ECE4A}) (Version: 3.1.37.0 - Xerox Corporation)
Xerox Scanner Management Utility (HKLM\...\{74DECE2F-861F-4352-9493-EC1E693D4C08}) (Version: 7.4.43.0 - Xerox Corporation)
Packages:
=========
1938 MG TA Midget -> C:\Program Files\WindowsApps\Microsoft.MGTA38_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
1966 Volkswagen Double Cab Pick-Up -> C:\Program Files\WindowsApps\Microsoft.VWDoubleCab61_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
1970 Triumph TR6 PI -> C:\Program Files\WindowsApps\Microsoft.TRITR670_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
1972 Lamborghini Jarama S -> C:\Program Files\WindowsApps\Microsoft.LAMJarama76_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
2017 Ferrari GTC4Lusso -> C:\Program Files\WindowsApps\Microsoft.ERGTC4Lusso_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
2018 Chevrolet Camaro ZL1 1LE -> C:\Program Files\WindowsApps\Microsoft.CHECamaro1LE18_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
2018 Morgan Aero GT -> C:\Program Files\WindowsApps\Microsoft.MORAeroGT19_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
2019 Chevrolet Corvette ZR1 -> C:\Program Files\WindowsApps\Microsoft.CHECorvetteZR_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1965 Peel Trident -> C:\Program Files\WindowsApps\Microsoft.PEETrident_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2005 Honda NSX-R GT -> C:\Program Files\WindowsApps\Microsoft.HONNSXRGT_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.443.701.2_x64__8wekyb3d8bbwe [2020-10-15] (Microsoft Studios)
Forza Horizon 4 1929 Mercedes-Benz SSK -> C:\Program Files\WindowsApps\Microsoft.MercedesBenzSSK_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1953 Jaguar C-Type -> C:\Program Files\WindowsApps\Microsoft.JAGCType_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1959 Cadillac Eldorado Biarritz Convertible -> C:\Program Files\WindowsApps\Microsoft.CADElDorado_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1959 Porsche 356A Coupe -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon41959Porsche356ACoupe_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1962 Triumph TR3B -> C:\Program Files\WindowsApps\Microsoft.TriumphTR3B_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1963 Opel Kadett A -> C:\Program Files\WindowsApps\Microsoft.OpelKadettA_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1965 Ford Transit -> C:\Program Files\WindowsApps\Microsoft.FORTransit_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1966 Hillman Imp -> C:\Program Files\WindowsApps\Microsoft.SUNImp_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1968 Ford Mustang GT 2+2 Fastback -> C:\Program Files\WindowsApps\Microsoft.FORMustangGT390_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1974 Honda Civic RS -> C:\Program Files\WindowsApps\Microsoft.HONCivicRS_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1977 Hoonigan Ford Gymkhana 10 F-150 -> C:\Program Files\WindowsApps\Microsoft.FordGymkhana_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1985 Porsche #186 959 Paris-Dakar -> C:\Program Files\WindowsApps\Microsoft.Porsche186ParisDakar_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1993 Hoonigan Ford Escort Cosworth Group A -> C:\Program Files\WindowsApps\Microsoft.HooniganFordEscort_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 1993 Porsche 968 Turbo S -> C:\Program Files\WindowsApps\Microsoft.POR968TurboS_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2002 Mazda RX-7 Spirit R Type-A -> C:\Program Files\WindowsApps\Microsoft.MazdaRX7SpiritR_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2003 Honda S2000 -> C:\Program Files\WindowsApps\Microsoft.HondaS2000_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2004 Vauxhall VX220 -> C:\Program Files\WindowsApps\Microsoft.VauxhallVX220_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2005 Ferrari FXX -> C:\Program Files\WindowsApps\Microsoft.FerrariFXX_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2010 Vauxhall Insignia VXR -> C:\Program Files\WindowsApps\Microsoft.VauxhallInsigniaVXR_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2012 Lamborghini Gallardo LP570-4 Spyder Performante -> C:\Program Files\WindowsApps\Microsoft.LamborghiniGallardoLP5704_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2014 McLaren 650S Spider -> C:\Program Files\WindowsApps\Microsoft.MCL650SSpider_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2016 Honda Civic Coupe GRC -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon42016HondaCivicCoupeGRC_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2017 Koenigsegg Agera RS -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon42017KoenigseggAgeraRS_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Alfa Romeo Stelvio Quadrifoglio -> C:\Program Files\WindowsApps\Microsoft.AlfaStevio_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Aston Martin Vantage -> C:\Program Files\WindowsApps\Microsoft.ASTVantage18_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Can-Am Maverick X3 X RS Turbo R -> C:\Program Files\WindowsApps\Microsoft.CanAmMaverick_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Chevrolet Silverado 1500 DeBerti Design Drift Truck -> C:\Program Files\WindowsApps\Microsoft.CHEDebertiDriftTruck_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Ford Deberti Design Mustang Fastback -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon2018FordDebertiDesignMustang_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 Nissan SentraNismo -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon42018NissanSentraNismo_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2018 TVR Griffith -> C:\Program Files\WindowsApps\Microsoft.TVRGriffith18_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2019 BMW i8 Roadster -> C:\Program Files\WindowsApps\Microsoft.BMWi8Roadster_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 2019 Porsche 911 Carrera S -> C:\Program Files\WindowsApps\Microsoft.POR992_1.0.0.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 Barrett Jackson Car Pack -> C:\Program Files\WindowsApps\Microsoft.BJCarPack_1.0.1.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 Best of Bond Car Pack -> C:\Program Files\WindowsApps\Microsoft.Day1CarPackBits_1.0.5.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 Formula Drift Car Pack -> C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 Fortune Island -> C:\Program Files\WindowsApps\Microsoft.Expansion1_1.225.171.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 LEGO Speed Champions -> C:\Program Files\WindowsApps\Microsoft.Expansion2_1.312.645.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Forza Horizon 4 VIP -> C:\Program Files\WindowsApps\Microsoft.ForzaHorizon4VIP_1.0.3.2_neutral__8wekyb3d8bbwe [2020-07-09] (Microsoft Studios)
Fronius Solar.web live -> C:\Program Files\WindowsApps\FroniusInternationalGmbH.FroniusSolar.weblive_1.1.0.13_neutral__cgs3ya04m7qhm [2018-10-05] (Fronius International GmbH)
Ihr Smartphone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.108.0_x64__8wekyb3d8bbwe [2020-10-10] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-29] (Instagram)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-03] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.11.6.0_x64__8wekyb3d8bbwe [2020-11-24] (Microsoft Studios)
Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2020-08-28] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2020-12-03] (NVIDIA Corp.)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-09-30] (Samsung Electronics Co. Ltd.)
Xerox Print Experience -> C:\Program Files\WindowsApps\XeroxCorp.PrintExperience_7.132.19.0_x64__f7egpvdyrs2a8 [2020-03-01] (Xerox Corp)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.5.0_x86__xpfg3f7e9an52 [2020-09-25] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2019-03-28] (g10 Code GmbH) [Datei ist nicht signiert]
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [Datei ist nicht signiert]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [Datei ist nicht signiert]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2019-03-28] (g10 Code GmbH) [Datei ist nicht signiert]
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [Datei ist nicht signiert]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_75bf38ed2e8d41c9\nvshext.dll [2020-11-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2019-05-19] (hxxp://winmerge.org) [Datei ist nicht signiert]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\System32\rtvcvfw64.dll [246272 2012-09-28] () [Datei ist nicht signiert]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Datei ist nicht signiert]
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-06-19 10:56 - 2017-08-02 13:48 - 000237568 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Gaming APP\LEDControl.dll
2020-06-19 10:45 - 2005-07-18 12:43 - 000160256 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2018-09-29 11:27 - 2016-04-20 13:12 - 000772608 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2015-12-29 14:21 - 2015-12-29 14:21 - 000492544 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\NaturalPoint\TrackIR5\Styles\TrackIR.cjstyles
2020-09-24 18:21 - 2020-09-24 18:21 - 000038400 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\giflib5.dll
2020-09-24 18:21 - 2020-09-24 18:21 - 000098816 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\QtZeroConf.dll
2020-09-24 18:21 - 2020-09-24 18:21 - 000720384 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\turbojpeg.dll
2020-10-05 07:57 - 2020-04-02 17:15 - 002266624 _____ (Digia Plc and/or its subsidiary(-ies)) [Datei ist nicht signiert] C:\Users\kaihi\AppData\Local\Amazon Music\QtCore4.dll
2020-10-05 07:57 - 2020-04-02 17:25 - 006267392 _____ (Digia Plc and/or its subsidiary(-ies)) [Datei ist nicht signiert] C:\Users\kaihi\AppData\Local\Amazon Music\QtGui4.dll
2020-10-05 07:57 - 2020-04-02 17:16 - 000802816 _____ (Digia Plc and/or its subsidiary(-ies)) [Datei ist nicht signiert] C:\Users\kaihi\AppData\Local\Amazon Music\QtNetwork4.dll
2020-06-19 10:56 - 2015-06-23 15:41 - 000082432 _____ (Fintek) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Gaming APP\Lib\FintekUSBDll.dll
2019-08-05 16:43 - 2019-05-19 10:31 - 000202752 _____ (hxxp://winmerge.org) [Datei ist nicht signiert] C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll
2020-01-19 16:37 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll
2015-07-14 17:01 - 2015-07-14 17:01 - 000287744 _____ (IntelleSoft) [Datei ist nicht signiert] C:\Program Files (x86)\Siemens\ACS790\BugTrapU.dll
2015-12-29 14:23 - 2015-12-29 14:23 - 001458688 _____ (Microsoft) [Datei ist nicht signiert] C:\Program Files (x86)\NaturalPoint\TrackIR5\cpprest120_2_7.dll
2014-01-29 13:53 - 2014-01-29 13:53 - 000110080 _____ (NaturalPoint) [Datei ist nicht signiert] C:\Program Files (x86)\NaturalPoint\TrackIR5\TIRViews.dll
2015-04-08 16:39 - 2015-04-08 16:39 - 000673521 _____ (SQLite Development Team) [Datei ist nicht signiert] C:\Program Files (x86)\Siemens\ACS790\sqlite3.dll
2020-09-24 18:21 - 2020-09-24 18:21 - 001742848 _____ (SQLite Development Team) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\sqlite3.dll
2020-09-24 18:21 - 2020-09-24 18:21 - 002696704 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\libcrypto-1_1-x64.dll
2020-09-24 18:21 - 2020-09-24 18:21 - 000642560 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\libssl-1_1-x64.dll
2020-06-19 10:56 - 2016-10-03 12:43 - 000399872 _____ (TODO: <公司名稱>) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Gaming APP\Lib\SDKDLL.dll
2018-09-30 20:57 - 2015-04-14 11:39 - 000043520 _____ (Windows (R) Codename Longhorn DDK provider) [Datei ist nicht signiert] C:\WINDOWS\system32\spool\PRTPROCS\x64\sst9cpc.dll
2015-07-14 17:02 - 2015-07-14 17:02 - 003516416 _____ (XLware) [Datei ist nicht signiert] C:\Program Files (x86)\Siemens\ACS790\libxl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-19] (Skype Technologies SA -> Skype Technologies)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2020-12-03 15:24 - 2020-12-03 15:24 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\PuTTY\;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\GnuPG\bin;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kaihi\Documents\Euro Truck Simulator 2\screenshot\ets2_20201130_232408_00.png
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc64"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc32"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
HKLM\...\StartupApproved\Run32: => "DLSWebSvc"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "MSI Gaming Lan Manager"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "Fast Boot"
HKLM\...\StartupApproved\Run32: => "Super Charger"
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\StartupApproved\Run: => "EEDSpeedLauncher"
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\StartupApproved\Run: => "ACS790ACSTrendAndTaskExecutorViewer"
HKU\S-1-5-21-2393625349-2809001659-2935058265-1001\...\StartupApproved\Run: => "Amazon Music"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{9F1E534A-242E-46EB-BC39-624C5773AC10}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{59F1AC07-9C0E-4ED0-BF99-BD0462D5E8BB}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
==================== Wiederherstellungspunkte =========================
21-11-2020 19:14:02 Geplanter Prüfpunkt
27-11-2020 21:34:21 Installed NaturalPoint USB Drivers x64.
27-11-2020 21:35:01 Installed TrackIR 5.
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/03/2020 03:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Name des fehlerhaften Moduls: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000006f58
ID des fehlerhaften Prozesses: 0x1188
Startzeit der fehlerhaften Anwendung: 0x01d6c95f7a05c316
Pfad der fehlerhaften Anwendung: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Berichtskennung: 5db0ee06-0514-4385-9923-e55f3b3ed837
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/03/2020 03:23:40 PM) (Source: NVIDIA OpenGL Driver) (EventID: 1) (User: )
Description: The GPU has been disconnected and this application may become unresponsive.
Error code: 10
(pid=11660 tid=13584 streamdeck.exe 64bit)
Visit hxxp://www.nvidia.com/page/support.html for more information.
Error: (12/02/2020 06:37:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Name des fehlerhaften Moduls: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000006f58
ID des fehlerhaften Prozesses: 0xee0
Startzeit der fehlerhaften Anwendung: 0x01d6c8aed1b81398
Pfad der fehlerhaften Anwendung: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Berichtskennung: 0a6bb908-88af-483e-bdc0-01f4ad7a752c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/02/2020 03:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm firefox.exe Version 83.0.0.7621 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 23f8
Startzeit: 01d6c8b9a47c924e
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Bericht-ID: b4af5100-3697-4efd-882a-48a367433313
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Top level window is idle
Error: (12/02/2020 03:39:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: eurotrucks2.exe, Version: 1.39.1.5, Zeitstempel: 0x5fb7b3f6
Name des fehlerhaften Moduls: trucksbook_64.dll, Version: 0.0.0.0, Zeitstempel: 0x5f0ab867
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000058ad
ID des fehlerhaften Prozesses: 0x3cd4
Startzeit der fehlerhaften Anwendung: 0x01d6c8af0df02ddb
Pfad der fehlerhaften Anwendung: D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
Pfad des fehlerhaften Moduls: D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\plugins\trucksbook_64.dll
Berichtskennung: 111d28af-7043-491f-a6fd-037e6c66259e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/02/2020 03:39:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: eurotrucks2.exe, Version: 1.39.1.5, Zeitstempel: 0x5fb7b3f6
Name des fehlerhaften Moduls: MSVCR120.dll, Version: 12.0.40660.0, Zeitstempel: 0x577e0cc7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003c8d3
ID des fehlerhaften Prozesses: 0x3cd4
Startzeit der fehlerhaften Anwendung: 0x01d6c8af0df02ddb
Pfad der fehlerhaften Anwendung: D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\MSVCR120.dll
Berichtskennung: f459d0e9-b84a-4b28-b851-cfc8dc96dab7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/30/2020 08:49:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm eurotrucks2.exe Version 1.39.1.5 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 4a74
Startzeit: 01d6c75142a7fbff
Beendigungszeit: 4294967295
Anwendungspfad: D:\Games\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
Bericht-ID: 62ee9240-3ca4-4784-842c-0ec8f7b0799a
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Top level window is idle
Error: (11/28/2020 11:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Name des fehlerhaften Moduls: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000006f58
ID des fehlerhaften Prozesses: 0x1024
Startzeit der fehlerhaften Anwendung: 0x01d6c567aec01784
Pfad der fehlerhaften Anwendung: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
Berichtskennung: 6487ab9f-aedf-4379-a20f-69ec2ca3acc3
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (12/03/2020 03:26:54 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1115" in DCOM, als der Dienst "wuauserv" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (12/03/2020 03:26:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CSR OBEX-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/03/2020 01:26:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/03/2020 01:26:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde mit folgendem Fehler beendet:
Für einen allgemeinen Befehl wurde ein Ergebnis zurückgegeben, das auf einen Fehler hinweist.
Error: (12/03/2020 11:31:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1KF7GS2)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/03/2020 11:31:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1KF7GS2)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/03/2020 11:31:04 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1KF7GS2)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/03/2020 11:31:03 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1KF7GS2)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Windows Defender:
===================================
Date: 2020-12-01 14:07:06.6890000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {5219A425-F4AC-4131-825C-BAF50B102CE0}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2020-11-30 16:18:25.5560000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {F0CE1C80-1678-40BF-B7CB-C228165C4B95}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2020-11-29 21:31:04.8710000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {E4F336BA-FD39-418B-9667-BB954DB78055}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2020-11-24 15:30:48.5140000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {0EE0EAAA-5F72-4DD4-9821-E66826EEA568}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2020-11-23 16:56:14.5570000Z
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {9BC726CB-21CC-43DC-8AA6-C4DC7D210EA5}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
CodeIntegrity:
===================================
Date: 2020-12-03 15:27:28.6870000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-03 15:27:28.6850000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-03 15:27:28.6820000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-03 15:27:28.6800000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-03 15:27:28.6580000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-03 15:27:23.5230000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-03 11:31:41.9700000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-03 11:31:36.8510000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 1.90 07/03/2018
Hauptplatine: MSI Z270 GAMING PRO CARBON (MS-7A63)
Prozessor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
Prozentuale Nutzung des RAM: 8%
Installierter physikalischer RAM: 65498.46 MB
Verfügbarer physikalischer RAM: 59824.03 MB
Summe virtueller Speicher: 75226.46 MB
Verfügbarer virtueller Speicher: 67465.65 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:464.62 GB) (Free:52.39 GB) NTFS
Drive d: (HDD) (Fixed) (Total:1862.89 GB) (Free:1505.07 GB) NTFS
Drive f: (GameSSD) (Fixed) (Total:931.5 GB) (Free:745.08 GB) NTFS
\\?\Volume{f0842205-2482-4417-804b-7f24e586ac7e}\ () (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{945b0950-d9ad-4407-ac49-9bf4df682077}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS
\\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{f29033ad-38ad-2470-4ff3-f6fa41058990}\ () (Fixed) (Total:1.31 GB) (Free:0 GB) NTFS
\\?\Volume{6373df8b-2292-42c9-bf09-fc46d42898c3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.
==================== Ende von Addition.txt =======================
|
|
03.12.2020, 19:06
| #8 |
| /// TB-Ausbilder | Windows PC laut Telekom mit gootkit infiziert Servus, in diesem Profil "kaihi" sehe ich nichts von Gootkit. Evtl. ist er im anderen Benutzerkonto geladen. Bitte melde dich mit dem anderen Benutzerkonto ("muell") an und führe dort einen Suchlauf mit FRST aus. Dieses andere Konto besitzt keine Adminrechte... daher bitte bei FRST mit Rechtsklick "Als Administrator ausführen" auswählen. |
|
03.12.2020, 19:56
| #9 |
| | Windows PC laut Telekom mit gootkit infiziert Hallo, Die anderen Kontos sind seit sehr langer Zeit nicht benutzt worden. Es sind noch 2 weitere Rechner der Kinder im Netzwerk vorhanden. Diese sind derzeit offline, bis die Sache durch ist. Ich hatte gelesen das man für jeden Rechner ein extra Thema machen soll. Deshalb habe ich es oben nicht erwähnt. Wie soll ich jetzt verfahren, doch hier weiter oder extra Thema erstellen? Trotzdem danke vorab |
|
04.12.2020, 10:54
| #10 |
| /// TB-Ausbilder | Windows PC laut Telekom mit gootkit infiziert Hi, vielen Dank für die Informationen. Ok, dann nehmen wir uns jetzt den ersten Rechner der Kinder vor. Dort bitte wie gewohnt nur einen Suchlauf mit FRST ausführen und beide Logdateien posten. |
|
04.12.2020, 12:33
| #11 |
| | Windows PC laut Telekom mit gootkit infiziert Hallo, hier die Dateien des Rechner Kind 1: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2020
durchgeführt von robin (Administrator) auf DESKTOP-MECH4VJ (ASUS All Series) (04-12-2020 12:25:46)
Gestartet von C:\Users\robin\Downloads
Geladene Profile: robin
Platform: Windows 10 Pro Version 20H2 19042.630 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Datronicsoft, Inc. -> ) C:\Windows\System32\spacedeskService.exe
(Datronicsoft, Inc. -> ) C:\Windows\System32\spacedeskServiceTray.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2012.1001.6.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2009.4.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxApp_48.70.21001.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Users\robin\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) D:\Apps\bin\cef\cef.win7x64\steamwebhelper.exe <4>
(Valve -> Valve Corporation) D:\Apps\steam.exe
(Xerox Corporation -> Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3091136 2020-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [Discord] => C:\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe [91023672 2020-09-10] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [104586376 2020-11-22] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [Steam] => D:\Apps\steam.exe [3424032 2020-10-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [EpicGamesLauncher] => D:\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33131408 2020-11-25] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2020-11-16] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [TB Client] => C:\Program Files (x86)\TrucksBook Client\TB Client.exe [1403904 2020-07-17] (TrucksBook) [Datei ist nicht signiert]
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [abdbbadabebff] => powershell.exe -ExecutionPolicy Bypass -windowstyle hidden -Command "IEX([Environment]::GetEnvironmentVariable('abdbbadabebff', 'User'))" <==== ACHTUNG
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [Spotify] => C:\Users\robin\AppData\Roaming\Spotify\Spotify.exe [23233936 2020-12-02] (Spotify AB -> Spotify Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{E5931AF4-2A8F-48A5-AFC8-3605AD5C0A0C}] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
Startup: C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ETS2 Telemetry.lnk [2020-11-28]
ShortcutTarget: ETS2 Telemetry.lnk -> C:\Users\robin\AppData\Local\SpedV\Telemetry\Ets2Telemetry.exe (Nicolas Reuter -> Freie Programme Hohenstein)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04A149CE-211D-4D9E-BD28-AA169E77FB79} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {12CFDE66-72D1-449B-A45C-B4782F1FC46E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {13596818-E129-4346-9BB3-6755D7E171F0} - System32\Tasks\Xerox\Xerox PowerENGAGE => C:\Program Files (x86)\Xerox PowerENGAGE\xeroxreg.exe [117984 2016-09-13] (Aviata Inc -> Aviata Inc)
Task: {4CE135AF-F73E-4391-8AFA-CA3949F16CE8} - System32\Tasks\Xerox\Xerox PowerENGAGE Update => C:\Program Files (x86)\Xerox PowerENGAGE\xeroxreg.exe [117984 2016-09-13] (Aviata Inc -> Aviata Inc)
Task: {53267BD0-C967-4E22-A4F8-462B1DB620F5} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5B619329-0F4B-4D37-867D-59F28436849C} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1165051215-3207913047-2040614022-1001 => C:\Windows\System32\AgentActivationRuntimeStarter.exe [13312 2020-10-09] (Microsoft Windows -> )
Task: {7462D67E-87AD-4A7F-9442-2021DD301455} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F326DAF-C931-423D-8D38-92E7AEA6609D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8AA6531D-5F35-43CF-AAF3-8AC738A19C1A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {8C372B8C-9AD6-43F0-8FF2-F14D66FF9948} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {988B29FF-66FA-421B-9C04-CA2470B53B6B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AB8A3BFD-D739-4AC4-9E2F-AF6E3776D463} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {B35C4016-053C-47C5-9B48-F28A73B3B363} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [347720 2020-02-03] (Xerox Corporation -> Xerox Corporation)
Task: {B36F7E38-6795-4116-9231-7F861AD530C2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAE4C559-CF51-4847-9D89-763A80687908} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BAE81BB1-CC31-4E8C-BCD5-ED5575B0BE20} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2488152 2020-11-16] (Overwolf Ltd -> Overwolf LTD)
Task: {C1D3D3D7-DEF1-4ABB-9B6B-B658AAC5674E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C6BFB8AF-29CA-4D73-8D92-192B9E6D258B} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [347720 2020-02-03] (Xerox Corporation -> Xerox Corporation)
Task: {CEAB6F00-4F7A-4F38-B123-ACEB5F51AB72} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D0850C50-D05E-4621-B121-50809663665F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBF022CF-6773-48D3-AC7F-C9EF342976ED} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [347720 2020-02-03] (Xerox Corporation -> Xerox Corporation)
Task: {ECA09999-D97B-489C-92FC-D7BFC03681DD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-21] (Mozilla Corporation -> Mozilla Foundation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{fdb07933-2361-4edb-89e0-feafdcb2238b}: [DhcpNameServer] 192.168.178.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\robin\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-03]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\robin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-12-02]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: c8930cc3.default
FF ProfilePath: C:\Users\robin\AppData\Roaming\Mozilla\Firefox\Profiles\c8930cc3.default [2020-10-24]
FF ProfilePath: C:\Users\robin\AppData\Roaming\Mozilla\Firefox\Profiles\1e5xt4ol.default-release [2020-12-04]
FF NetworkProxy: Mozilla\Firefox\Profiles\1e5xt4ol.default-release -> type", 4
FF Notifications: Mozilla\Firefox\Profiles\1e5xt4ol.default-release -> hxxps://discord.com
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-10-24] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10896008 2020-11-22] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2488152 2020-11-16] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1382016 2020-11-27] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 spacedeskService; C:\Windows\system32\spacedeskService.exe [1116592 2020-11-08] (Datronicsoft, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [341016 2020-02-03] (Xerox Corporation -> Xerox Corporation)
S3 XeroxProdRegManager; C:\Program Files (x86)\Xerox PowerENGAGE\EngageService.exe [293608 2016-09-13] (Aviata Inc -> Aviata, Inc.)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\drivers\droidcamvideo.sys [33784 2020-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\71013\driver_cpu_temperature\logi_core_temp.sys [25448 2020-11-22] (Logitech Inc. -> Logitech)
R3 logi_generic_hid_filter; C:\Windows\system32\drivers\logi_generic_hid_filter.sys [56376 2020-10-24] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [38136 2020-10-24] (Logitech Inc -> Logitech)
R3 logi_joy_hid_filter; C:\Windows\system32\drivers\logi_joy_hid_filter.sys [57400 2020-10-24] (Logitech Inc -> Logitech)
R3 logi_joy_hid_lo; C:\Windows\system32\drivers\logi_joy_hid_lo.sys [46648 2020-10-24] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [26672 2020-10-24] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66808 2020-10-24] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-12-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-12-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2020-12-03] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [138904 2020-12-03] (Malwarebytes Inc -> Malwarebytes)
R3 spacedeskKtmInputMouse; C:\Windows\System32\drivers\spacedeskKtmInputMouse.sys [35240 2020-08-27] (Datronicsoft, Inc. -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-12-04 12:25 - 2020-12-04 12:26 - 000021108 _____ C:\Users\robin\Downloads\FRST.txt
2020-12-03 12:27 - 2020-12-03 12:27 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-12-03 12:27 - 2020-12-03 12:27 - 000138904 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-12-03 12:27 - 2020-12-03 12:27 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-12-03 12:26 - 2020-12-03 12:26 - 008447152 _____ (Malwarebytes) C:\Users\robin\Downloads\adwcleaner_8.0.8.exe
2020-12-03 12:26 - 2020-12-03 12:26 - 000000000 ____D C:\AdwCleaner
2020-12-03 12:24 - 2020-12-04 12:26 - 000000000 ____D C:\FRST
2020-12-03 12:24 - 2020-12-03 12:24 - 002288640 _____ (Farbar) C:\Users\robin\Downloads\FRST64.exe
2020-12-03 12:23 - 2020-12-03 12:23 - 000000000 ____D C:\Users\robin\AppData\Local\INetHistory
2020-12-02 18:33 - 2020-12-02 18:33 - 000000000 ____D C:\Users\robin\OpenVPN
2020-12-02 18:32 - 2020-12-02 18:32 - 004643328 _____ C:\Users\robin\Downloads\OpenVPN-2.5.0-I601-amd64.msi
2020-12-02 17:39 - 2020-12-02 17:39 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2020-12-02 17:38 - 2020-12-02 17:38 - 008673152 _____ () C:\Users\robin\Downloads\XboxInstaller.exe
2020-12-02 16:12 - 2020-12-02 16:12 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-12-02 16:12 - 2020-12-02 16:12 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-12-02 16:12 - 2020-12-02 16:12 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-12-02 16:12 - 2020-12-02 16:12 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-12-02 16:12 - 2020-12-02 16:12 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-02 16:12 - 2020-12-02 16:12 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-02 16:12 - 2020-12-02 16:12 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-02 16:12 - 2020-12-02 16:12 - 000000000 ____D C:\Users\robin\AppData\Local\mbam
2020-12-02 16:12 - 2020-12-02 16:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-02 16:11 - 2020-12-02 16:11 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-01 19:22 - 2020-12-01 19:22 - 000001547 _____ C:\Users\robin\AppData\Local\recently-used.xbel
2020-12-01 19:17 - 2020-12-01 19:22 - 000000000 ____D C:\Users\robin\AppData\Local\gtk-2.0
2020-12-01 19:15 - 2020-12-01 19:30 - 000000000 ____D C:\Users\robin\AppData\Local\babl-0.1
2020-12-01 19:15 - 2020-12-01 19:15 - 000000946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.22.lnk
2020-12-01 19:15 - 2020-12-01 19:15 - 000000000 ____D C:\Users\robin\AppData\Roaming\GIMP
2020-12-01 19:15 - 2020-12-01 19:15 - 000000000 ____D C:\Users\robin\AppData\Local\GIMP
2020-12-01 19:15 - 2020-12-01 19:15 - 000000000 ____D C:\Users\robin\AppData\Local\gegl-0.4
2020-12-01 19:15 - 2020-12-01 19:15 - 000000000 ____D C:\Users\robin\.cache
2020-12-01 19:12 - 2020-12-01 19:13 - 000000000 ____D C:\Program Files\GIMP 2
2020-12-01 19:12 - 2020-12-01 19:12 - 241147480 _____ (The GIMP Team ) C:\Users\robin\Downloads\gimp-2.10.22-setup.exe
2020-11-30 15:24 - 2020-11-30 15:24 - 000000000 ____D C:\Users\robin\AppData\Roaming\KeePass
2020-11-30 15:23 - 2020-11-30 15:23 - 003004302 _____ C:\Users\robin\Downloads\promods-def-st-v251.scs
2020-11-30 15:20 - 2020-11-30 15:20 - 000001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2020-11-30 15:20 - 2020-11-30 15:20 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2020-11-30 15:19 - 2020-11-30 15:19 - 003207880 _____ (Dominik Reichl ) C:\Users\robin\Downloads\KeePass-2.46-Setup.exe
2020-11-30 13:22 - 2020-11-30 14:09 - 000000576 _____ C:\ProgramData\droidcam-client-options-v1
2020-11-30 13:22 - 2020-11-30 14:09 - 000000093 _____ C:\ProgramData\droidcam-settings
2020-11-30 13:20 - 2020-11-30 13:20 - 015412776 _____ C:\Users\robin\Downloads\DroidCam.Setup.6.3.3.exe
2020-11-30 13:20 - 2020-11-30 13:20 - 000000000 ____D C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam
2020-11-30 13:20 - 2020-11-30 13:20 - 000000000 ____D C:\Program Files (x86)\DroidCam
2020-11-29 13:16 - 2020-11-29 13:16 - 000001928 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\spacedesk SERVER.lnk
2020-11-29 13:16 - 2020-11-29 13:16 - 000000000 ____D C:\Program Files\datronicsoft
2020-11-29 13:15 - 2020-11-29 13:15 - 005615616 _____ C:\Users\robin\Downloads\spacedesk_driver_Win_10_64_v0970_BETA.msi
2020-11-28 20:49 - 2020-11-28 20:49 - 000269144 _____ () C:\Users\robin\Downloads\FPH SpedV Install(2).exe
2020-11-28 20:49 - 2020-11-28 20:49 - 000269144 _____ () C:\Users\robin\Downloads\FPH SpedV Install(1).exe
2020-11-28 20:36 - 2020-11-28 20:49 - 000000000 ____D C:\Users\robin\AppData\Local\SpedV
2020-11-28 20:36 - 2020-11-28 20:36 - 000269144 _____ () C:\Users\robin\Downloads\FPH SpedV Install.exe
2020-11-28 20:35 - 2020-12-04 12:18 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\SpedV
2020-11-28 20:35 - 2020-11-28 20:38 - 000000000 ____D C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\FPH SpedV
2020-11-28 20:35 - 2020-11-28 20:35 - 000000000 ____D C:\Users\robin\AppData\Local\IsolatedStorage
2020-11-28 20:22 - 2020-11-28 20:22 - 000667351 _____ C:\Users\robin\Downloads\launcher_1004(1).zip
2020-11-27 16:11 - 2020-11-27 16:11 - 000754195 _____ C:\Users\robin\Downloads\FS19_HelperAdvanced.zip
2020-11-27 16:02 - 2020-11-27 16:02 - 011793756 _____ C:\Users\robin\Downloads\AIVehicleExtension_master.zip
2020-11-27 15:26 - 2020-11-27 15:32 - 3325181974 _____ C:\Users\robin\Downloads\all_mods_download.zip
2020-11-27 15:06 - 2020-11-27 15:06 - 000030474 _____ C:\Users\robin\Downloads\FS19_1TidyShop_UsedEquipment(1).zip
2020-11-27 15:04 - 2020-11-27 15:04 - 071778506 _____ C:\Users\robin\Downloads\savegame1.zip
2020-11-27 15:02 - 2020-11-27 15:02 - 000363686 _____ C:\Users\robin\Downloads\FS19_santaHat.zip
2020-11-27 13:33 - 2020-11-27 13:33 - 000007605 _____ C:\Users\robin\AppData\Local\Resmon.ResmonCfg
2020-11-26 19:40 - 2020-11-26 19:48 - 133849603 _____ C:\Users\robin\Downloads\FS19_holmerPack.zip
2020-11-26 19:40 - 2020-11-26 19:43 - 032901804 _____ C:\Users\robin\Downloads\FS19_URAL_Manipulator.zip
2020-11-26 19:40 - 2020-11-26 19:40 - 028528892 _____ C:\Users\robin\Downloads\FS19_kroneEasyCutPack.zip
2020-11-26 19:40 - 2020-11-26 19:40 - 014139782 _____ C:\Users\robin\Downloads\FS19_CaseEcoloTil2500.zip
2020-11-26 19:40 - 2020-11-26 19:40 - 000028605 _____ C:\Users\robin\Downloads\FS19_GlobalCompanyAddOn_FieldCalculator.zip
2020-11-26 19:39 - 2020-11-26 19:41 - 023606899 _____ C:\Users\robin\Downloads\FS19_claasTorion1914DevMule.zip
2020-11-26 19:39 - 2020-11-26 19:39 - 001552073 _____ C:\Users\robin\Downloads\FS19_1TidyShop.zip
2020-11-26 19:38 - 2020-11-26 19:39 - 012405761 _____ C:\Users\robin\Downloads\FS19_metaltechTS18.zip
2020-11-26 19:38 - 2020-11-26 19:38 - 022044168 _____ C:\Users\robin\Downloads\CSS_FendtFarmer310_312_LSA.zip
2020-11-26 19:38 - 2020-11-26 19:38 - 019653087 _____ C:\Users\robin\Downloads\FS19_Fendt900Vario_S5_PC.zip
2020-11-26 19:38 - 2020-11-26 19:38 - 016979596 _____ C:\Users\robin\Downloads\FS19_CLAAS_Axion_900.zip
2020-11-26 19:38 - 2020-11-26 19:38 - 000076984 _____ C:\Users\robin\Downloads\FS19_FilllevelWarning.zip
2020-11-26 19:38 - 2020-11-26 19:38 - 000019617 _____ C:\Users\robin\Downloads\FS19_noSwitchInVehicle.zip
2020-11-26 19:37 - 2020-11-26 19:38 - 010023575 _____ C:\Users\robin\Downloads\FS19_linde_e14.zip
2020-11-26 19:37 - 2020-11-26 19:37 - 000017592 _____ C:\Users\robin\Downloads\FS19_FullStop.zip
2020-11-25 19:32 - 2020-11-25 19:32 - 000534713 _____ C:\Users\robin\Downloads\CrazyCalloutsV0_5_8_3.rar
2020-11-25 19:30 - 2020-11-25 19:31 - 371037941 _____ C:\Users\robin\Downloads\bc2d73-Deutsche Verkehrsschilder V0.4 [BETA].zip
2020-11-25 19:28 - 2020-11-25 19:28 - 001554789 _____ C:\Users\robin\Downloads\Arrest Manager 7.11.0.0 by Albo1125 _ RPH0.51orhigher.zip
2020-11-25 19:24 - 2020-11-25 19:24 - 010286272 _____ C:\Users\robin\Downloads\RAGEPluginHook_1_81_1410_16064_Release.zip
2020-11-25 19:24 - 2020-11-25 19:24 - 001288926 _____ C:\Users\robin\Downloads\ScriptHookV_1.0.2060.1.zip
2020-11-25 19:22 - 2020-11-25 19:22 - 007299303 _____ C:\Users\robin\Downloads\Wilderness Callouts v0.6.0.zip
2020-11-25 19:21 - 2020-11-25 19:21 - 029066455 _____ C:\Users\robin\Downloads\Assorted_Callouts_1.2.0.0_by_Albo1125___RPH_0.51orhigher.zip
2020-11-25 19:20 - 2020-11-25 19:20 - 009401375 _____ C:\Users\robin\Downloads\Traffic_Policer_6_16.0.0_by_Albo1125___MinRPH_0.51.zip
2020-11-25 19:16 - 2020-11-25 19:16 - 021830783 _____ C:\Users\robin\Downloads\Coastal_Callouts_2.0_PLUGIN.zip
2020-11-25 17:56 - 2020-11-25 17:56 - 023009544 _____ C:\Users\robin\Downloads\f2c5df-Custom Visuals v3.4.0.rar
2020-11-25 17:52 - 2020-11-25 17:52 - 008799593 _____ C:\Users\robin\Downloads\2a837c-Polizei Uniform.rar
2020-11-25 17:38 - 2020-11-25 17:38 - 008897076 _____ C:\Users\robin\Downloads\d833ae-DLK BF Dresden.rar
2020-11-25 17:37 - 2020-11-25 17:37 - 035978767 _____ C:\Users\robin\Downloads\8a45c6-TopMods M.B. Sprinter Facelift RTW TIGIS V1.0.0.7z
2020-11-25 17:34 - 2020-11-25 17:34 - 045854390 _____ C:\Users\robin\Downloads\d06237-TopMods VW T5 Passat B8 Polizei V1.0 ©.rar
2020-11-25 17:34 - 2020-11-25 17:34 - 033462697 _____ C:\Users\robin\Downloads\ca970a-Mercedes Benz V250 Pol. BWL - by German-Mods.rar
2020-11-25 17:33 - 2020-11-25 17:33 - 040292427 _____ C:\Users\robin\Downloads\ddf7d7-TopMods VW Tiguan Polizei LSA V1.0 ©.7z
2020-11-25 17:27 - 2020-11-25 17:27 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\OpenIV
2020-11-25 17:25 - 2020-11-25 17:25 - 004753184 _____ C:\Users\robin\Downloads\ELS V1.05.rar
2020-11-25 17:24 - 2020-11-25 17:24 - 000001306 _____ C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\OpenIV.lnk
2020-11-25 17:24 - 2020-11-25 17:24 - 000000000 ____D C:\Users\robin\AppData\Local\New Technology Studio
2020-11-25 17:23 - 2020-11-25 17:23 - 004620288 _____ (New Technology Studio) C:\Users\robin\Downloads\ovisetup.exe
2020-11-25 16:13 - 2020-11-25 16:13 - 065920530 _____ (G17 Media) C:\Users\robin\Downloads\lspdfr_048_setup(1).exe
2020-11-25 15:45 - 2020-11-25 15:47 - 000000000 ____D C:\Program Files (x86)\LSPD First Response
2020-11-25 15:44 - 2020-11-25 15:44 - 065920530 _____ (G17 Media) C:\Users\robin\Downloads\lspdfr_048_setup.exe
2020-11-23 12:07 - 2020-11-23 12:07 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2020-11-23 12:07 - 2020-11-23 12:07 - 000000650 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2020-11-23 12:07 - 2020-11-23 12:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2020-11-23 12:07 - 2020-11-23 12:07 - 000000000 ____D C:\Program Files\LGHUB
2020-11-21 18:35 - 2020-11-21 18:35 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-11-21 13:27 - 2020-11-22 12:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-19 19:44 - 2020-12-04 12:21 - 000000000 ____D C:\Users\robin\AppData\Local\Spotify
2020-11-19 19:44 - 2020-12-04 12:18 - 000000000 ____D C:\Users\robin\AppData\Roaming\Spotify
2020-11-19 19:44 - 2020-11-19 19:44 - 000892232 _____ (Spotify Ltd) C:\Users\robin\Downloads\SpotifySetup.exe
2020-11-19 19:44 - 2020-11-19 19:44 - 000001836 _____ C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2020-11-19 18:40 - 2020-11-19 20:00 - 000442368 _____ C:\Users\robin\OneDrive\Dokumente\Mitglieder Datenbank.accdb
2020-11-19 18:10 - 2020-11-19 18:39 - 000991232 _____ C:\Users\robin\OneDrive\Dokumente\Database1.accdb
2020-11-18 19:28 - 2020-11-28 19:56 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Rechnungen
2020-11-18 17:11 - 2020-11-18 17:11 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime
2020-11-17 18:12 - 2020-11-17 18:12 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Neuer Ordner
2020-11-17 17:10 - 2020-11-17 17:10 - 000022235 _____ C:\Users\robin\Downloads\FS19_additionalFieldInfo(1).zip
2020-11-17 17:09 - 2020-11-17 17:09 - 000022235 _____ C:\Users\robin\Downloads\FS19_additionalFieldInfo.zip
2020-11-16 18:43 - 2020-11-16 18:43 - 000117427 _____ C:\Users\robin\Downloads\TSX_EnhancedVehicle(1).zip
2020-11-16 13:23 - 2020-11-16 13:23 - 000117427 _____ C:\Users\robin\Downloads\TSX_EnhancedVehicle.zip
2020-11-15 19:55 - 2020-11-15 20:09 - 000000000 ____D C:\Users\robin\AppData\Roaming\Deckboard
2020-11-15 19:55 - 2020-11-15 20:07 - 000000000 ____D C:\Users\robin\deckboard
2020-11-15 19:55 - 2020-11-15 19:55 - 000002421 _____ C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Deckboard.lnk
2020-11-15 19:55 - 2020-11-15 19:55 - 000000000 ____D C:\Users\robin\AppData\Local\deckboard-updater
2020-11-15 19:49 - 2020-11-15 19:53 - 135104859 _____ (Riva Farabi) C:\Users\robin\Downloads\Deckboard-Setup-1.9.80.exe
2020-11-15 19:18 - 2020-11-15 19:19 - 000000000 ____D C:\Users\robin\AppData\Local\Macro Deck
2020-11-15 19:18 - 2020-11-15 19:18 - 000000000 ____D C:\Users\robin\AppData\Local\Geckofx
2020-11-15 19:18 - 2020-11-15 19:18 - 000000000 ____D C:\Users\robin\.android
2020-11-15 19:18 - 2020-11-15 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Deck
2020-11-15 19:18 - 2020-11-15 19:18 - 000000000 ____D C:\Program Files (x86)\Macro Deck
2020-11-15 19:17 - 2020-11-15 19:17 - 032875928 _____ (SuchByte ) C:\Users\robin\Downloads\Macro Deck Server Installer.exe
2020-11-15 18:24 - 2020-11-15 18:24 - 000000000 ____D C:\Users\robin\AppData\Local\Aviata
2020-11-15 15:45 - 2020-11-15 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox PowerENGAGE
2020-11-15 15:45 - 2020-11-15 15:45 - 000000000 ____D C:\ProgramData\Aviata
2020-11-15 15:45 - 2020-11-15 15:45 - 000000000 ____D C:\Program Files (x86)\Xerox PowerENGAGE
2020-11-15 15:41 - 2020-11-15 18:23 - 000000000 ____D C:\Windows\system32\Tasks\Xerox
2020-11-15 15:40 - 2020-11-15 15:40 - 029969840 _____ C:\Users\robin\Downloads\XeroxSmartStart_1.4.28.0_V4.exe
2020-11-15 15:40 - 2020-11-15 15:40 - 000005022 _____ C:\Windows\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed
2020-11-15 15:40 - 2020-11-15 15:40 - 000004270 _____ C:\Windows\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon
2020-11-15 15:40 - 2020-11-15 15:40 - 000004048 _____ C:\Windows\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh
2020-11-15 15:40 - 2020-11-15 15:40 - 000000000 ____D C:\ProgramData\Xerox
2020-11-15 15:40 - 2020-11-15 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox
2020-11-15 15:40 - 2020-11-15 15:40 - 000000000 ____D C:\Program Files\Xerox
2020-11-15 11:25 - 2020-11-15 11:25 - 044863899 _____ C:\Users\robin\Downloads\Lemken_Smaragd9.zip
2020-11-15 11:24 - 2020-11-15 11:25 - 053847126 _____ C:\Users\robin\Downloads\ClassScorpion7055.zip
2020-11-15 11:24 - 2020-11-15 11:24 - 071678009 _____ C:\Users\robin\Downloads\nhcom095.zip
2020-11-15 11:23 - 2020-11-15 11:23 - 291941955 _____ C:\Users\robin\Downloads\ClaasDiscoPack.zip
2020-11-15 11:23 - 2020-11-15 11:23 - 106922790 _____ C:\Users\robin\Downloads\ClaasLiner2700.zip
2020-11-14 21:55 - 2020-11-14 21:55 - 061540698 _____ C:\Users\robin\Downloads\claas_axion940_display_0.5.1_unzip.zip
2020-11-14 15:50 - 2020-11-14 15:51 - 000000076 _____ C:\Users\robin\Downloads\hrrtl_live_sachsen_mp3_web.m3u
2020-11-14 14:02 - 2020-11-14 14:02 - 000000000 ____D C:\Users\robin\AppData\Roaming\app.MainJavaFXApp
2020-11-14 14:00 - 2020-11-14 14:01 - 000000000 ____D C:\Users\robin\AppData\Roaming\TouchPortal
2020-11-14 13:45 - 2020-11-14 13:47 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2020-11-14 13:45 - 2020-11-14 13:47 - 000000000 ____D C:\Users\robin\AppData\Roaming\Notepad++
2020-11-14 13:45 - 2020-11-14 13:47 - 000000000 ____D C:\Program Files (x86)\Notepad++
2020-11-14 13:43 - 2020-11-16 19:26 - 000180245 _____ C:\Users\robin\Downloads\FS19_VehicleControlAddon.zip
2020-11-14 13:39 - 2020-11-14 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Touch Portal
2020-11-14 13:39 - 2020-11-14 13:39 - 000000000 ____D C:\Program Files (x86)\Touch Portal
2020-11-14 13:38 - 2020-11-14 13:38 - 100556640 _____ (Touch Portal VoF ) C:\Users\robin\Downloads\TouchPortal_Setup.exe
2020-11-14 13:07 - 2020-11-14 13:54 - 000040960 _____ C:\Users\robin\AppData\Roaming\cookies.sqlite
2020-11-13 21:25 - 2020-11-13 21:25 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-13 21:25 - 2020-11-13 21:25 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-13 21:25 - 2020-11-13 21:25 - 000197632 _____ C:\Windows\system32\IHDS.dll
2020-11-13 21:25 - 2020-11-13 21:25 - 000152576 _____ C:\Windows\system32\EoAExperiences.exe
2020-11-13 21:25 - 2020-11-13 21:25 - 000009265 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-11-13 13:39 - 2020-11-13 13:39 - 000025160 _____ C:\Users\robin\Downloads\FS19_1TidyShop_UsedEquipment.zip
2020-11-13 13:39 - 2020-11-13 13:39 - 000016266 _____ C:\Users\robin\Downloads\FS19_NoAutomaticRefuel.zip
2020-11-13 13:38 - 2020-11-13 13:47 - 025963078 _____ C:\Users\robin\Downloads\FS19_NewHolland_T7AC.zip
2020-11-13 13:38 - 2020-11-13 13:45 - 014433576 _____ C:\Users\robin\Downloads\FS19_IforWilliamsTT3621.zip
2020-11-13 13:38 - 2020-11-13 13:42 - 007228999 _____ C:\Users\robin\Downloads\FS19_LivestockTrailerAddon.zip
2020-11-13 13:38 - 2020-11-13 13:39 - 047333832 _____ C:\Users\robin\Downloads\FS19_NovagTForce640.zip
2020-11-13 13:38 - 2020-11-13 13:38 - 000016189 _____ C:\Users\robin\Downloads\FS19_AutoIndicatorStopMod.zip
2020-11-13 13:35 - 2020-11-13 14:00 - 006137701 _____ C:\Users\robin\Downloads\FS19_EDGE_Multi_Selling_Station.zip
2020-11-13 13:35 - 2020-11-13 13:36 - 001454864 _____ C:\Users\robin\Downloads\FS19_Double_walled_fuel_tank.zip
2020-11-13 12:53 - 2020-11-13 14:00 - 393216000 _____ C:\Users\robin\Downloads\Accident.part1.rar.part
2020-11-13 12:53 - 2020-11-13 12:53 - 000000000 _____ C:\Users\robin\Downloads\Accident.part1.rar
2020-11-11 14:06 - 2020-11-11 14:06 - 000000000 ___HD C:\$WinREAgent
2020-11-10 15:58 - 2020-11-07 23:28 - 001769688 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-11-10 15:58 - 2020-11-07 23:28 - 001769688 _____ C:\Windows\system32\vulkaninfo.exe
2020-11-10 15:58 - 2020-11-07 23:28 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-11-10 15:58 - 2020-11-07 23:28 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-11-10 15:58 - 2020-11-07 23:28 - 001054944 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-11-10 15:58 - 2020-11-07 23:28 - 001054944 _____ C:\Windows\system32\vulkan-1.dll
2020-11-10 15:58 - 2020-11-07 23:28 - 000917728 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-11-10 15:58 - 2020-11-07 23:28 - 000917728 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-11-10 15:58 - 2020-11-07 23:28 - 000455408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-11-10 15:58 - 2020-11-07 23:28 - 000349936 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-11-10 15:58 - 2020-11-07 23:26 - 000816368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2020-11-10 15:58 - 2020-11-07 23:26 - 000674712 _____ C:\Windows\system32\nvofapi64.dll
2020-11-10 15:58 - 2020-11-07 23:26 - 000543128 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 007707544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 006858992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 004175256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 002509720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 002096880 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 001731824 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6445730.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 001585560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 001506032 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 001482992 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6445730.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 001159920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 000813464 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 000556440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-11-10 15:58 - 2020-11-07 23:20 - 005976296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-11-08 23:19 - 2020-11-08 23:19 - 001116592 _____ C:\Windows\system32\spacedeskService.exe
2020-11-08 23:19 - 2020-11-08 23:19 - 000511920 _____ C:\Windows\system32\spacedeskServiceTray.exe
2020-11-08 23:19 - 2020-11-08 23:19 - 000240048 _____ (datronicsoft) C:\Windows\system32\spacedeskVideoWallSettings.exe
2020-11-08 23:19 - 2020-11-08 23:19 - 000234928 _____ C:\Windows\system32\spacedeskSrvLibConnectorUsb.dll
2020-11-08 23:19 - 2020-11-08 23:19 - 000219568 _____ C:\Windows\system32\spacedeskKtm.dll
2020-11-08 10:59 - 2020-11-08 10:59 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Custom Office Templates
2020-11-07 19:59 - 2020-11-07 19:59 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Notruf 112
2020-11-07 13:20 - 2020-11-07 13:32 - 000000000 ____D C:\Users\robin\AppData\Roaming\CitizenFX
2020-11-07 13:03 - 2020-11-25 15:40 - 000000000 ____D C:\Users\robin\AppData\Local\DigitalEntitlements
2020-11-07 13:02 - 2020-11-25 15:39 - 000000000 ____D C:\Users\robin\AppData\Local\FiveM
2020-11-07 13:02 - 2020-11-07 13:02 - 006656224 _____ (Cfx.re) C:\Users\robin\Downloads\FiveM.exe
2020-11-07 13:02 - 2020-11-07 13:02 - 000002124 _____ C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
2020-11-06 21:35 - 2020-11-06 21:35 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Notruf 112 Demo
2020-11-06 21:35 - 2020-11-06 21:35 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Firefighter
2020-11-06 21:34 - 2020-11-06 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft - Notruf 112 DEMO
2020-11-06 21:33 - 2020-11-06 21:33 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-11-06 21:33 - 2020-11-06 21:33 - 000000000 ____D C:\aerosoft
2020-11-06 21:29 - 2020-11-06 21:29 - 000001579 _____ C:\Users\robin\Downloads\notruf_112_die_feuerwehr_simulation_kostenlos_downloaden.zip
2020-11-06 21:29 - 2020-11-06 21:29 - 000000000 ____D C:\Users\robin\Downloads\notruf_112_die_feuerwehr_simulation_kostenlos_downloaden
2020-11-06 21:26 - 2020-11-06 21:26 - 000000000 ____D C:\Users\robin\AppData\LocalLow\Aerosoft
2020-11-06 21:26 - 2020-11-06 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emergency Call 112
2020-11-06 21:26 - 2020-11-06 21:26 - 000000000 ____D C:\Program Files (x86)\Aerosoft GmbH
2020-11-06 21:08 - 2020-11-06 21:25 - 1113901956 _____ C:\Users\robin\Downloads\notruf_112___emergency_call_112.rar
2020-11-06 20:52 - 2020-11-06 21:08 - 1887436800 _____ C:\Users\robin\Downloads\Forza.Horizon.4.Ultimate.Edition.part03.rar.part
2020-11-06 20:52 - 2020-11-06 20:52 - 000000000 _____ C:\Users\robin\Downloads\Forza.Horizon.4.Ultimate.Edition.part03.rar
2020-11-06 20:34 - 2020-11-06 20:34 - 000000000 ____D C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StellwerkSim.de
2020-11-06 20:34 - 2020-11-06 20:34 - 000000000 ____D C:\Users\robin\AppData\Local\Sun
2020-11-06 20:33 - 2020-11-06 20:33 - 083364488 _____ (Oracle Corporation) C:\Users\robin\Downloads\jre-8u271-windows-x64.exe
2020-11-06 20:33 - 2020-11-06 20:33 - 000192168 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2020-11-06 20:33 - 2020-11-06 20:33 - 000000000 ____D C:\Users\robin\AppData\Roaming\Sun
2020-11-06 20:33 - 2020-11-06 20:33 - 000000000 ____D C:\Users\robin\AppData\LocalLow\Sun
2020-11-06 20:33 - 2020-11-06 20:33 - 000000000 ____D C:\ProgramData\Oracle
2020-11-06 20:33 - 2020-11-06 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-11-06 20:33 - 2020-11-06 20:33 - 000000000 ____D C:\Program Files\Java
2020-11-06 20:32 - 2020-11-06 20:32 - 001307256 _____ (Oracle Corporation) C:\Users\robin\Downloads\JavaUninstallTool.exe
2020-11-06 20:32 - 2020-11-06 20:32 - 000002074 _____ C:\Users\robin\Downloads\sts-vorte.jnlp
2020-11-06 19:21 - 2020-11-06 19:38 - 1073741824 _____ C:\Users\robin\Downloads\Forza.Horizon.4.Ultimate.Edition.part02.rar
2020-11-06 18:02 - 2020-11-06 18:02 - 000000637 _____ C:\Users\robin\OneDrive\Dokumente\steam_api6421.ini
2020-11-06 17:30 - 2020-11-06 17:30 - 000001099 _____ C:\Users\Public\Desktop\Planet Zoo.lnk
2020-11-06 17:30 - 2020-11-06 17:30 - 000001099 _____ C:\ProgramData\Desktop\Planet Zoo.lnk
2020-11-06 17:22 - 2020-11-06 17:31 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Games
2020-11-06 17:20 - 2020-11-06 17:38 - 1073741824 _____ C:\Users\robin\Downloads\Forza.Horizon.4.Ultimate.Edition.part01.rar
2020-11-06 14:22 - 2020-11-06 14:22 - 835900194 _____ C:\Users\robin\Downloads\Lotus.Simulator.zip
2020-11-06 14:22 - 2020-11-06 14:22 - 000000000 ____D C:\Users\robin\AppData\Roaming\EMPRESS
2020-11-06 14:21 - 2020-11-06 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planet Zoo
2020-11-06 14:20 - 2020-11-06 18:02 - 000000000 ____D C:\Program Files (x86)\Planet Zoo
2020-11-06 14:18 - 2020-11-06 14:18 - 000000000 ____D C:\Users\robin\Downloads\planet_zoo
2020-11-06 13:04 - 2020-11-06 13:05 - 368939391 _____ C:\Users\robin\Downloads\planet_zoo.part3.rar
2020-11-06 12:25 - 2020-11-06 12:38 - 1073741824 _____ C:\Users\robin\Downloads\planet_zoo.part2.rar
2020-11-05 19:11 - 2020-11-05 19:29 - 1073741824 _____ C:\Users\robin\Downloads\planet_zoo.part1.rar
2020-11-05 18:43 - 2020-11-05 18:47 - 1275597282 _____ C:\Users\robin\Downloads\fishing__north_atlantic.part3.rar
2020-11-05 18:34 - 2020-11-05 18:34 - 000000233 _____ C:\Users\robin\Downloads\discord_backup_codes.txt
2020-11-05 18:21 - 2020-11-05 18:38 - 1073741824 _____ C:\Users\robin\Downloads\fishing__north_atlantic.part2.rar
2020-11-04 20:14 - 2020-04-24 02:22 - 000166760 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2020-11-04 20:08 - 2020-04-24 02:22 - 000136040 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2020-11-04 20:03 - 2020-11-04 20:03 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2020-11-04 19:40 - 2020-11-04 19:41 - 1073741824 _____ C:\Users\robin\Downloads\beamng_drive__v0_16_0_3_.part1.rar
2020-11-04 19:36 - 2020-11-04 19:56 - 1073741824 _____ C:\Users\robin\Downloads\fishing__north_atlantic.part1.rar
2020-11-04 19:28 - 2020-11-10 16:18 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\BeamNG.drive
2020-11-04 19:25 - 2020-11-04 19:25 - 000000000 ____D C:\Users\robin\Downloads\beamng_drive__v0_16_0_3_
2020-11-04 19:24 - 2020-11-04 19:24 - 295978605 _____ C:\Users\robin\Downloads\beamng_drive__v0_16_0_3_.part2.rar
2020-11-04 17:46 - 2019-10-22 08:59 - 903549299 _____ C:\Users\robin\Downloads\FS19_Multimap2019.zip
2020-11-04 17:46 - 2019-09-07 11:20 - 003229651 _____ C:\Users\robin\Downloads\FS19_MKS_32.zip
2020-11-04 17:45 - 2020-11-04 17:45 - 000000000 ____D C:\Users\robin\Downloads\FS19_Multimap_bitte_entpacken
2020-11-04 17:42 - 2020-11-04 17:42 - 001058112 _____ C:\Users\robin\Downloads\FS19_Courseplay.zip
2020-11-04 17:38 - 2020-11-04 17:38 - 001918762 _____ C:\Users\robin\Downloads\FS19_AutoDrive.zip
2020-11-04 17:37 - 2020-11-04 17:37 - 000009286 _____ C:\Users\robin\Downloads\HoT_AnimatedObjectExtend.zip
2020-11-04 17:34 - 2020-11-04 17:34 - 001443439 _____ C:\Users\robin\Downloads\AutoDrive_Multimap_2019_config.zip
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-12-04 12:25 - 2020-10-24 09:44 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-04 12:24 - 2020-10-23 22:30 - 001632020 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-04 12:24 - 2019-12-07 15:51 - 000705894 _____ C:\Windows\system32\perfh007.dat
2020-12-04 12:24 - 2019-12-07 15:51 - 000142188 _____ C:\Windows\system32\perfc007.dat
2020-12-04 12:24 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2020-12-04 12:23 - 2020-10-24 09:15 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-04 12:23 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2020-12-04 12:22 - 2020-10-24 10:01 - 000000000 ____D C:\Users\robin\AppData\Roaming\LGHUB
2020-12-04 12:22 - 2020-10-24 10:01 - 000000000 ____D C:\Users\robin\AppData\Local\LGHUB
2020-12-04 12:22 - 2020-10-24 09:15 - 000000000 ____D C:\Users\robin\AppData\LocalLow\Mozilla
2020-12-04 12:18 - 2020-11-02 18:48 - 000000000 ____D C:\Users\robin\AppData\Local\Overwolf
2020-12-04 12:17 - 2020-09-27 08:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-04 12:17 - 2020-09-27 06:33 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-04 12:17 - 2020-09-27 06:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-04 12:17 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2020-12-04 12:17 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-03 12:34 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-03 12:27 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2020-12-02 20:53 - 2020-10-24 09:21 - 000000000 ____D C:\Users\robin\AppData\Roaming\discord
2020-12-02 18:36 - 2020-10-24 15:19 - 000000000 ____D C:\Users\robin\AppData\Local\PlaceholderTileLogoFolder
2020-12-02 18:33 - 2020-10-23 22:28 - 000000000 ____D C:\Users\robin
2020-12-02 17:40 - 2020-10-23 22:29 - 000000000 ____D C:\Users\robin\AppData\Local\Packages
2020-12-02 17:39 - 2020-09-27 08:37 - 000000000 ____D C:\ProgramData\Packages
2020-12-02 16:40 - 2020-10-28 13:41 - 000000000 ____D C:\Program Files\Cheat Engine 7.1
2020-12-02 16:36 - 2020-11-02 16:02 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Euro Truck Simulator 2
2020-12-02 16:36 - 2020-10-24 09:27 - 000000000 ____D C:\ProgramData\ReviverSoft
2020-12-02 16:36 - 2020-10-24 09:27 - 000000000 ____D C:\Program Files\ReviverSoft
2020-12-02 16:16 - 2020-10-24 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
2020-12-02 16:12 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-12-02 14:40 - 2020-11-02 16:02 - 000000000 ____D C:\ProgramData\TruckersMP
2020-12-02 14:19 - 2020-09-27 08:36 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-02 14:08 - 2020-11-02 18:49 - 000000000 ____D C:\Program Files (x86)\Overwolf
2020-12-02 14:08 - 2020-10-24 10:41 - 000000000 ____D C:\Users\robin\AppData\Local\D3DSCache
2020-11-30 15:16 - 2020-11-02 16:02 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\ETS2MP
2020-11-30 15:03 - 2020-10-24 15:31 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Schule
2020-11-30 13:05 - 2020-10-24 12:20 - 000000000 ____D C:\Users\robin\AppData\Local\ElevatedDiagnostics
2020-11-28 20:28 - 2020-11-02 18:48 - 000000000 ____D C:\Users\robin\AppData\Local\TeamSpeak 3 Client
2020-11-28 19:44 - 2020-09-27 08:35 - 000003700 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-28 19:44 - 2020-09-27 08:35 - 000003576 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 12:38 - 2020-10-25 17:17 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-11-27 12:38 - 2020-10-25 17:15 - 000000000 ____D C:\Program Files\Rockstar Games
2020-11-25 19:42 - 2020-11-02 16:31 - 000000000 ____D C:\Users\robin\AppData\Local\CrashDumps
2020-11-24 17:38 - 2020-10-26 22:37 - 000000000 ____D C:\Users\robin\AppData\Roaming\vlc
2020-11-22 12:22 - 2020-10-24 09:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-21 18:35 - 2020-10-24 09:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-17 17:35 - 2020-10-24 12:41 - 000000000 ____D C:\Windows\system32\MRT
2020-11-17 17:34 - 2020-10-24 12:41 - 133736600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-11-16 18:52 - 2020-11-03 19:47 - 068267401 _____ C:\Users\robin\Downloads\savegame20(2).zip
2020-11-16 16:52 - 2020-10-24 13:17 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\My Games
2020-11-15 15:40 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\MsDtc
2020-11-14 13:17 - 2020-11-03 19:47 - 067003772 _____ C:\Users\robin\Downloads\savegame20.zip
2020-11-13 22:57 - 2020-09-27 06:33 - 000439216 _____ C:\Windows\system32\FNTCACHE.DAT
2020-11-13 22:57 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2020-11-13 21:27 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2020-11-13 21:27 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2020-11-13 21:25 - 2020-09-27 08:35 - 002876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-11-13 12:42 - 2020-10-24 12:50 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-07 23:25 - 2020-10-24 10:14 - 000656112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-11-07 23:20 - 2020-10-24 10:14 - 007005008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-11-07 19:59 - 2020-10-24 10:01 - 000000000 ____D C:\ProgramData\Package Cache
2020-11-07 05:01 - 2020-10-24 10:14 - 000058620 _____ C:\Windows\system32\nvinfo.pb
2020-11-07 01:10 - 2020-10-24 10:15 - 005510968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 002636264 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 000992232 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 000194360 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 000122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 000083256 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2020-11-06 14:24 - 2020-11-02 19:27 - 000000000 ____D C:\Users\robin\AppData\Roaming\WhatsApp
2020-11-06 12:05 - 2020-11-02 19:26 - 000000000 ____D C:\Users\robin\AppData\Local\WhatsApp
2020-11-06 12:05 - 2020-10-24 09:21 - 000000000 ____D C:\Users\robin\AppData\Local\SquirrelTemp
2020-11-06 12:05 - 2020-09-27 08:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2020-11-14 13:07 - 2020-11-14 13:54 - 000040960 _____ () C:\Users\robin\AppData\Roaming\cookies.sqlite
2020-12-01 19:22 - 2020-12-01 19:22 - 000001547 _____ () C:\Users\robin\AppData\Local\recently-used.xbel
2020-11-27 13:33 - 2020-11-27 13:33 - 000007605 _____ () C:\Users\robin\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-12-2020
durchgeführt von robin (04-12-2020 12:26:44)
Gestartet von C:\Users\robin\Downloads
Windows 10 Pro Version 20H2 19042.630 (X64) (2020-10-23 21:25:45)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1165051215-3207913047-2040614022-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1165051215-3207913047-2040614022-503 - Limited - Disabled)
Gast (S-1-5-21-1165051215-3207913047-2040614022-501 - Limited - Disabled)
robin (S-1-5-21-1165051215-3207913047-2040614022-1001 - Administrator - Enabled) => C:\Users\robin
WDAGUtilityAccount (S-1-5-21-1165051215-3207913047-2040614022-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
aerosoft's - Notruf 112 DEMO (HKLM-x32\...\{B94B7D4A-1329-4998-ADF3-754B674EF8E5}) (Version: 1.00 - aerosoft)
Deckboard 1.9.80 (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\ea97f60e-66ce-5d9d-8e6a-f64104860c4d) (Version: 1.9.80 - Riva Farabi)
Discord (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.3.3 - Dev47apps)
Emergency Call 112 version 1.0 (HKLM-x32\...\Emergency Call 112_is1) (Version: 1.0 - Aerosoft GmbH)
Epic Games Launcher (HKLM-x32\...\{08CB0AD5-F779-48D8-804B-59FA115E9318}) (Version: 1.1.293.0 - Epic Games, Inc.)
FiveM (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\CitizenFX_FiveM) (Version: - Cfx.re)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
KeePass Password Safe 2.46 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.46 - Dominik Reichl)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech)
LUDOS FLAMMA Gaming Mouse (HKLM-x32\...\LUDOS FLAMMA Gaming Mouse_is1) (Version: 1.0 - Ludos Technology Co,.LTD)
Macro Deck Server Version 1.3.1 (HKLM-x32\...\{594ECF8C-5AEF-48D9-A04E-76945B81F04C}_is1) (Version: 1.3.1 - SuchByte)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 de) (HKLM\...\Mozilla Firefox 83.0 (x64 de)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 457.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.158.1.1 - Overwolf Ltd.)
Planet Zoo (HKLM-x32\...\Planet Zoo_is1) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.32.316 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
spacedesk Windows DRIVER (HKLM\...\{2EFFFB55-FE4E-4400-8BD0-5E062ACB1A2F}) (Version: 0.9.1052.0 - datronicsoft Inc.)
Spotify (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Spotify) (Version: 1.1.47.684.g136419d9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
TeamSpeak Overlay (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.2 - Overwolf app)
Touch Portal version 2.2.005 (HKLM-x32\...\Touch Portal_is1) (Version: 2.2.005 - Touch Portal VoF)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
TrucksBook Client version 1.3.6 (HKLM-x32\...\TrucksBook Client_is1) (Version: 1.3.6 - TrucksBook)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WhatsApp (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\WhatsApp) (Version: 2.2043.22 - WhatsApp)
WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Xerox Desktop Print Experience 4.5 (HKLM\...\{2A236FE5-829C-316F-B613-3F4E86FEB83C}) (Version: 7.132.20.0 - Xerox Corporation)
Xerox PowerENGAGE (HKLM-x32\...\{171BF116-713F-43AA-B236-D6188522E609}) (Version: 2.52.0016 - Xerox Inc.)
Packages:
=========
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.451.334.2_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Studios)
Forza Horizon 4 Formula Drift Car Pack -> C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2020-11-30] (Microsoft Studios)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) [MS Ad]
Xerox Print and Scan Experience -> C:\Program Files\WindowsApps\XeroxCorp.PrintExperience_7.192.8.0_x64__f7egpvdyrs2a8 [2020-11-19] (Xerox Corp)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-11-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StellwerkSim.de\StellwerkSim.lnk -> C:\Program Files\Java\jre1.8.0_271\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxps://www.stellwerksim.de/download-jnlp.php?token=005fa5a4d5d222 "C:\Users\robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\26973a55-685a6e97"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-10-23 22:29 - 2020-12-04 12:17 - 000034448 _____ (ASUSTeK Computer Inc. -> ) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\robin\AppData\Local\Temp:$DATA [16]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-11-06] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-10-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\onlineregister.com -> hxxp://onlineregister.com
IE trusted site: HKU\.DEFAULT\...\onlineregister.com -> hxxps://onlineregister.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Touch Portal\plugins\adb\platform-tools;
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\robin\OneDrive\Bilder\Landschaft.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\StartupApproved\Run: => "Discord"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{1FD40424-4C5C-497D-A1CB-51005466249F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3A6A1813-6030-471B-A85B-F1D0E312AA65}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E4166CED-0092-4D61-A771-D2BFA7BE3C6E}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{A5844119-5A1E-482C-A005-07AC327E8F11}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{207107F3-9A87-415E-8DDE-FA8C59108178}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4058428E-9B05-485D-99AB-81ED7822E9DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4EB9141F-933D-4D98-9B50-F542A51ED306}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D8ACE000-92B8-4C85-BD7B-80147BC7318C}] => (Allow) D:\Apps\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{75EAFCF1-3D30-4943-9144-956E1AD9B87E}] => (Allow) D:\Apps\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B9EE419C-DA92-4851-AA96-9BBD740646DD}] => (Allow) D:\Apps\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DE7BB692-BC49-4CB6-BA04-7F9AA7017B0F}] => (Allow) D:\Apps\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{28D00335-D681-4DCB-89B9-4714AD214C90}] => (Allow) D:\Apps\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{50C0E8CC-CDCC-447E-B74E-EAD828DD4F7A}] => (Allow) D:\Apps\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{BCF0F73A-FDB3-491D-B7DC-5AEEE63B9144}] => (Allow) D:\Apps\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [{D839D8D5-C96D-4A2B-A70C-EC7E4284BE54}] => (Allow) D:\Apps\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{99DB532A-0637-4E5A-9E14-B699F42F5DA9}D:\epic games\epic games\gtav\gta5.exe] => (Allow) D:\epic games\epic games\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{D0F2B99E-5EFF-4377-9459-53E16191F25E}D:\epic games\epic games\gtav\gta5.exe] => (Allow) D:\epic games\epic games\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{19A65774-AD6C-47B2-ADB4-E63ACC275F03}D:\apps\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe] => (Allow) D:\apps\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{838F3CAA-406A-4E66-87CA-0911DAF7E462}D:\apps\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe] => (Allow) D:\apps\steamapps\common\train sim world 2\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{CADD2DC4-B81E-4500-91B5-AF47CDCE3FF2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{47EDC962-B0B9-4BF8-BFEA-6FFC71472951}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{3CB7EB03-7435-4F3A-AC23-45383FCFAC88}D:\epic games\epic games\railwayempire\railwayempire.exe] => (Block) D:\epic games\epic games\railwayempire\railwayempire.exe => Keine Datei
FirewallRules: [UDP Query User{AA66364A-DD4E-4230-BDEE-A1D144375809}D:\epic games\epic games\railwayempire\railwayempire.exe] => (Block) D:\epic games\epic games\railwayempire\railwayempire.exe => Keine Datei
FirewallRules: [{5A26CE96-E377-4566-92EA-AEE35019172C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DF261DFC-51F2-409F-B8DD-888AC8CD82CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BDDA5037-B2DE-4226-ADFA-71AA4FEBC717}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4DC96B2E-B207-4529-8013-446D9B974351}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B9C7DDA3-96C9-4201-A432-7B189420D877}] => (Allow) D:\Apps\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{83C1EB87-C2B9-435C-BB80-D0075718CF77}] => (Allow) D:\Apps\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{069A46B1-4F5B-4B2B-941B-7C6E61B590DB}C:\program files (x86)\planet zoo\planetzoo.exe] => (Allow) C:\program files (x86)\planet zoo\planetzoo.exe (Frontier Developments) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{020AD3F2-F77C-427E-B18A-121063CB33FD}C:\program files (x86)\planet zoo\planetzoo.exe] => (Allow) C:\program files (x86)\planet zoo\planetzoo.exe (Frontier Developments) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{A98C9E10-78DA-4514-B59F-5575386FE299}C:\program files\java\jre1.8.0_271\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\jp2launcher.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [UDP Query User{76C7969D-E378-4C9B-8B07-5B7DCEE391A1}C:\program files\java\jre1.8.0_271\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\jp2launcher.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [TCP Query User{7E612283-E3CF-45A4-BE63-F7374F90D2CE}C:\users\robin\appdata\local\fivem\fivem.exe] => (Allow) C:\users\robin\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [UDP Query User{120CF952-1C9C-43A9-877A-4563E288416C}C:\users\robin\appdata\local\fivem\fivem.exe] => (Allow) C:\users\robin\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [TCP Query User{D2A8F416-1C30-44E3-8AB8-D74A072C7869}C:\users\robin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\robin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{917D42D1-0639-405A-8268-9D3AA785A34F}C:\users\robin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\robin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{54475779-A4A2-4361-A343-984AD197BEE7}C:\users\robin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_b2060_gtaprocess.exe] => (Allow) C:\users\robin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_b2060_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{4911A658-8963-41FD-A7F8-48D64BFA94C6}C:\users\robin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_b2060_gtaprocess.exe] => (Allow) C:\users\robin\appdata\local\fivem\fivem.app\cache\subprocess\fivem_b2060_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{57839539-E1CD-4C2E-9631-1EB41D1CA75E}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{23514727-508E-44E6-AC90-4D9270823B25}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{D37A9E8A-5F27-4FDC-BB25-3D98354AF228}] => (Allow) D:\Apps\steamapps\common\Cattle and Crops\CattleAndCrops.exe (Masterbrain Bytes GmbH & Co. KG) [Datei ist nicht signiert]
FirewallRules: [{AA5D192B-13EE-4F20-AAE0-0CD43DE9FB2C}] => (Allow) D:\Apps\steamapps\common\Cattle and Crops\CattleAndCrops.exe (Masterbrain Bytes GmbH & Co. KG) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{A618163A-0AB5-419E-BF50-11C8C24BAD85}C:\program files (x86)\macro deck\macro deck server.exe] => (Allow) C:\program files (x86)\macro deck\macro deck server.exe (SuchByte) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{0B9318F3-AFB1-46AC-9583-AED279F92565}C:\program files (x86)\macro deck\macro deck server.exe] => (Allow) C:\program files (x86)\macro deck\macro deck server.exe (SuchByte) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{20F99F25-8F65-476C-A97C-5538696B10D0}C:\users\robin\appdata\local\programs\deckboard\deckboard.exe] => (Allow) C:\users\robin\appdata\local\programs\deckboard\deckboard.exe (Riva Farabi) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{45A8B259-2ECE-4F3A-A6D4-AC2C7244007B}C:\users\robin\appdata\local\programs\deckboard\deckboard.exe] => (Allow) C:\users\robin\appdata\local\programs\deckboard\deckboard.exe (Riva Farabi) [Datei ist nicht signiert]
FirewallRules: [{2EACFAEF-75AE-406D-A83E-32E7E8D826C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E6707C64-7C86-456D-A0EA-96804A1D713C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC3D5D07-B3E7-439F-A54E-6EF2E5748230}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66B7F1DC-7127-4C60-8090-636F1AA8901D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{4B0BF172-5592-4CB8-99F4-5E241E64B93B}C:\users\robin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robin\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{E33A5A9D-13D4-4123-8600-575F7FCE0CC9}C:\users\robin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robin\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6683049F-33B7-4295-AA18-63272B4E51DF}] => (Allow) D:\Apps\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{728C3AB7-3236-49A3-A195-DA3007D74B7C}] => (Allow) D:\Apps\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{97096DEA-5861-45DB-BC76-7186901EF5E4}] => (Allow) D:\Apps\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{105824B6-A938-49E7-8040-B3F56E51E71A}] => (Allow) D:\Apps\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{DDCB6EBD-FBC5-4034-B3D8-FDF48069AD09}] => (Allow) D:\Apps\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{13A6EBF1-C8EA-4B3B-8D24-C97E2AA93452}] => (Allow) D:\Apps\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{B957FC04-16AE-405B-9C23-3635EF592ADF}] => (Allow) D:\Apps\steamapps\common\FPH SpedV\Launcher.exe (Nicolas Reuter -> )
FirewallRules: [{44B5D899-37AD-410C-932A-4ECF703C3111}] => (Allow) D:\Apps\steamapps\common\FPH SpedV\Launcher.exe (Nicolas Reuter -> )
FirewallRules: [{EFC8BA84-155E-49A3-B9F3-20C70D6F6BC2}] => (Allow) LPort=25552
FirewallRules: [{D471573C-C3C4-4DFD-83EE-AC45764F06C8}] => (Allow) LPort=25552
FirewallRules: [{88D556F1-B9C9-4587-BE3A-294059A30C89}] => (Allow) LPort=25552
FirewallRules: [{10BE8F40-FB99-4965-95F5-73B1474A0DF7}] => (Allow) C:\Program Files (x86)\Overwolf\0.158.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{1F68FBDB-1796-4DAB-AC98-8E026BCF377E}] => (Allow) C:\Program Files (x86)\Overwolf\0.158.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{7F15EAF3-CB2A-4CC9-BB79-500811B296B0}] => (Allow) C:\Program Files (x86)\Overwolf\0.158.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{714364A2-E160-4F29-9021-E160AEB605F3}] => (Allow) C:\Program Files (x86)\Overwolf\0.158.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{4E5F06AB-4817-46C8-A2C1-FDAA75AB70C8}] => (Block) C:\Program Files (x86)\Overwolf\0.158.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{3438F006-DF0A-4F7F-9261-B597B07FA8DD}] => (Block) C:\Program Files (x86)\Overwolf\0.158.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{A1FA0F19-9FC2-478B-8716-61C767421733}] => (Block) C:\Program Files (x86)\Overwolf\0.158.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{826A9E32-7D53-457D-868C-A52829F155CD}] => (Block) C:\Program Files (x86)\Overwolf\0.158.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{5FF29E22-2B8A-40A1-9476-DA765828F07D}] => (Block) C:\Program Files (x86)\Overwolf\0.158.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
==================== Wiederherstellungspunkte =========================
21-11-2020 19:10:41 Geplanter Prüfpunkt
29-11-2020 13:16:14 Installed spacedesk Windows DRIVER
02-12-2020 18:33:03 Installed OpenVPN 2.5.0-I601 amd64
03-12-2020 11:12:54 Removed OpenVPN 2.5.0-I601 amd64
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/04/2020 12:18:06 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-MECH4VJ)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (12/03/2020 06:39:22 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-MECH4VJ)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (12/03/2020 06:39:22 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-MECH4VJ)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (12/03/2020 06:34:33 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007
Error: (12/03/2020 06:34:33 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0
Error: (12/03/2020 06:34:20 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-MECH4VJ)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (12/02/2020 02:41:09 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-MECH4VJ)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (11/29/2020 05:39:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm eurotrucks2.exe Version 1.39.1.5 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 19e8
Startzeit: 01d6c66d5e50251f
Beendigungszeit: 4294967295
Anwendungspfad: D:\Apps\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
Bericht-ID: 539dc903-0898-4f0d-82ba-e0d8c6b8b444
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Top level window is idle
Systemfehler:
=============
Error: (12/04/2020 12:17:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 03.12.2020 um 19:53:46 unerwartet heruntergefahren.
Error: (12/04/2020 12:17:26 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 3221225684Bei der Verarbeitung der Wiederherstellungsdaten ist ein schwerwiegender Fehler aufgetreten.
Error: (12/03/2020 06:33:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 03.12.2020 um 12:27:32 unerwartet heruntergefahren.
Error: (12/03/2020 06:33:37 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 3221225684Bei der Verarbeitung der Wiederherstellungsdaten ist ein schwerwiegender Fehler aufgetreten.
Error: (12/03/2020 12:34:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MECH4VJ)
Description: Der Server "{FD06603A-2BDF-4BB1-B7DF-5DC68F353601}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/03/2020 12:26:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/03/2020 12:26:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/03/2020 12:26:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Windows Defender:
===================================
Date: 2020-12-02 14:08:37.2570000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Injector&threatid=2147625382&enterprise=0
Name: Trojan:Win32/Injector
ID: 2147625382
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: amsi:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Erkennungsursprung: Unbekannt
Erkennungstype: FastPath
Erkennungsquelle: AMSI
Benutzer: DESKTOP-MECH4VJ\robin
Prozessname: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Sicherheitsversion: AV: 1.327.1875.0, AS: 1.327.1875.0, NIS: 1.327.1875.0
Modulversion: AM: 1.1.17600.5, NIS: 1.1.17600.5
Date: 2020-12-01 14:09:35.9820000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Injector&threatid=2147625382&enterprise=0
Name: Trojan:Win32/Injector
ID: 2147625382
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: amsi:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Erkennungsursprung: Unbekannt
Erkennungstype: FastPath
Erkennungsquelle: AMSI
Benutzer: DESKTOP-MECH4VJ\robin
Prozessname: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Sicherheitsversion: AV: 1.327.1819.0, AS: 1.327.1819.0, NIS: 1.327.1819.0
Modulversion: AM: 1.1.17600.5, NIS: 1.1.17600.5
Date: 2020-11-30 12:39:51.8530000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Injector&threatid=2147625382&enterprise=0
Name: Trojan:Win32/Injector
ID: 2147625382
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: amsi:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Erkennungsursprung: Unbekannt
Erkennungstype: FastPath
Erkennungsquelle: AMSI
Benutzer: DESKTOP-MECH4VJ\robin
Prozessname: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Sicherheitsversion: AV: 1.327.1757.0, AS: 1.327.1757.0, NIS: 1.327.1757.0
Modulversion: AM: 1.1.17600.5, NIS: 1.1.17600.5
Date: 2020-11-29 19:31:07.9840000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Injector&threatid=2147625382&enterprise=0
Name: Trojan:Win32/Injector
ID: 2147625382
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: amsi:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Erkennungsursprung: Unbekannt
Erkennungstype: FastPath
Erkennungsquelle: AMSI
Benutzer: DESKTOP-MECH4VJ\robin
Prozessname: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Sicherheitsversion: AV: 1.327.1757.0, AS: 1.327.1757.0, NIS: 1.327.1757.0
Modulversion: AM: 1.1.17600.5, NIS: 1.1.17600.5
Date: 2020-11-29 11:57:48.3660000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Injector&threatid=2147625382&enterprise=0
Name: Trojan:Win32/Injector
ID: 2147625382
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: amsi:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Erkennungsursprung: Unbekannt
Erkennungstype: FastPath
Erkennungsquelle: AMSI
Benutzer: DESKTOP-MECH4VJ\robin
Prozessname: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Sicherheitsversion: AV: 1.327.1707.0, AS: 1.327.1707.0, NIS: 1.327.1707.0
Modulversion: AM: 1.1.17600.5, NIS: 1.1.17600.5
Date: 2020-11-12 18:06:07.0580000Z
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Netzwerkinspektionssystem
Fehlercode: 0x8007041d
Fehlerbeschreibung: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Ursache: Dem System fehlen erforderliche Updates zum Ausführen des Netzwerkinspektionssystems. Installieren Sie die erforderlichen Updates, und starten Sie das Gerät neu.
CodeIntegrity:
===================================
Date: 2020-12-02 19:50:43.7380000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:50:43.7300000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:29.1820000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:29.1720000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:25.8940000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:25.8860000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:25.3320000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:24.9560000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 2205 05/26/2015
Hauptplatine: ASUSTeK COMPUTER INC. H81M-PLUS
Prozessor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 16317.04 MB
Verfügbarer physikalischer RAM: 11721.38 MB
Summe virtueller Speicher: 19261.04 MB
Verfügbarer virtueller Speicher: 12866.87 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:488.43 GB) (Free:237.99 GB) NTFS
Drive d: (Games) (Fixed) (Total:223.47 GB) (Free:11.58 GB) NTFS
\\?\Volume{c36e4d7a-7b4a-4d3f-97eb-0f50cbf09dab}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{f68745a6-5a46-4db1-aa91-d68b62e72766}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 40E278B8)
Partition: GPT.
==========================================================
Disk: 1 (Size: 489 GB) (Disk ID: 92D72B77)
Partition: GPT.
==================== Ende von Addition.txt =======================
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-03-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 5
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Users\robin\AppData\Local\Temp\DMR
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\SOFTWARE\Classes\AppID\ReviverSoft Smart Monitor Service.exe
Deleted HKLM\SOFTWARE\Classes\AppID\{2A2423AE-1AD9-4B60-A021-BBD75766C2FD}
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\ReviverSoft Smart Monitor Service.exe
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{2A2423AE-1AD9-4B60-A021-BBD75766C2FD}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1833 octets] - [03/12/2020 12:26:43]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-03-2020
# Duration: 00:00:14
# OS: Windows 10 Pro
# Scanned: 31920
# Detected: 5
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.DownloadSponsor C:\Users\robin\AppData\Local\Temp\DMR
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.ReviverSoft HKLM\SOFTWARE\Classes\AppID\ReviverSoft Smart Monitor Service.exe
PUP.Optional.ReviverSoft HKLM\SOFTWARE\Classes\AppID\{2A2423AE-1AD9-4B60-A021-BBD75766C2FD}
PUP.Optional.ReviverSoft HKLM\Software\Wow6432Node\\Classes\AppID\ReviverSoft Smart Monitor Service.exe
PUP.Optional.ReviverSoft HKLM\Software\Wow6432Node\\Classes\AppID\{2A2423AE-1AD9-4B60-A021-BBD75766C2FD}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
|
|
04.12.2020, 12:37
| #12 |
| | Windows PC laut Telekom mit gootkit infiziert 1.Scan vor Quarantäne Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 02.12.20
Scan-Zeit: 16:13
Protokolldatei: e83ca392-34b0-11eb-a93f-6045cb716538.json
-Softwaredaten-
Version: 4.2.3.96
Komponentenversion: 1.0.1122
Version des Aktualisierungspakets: 1.0.33760
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19041.630)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-MECH4VJ\robin
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 295489
Erkannte Bedrohungen: 242
In die Quarantäne verschobene Bedrohungen: 240
Abgelaufene Zeit: 2 Min., 3 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 3
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe, In Quarantäne, 4228, 237942, , , , , 5D3C36090BD9DD77F41D928DD88FA9A9, 56295DFE94E6DD112E50CCDF7BD2A13350EF460E9B4A202C4692E154B1001CFB
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoft Smart Monitor Service.exe, In Quarantäne, 4228, 237942, , , , , 1A083BF8968F334AC3FFFC2B12AA0B7A, 674DC8A714F632C24AE35DAE475CED001B239E3E806A045B932D44E91538B2C5
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoftSmartMonitor.exe, In Quarantäne, 4228, 237942, , , , , 50C532817C76E8520E96405DE65DEECB, 2F8CEC930BAE76CFA4AE2419B783C5F303BC440DF453795A4F87C02BFE37C7F9
Modul: 5
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe, In Quarantäne, 4228, 237942, , , , , 5D3C36090BD9DD77F41D928DD88FA9A9, 56295DFE94E6DD112E50CCDF7BD2A13350EF460E9B4A202C4692E154B1001CFB
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\Plugins\A2EC5BCB-C158-48B5-969E-F1B50C7BB413.2.9.0.8\A2EC5BCB-C158-48B5-969E-F1B50C7BB413.2.9.0.8.dll, In Quarantäne, 4228, 237942, , , , , BF4DD01F9A3D0C551FA89A70CC2D5434, 85B533E5E18B1B9CE21B85657BAEECDEE2DA7B68731969DCA5956EBA5B75105B
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\Plugins\E56ECC94-80D8-49EA-8302-9782ABF12272.2.11.0.12\E56ECC94-80D8-49EA-8302-9782ABF12272.2.11.0.12.dll, In Quarantäne, 4228, 237942, , , , , C76A7880A76A1FDC936BBAFD32B6D96B, 27FB31ECF097C1B7940E6E7910C89FD5DB3F142EFF5605E634B4FBBF8036238C
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoft Smart Monitor Service.exe, In Quarantäne, 4228, 237942, , , , , 1A083BF8968F334AC3FFFC2B12AA0B7A, 674DC8A714F632C24AE35DAE475CED001B239E3E806A045B932D44E91538B2C5
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoftSmartMonitor.exe, In Quarantäne, 4228, 237942, , , , , 50C532817C76E8520E96405DE65DEECB, 2F8CEC930BAE76CFA4AE2419B783C5F303BC440DF453795A4F87C02BFE37C7F9
Registrierungsschlüssel: 16
RiskWare.Script.Base64, HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\abdbbadabebff, In Quarantäne, 6465, 883372, 1.0.33760, , ame, , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A6D2AAF-C463-48AE-9F71-07633BD97D8A}, In Quarantäne, 4228, 237946, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5A6D2AAF-C463-48AE-9F71-07633BD97D8A}, In Quarantäne, 4228, 237946, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start Driver Reviver Check Driver Update, In Quarantäne, 4228, 237946, 1.0.33760, , ame, , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start Driver Reviver for DESKTOP-MECH4VJ@robin(logon), In Quarantäne, 4228, 237944, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0C960383-0AA2-4CDA-9BB1-6A5698873212}, In Quarantäne, 4228, 237944, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0C960383-0AA2-4CDA-9BB1-6A5698873212}, In Quarantäne, 4228, 237944, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start Driver Reviver Schedule, In Quarantäne, 4228, 237944, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2329794A-CEB8-46D1-A9BC-B9454C4C8BCA}, In Quarantäne, 4228, 237944, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{2329794A-CEB8-46D1-A9BC-B9454C4C8BCA}, In Quarantäne, 4228, 237944, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start Driver Reviver Update, In Quarantäne, 4228, 237944, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8EC760B6-2DD7-407A-B42E-9EB2CC835B57}, In Quarantäne, 4228, 237944, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{8EC760B6-2DD7-407A-B42E-9EB2CC835B57}, In Quarantäne, 4228, 237944, , , , , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start Driver Reviver with delay for DESKTOP-MECH4VJ@robin, In Quarantäne, 4228, 237946, 1.0.33760, , ame, , ,
PUP.Optional.DriverReviver, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Driver Reviver, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ReviverSoft Smart Monitor Service, In Quarantäne, 4228, 237942, , , , , ,
Registrierungswert: 1
RiskWare.Script.Base64, HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\abdbbadabebff|0, In Quarantäne, 6465, 883372, 1.0.33760, , ame, , ,
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 50
PUP.Optional.DriverReviver, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\REVIVERSOFT\DRIVER REVIVER, In Quarantäne, 4228, 237943, 1.0.33760, , ame, , ,
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Smart Monitor\S-1-5-21-1165051215-3207913047-2040614022-1001\Agents, In Quarantäne, 4228, 237940, , , , , ,
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\S-1-5-21-1165051215-3207913047-2040614022-1001, In Quarantäne, 4228, 237940, , , , , ,
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Smart Monitor\S-1-5-21-1165051215-3207913047-2040614022-1001, Entfernung fehlgeschlagen, 4228, 237940, , , , , ,
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language, In Quarantäne, 4228, 237940, , , , , ,
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups, In Quarantäne, 4228, 237940, , , , , ,
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Smart Monitor, Entfernung fehlgeschlagen, 4228, 237940, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\Plugins\E56ECC94-80D8-49EA-8302-9782ABF12272.2.11.0.12, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\Plugins\A2EC5BCB-C158-48B5-969E-F1B50C7BB413.2.9.0.8, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\pt-br, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\zh-tw, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\dpi_125, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\dpi_175, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\pt-br, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\zh-tw, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\da, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\de, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\en, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\es, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\fi, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\fr, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\it, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\ja, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\nl, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\no, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\ru, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\sv, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\tr, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\es, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\fi, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\fr, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\it, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\ja, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\nl, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\no, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\ru, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\sv, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\tr, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\da, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\de, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\en, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\Plugins, In Quarantäne, 4228, 237942, , , , , ,
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor, In Quarantäne, 4228, 237942, , , , , ,
Datei: 167
PUP.Optional.DriverReviver, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\REVIVERSOFT\DRIVER REVIVER\DRIVER REVIVER.LNK, In Quarantäne, 4228, 237943, 1.0.33760, , ame, , E15EFD54A2285FB449D7BBAD62F1BA9A, 09F65091CC6467D08FE8B3013434956067246A04C94B798548B82423A1CA191A
PUP.Optional.DriverReviver, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft\Driver Reviver\Uninstall.lnk, In Quarantäne, 4228, 237943, , , , , 35F90BAAFB494E503A4B3550BABF62DB, 4434B5F67DA3842B89853DD008BBE45523B280CABADF45E664EDA03BBE63774D
PUP.Optional.DriverReviver, C:\WINDOWS\SYSTEM32\TASKS\START DRIVER REVIVER CHECK DRIVER UPDATE, In Quarantäne, 4228, 237946, , , , , 7B36E18AE3D1B3AD3F7D318F5475CCB6, 840BCFAE3977FECC8459754D06067D9424FEB3B3BC078757A3877141377B4278
PUP.Optional.DriverReviver, C:\WINDOWS\SYSTEM32\TASKS\Start Driver Reviver for DESKTOP-MECH4VJ@robin(logon), In Quarantäne, 4228, 237944, 1.0.33760, , ame, , DD989F17016902B54907112B9606CF83, 87D471A23D9D4A84498A5D40636DB0924ABE8698CE2A07ABB24136DB2C4185A7
PUP.Optional.DriverReviver, C:\WINDOWS\SYSTEM32\TASKS\Start Driver Reviver Schedule, In Quarantäne, 4228, 237944, 1.0.33760, , ame, , EC2F862F34C675597877378B895F7297, 3CC201BB41E1F6AB4665AEDD6859323CC2A94025BDF304C1785DD4A70D4626A5
PUP.Optional.DriverReviver, C:\WINDOWS\SYSTEM32\TASKS\Start Driver Reviver Update, In Quarantäne, 4228, 237944, 1.0.33760, , ame, , 77A5CC4DA3360176FDB6D631D5AEAE7C, E37AB19D897642216F153FC5E00E20FE6FDFE96299A39ED904D0E53B39729058
PUP.Optional.DriverReviver, C:\PROGRAMDATA\REVIVERSOFT\DRIVER REVIVER\COMMONSETTINGS.XML, In Quarantäne, 4228, 237940, 1.0.33760, , ame, , 55A6EB299B4FA99AEF37E2405518DF79, DDB55EF548762DB37C0DBC77F2EB3159CCE4FFBD018CE8AD96257D11381C3263
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528302.zip, In Quarantäne, 4228, 237940, , , , , ,
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528531.zip, In Quarantäne, 4228, 237940, , , , , 825A6C6D2B2C56D5A3A5C4E15AD12B1A, 417D53CD0CFCD049F5C8C6296B784D2F1793259DBAE7C39C2A49DE36D7E2B319
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528574.zip, In Quarantäne, 4228, 237940, , , , , 65721540E190ED1DE2B794722B33283C, ED41D01169779326DC5FF96B4331797A9BAAF96207B1F0493ACBBCEBAF945F47
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528596.zip, In Quarantäne, 4228, 237940, , , , , 9C20353C0DBF59488AE7A5DB95308622, 208ECAEBE365BA3A19F7FB3F136004CD0C8B7B9A7F7751E8D1BE33CE631AEFFA
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528627.zip, In Quarantäne, 4228, 237940, , , , , 31EECE9D603868D620A48E1120CFB3C6, 096E652CC25BB7568AFA1707C87C0044E37A0F532171B1ADAE59E17E1D94B411
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528645.zip, In Quarantäne, 4228, 237940, , , , , 3AB935F7B8E8585769F1C256A31EAED9, 91380D6DCC0953C00AEC1C9BBF80AA7DE605F166DD519ACB7AAD1A8286C3893D
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528660.zip, In Quarantäne, 4228, 237940, , , , , C8C252E0B2F79FC9AEA0E9BF3D5FB876, 1C0EC89811A1F87217153CD04E326B6170B1602BA13D3DFFB76E7D1411562BF2
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528674.zip, In Quarantäne, 4228, 237940, , , , , D50D9386C08667C69645448B6E5BA72A, 13BC5CC5FED360E8076050B018DCBF4005F4EA66F0AFC51FD19441B0CDF0A30C
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528688.zip, In Quarantäne, 4228, 237940, , , , , 331611D349DBE14FBAADC944F2AB4CAE, C523D6B5BCFAB4D0315C2FEEF0A8A5F8C35692B5380AF27B45790748675DA397
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528708.zip, In Quarantäne, 4228, 237940, , , , , 846BAEF44B827561E39C5C82829B7C10, FE39D0621209327D57B8869B964A75AE7643D340BD0B590ECEBEE39785702674
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528726.zip, In Quarantäne, 4228, 237940, , , , , 69C09EE1F0D4454975077A563385A739, 72B6FDAD56F62F3D11B6D3DEB87340B68EC71AA950F87D2BD6F8B68701DB71CB
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528742.zip, In Quarantäne, 4228, 237940, , , , , 4F8DB86C0860842A0D0282DC360DF30D, A2D570E889DB98933F293606AC86D3F84468282CC8ED2F65469BA4C835F9A5D0
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528758.zip, In Quarantäne, 4228, 237940, , , , , 8FCD9B894A3540CCA907772A01467BDE, 5B3DEE0632F9D381B3FAF92232115AF79DB682C3FEDD78B193E63BDD19C4FE1D
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528772.zip, In Quarantäne, 4228, 237940, , , , , 6B1A4CDC5D541C95255324F6D1D70DC6, 9A071FB87D14246FCFDFD9B6198557C6717C88DA7EFBDC02083A9CD3DB5FA55A
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\1603528786.zip, In Quarantäne, 4228, 237940, , , , , FB3E88C962AB51EA104934C4AD604BF3, D4E55D0094047622AAB911CB3528368957FEBACE5A3DB8BC026788F9A3CC46F1
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\backups\BackupInfo.xml, In Quarantäne, 4228, 237940, , , , , 4AB38D7D5E8CABEEC24A051519056BA0, 8DCE7558613B00E2FC53B076F595DD3F16030EC3B5AE165EA5EB5BFF64383A16
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\downloads\112.zip, In Quarantäne, 4228, 237940, , , , , 17376C26C15F412B156388D1365D5A73, 29732A0C746BB31EAE9DBB4049F15C8D8C8AD6A15F08E8843CC24B7E7C9006ED
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Brazilian.xml, In Quarantäne, 4228, 237940, , , , , 0E06586343035505BE7DDD5D9FA865A3, 261B50A71149B5202F50A1B2BC093418B6AC783FE6D0AC0C836DF0E546DE41F2
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Danish.xml, In Quarantäne, 4228, 237940, , , , , FD5782C057923B7FDD3568AE05F0800D, 5125375D52D5B66D5B2F26FBAD552101B6CA51DD1C31EFC12F9BCA7CB7F494F8
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Dutch.xml, In Quarantäne, 4228, 237940, , , , , D14B104CD8DBBAA5614AF3C7DB7D4B1F, 6D24E09871A22BC43B8054E714280F7009043BF1DB0BA78E3B9D8F1CD491820A
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\English.xml, In Quarantäne, 4228, 237940, , , , , 44E9D23AFB31C88E7C345B83AA1DFBFA, 538FB9457272AB7906178C67815C518FBB57F280A3945721496F8E0CA5FF3B24
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Finnish.xml, In Quarantäne, 4228, 237940, , , , , B69CA74141ECB60BB10D9CF0924124D5, D5E0E495B1F9D0B1D20AEAD5DF752C3881BCDAEBACC045EBC995CC6DB3F5D304
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\French.xml, In Quarantäne, 4228, 237940, , , , , 6F05C902F39C35AC91BDEEC682F6198D, C27E5D51D548DFC41A61B5DD328492616F92FE6CA80CE51B61EB987B9FD1A041
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\German.xml, In Quarantäne, 4228, 237940, , , , , 3359BA80BF3575DC2D54B46CBE9CB6D9, FA5B9CE11CEBE8EB5CDBE2A261242935E473C6961FFCCCFBDC8ACB28B2C39ED4
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Italian.xml, In Quarantäne, 4228, 237940, , , , , 872A5944F1C54ED3B5D63EF58A14BAB5, 3DCB94090DCD901300BC3DAEA786BC5DE87EA187467C474CDCB09B83A4F9AFB5
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Japanese.xml, In Quarantäne, 4228, 237940, , , , , 96989B9CA2307C85089CD6A85D7A449D, D3BFE1A6A69BED3393CD015A9CE6802AB970636200AE3CA9E33CADB598410592
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Norwegian.xml, In Quarantäne, 4228, 237940, , , , , 6987B259AE12A63BFCC4CACEAC2B520A, C03989BC4F1202BA3AB96A133D47096EEDD275F05423A8C3B3C7AD80F4457E8B
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Russian.xml, In Quarantäne, 4228, 237940, , , , , F308A6E485E45579C313FD16D01660BC, 9B1230E05C474E18955445782893128F4E719D7C5CAD2C10343B740F7F836B3C
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Spanish.xml, In Quarantäne, 4228, 237940, , , , , B33C0992D3338EF0ACC285CF24C63EE0, 4552A5FC10F3A9528C8E7489A68CAAD6BF565E6126FE684F54A8253EC9708378
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Swedish.xml, In Quarantäne, 4228, 237940, , , , , 9BF9D52C2F0465BDC933EA9CFCAE2ED8, 17A861134E1B050FA6F800666E0077A901C03EFB9F120D07A27FA5E91CD28B3E
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\TradChinese.xml, In Quarantäne, 4228, 237940, , , , , CB5D3CF97FDBD3FC0A326FA836BBF740, 598612587637E17C8B39CF40C2F1CFCA77AB3CD7223E2E71DA6642CD3B26FC91
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\Language\Turkish.xml, In Quarantäne, 4228, 237940, , , , , C56FF65F9690BDED1D2E2C30F3646573, BCCDC6FB78FFB0E7D89228A2887964417116C6EED63711E76ADE46DB3A2DED55
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\S-1-5-21-1165051215-3207913047-2040614022-1001\AppSettings.xml, In Quarantäne, 4228, 237940, , , , , 42194B0A8B94AC8B706E640D881115C5, 429D0ED8F1B55DA734B899FA76EEC819B9847487AE62F5F7E2D4F85C2B3B2D24
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\S-1-5-21-1165051215-3207913047-2040614022-1001\app_log.log, In Quarantäne, 4228, 237940, , , , , 061A5973AE5B39157B73882D9B1A02D2, 5DE91B670D6F240FC06FBAF6F036A309D8A98F06CA3E1D8944C874A522467B48
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\S-1-5-21-1165051215-3207913047-2040614022-1001\DRmanager_log.log, In Quarantäne, 4228, 237940, , , , , 1AE453E6C5A77BBD552F0B4620AE863C, DCD3866FFF29EA40A4408CAEB5588F13ECF80211770BD3E4299B19C55A532E66
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\S-1-5-21-1165051215-3207913047-2040614022-1001\du_statistic, In Quarantäne, 4228, 237940, , , , , E4768B70AEB11060DFF2EC4744EEBFB0, 4390550B25BE2205AA0BFC2DC6DA6492F5D4962F8621650650B7935F048A48A0
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\S-1-5-21-1165051215-3207913047-2040614022-1001\Request.xml, In Quarantäne, 4228, 237940, , , , , 50019BEECB7D9CAF18AC8A22A870BECA, 6CDCE1AA7A2BC261732F8957309AD34F7E52853A314DAF38CDB8ED1D9488F928
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\S-1-5-21-1165051215-3207913047-2040614022-1001\Response.xml, In Quarantäne, 4228, 237940, , , , , A0566C8FF86901F4474CCF86B0F65F9D, 29AE6612A9E907B95E32CE22B7A8FB78D6446C5718D0B548E80710B6BF2B800D
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\unplugged drivers\unplugged drivers versions, In Quarantäne, 4228, 237940, , , , , 6EB06143DA18206F82878836F05C9492, 47F0F6E2EE3892E55D1CB06414C50277A696E34F5A9A7A5A506F007B48B5EE59
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Driver Reviver\freeDriver, In Quarantäne, 4228, 237940, , , , , 649422C51C06EA3396ED4779A0136C41, D0C011FC3A73C903ADC059D2224542E4B6B2391E578CC6E08935D1DC843F4D5E
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Smart Monitor\S-1-5-21-1165051215-3207913047-2040614022-1001\Agents\0D682ECE-3AE8-4102-A5DB-A069BD6101D4.1.0.0.4.json, In Quarantäne, 4228, 237940, , , , , 2F4E625D08DF4F0E8B6CB8730A8A16B6, FCDF5A768E2CBB47233492BE5D1887CD0118429394C6C28CBE9CB453EF6448A3
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Smart Monitor\S-1-5-21-1165051215-3207913047-2040614022-1001\Agents\37C9C2F0-953E-43B1-A7EA-6CC744415735.1.0.0.3.json, In Quarantäne, 4228, 237940, , , , , 4ED7247CEDC88F97F6C74E682637B1CD, 9E025071C599EA05DA7CFE1ACCDFEBB0835FA1202E2771D9180F5287DE988151
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Smart Monitor\S-1-5-21-1165051215-3207913047-2040614022-1001\Agents\84ADCAC5-83B5-4905-AFC6-C09DF5F86685.1.0.0.6.json, In Quarantäne, 4228, 237940, , , , , 0F294ACB16071E6FF4F8BEEEF90F0192, 5D5808626703472B7E7FE99092B15802A01A60331E62CF35582F6A1517C5604A
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Smart Monitor\S-1-5-21-1165051215-3207913047-2040614022-1001\Agents\CEEFB237-B700-442D-895F-4BEB25546472.1.0.0.8.json, In Quarantäne, 4228, 237940, , , , , F26CD55B311AD333AF27C27EE97CD9D9, 0F754EF0730A4F7F17BF0C21C8D254EF28666E5AB955409F7DE02F2024CC7039
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Smart Monitor\S-1-5-21-1165051215-3207913047-2040614022-1001\queue_limits.data, In Quarantäne, 4228, 237940, , , , , A66637501942947275E84D0D36112B30, 8C1C9C37741D140ACE018AAD69FBAB7A954FEE3243A2060C5129566D889E9FDC
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Smart Monitor\S-1-5-21-1165051215-3207913047-2040614022-1001\settings.data, In Quarantäne, 4228, 237940, , , , , FD59C1E30C49FD07B611E9547B983100, 0C786C474383FB540988209F781FF63ACD044859BF7442CF4986B1DE308E598E
PUP.Optional.DriverReviver, C:\ProgramData\ReviverSoft\Smart Monitor\S-1-5-21-1165051215-3207913047-2040614022-1001\smsettings, In Quarantäne, 4228, 237940, , , , , 3DA8043732F566E2FA749F6267ABCC93, 79B18978637868AA31F346C5C628FA95E21A3442A1896AA627C5E4FD21533D04
PUP.Optional.DriverReviver, C:\PROGRAM FILES\REVIVERSOFT\DRIVER REVIVER\7ZA.EXE, In Quarantäne, 4228, 237942, 1.0.33760, , ame, , 3FACFD7E7C2A5DB28C06121A8C1E9CBE, C5A3D074BA38B16FCCF916577916E3E77F0DD24FA3EF2FA31EA746349D6E9F02
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\da\exitdialog.html, In Quarantäne, 4228, 237942, , , , , B7DDA30960A0F301AB1A92019069B629, F3B6299968413A0F9A4765DD3E04984878A711F1CB34FE0CFCF85016C2D15058
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\de\exitdialog.html, In Quarantäne, 4228, 237942, , , , , CA1F4C0E412877A99AD85FFF11998D8C, 2DE9C23E1369BF2D3E8C9DEAE663AF50E07E76657BC8FA74AEB09F7A0B7A5643
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\en\exitdialog.html, In Quarantäne, 4228, 237942, , , , , 9F4FDCBBF142F6143F23A073065F6DDC, 40B23F6DF27C90832170E5407973C1F0663DF3EFF991013F79C881092F41C91C
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\es\exitdialog.html, In Quarantäne, 4228, 237942, , , , , B39D96D0EF1EBF76542A92BF1F6FA85F, 1B5E78608448597B9F5F1B602694E37FD31114777F92DBDEE8C3E05E799EE0EF
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\fi\exitdialog.html, In Quarantäne, 4228, 237942, , , , , 59F671C4677E9B962CE810C4E9FCA805, 252183A3B247A010288CCA5A8141236F1E918988A0EA34172EE1B09114655BAC
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\agePoints.js, In Quarantäne, 4228, 237942, , , , , 72BF5B9031FBBEFF443CA44C0EDC1287, 6D99D6BE1A24FC1B49A975DA5CA5A42453532A862A65514D3E6646640D867441
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\btn-purchase-hover.png, In Quarantäne, 4228, 237942, , , , , 155F8DAF079B77D56973F64615F5DD3C, C3A9952B9CADAEC790E409601443D0D60D210345E9E3BD76AE06DD8B720CCD0D
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\btn-purchase.png, In Quarantäne, 4228, 237942, , , , , 33F13B5FCC01A15DBDDF727DB311FC1A, FC8144DD0CF404636A9BA6E78E0931E7C0FF61B2FF779CB00DB26F48CD020076
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\checkmark.png, In Quarantäne, 4228, 237942, , , , , A87F05EC0E6E65DD3230B34CE3A66D9E, 96C632721FAFF8DBFD13BE65CE2DA640B203FBB4BDD299C22EF35D43BE60111B
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\common.css, In Quarantäne, 4228, 237942, , , , , BB10E5A20FABF1F7D53D095808FF31CF, 2C0555B9CEC1F82212A613726BBCD2EDC26F094A70E273D84D09728BAA1CE9F7
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\DomManager.js, In Quarantäne, 4228, 237942, , , , , 9FA367AE0C8AA546AEC50DEB65068FF7, BEDE014E1588D8989F800A8A82DD1727C7A1C64AA419F69AF97375DFB5AD6B9E
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\exit-2018-0918.css, In Quarantäne, 4228, 237942, , , , , E34A3DCF7CF6E5332612EEA7188856C2, 89D6F88C3932B8B7FDF7E27B7B326D64EBD6C90EC26836EFA5344CDF40C4FD88
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\exit-arrow.png, In Quarantäne, 4228, 237942, , , , , EEDBFF1FE2A3AD997D8CCE0176459E8F, 3216AE431DD6E07BF4762151B511490C87A5349D19E5EC267530A09605AEB951
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\exit.min.js, In Quarantäne, 4228, 237942, , , , , D022D69D1A038F173C651542BE61DDB5, C2D592B96468BD9BB0029E41C439929A04F4938BD83B776FD7515E2EECBCC9CE
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\ie-shim.min.js, In Quarantäne, 4228, 237942, , , , , EC491ECD4338A13C72916D4CD4FFD6F8, E395890008BE52791BA8F78FB45CFA3659FD0B5AC06F10B81AB1081328803377
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\list-calendar.png, In Quarantäne, 4228, 237942, , , , , 018531AEBCFE7699A04826367C8D8F63, 1AA61BAA792BA8A9C18BBA60C5F594CC02C1AAB201C3AAFC29058BA81FC40862
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\list-clock.png, In Quarantäne, 4228, 237942, , , , , C05A91442FE12C473EE7DB0F0F83975B, 3C671AEF9947DD8F5EB960E141BB53E0920B903B6F6B24D729E97F20463D44E3
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\list-speed.png, In Quarantäne, 4228, 237942, , , , , B282602347DF393D0A5FF348D5794950, 29696846DEA037C99C92A23B2BF3F3CEF3F260AFCD647407242B170382FC6B95
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\Manager.js, In Quarantäne, 4228, 237942, , , , , 468F33583155739F57A7D17232EFDFFD, 3C0C394C24EA89678382AAFD30969890CF1E9B68DA90C6C8A0B1DD706269D458
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\objects.min.js, In Quarantäne, 4228, 237942, , , , , 16F6FBE72BBA20894E9FA1F02B93C595, AC4E6BBE8C622AEE6EE19C89D7C6571CEC6152DB5A800262ED94DB1D7479D804
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\oclock.png, In Quarantäne, 4228, 237942, , , , , 7A85DA256F6042F5AB12853FE4E7D3E6, 72B0013CAB846E64815A2C3E9E8BF0A0AB1F26B1BE349CC59AE91A7FE8CB5F80
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\PIE.js, In Quarantäne, 4228, 237942, , , , , A59F1C580ADE00F53DF8800FB337B6F2, 6702421E7C6307A321916DB9A19069F145C13B497FA7A855409C469B1FFC4F98
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\pubsub.js, In Quarantäne, 4228, 237942, , , , , BD03C5A845CE21BA6C989C55643C6C45, 29F387C99A23B9F6A671AFBD48CF5DB2D8FC9277CBCDB487BC3AC13ECA70FB1E
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\queryManager.js, In Quarantäne, 4228, 237942, , , , , 5C6C23C8E43FEAB1D44A002A31AB4842, 75DD3B954900DE1F44E1FA394FE4180A0600207CE9F4DB49640F326BAE33F180
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\smartConfig.js, In Quarantäne, 4228, 237942, , , , , D9254E6BD85816FCBF66178E1D59A03A, DC15A20425C5EDD3BE348FEEBFA7ECEAB226FB242C025F2C0F0CC9197D5E0C6A
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\top-arrow.png, In Quarantäne, 4228, 237942, , , , , B44B32D4AC19C603464CE459825F63DA, AA7EC65D5F6BB6A1FED78D18833C729DE18B9A5DFB2273946C25E770D002F046
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\utils.js, In Quarantäne, 4228, 237942, , , , , 2E9EDE083E77F181BBD345CB1CA71A59, 31BCCF3198372F45CFE0E9F36217482A369C5E200CB72CCD135D7152A943D06B
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\files\xclose2.png, In Quarantäne, 4228, 237942, , , , , A0ED4BCFB1B81029FA16CD0DD41DE5D0, 05E77708FB632635B245E245B7FF989B761FEB49A02F2C7BC25BE4D43619C652
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\fr\exitdialog.html, In Quarantäne, 4228, 237942, , , , , 3FF96D9134AD6F33B0BE2AD55C6C0697, 34BCB5BCCDC5768455325C49A4FBC447D5515C695FC900F8BB868D77C51C756B
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\it\exitdialog.html, In Quarantäne, 4228, 237942, , , , , 56EAA7B9125DB4BC7525BC4DC9C93DFE, 5F32AE954C7163710D5756CC2EB6CCC2AC84F67B8F624C3EC56FBFC51673018D
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\ja\exitdialog.html, In Quarantäne, 4228, 237942, , , , , 9D746B54205A74F38BB2E7DBB9A2280C, 31A81CCFFF442AFAF7EC552D0796EA20A84A024A8DAB5C51A9AB09B83C8D418B
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\nl\exitdialog.html, In Quarantäne, 4228, 237942, , , , , D24FC173FACA6F448B86C2F19B14640F, 6B80AB5A44B37872584AB56D5517FC10A1C32347ACEDB3BC3815658D13B88610
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\no\exitdialog.html, In Quarantäne, 4228, 237942, , , , , BD284C3D071E9FC7E2EFEA9D2ADB7A61, 2A9D648CF90588F1895E1973425B653876EC14ECD0F33FD8B1ECCD6ED5EBB9CD
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\pt-br\exitdialog.html, In Quarantäne, 4228, 237942, , , , , D89F29D9BF277B112851C9DF166AB3AF, 59CDDE64D4BFAE80A51C7B3893687CFE2EE956CFEABCEDF4BDCFF5B9B2FC0CCF
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\ru\exitdialog.html, In Quarantäne, 4228, 237942, , , , , C94B3A44997F18C9EA5FB33191E0C882, 92616F5CFFA1B0D01D48B210C80A61BFDBDB41E36DF9EFF567865EEA25446050
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\sv\exitdialog.html, In Quarantäne, 4228, 237942, , , , , 2CC176919F02A9B869ED5B1D7796533C, 0580B3887524700AA50F27CF8DB4B6AD9979D7F4B237B39377A20478B15C941F
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\tr\exitdialog.html, In Quarantäne, 4228, 237942, , , , , 48EC81B70DC0637EC50746837E94C9E0, 9CAE4EA8CC7BEC067ACE1B4274FD46E203F325C0583B1A3AE0742F263BAC6D05
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\exitdialog\zh-tw\exitdialog.html, In Quarantäne, 4228, 237942, , , , , 45A3EE7CD74A1DD229908E4F98885CCF, 88DC261E90084B2D43FD228634C1C153BD3A93D0622C0DDF9E8DC754EA5C75FA
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\dpi_125\learnmore.html, In Quarantäne, 4228, 237942, , , , , F449843F9C6CA3BFA116A386A607051C, 2BC17B51EF030C410B80555C458CB24C7B60760EA7BE0D40A3E5F08EACFAFA7A
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\dpi_175\learnmore.html, In Quarantäne, 4228, 237942, , , , , 46447E5B09BC4E1CDB38ACE37012EC38, 89F510D45255C54288BB3EA1FD0C8C10B7F798B1CF232CAFD17180B1E5322118
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\checkmark.png, In Quarantäne, 4228, 237942, , , , , D042882407713DEC520E30E951EA827D, 171C5BBAAED36846314C04E1E4B7F9428CA8F375E5AC54226F515C454AAAFB0E
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\checkmark_white.png, In Quarantäne, 4228, 237942, , , , , A87F05EC0E6E65DD3230B34CE3A66D9E, 96C632721FAFF8DBFD13BE65CE2DA640B203FBB4BDD299C22EF35D43BE60111B
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\common.css, In Quarantäne, 4228, 237942, , , , , BB10E5A20FABF1F7D53D095808FF31CF, 2C0555B9CEC1F82212A613726BBCD2EDC26F094A70E273D84D09728BAA1CE9F7
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\ie-shim.min.js, In Quarantäne, 4228, 237942, , , , , EC491ECD4338A13C72916D4CD4FFD6F8, E395890008BE52791BA8F78FB45CFA3659FD0B5AC06F10B81AB1081328803377
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\j.php, In Quarantäne, 4228, 237942, , , , , 860BECE8A17C456EDB38C0A457DD9531, 7D01BF90B82EA5FD951A350FA6F88BB0E7F5F2B642D36D971A13B0E484FA82F4
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\learn-more.css, In Quarantäne, 4228, 237942, , , , , F004046A0463D7416D2E9914C6F7E2EC, 52BACD79C900E2A3B7FFCAF077A81D0A078306D50E9B6027885DFF98A1DE4E65
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\learn-more.min.js, In Quarantäne, 4228, 237942, , , , , 0AA439185D03F0C14B2462B688F3977A, 90E0E206C0D4F46FFAC0C639E1B7E54FF4FB72BB3A63788F4865843EE7A567E5
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\learn-more.png, In Quarantäne, 4228, 237942, , , , , DFD1155EFB77BE4985FA5E6C28D73F55, 6A7599ED4F8EC8BB5ED4F47C66D37D02FF23A3772128DEA4B57CBF7367AE1915
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\objects.min.js, In Quarantäne, 4228, 237942, , , , , 88A8A120168C040884FD11BFC9F6A626, 3E312359A91BB2EE8719E7A0A5911817689B3CB8B319FA7EC003E33C9DDEA171
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\oclock.png, In Quarantäne, 4228, 237942, , , , , 7A85DA256F6042F5AB12853FE4E7D3E6, 72B0013CAB846E64815A2C3E9E8BF0A0AB1F26B1BE349CC59AE91A7FE8CB5F80
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\pubsub.js, In Quarantäne, 4228, 237942, , , , , BD03C5A845CE21BA6C989C55643C6C45, 29F387C99A23B9F6A671AFBD48CF5DB2D8FC9277CBCDB487BC3AC13ECA70FB1E
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\queryManager.js, In Quarantäne, 4228, 237942, , , , , F21F34C0113D90D03C2244D373532607, 32E7879F2171F09816E541DD3CF640F56D950762237CCE1BD0A9877C63696D5E
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\top-arrow.png, In Quarantäne, 4228, 237942, , , , , B44B32D4AC19C603464CE459825F63DA, AA7EC65D5F6BB6A1FED78D18833C729DE18B9A5DFB2273946C25E770D002F046
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\utils.js, In Quarantäne, 4228, 237942, , , , , 2E9EDE083E77F181BBD345CB1CA71A59, 31BCCF3198372F45CFE0E9F36217482A369C5E200CB72CCD135D7152A943D06B
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\learnmore\files\xclose2.png, In Quarantäne, 4228, 237942, , , , , A0ED4BCFB1B81029FA16CD0DD41DE5D0, 05E77708FB632635B245E245B7FF989B761FEB49A02F2C7BC25BE4D43619C652
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\da\registration.html, In Quarantäne, 4228, 237942, , , , , 37A11D47C0FCFD8C22D5D2AB65A665F3, 4A94883EF75FA0350D2DD5686E1803241C99CF1D622A06A84154815279916087
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\de\registration.html, In Quarantäne, 4228, 237942, , , , , 5B18C470DCF3C49F0646A873C66C31CA, 57CC7FA878C0BF2EDE91C9123DA657B0F533AC2374DDA1BB9DC649189D7DDE16
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\en\registration.html, In Quarantäne, 4228, 237942, , , , , A3246D86CD96663BDCAE59B54BE98D9D, A013224AFD6B8A71377FD65F3AF88A9FCD1C01EBD1C1DA097908AC4AEDAD3231
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\es\registration.html, In Quarantäne, 4228, 237942, , , , , 5EA46EE10151757AFBA2A81CE8CFAC40, 3E4288C04FC4F156A2B07AEF17E2DB82C01FC5686B68EF5821279BAF3C46F0A3
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\fi\registration.html, In Quarantäne, 4228, 237942, , , , , D2430CB009C14847DBED1FDF0E5AE74B, DB2BF06CB9C0993249F118F995BACFDDC31B0790AA15CEF4B722FE8F85DA927C
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\btn-purchase-hover.png, In Quarantäne, 4228, 237942, , , , , 155F8DAF079B77D56973F64615F5DD3C, C3A9952B9CADAEC790E409601443D0D60D210345E9E3BD76AE06DD8B720CCD0D
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\btn-purchase.png, In Quarantäne, 4228, 237942, , , , , 33F13B5FCC01A15DBDDF727DB311FC1A, FC8144DD0CF404636A9BA6E78E0931E7C0FF61B2FF779CB00DB26F48CD020076
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\checkmark.png, In Quarantäne, 4228, 237942, , , , , A87F05EC0E6E65DD3230B34CE3A66D9E, 96C632721FAFF8DBFD13BE65CE2DA640B203FBB4BDD299C22EF35D43BE60111B
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\common.css, In Quarantäne, 4228, 237942, , , , , BB10E5A20FABF1F7D53D095808FF31CF, 2C0555B9CEC1F82212A613726BBCD2EDC26F094A70E273D84D09728BAA1CE9F7
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\ie-shim.min.js, In Quarantäne, 4228, 237942, , , , , EC491ECD4338A13C72916D4CD4FFD6F8, E395890008BE52791BA8F78FB45CFA3659FD0B5AC06F10B81AB1081328803377
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\list-calendar.png, In Quarantäne, 4228, 237942, , , , , 018531AEBCFE7699A04826367C8D8F63, 1AA61BAA792BA8A9C18BBA60C5F594CC02C1AAB201C3AAFC29058BA81FC40862
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\list-clock.png, In Quarantäne, 4228, 237942, , , , , C05A91442FE12C473EE7DB0F0F83975B, 3C671AEF9947DD8F5EB960E141BB53E0920B903B6F6B24D729E97F20463D44E3
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\list-speed.png, In Quarantäne, 4228, 237942, , , , , B282602347DF393D0A5FF348D5794950, 29696846DEA037C99C92A23B2BF3F3CEF3F260AFCD647407242B170382FC6B95
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\objects.min.js, In Quarantäne, 4228, 237942, , , , , 16F6FBE72BBA20894E9FA1F02B93C595, AC4E6BBE8C622AEE6EE19C89D7C6571CEC6152DB5A800262ED94DB1D7479D804
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\oclock.png, In Quarantäne, 4228, 237942, , , , , 7A85DA256F6042F5AB12853FE4E7D3E6, 72B0013CAB846E64815A2C3E9E8BF0A0AB1F26B1BE349CC59AE91A7FE8CB5F80
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\PIE.js, In Quarantäne, 4228, 237942, , , , , A59F1C580ADE00F53DF8800FB337B6F2, 6702421E7C6307A321916DB9A19069F145C13B497FA7A855409C469B1FFC4F98
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\post-scan-2018-0918.css, In Quarantäne, 4228, 237942, , , , , EA07B319D38909CD7A84B66162958679, 80EFAED0C64875B34BA201798F2F77CF4538BF6FD13F1609B2FE44DCDC3A2BE9
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\post-scan.min.js, In Quarantäne, 4228, 237942, , , , , 3B867834B5DB97992D76C24401B60E6C, 87FB9B91579E2ED5BA00AFA79AE3334AE3C6DE7040439899FD2659E657FBF154
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\pubsub.js, In Quarantäne, 4228, 237942, , , , , BD03C5A845CE21BA6C989C55643C6C45, 29F387C99A23B9F6A671AFBD48CF5DB2D8FC9277CBCDB487BC3AC13ECA70FB1E
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\queryManager.js, In Quarantäne, 4228, 237942, , , , , 5C6C23C8E43FEAB1D44A002A31AB4842, 75DD3B954900DE1F44E1FA394FE4180A0600207CE9F4DB49640F326BAE33F180
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\rotate.png, In Quarantäne, 4228, 237942, , , , , 900C9194667EC9F27B1DF51A73ECABC6, DC333CD3CC042CF60ABD703E2C22E8D3831A36CB9F866983ABA269C6F0DE2CB4
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\top-arrow.png, In Quarantäne, 4228, 237942, , , , , B44B32D4AC19C603464CE459825F63DA, AA7EC65D5F6BB6A1FED78D18833C729DE18B9A5DFB2273946C25E770D002F046
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\utils.js, In Quarantäne, 4228, 237942, , , , , 2E9EDE083E77F181BBD345CB1CA71A59, 31BCCF3198372F45CFE0E9F36217482A369C5E200CB72CCD135D7152A943D06B
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\files\xclose2.png, In Quarantäne, 4228, 237942, , , , , A0ED4BCFB1B81029FA16CD0DD41DE5D0, 05E77708FB632635B245E245B7FF989B761FEB49A02F2C7BC25BE4D43619C652
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\fr\registration.html, In Quarantäne, 4228, 237942, , , , , 8713E4BE3E1EC6F4880B503D4BFF9832, 4366A026338D8B7AE87171A3AE707AFCB06482C13595198FDCE070298404AFAD
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\it\registration.html, In Quarantäne, 4228, 237942, , , , , B7D3E17C339F88BE1A946EDB972033B3, F043E9E25AC17031AC6B80084F278E81B8BDC62C65CBE2FE26F473807E150172
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\ja\registration.html, In Quarantäne, 4228, 237942, , , , , 34897D4A28E85462384A7AD42F1DEB5A, FAE1413723A06A741BCE90EF7B5DF2F38C60363E9880958507D65C1C31EA7870
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\nl\registration.html, In Quarantäne, 4228, 237942, , , , , ACFDAFB3B90B4F375195A0AF50028EC3, EC46F04B3BC9D7B20A7249A4EFA060B51400D1B6B0EB938DE1045DF7A56116B9
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\no\registration.html, In Quarantäne, 4228, 237942, , , , , CFB0AB718301AC8FC87940E6CC7F280C, 15C397D805A9049E92AB4225F0620B216916D1AF1189CAB6C5AC4123F79A09CC
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\pt-br\registration.html, In Quarantäne, 4228, 237942, , , , , 0DEF0ADA5B2D7F33CFE55FA2F974EDB1, D6328EA53F2B4F1E3810723AFADDA293820C64D85063177118BC7F8B1FC867AD
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\ru\registration.html, In Quarantäne, 4228, 237942, , , , , 2D6C4903194307988C51624985B12141, 91786DB9F93A7FA4A7A375568ADF62FA4DCF9DF325053B043C9C255F848FA1DA
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\sv\registration.html, In Quarantäne, 4228, 237942, , , , , B930FA14DF366F4496C8F34E5A592596, FFB0E5F792E3837E5922C49844CCA41E439055C0046C0B4C06B621A1E5DFF517
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\tr\registration.html, In Quarantäne, 4228, 237942, , , , , 2532871A17B61664DD7A2EF6031C4A5A, 9C1916085925E25CBA56B13CB3D66E66ABE9767E07D3F730980EC509DAEB695F
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\offline\registration\zh-tw\registration.html, In Quarantäne, 4228, 237942, , , , , 556BA7DC40137A31B46CADBFF8FF7091, 641A5E6322445B66D8B9017EC7D06DBE15BE68D6A0C11BD5F1D106D9CAB8D7EA
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe, In Quarantäne, 4228, 237942, , , , , 5D3C36090BD9DD77F41D928DD88FA9A9, 56295DFE94E6DD112E50CCDF7BD2A13350EF460E9B4A202C4692E154B1001CFB
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.mab, In Quarantäne, 4228, 237942, , , , , 0D54DCE7C7182226D361FBA298338E51, D971C789537DB5CD57CA11B6F83E636C857C5EA1F653DA4C62F0F723901772E5
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\DriverReviverUpdater.exe, In Quarantäne, 4228, 237942, , , , , 3C6349216851E238E42A00DC5B58CDC4, 97D3742EECF84A83FEB1B832F018A1F53BE429695A75A36D0999B3ECA423D7E7
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\DriverReviverUpdater.mab, In Quarantäne, 4228, 237942, , , , , D91A28DDA06E1AEEC7C5FF11B762DB2A, 93814F9C4689A2A4623D6F203D3C29B0E0446DDB9C857A9A7C0C954DC7F6EC79
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\DRNotifier.exe, In Quarantäne, 4228, 237942, , , , , A68E2B5F903473FC2E43A425980E5DF7, ECD509FB88A4D9FA66006455CB57F94F791130322EA699EF69C3E5838283D435
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\DRNotifierTray.exe, In Quarantäne, 4228, 237942, , , , , 77607A4A7A76A69D9D17CC670EBE7419, 9031BC878A428362BDC97A24F3B58A76BE4D374C8EDB373785BAB98035906661
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\lci.lci, In Quarantäne, 4228, 237942, , , , , 6D2C53E9D4D15B5B07C27CCF3B26D34A, 88C00D895619745A6D0A49C0E87D84AE1AD0846388F4BE47EBAEB016BFFE1EF1
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\OpenSSL_License.txt, In Quarantäne, 4228, 237942, , , , , CD8D1165B1451F024E5DDE2F784972C0, CBC628188D1BC320DAE3E508C462E601076FDC5A2E42E335B5238DD3066B270C
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Driver Reviver\Uninstall.exe, In Quarantäne, 4228, 237942, , , , , 8644DC4E56E4BDBF2217A6F9A0A92121, 46ABACF34BA19ECB8D35B42004D6D60D32FDEA3A52AB706A7445724258A15151
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\Plugins\A2EC5BCB-C158-48B5-969E-F1B50C7BB413.2.9.0.8\A2EC5BCB-C158-48B5-969E-F1B50C7BB413.2.9.0.8.dll, In Quarantäne, 4228, 237942, , , , , BF4DD01F9A3D0C551FA89A70CC2D5434, 85B533E5E18B1B9CE21B85657BAEECDEE2DA7B68731969DCA5956EBA5B75105B
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\Plugins\E56ECC94-80D8-49EA-8302-9782ABF12272.2.11.0.12\E56ECC94-80D8-49EA-8302-9782ABF12272.2.11.0.12.dll, In Quarantäne, 4228, 237942, , , , , C76A7880A76A1FDC936BBAFD32B6D96B, 27FB31ECF097C1B7940E6E7910C89FD5DB3F142EFF5605E634B4FBBF8036238C
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\apps, In Quarantäne, 4228, 237942, , , , , 6F275C228AD5D4E7B253170F71AE23EF, 59FC4E805168099DFCBFEB973412F61E5C28557B94A78736F8FB43E9468F0961
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoft Smart Monitor Service.exe, In Quarantäne, 4228, 237942, , , , , 1A083BF8968F334AC3FFFC2B12AA0B7A, 674DC8A714F632C24AE35DAE475CED001B239E3E806A045B932D44E91538B2C5
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoft Smart Monitor Service.mab, In Quarantäne, 4228, 237942, , , , , A0A4994DC8C31C7DDCFCE49DABE10D36, 268FB476CCF55972379196E762ABC37555F90DAC77E3D18F5FA02A2C445773C5
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoftSmartMonitor.exe, In Quarantäne, 4228, 237942, , , , , 50C532817C76E8520E96405DE65DEECB, 2F8CEC930BAE76CFA4AE2419B783C5F303BC440DF453795A4F87C02BFE37C7F9
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\ReviverSoftSmartMonitor.mab, In Quarantäne, 4228, 237942, , , , , 93BD685341D7A5B87587528FD8F81F79, 705CF25ECA194FA746E505AA52CCE139F1BD2B7180E9AB37A82F3735652B4D36
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\Settings.exe, In Quarantäne, 4228, 237942, , , , , AB572948F4A8EDAB9EE0ECCC09D8CDB5, 9DB9EBE1F75B32CAB30CE8C5D28D4F75A080F2380D5B3F3C2E8A002232CC33B2
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\Settings.mab, In Quarantäne, 4228, 237942, , , , , 788DC374C2354C72017FBB413605FD4B, 918A25833F1C784269F22868D03C42E53CBDC898281226601AE8C9D8D84C07AB
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\system_exclusions, In Quarantäne, 4228, 237942, , , , , 2E055C59DEB268D7BEABBDAD30EFFF88, 5D43B6E9604008A2DABC241038F9D7E36C6156050720CDC5B24ECFC76EAC9C8D
PUP.Optional.DriverReviver, C:\Program Files\ReviverSoft\Smart Monitor\Uninstall.exe, In Quarantäne, 4228, 237942, , , , , 4590A6D5EA035D3EDB77BA511D0B3110, 04AA2745B8EB28A6911697D41FF31D297C2F96F442EC931DED1CF888B3C9DFC7
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.1\STANDALONEPHASE1.DAT, In Quarantäne, 8009, 393793, 1.0.33760, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C
PUP.Optional.ChipDe, C:\USERS\ROBIN\DOWNLOADS\NOTRUF 112 - CHIP-INSTALLER.EXE, In Quarantäne, 601, 562568, 1.0.33760, , ame, , B0E4190EB5FF15173E1CCFA72735FC76, 61F6CF7FE18D103462B4975B936C1F3521100D4C6A2AB0706762E98EB24410E1
PUP.Optional.DriverReviver, C:\USERS\ROBIN\DOWNLOADS\DRIVERREVIVERSETUP.EXE, In Quarantäne, 4228, 462815, 1.0.33760, , ame, , EE41DC6CC29A2EA1FAD21FDD257855F0, 2A5573356B09A1B8FC99DF736FE92E83A1006C17422B968FBC766D8BD290E3A5
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 04.12.20
Scan-Zeit: 12:22
Protokolldatei: 04142b94-3623-11eb-b8f6-6045cb716538.json
-Softwaredaten-
Version: 4.2.3.96
Komponentenversion: 1.0.1122
Version des Aktualisierungspakets: 1.0.33806
Lizenz: Premium
-Systemdaten-
Betriebssystem: Windows 10 (Build 19041.630)
CPU: x64
Dateisystem: NTFS
Benutzer: System
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Zeitplaner
Ergebnis: Abgeschlossen
Gescannte Objekte: 295810
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 1 Min., 45 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
|
|
04.12.2020, 21:22
| #13 |
| /// TB-Ausbilder | Windows PC laut Telekom mit gootkit infiziert Von MBAM und AdwCleaner habe ich nichts geschrieben...  Du solltest eigentlich nur FRST ausführen... Auf dem Rechner ist auf jeden Fall die Malware Gootkit...  Schritt 1
Schritt 2
Schritt 3
Bitte poste mit deiner nächsten Antwort:
|
|
05.12.2020, 06:36
| #14 |
| | Windows PC laut Telekom mit gootkit infiziertCode:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-12-2020
durchgeführt von robin (05-12-2020 06:23:44) Run:1
Gestartet von C:\Users\robin\Downloads
Geladene Profile: robin
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [abdbbadabebff] => powershell.exe -ExecutionPolicy Bypass -windowstyle hidden -Command "IEX([Environment]::GetEnvironmentVariable('abdbbadabebff', 'User'))" <==== ACHTUNG
DeleteKey: HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\Software\abdbbadabebff
DeleteValue: HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\Environment|abdbbadabebff
DeleteValue: HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|abdbbadabebff
AlternateDataStreams: C:\Users\robin\AppData\Local\Temp:$DATA [16]
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
Hosts:
RemoveProxy:
SystemRestore: On
EmptyTemp:
*****************
"HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\Software\Microsoft\Windows\CurrentVersion\Run\\abdbbadabebff" => erfolgreich entfernt
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\Software\abdbbadabebff => nicht gefunden
"HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\Environment\\abdbbadabebff" => erfolgreich entfernt
"HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\abdbbadabebff" => nicht gefunden
C:\Users\robin\AppData\Local\Temp => ":$DATA" ADS erfolgreich entfernt
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
========= netsh advfirewall reset =========
OK.
========= Ende von CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= Ende von CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
{A74FCA14-B3EC-45BC-911C-78F9E951285E} canceled.
Unable to cancel {73353DF3-74EA-4FBD-82A0-CDB0822CE0AC}.
{1D07BD61-62FD-40FC-8163-7D8194464A2A} canceled.
{5F0EE07B-AE66-494D-9F86-1E93ACD3D055} canceled.
3 out of 4 jobs canceled.
========= Ende von CMD: =========
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
========= Ende von RemoveProxy: =========
SystemRestore: On => abgeschlossen
=========== EmptyTemp: ==========
BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31897315 B
Java, Flash, Steam htmlcache => 419053317 B
Windows/system/drivers => 29956941 B
Edge => 0 B
Chrome => 0 B
Firefox => 1135725997 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 74410 B
NetworkService => 5387284 B
robin => 491961984 B
RecycleBin => 26467285982 B
EmptyTemp: => 26.6 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 06:25:28 ====
Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 02-12-2020
durchgeführt von robin (05-12-2020 06:28:57)
Gestartet von C:\Users\robin\Downloads
Start-Modus: Normal
================== Datei-Suche: "SearchAll: abdbbadabebff;ReviverSoft;Driver Reviver;Smart Monitor" =============
Datei:
========
C:\Users\robin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_ReviverSoft_Driver Reviver_DriverReviver_exe
[2020-11-07 13:02][2020-11-28 19:32] 000037014 _____ () D33B8E490564C352FB30533AFBA8127A [Datei ist nicht signiert]
Ordner:
========
2020-10-24 09:27 - 2020-12-02 16:36 _____ C:\ProgramData\ReviverSoft
2020-10-24 09:27 - 2020-12-02 16:16 _____ C:\ProgramData\ReviverSoft\Driver Reviver
2020-12-02 16:36 - 2020-12-02 16:36 _____ C:\ProgramData\ReviverSoft\Smart Monitor
2020-10-24 09:27 - 2020-12-02 16:16 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
2020-10-24 09:27 - 2020-12-02 16:36 _____ C:\Program Files\ReviverSoft
2020-10-24 09:27 - 2020-12-02 16:36 _____ C:\Program Files\ReviverSoft\Driver Reviver
Registry:
========
===================== Suchergebnis für "abdbbadabebff" ==========
===================== Suchergebnis für "ReviverSoft" ==========
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\hdxrt4.inf_amd64_1204c9824bdfae6e]
"OemPath"="c:\programdata\reviversoft\driver reviver\downloads\84\da683cd3-eae1-4263-b65a-1a5c8394a5aa"
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\mag271cr.inf_amd64_90b0311612c44720]
"OemPath"="C:\ProgramData\ReviverSoft\Driver Reviver\unplugged drivers\TU9OSVRPUlxNU0kzRkE2"
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\nvvad.inf_amd64_1e7bf44b681957ab]
"OemPath"="c:\programdata\reviversoft\driver reviver\downloads\103\483c55c8-5722-417e-945a-cddd30ab944c"
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\nv_dispi.inf_amd64_edf184f24a37bacd]
"OemPath"="c:\programdata\reviversoft\driver reviver\downloads\57\1c040da0-8bcc-43cf-928a-580e27a59b7f"
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\pa248.inf_amd64_a7be813e7e5e930e]
"OemPath"="C:\ProgramData\ReviverSoft\Driver Reviver\unplugged drivers\TU9OSVRPUlxEZWZhdWx0X01vbml0b3I="
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\rt640x64.inf_amd64_d6bc86a845f7eb98]
"OemPath"="c:\programdata\reviversoft\driver reviver\downloads\109\77f808cd-36e4-4752-b65f-0b36a2fe72e4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\ReviverSoftSmartMonitor.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF12FA28-28F0-4A9D-B9B7-ECEF6F82AAFC}\LocalServer32]
""=""C:\Program Files\ReviverSoft\Smart Monitor\Settings.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF12FA28-28F0-4A9D-B9B7-ECEF6F82AAFC}\ProgID]
""="ReviverSoft.SMSettings.1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ReviverSoft.SMSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ReviverSoft.SMSettings\CurVer]
""="ReviverSoft.SMSettings.1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ReviverSoft.SMSettings.1.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ReviverSoft.SMSettings.1.1]
""="ReviverSoftSmartMonitor settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}\1.1\0\win32]
""=""C:\Program Files\ReviverSoft\Smart Monitor\Settings.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}\1.1\0\win64]
""="C:\Program Files\ReviverSoft\Smart Monitor\Settings.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}\1.1\HELPDIR]
""="C:\Program Files\ReviverSoft\Smart Monitor"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\reviversoft.com]
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.reviversoft.com]
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\11d27cc5_0]
""="{2}.\\?\usb#vid_0951&pid_16ad&mi_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\global/00010002|\Device\HarddiskVolume4\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\45ae2464_0]
""="{2}.\\?\usb#vid_0951&pid_16ad&mi_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\global/00010002|\Device\HarddiskVolume3\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
"{6D809377-6AF0-444B-8957-A3773F02200E}\ReviverSoft\Driver Reviver\DriverReviver.exe"="224"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{6D809377-6AF0-444B-8957-A3773F02200E}\ReviverSoft\Driver Reviver\DriverReviver.exe"="9"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{6D809377-6AF0-444B-8957-A3773F02200E}\ReviverSoft\Driver Reviver\DRNotifier.exe"="1"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"{6D809377-6AF0-444B-8957-A3773F02200E}\ReviverSoft\Driver Reviver\DriverReviver.exe"="6"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"{6D809377-6AF0-444B-8957-A3773F02200E}\ReviverSoft\Driver Reviver\DRNotifier.exe"="2"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe"="0x53414350010000000000000007000000280000004867A30135E2A30101000000000000000000000A0021000050BB64EDDDACD5010000000000000000"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\ReviverSoft\Driver Reviver\DRNotifier.exe.FriendlyAppName"="Tray notification helper"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\ReviverSoft\Driver Reviver\DRNotifier.exe.ApplicationCompany"="Corel Corporation"
===================== Suchergebnis für "Driver Reviver" ==========
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\hdxrt4.inf_amd64_1204c9824bdfae6e]
"OemPath"="c:\programdata\reviversoft\driver reviver\downloads\84\da683cd3-eae1-4263-b65a-1a5c8394a5aa"
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\mag271cr.inf_amd64_90b0311612c44720]
"OemPath"="C:\ProgramData\ReviverSoft\Driver Reviver\unplugged drivers\TU9OSVRPUlxNU0kzRkE2"
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\nvvad.inf_amd64_1e7bf44b681957ab]
"OemPath"="c:\programdata\reviversoft\driver reviver\downloads\103\483c55c8-5722-417e-945a-cddd30ab944c"
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\nv_dispi.inf_amd64_edf184f24a37bacd]
"OemPath"="c:\programdata\reviversoft\driver reviver\downloads\57\1c040da0-8bcc-43cf-928a-580e27a59b7f"
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\pa248.inf_amd64_a7be813e7e5e930e]
"OemPath"="C:\ProgramData\ReviverSoft\Driver Reviver\unplugged drivers\TU9OSVRPUlxEZWZhdWx0X01vbml0b3I="
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages\rt640x64.inf_amd64_d6bc86a845f7eb98]
"OemPath"="c:\programdata\reviversoft\driver reviver\downloads\109\77f808cd-36e4-4752-b65f-0b36a2fe72e4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\AppInventory\S-1-5-21-1165051215-3207913047-2040614022-1001\win32:driverreviver.exe_d7smgh2tcb55j]
"DisplayName"="Driver Reviver"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Parental Controls\AppInventory\S-1-5-21-1165051215-3207913047-2040614022-1001\win32:driverreviver.exe_d7smgh2tcb55j]
"DisplayName"="Driver Reviver"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\11d27cc5_0]
""="{2}.\\?\usb#vid_0951&pid_16ad&mi_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\global/00010002|\Device\HarddiskVolume4\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\45ae2464_0]
""="{2}.\\?\usb#vid_0951&pid_16ad&mi_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\global/00010002|\Device\HarddiskVolume3\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
"{6D809377-6AF0-444B-8957-A3773F02200E}\ReviverSoft\Driver Reviver\DriverReviver.exe"="224"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{6D809377-6AF0-444B-8957-A3773F02200E}\ReviverSoft\Driver Reviver\DriverReviver.exe"="9"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{6D809377-6AF0-444B-8957-A3773F02200E}\ReviverSoft\Driver Reviver\DRNotifier.exe"="1"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"{6D809377-6AF0-444B-8957-A3773F02200E}\ReviverSoft\Driver Reviver\DriverReviver.exe"="6"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"{6D809377-6AF0-444B-8957-A3773F02200E}\ReviverSoft\Driver Reviver\DRNotifier.exe"="2"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe"="0x53414350010000000000000007000000280000004867A30135E2A30101000000000000000000000A0021000050BB64EDDDACD5010000000000000000"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\ReviverSoft\Driver Reviver\DRNotifier.exe.FriendlyAppName"="Tray notification helper"
[HKEY_USERS\S-1-5-21-1165051215-3207913047-2040614022-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\ReviverSoft\Driver Reviver\DRNotifier.exe.ApplicationCompany"="Corel Corporation"
===================== Suchergebnis für "Smart Monitor" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF12FA28-28F0-4A9D-B9B7-ECEF6F82AAFC}\LocalServer32]
""=""C:\Program Files\ReviverSoft\Smart Monitor\Settings.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}\1.1\0\win32]
""=""C:\Program Files\ReviverSoft\Smart Monitor\Settings.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}\1.1\0\win64]
""="C:\Program Files\ReviverSoft\Smart Monitor\Settings.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}\1.1\HELPDIR]
""="C:\Program Files\ReviverSoft\Smart Monitor"
====== Ende von Suche ======
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-12-2020
durchgeführt von robin (05-12-2020 06:34:42)
Gestartet von C:\Users\robin\Downloads
Windows 10 Pro Version 20H2 19042.630 (X64) (2020-10-23 21:25:45)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1165051215-3207913047-2040614022-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1165051215-3207913047-2040614022-503 - Limited - Disabled)
Gast (S-1-5-21-1165051215-3207913047-2040614022-501 - Limited - Disabled)
robin (S-1-5-21-1165051215-3207913047-2040614022-1001 - Administrator - Enabled) => C:\Users\robin
WDAGUtilityAccount (S-1-5-21-1165051215-3207913047-2040614022-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Discord (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.3.3 - Dev47apps)
Epic Games Launcher (HKLM-x32\...\{08CB0AD5-F779-48D8-804B-59FA115E9318}) (Version: 1.1.293.0 - Epic Games, Inc.)
FiveM (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\CitizenFX_FiveM) (Version: - Cfx.re)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
KeePass Password Safe 2.46 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.46 - Dominik Reichl)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech)
LUDOS FLAMMA Gaming Mouse (HKLM-x32\...\LUDOS FLAMMA Gaming Mouse_is1) (Version: 1.0 - Ludos Technology Co,.LTD)
Macro Deck Server Version 1.3.1 (HKLM-x32\...\{594ECF8C-5AEF-48D9-A04E-76945B81F04C}_is1) (Version: 1.3.1 - SuchByte)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.52 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 de) (HKLM\...\Mozilla Firefox 83.0 (x64 de)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 457.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.32.316 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
Spotify (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Spotify) (Version: 1.1.47.684.g136419d9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
TrucksBook Client version 1.3.6 (HKLM-x32\...\TrucksBook Client_is1) (Version: 1.3.6 - TrucksBook)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WhatsApp (HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\WhatsApp) (Version: 2.2043.22 - WhatsApp)
WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Xerox Desktop Print Experience 4.5 (HKLM\...\{2A236FE5-829C-316F-B613-3F4E86FEB83C}) (Version: 7.132.20.0 - Xerox Corporation)
Xerox PowerENGAGE (HKLM-x32\...\{171BF116-713F-43AA-B236-D6188522E609}) (Version: 2.52.0016 - Xerox Inc.)
Packages:
=========
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.451.334.2_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Studios)
Forza Horizon 4 Formula Drift Car Pack -> C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2020-11-30] (Microsoft Studios)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) [MS Ad]
Xerox Print and Scan Experience -> C:\Program Files\WindowsApps\XeroxCorp.PrintExperience_7.192.8.0_x64__f7egpvdyrs2a8 [2020-11-19] (Xerox Corp)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-11-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StellwerkSim.de\StellwerkSim.lnk -> C:\Program Files\Java\jre1.8.0_271\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxps://www.stellwerksim.de/download-jnlp.php?token=005fa5a4d5d222 "C:\Users\robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\26973a55-685a6e97"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-10-23 22:29 - 2020-12-05 06:26 - 000034448 _____ (ASUSTeK Computer Inc. -> ) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-11-06] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-10-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\onlineregister.com -> hxxp://onlineregister.com
IE trusted site: HKU\.DEFAULT\...\onlineregister.com -> hxxps://onlineregister.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-12-07 10:14 - 2020-12-05 06:23 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Touch Portal\plugins\adb\platform-tools;
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\robin\OneDrive\Bilder\Landschaft.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\StartupApproved\Run: => "Discord"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{D874347C-8D9D-4B10-8DF2-C8529418F5F1}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{4B45AF49-9424-4570-9D34-5C8D1DC18497}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{3238AE31-DE33-44A3-8697-EB6842EB7E7F}C:\users\robin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robin\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{29C940F9-799C-463D-96B6-6613B5240DB8}C:\users\robin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robin\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{542CA971-5D2B-4152-9AD9-E9D91DAEB945}D:\apps\steam.exe] => (Allow) D:\apps\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{451D7BE2-0D6A-4BA6-8549-7850BE1FD19B}D:\apps\steam.exe] => (Allow) D:\apps\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FBCEB4EF-0EFD-4A28-B00E-21F14EF74957}] => (Allow) D:\Apps\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2CBA33C4-DACA-46A5-A2A0-3B1027812E41}] => (Allow) D:\Apps\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{14644BD5-A76A-4D3B-862A-2EE8DCD7D1C1}] => (Allow) D:\Apps\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A85E0C74-DF82-4846-B21E-CB060CBDD7C1}] => (Allow) D:\Apps\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{079003AA-DD00-4DBA-9750-7647A9981CBC}] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{BCF2EBD4-AE5E-4E19-8CD2-B85A7C385775}] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
==================== Wiederherstellungspunkte =========================
21-11-2020 19:10:41 Geplanter Prüfpunkt
29-11-2020 13:16:14 Installed spacedesk Windows DRIVER
02-12-2020 18:33:03 Installed OpenVPN 2.5.0-I601 amd64
03-12-2020 11:12:54 Removed OpenVPN 2.5.0-I601 amd64
04-12-2020 21:53:47 Entfernt Notruf 112 DEMO
04-12-2020 21:56:42 Removed spacedesk Windows DRIVER
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/05/2020 06:25:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (12/05/2020 06:25:58 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (12/04/2020 09:57:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: spacedeskServiceTray.exe, Version: 0.0.0.0, Zeitstempel: 0x5fa8e1fb
Name des fehlerhaften Moduls: CoreMessaging.dll, Version: 10.0.19041.546, Zeitstempel: 0x81435f0e
Ausnahmecode: 0xc00001ad
Fehleroffset: 0x0001387c
ID des fehlerhaften Prozesses: 0x12c8
Startzeit der fehlerhaften Anwendung: 0x01d6ca686ac73921
Pfad der fehlerhaften Anwendung: C:\Windows\system32\spacedeskServiceTray.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\CoreMessaging.dll
Berichtskennung: a9d6f9ae-b0e8-4ab0-a884-4cb841b048ab
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/04/2020 09:12:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm explorer.exe Version 10.0.19041.610 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 174c
Startzeit: 01d6ca686b2574cf
Beendigungszeit: 0
Anwendungspfad: C:\Windows\explorer.exe
Bericht-ID: b16973c3-43d0-4c11-b200-5f3d4fa2b3d4
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Cross-thread
Error: (12/04/2020 09:08:39 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-MECH4VJ)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (12/04/2020 08:50:35 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-MECH4VJ)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (12/04/2020 08:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: eurotrucks2.exe, Version: 1.39.1.5, Zeitstempel: 0x5fb7b3f6
Name des fehlerhaften Moduls: trucksbook_64.dll, Version: 0.0.0.0, Zeitstempel: 0x5f0ab867
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000058ad
ID des fehlerhaften Prozesses: 0x1798
Startzeit der fehlerhaften Anwendung: 0x01d6ca6c1764f55a
Pfad der fehlerhaften Anwendung: D:\Apps\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
Pfad des fehlerhaften Moduls: D:\Apps\steamapps\common\Euro Truck Simulator 2\bin\win_x64\plugins\trucksbook_64.dll
Berichtskennung: 47d050c1-d9b1-47b4-80aa-6a2453b3d6dd
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/04/2020 08:25:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FPH SpedV.exe, Version: 20.10.3.15, Zeitstempel: 0x5fc0f94c
Name des fehlerhaften Moduls: DNSAPI.dll, Version: 10.0.19041.610, Zeitstempel: 0x441ccbe1
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000000b55e
ID des fehlerhaften Prozesses: 0x40cc
Startzeit der fehlerhaften Anwendung: 0x01d6ca6efe062557
Pfad der fehlerhaften Anwendung: C:\Users\robin\AppData\Local\SpedV\FPH SpedV.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\DNSAPI.dll
Berichtskennung: afaafd72-ff18-49e9-ad2b-3fa900cae026
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (12/05/2020 06:25:58 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Malwarebytes Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (12/05/2020 06:25:44 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1115" in DCOM, als der Dienst "wuauserv" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (12/05/2020 06:25:35 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MECH4VJ)
Description: Der Server "{FD06603A-2BDF-4BB1-B7DF-5DC68F353601}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/05/2020 06:25:35 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MECH4VJ)
Description: Der Server "{FD06603A-2BDF-4BB1-B7DF-5DC68F353601}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/05/2020 06:25:35 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MECH4VJ)
Description: Der Server "{FD06603A-2BDF-4BB1-B7DF-5DC68F353601}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/05/2020 06:25:35 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MECH4VJ)
Description: Der Server "{FD06603A-2BDF-4BB1-B7DF-5DC68F353601}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/05/2020 06:20:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.12.2020 um 23:08:04 unerwartet heruntergefahren.
Error: (12/05/2020 06:20:24 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 3221225684Bei der Verarbeitung der Wiederherstellungsdaten ist ein schwerwiegender Fehler aufgetreten.
Windows Defender:
===================================
Date: 2020-12-02 14:08:37.2570000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Injector&threatid=2147625382&enterprise=0
Name: Trojan:Win32/Injector
ID: 2147625382
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: amsi:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Erkennungsursprung: Unbekannt
Erkennungstype: FastPath
Erkennungsquelle: AMSI
Benutzer: DESKTOP-MECH4VJ\robin
Prozessname: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Sicherheitsversion: AV: 1.327.1875.0, AS: 1.327.1875.0, NIS: 1.327.1875.0
Modulversion: AM: 1.1.17600.5, NIS: 1.1.17600.5
Date: 2020-12-01 14:09:35.9820000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Injector&threatid=2147625382&enterprise=0
Name: Trojan:Win32/Injector
ID: 2147625382
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: amsi:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Erkennungsursprung: Unbekannt
Erkennungstype: FastPath
Erkennungsquelle: AMSI
Benutzer: DESKTOP-MECH4VJ\robin
Prozessname: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Sicherheitsversion: AV: 1.327.1819.0, AS: 1.327.1819.0, NIS: 1.327.1819.0
Modulversion: AM: 1.1.17600.5, NIS: 1.1.17600.5
Date: 2020-11-30 12:39:51.8530000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Injector&threatid=2147625382&enterprise=0
Name: Trojan:Win32/Injector
ID: 2147625382
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: amsi:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Erkennungsursprung: Unbekannt
Erkennungstype: FastPath
Erkennungsquelle: AMSI
Benutzer: DESKTOP-MECH4VJ\robin
Prozessname: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Sicherheitsversion: AV: 1.327.1757.0, AS: 1.327.1757.0, NIS: 1.327.1757.0
Modulversion: AM: 1.1.17600.5, NIS: 1.1.17600.5
Date: 2020-11-29 19:31:07.9840000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Injector&threatid=2147625382&enterprise=0
Name: Trojan:Win32/Injector
ID: 2147625382
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: amsi:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Erkennungsursprung: Unbekannt
Erkennungstype: FastPath
Erkennungsquelle: AMSI
Benutzer: DESKTOP-MECH4VJ\robin
Prozessname: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Sicherheitsversion: AV: 1.327.1757.0, AS: 1.327.1757.0, NIS: 1.327.1757.0
Modulversion: AM: 1.1.17600.5, NIS: 1.1.17600.5
Date: 2020-11-29 11:57:48.3660000Z
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Injector&threatid=2147625382&enterprise=0
Name: Trojan:Win32/Injector
ID: 2147625382
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: amsi:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Erkennungsursprung: Unbekannt
Erkennungstype: FastPath
Erkennungsquelle: AMSI
Benutzer: DESKTOP-MECH4VJ\robin
Prozessname: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Sicherheitsversion: AV: 1.327.1707.0, AS: 1.327.1707.0, NIS: 1.327.1707.0
Modulversion: AM: 1.1.17600.5, NIS: 1.1.17600.5
Date: 2020-11-12 18:06:07.0580000Z
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Netzwerkinspektionssystem
Fehlercode: 0x8007041d
Fehlerbeschreibung: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Ursache: Dem System fehlen erforderliche Updates zum Ausführen des Netzwerkinspektionssystems. Installieren Sie die erforderlichen Updates, und starten Sie das Gerät neu.
CodeIntegrity:
===================================
Date: 2020-12-02 19:50:43.7380000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:50:43.7300000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:29.1820000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:29.1720000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:25.8940000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:25.8860000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:25.3320000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-02 19:47:24.9560000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.158.1.1\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 2205 05/26/2015
Hauptplatine: ASUSTeK COMPUTER INC. H81M-PLUS
Prozessor: Intel(R) Core(TM) i7-4770S CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 16317.04 MB
Verfügbarer physikalischer RAM: 12381.34 MB
Summe virtueller Speicher: 19133.04 MB
Verfügbarer virtueller Speicher: 13466.87 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:488.43 GB) (Free:280.02 GB) NTFS
Drive d: (Games) (Fixed) (Total:223.47 GB) (Free:11.58 GB) NTFS
\\?\Volume{c36e4d7a-7b4a-4d3f-97eb-0f50cbf09dab}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{f68745a6-5a46-4db1-aa91-d68b62e72766}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 40E278B8)
Partition: GPT.
==========================================================
Disk: 1 (Size: 489 GB) (Disk ID: 92D72B77)
Partition: GPT.
==================== Ende von Addition.txt =======================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2020
durchgeführt von robin (Administrator) auf DESKTOP-MECH4VJ (ASUS All Series) (05-12-2020 06:33:44)
Gestartet von C:\Users\robin\Downloads
Geladene Profile: robin
Platform: Windows 10 Pro Version 20H2 19042.630 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2012.1001.6.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2009.4.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxApp_48.70.21001.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Xerox Corporation -> Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3091136 2020-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [Discord] => C:\Users\robin\AppData\Local\Discord\app-0.0.308\Discord.exe [91023672 2020-09-10] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [104586376 2020-11-22] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [Steam] => D:\Apps\steam.exe [3424032 2020-10-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [EpicGamesLauncher] => D:\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33131408 2020-11-25] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [TB Client] => C:\Program Files (x86)\TrucksBook Client\TB Client.exe [1403904 2020-07-17] (TrucksBook) [Datei ist nicht signiert]
HKU\S-1-5-21-1165051215-3207913047-2040614022-1001\...\Run: [Spotify] => C:\Users\robin\AppData\Roaming\Spotify\Spotify.exe [23233936 2020-12-02] (Spotify AB -> Spotify Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{E5931AF4-2A8F-48A5-AFC8-3605AD5C0A0C}] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
Startup: C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ETS2 Telemetry.lnk [2020-11-28]
ShortcutTarget: ETS2 Telemetry.lnk -> C:\Users\robin\AppData\Local\SpedV\Telemetry\Ets2Telemetry.exe (Nicolas Reuter -> Freie Programme Hohenstein)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04A149CE-211D-4D9E-BD28-AA169E77FB79} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {12CFDE66-72D1-449B-A45C-B4782F1FC46E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {13596818-E129-4346-9BB3-6755D7E171F0} - System32\Tasks\Xerox\Xerox PowerENGAGE => C:\Program Files (x86)\Xerox PowerENGAGE\xeroxreg.exe [117984 2016-09-13] (Aviata Inc -> Aviata Inc)
Task: {4CE135AF-F73E-4391-8AFA-CA3949F16CE8} - System32\Tasks\Xerox\Xerox PowerENGAGE Update => C:\Program Files (x86)\Xerox PowerENGAGE\xeroxreg.exe [117984 2016-09-13] (Aviata Inc -> Aviata Inc)
Task: {53267BD0-C967-4E22-A4F8-462B1DB620F5} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5B619329-0F4B-4D37-867D-59F28436849C} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1165051215-3207913047-2040614022-1001 => C:\Windows\System32\AgentActivationRuntimeStarter.exe [13312 2020-10-09] (Microsoft Windows -> )
Task: {7462D67E-87AD-4A7F-9442-2021DD301455} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F326DAF-C931-423D-8D38-92E7AEA6609D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8AA6531D-5F35-43CF-AAF3-8AC738A19C1A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {8C372B8C-9AD6-43F0-8FF2-F14D66FF9948} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {988B29FF-66FA-421B-9C04-CA2470B53B6B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AB8A3BFD-D739-4AC4-9E2F-AF6E3776D463} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {B35C4016-053C-47C5-9B48-F28A73B3B363} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [347720 2020-02-03] (Xerox Corporation -> Xerox Corporation)
Task: {B36F7E38-6795-4116-9231-7F861AD530C2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAE4C559-CF51-4847-9D89-763A80687908} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1D3D3D7-DEF1-4ABB-9B6B-B658AAC5674E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C6BFB8AF-29CA-4D73-8D92-192B9E6D258B} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [347720 2020-02-03] (Xerox Corporation -> Xerox Corporation)
Task: {CEAB6F00-4F7A-4F38-B123-ACEB5F51AB72} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D0850C50-D05E-4621-B121-50809663665F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBF022CF-6773-48D3-AC7F-C9EF342976ED} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [347720 2020-02-03] (Xerox Corporation -> Xerox Corporation)
Task: {ECA09999-D97B-489C-92FC-D7BFC03681DD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-21] (Mozilla Corporation -> Mozilla Foundation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{fdb07933-2361-4edb-89e0-feafdcb2238b}: [DhcpNameServer] 192.168.178.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\robin\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-05]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\robin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-12-02]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: c8930cc3.default
FF ProfilePath: C:\Users\robin\AppData\Roaming\Mozilla\Firefox\Profiles\c8930cc3.default [2020-12-05]
FF ProfilePath: C:\Users\robin\AppData\Roaming\Mozilla\Firefox\Profiles\1e5xt4ol.default-release [2020-12-05]
FF NetworkProxy: Mozilla\Firefox\Profiles\1e5xt4ol.default-release -> type", 4
FF Notifications: Mozilla\Firefox\Profiles\1e5xt4ol.default-release -> hxxps://discord.com
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-10-24] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10896008 2020-11-22] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1382016 2020-11-27] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5101992 2020-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [341016 2020-02-03] (Xerox Corporation -> Xerox Corporation)
S3 XeroxProdRegManager; C:\Program Files (x86)\Xerox PowerENGAGE\EngageService.exe [293608 2016-09-13] (Aviata Inc -> Aviata, Inc.)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\drivers\droidcamvideo.sys [33784 2020-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-12-02] (Malwarebytes Corporation -> Malwarebytes)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\71013\driver_cpu_temperature\logi_core_temp.sys [25448 2020-11-22] (Logitech Inc. -> Logitech)
S3 logi_generic_hid_filter; C:\Windows\system32\drivers\logi_generic_hid_filter.sys [56376 2020-10-24] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [38136 2020-10-24] (Logitech Inc -> Logitech)
S3 logi_joy_hid_filter; C:\Windows\system32\drivers\logi_joy_hid_filter.sys [57400 2020-10-24] (Logitech Inc -> Logitech)
S3 logi_joy_hid_lo; C:\Windows\system32\drivers\logi_joy_hid_lo.sys [46648 2020-10-24] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [26672 2020-10-24] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66808 2020-10-24] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-12-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-12-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2020-12-05] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-12-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [138904 2020-12-05] (Malwarebytes Inc -> Malwarebytes)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-12-05 06:33 - 2020-12-05 06:34 - 000019776 _____ C:\Users\robin\Downloads\FRST.txt
2020-12-05 06:28 - 2020-12-05 06:32 - 000011859 _____ C:\Users\robin\Downloads\Search.txt
2020-12-05 06:26 - 2020-12-05 06:26 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-12-05 06:26 - 2020-12-05 06:26 - 000138904 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-12-05 06:26 - 2020-12-05 06:26 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-12-05 06:22 - 2020-12-05 06:31 - 000000000 ____D C:\Users\robin\Downloads\sicher
2020-12-04 21:57 - 2020-12-04 21:57 - 000000000 ____D C:\Windows\system32\appmgmt
2020-12-04 12:35 - 2020-12-04 12:37 - 000001407 _____ C:\mbam1.txt
2020-12-03 12:26 - 2020-12-03 12:26 - 008447152 _____ (Malwarebytes) C:\Users\robin\Downloads\adwcleaner_8.0.8.exe
2020-12-03 12:26 - 2020-12-03 12:26 - 000000000 ____D C:\AdwCleaner
2020-12-03 12:24 - 2020-12-05 06:33 - 000000000 ____D C:\FRST
2020-12-03 12:24 - 2020-12-03 12:24 - 002288640 _____ (Farbar) C:\Users\robin\Downloads\FRST64.exe
2020-12-03 12:23 - 2020-12-03 12:23 - 000000000 ____D C:\Users\robin\AppData\Local\INetHistory
2020-12-02 18:33 - 2020-12-02 18:33 - 000000000 ____D C:\Users\robin\OpenVPN
2020-12-02 18:32 - 2020-12-02 18:32 - 004643328 _____ C:\Users\robin\Downloads\OpenVPN-2.5.0-I601-amd64.msi
2020-12-02 17:39 - 2020-12-02 17:39 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2020-12-02 17:38 - 2020-12-02 17:38 - 008673152 _____ () C:\Users\robin\Downloads\XboxInstaller.exe
2020-12-02 16:12 - 2020-12-02 16:12 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-12-02 16:12 - 2020-12-02 16:12 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-12-02 16:12 - 2020-12-02 16:12 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-12-02 16:12 - 2020-12-02 16:12 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-12-02 16:12 - 2020-12-02 16:12 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-02 16:12 - 2020-12-02 16:12 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-02 16:12 - 2020-12-02 16:12 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-02 16:12 - 2020-12-02 16:12 - 000000000 ____D C:\Users\robin\AppData\Local\mbam
2020-12-02 16:12 - 2020-12-02 16:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-02 16:11 - 2020-12-02 16:11 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-01 19:22 - 2020-12-01 19:22 - 000001547 _____ C:\Users\robin\AppData\Local\recently-used.xbel
2020-12-01 19:17 - 2020-12-01 19:22 - 000000000 ____D C:\Users\robin\AppData\Local\gtk-2.0
2020-12-01 19:15 - 2020-12-01 19:30 - 000000000 ____D C:\Users\robin\AppData\Local\babl-0.1
2020-12-01 19:15 - 2020-12-01 19:15 - 000000946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.22.lnk
2020-12-01 19:15 - 2020-12-01 19:15 - 000000000 ____D C:\Users\robin\AppData\Roaming\GIMP
2020-12-01 19:15 - 2020-12-01 19:15 - 000000000 ____D C:\Users\robin\AppData\Local\GIMP
2020-12-01 19:15 - 2020-12-01 19:15 - 000000000 ____D C:\Users\robin\AppData\Local\gegl-0.4
2020-12-01 19:15 - 2020-12-01 19:15 - 000000000 ____D C:\Users\robin\.cache
2020-12-01 19:12 - 2020-12-01 19:13 - 000000000 ____D C:\Program Files\GIMP 2
2020-12-01 19:12 - 2020-12-01 19:12 - 241147480 _____ (The GIMP Team ) C:\Users\robin\Downloads\gimp-2.10.22-setup.exe
2020-11-30 15:24 - 2020-11-30 15:24 - 000000000 ____D C:\Users\robin\AppData\Roaming\KeePass
2020-11-30 15:23 - 2020-11-30 15:23 - 003004302 _____ C:\Users\robin\Downloads\promods-def-st-v251.scs
2020-11-30 15:20 - 2020-11-30 15:20 - 000001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2020-11-30 15:20 - 2020-11-30 15:20 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2020-11-30 15:19 - 2020-11-30 15:19 - 003207880 _____ (Dominik Reichl ) C:\Users\robin\Downloads\KeePass-2.46-Setup.exe
2020-11-30 13:22 - 2020-11-30 14:09 - 000000576 _____ C:\ProgramData\droidcam-client-options-v1
2020-11-30 13:22 - 2020-11-30 14:09 - 000000093 _____ C:\ProgramData\droidcam-settings
2020-11-30 13:20 - 2020-11-30 13:20 - 015412776 _____ C:\Users\robin\Downloads\DroidCam.Setup.6.3.3.exe
2020-11-30 13:20 - 2020-11-30 13:20 - 000000000 ____D C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam
2020-11-30 13:20 - 2020-11-30 13:20 - 000000000 ____D C:\Program Files (x86)\DroidCam
2020-11-29 13:15 - 2020-11-29 13:15 - 005615616 _____ C:\Users\robin\Downloads\spacedesk_driver_Win_10_64_v0970_BETA.msi
2020-11-28 20:49 - 2020-11-28 20:49 - 000269144 _____ () C:\Users\robin\Downloads\FPH SpedV Install(2).exe
2020-11-28 20:49 - 2020-11-28 20:49 - 000269144 _____ () C:\Users\robin\Downloads\FPH SpedV Install(1).exe
2020-11-28 20:36 - 2020-11-28 20:49 - 000000000 ____D C:\Users\robin\AppData\Local\SpedV
2020-11-28 20:36 - 2020-11-28 20:36 - 000269144 _____ () C:\Users\robin\Downloads\FPH SpedV Install.exe
2020-11-28 20:35 - 2020-12-05 06:21 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\SpedV
2020-11-28 20:35 - 2020-11-28 20:38 - 000000000 ____D C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\FPH SpedV
2020-11-28 20:35 - 2020-11-28 20:35 - 000000000 ____D C:\Users\robin\AppData\Local\IsolatedStorage
2020-11-28 20:22 - 2020-11-28 20:22 - 000667351 _____ C:\Users\robin\Downloads\launcher_1004(1).zip
2020-11-27 16:11 - 2020-11-27 16:11 - 000754195 _____ C:\Users\robin\Downloads\FS19_HelperAdvanced.zip
2020-11-27 16:02 - 2020-11-27 16:02 - 011793756 _____ C:\Users\robin\Downloads\AIVehicleExtension_master.zip
2020-11-27 15:26 - 2020-11-27 15:32 - 3325181974 _____ C:\Users\robin\Downloads\all_mods_download.zip
2020-11-27 15:06 - 2020-11-27 15:06 - 000030474 _____ C:\Users\robin\Downloads\FS19_1TidyShop_UsedEquipment(1).zip
2020-11-27 15:04 - 2020-11-27 15:04 - 071778506 _____ C:\Users\robin\Downloads\savegame1.zip
2020-11-27 15:02 - 2020-11-27 15:02 - 000363686 _____ C:\Users\robin\Downloads\FS19_santaHat.zip
2020-11-27 13:33 - 2020-11-27 13:33 - 000007605 _____ C:\Users\robin\AppData\Local\Resmon.ResmonCfg
2020-11-26 19:40 - 2020-11-26 19:48 - 133849603 _____ C:\Users\robin\Downloads\FS19_holmerPack.zip
2020-11-26 19:40 - 2020-11-26 19:43 - 032901804 _____ C:\Users\robin\Downloads\FS19_URAL_Manipulator.zip
2020-11-26 19:40 - 2020-11-26 19:40 - 028528892 _____ C:\Users\robin\Downloads\FS19_kroneEasyCutPack.zip
2020-11-26 19:40 - 2020-11-26 19:40 - 014139782 _____ C:\Users\robin\Downloads\FS19_CaseEcoloTil2500.zip
2020-11-26 19:40 - 2020-11-26 19:40 - 000028605 _____ C:\Users\robin\Downloads\FS19_GlobalCompanyAddOn_FieldCalculator.zip
2020-11-26 19:39 - 2020-11-26 19:41 - 023606899 _____ C:\Users\robin\Downloads\FS19_claasTorion1914DevMule.zip
2020-11-26 19:39 - 2020-11-26 19:39 - 001552073 _____ C:\Users\robin\Downloads\FS19_1TidyShop.zip
2020-11-26 19:38 - 2020-11-26 19:39 - 012405761 _____ C:\Users\robin\Downloads\FS19_metaltechTS18.zip
2020-11-26 19:38 - 2020-11-26 19:38 - 022044168 _____ C:\Users\robin\Downloads\CSS_FendtFarmer310_312_LSA.zip
2020-11-26 19:38 - 2020-11-26 19:38 - 019653087 _____ C:\Users\robin\Downloads\FS19_Fendt900Vario_S5_PC.zip
2020-11-26 19:38 - 2020-11-26 19:38 - 016979596 _____ C:\Users\robin\Downloads\FS19_CLAAS_Axion_900.zip
2020-11-26 19:38 - 2020-11-26 19:38 - 000076984 _____ C:\Users\robin\Downloads\FS19_FilllevelWarning.zip
2020-11-26 19:38 - 2020-11-26 19:38 - 000019617 _____ C:\Users\robin\Downloads\FS19_noSwitchInVehicle.zip
2020-11-26 19:37 - 2020-11-26 19:38 - 010023575 _____ C:\Users\robin\Downloads\FS19_linde_e14.zip
2020-11-26 19:37 - 2020-11-26 19:37 - 000017592 _____ C:\Users\robin\Downloads\FS19_FullStop.zip
2020-11-25 19:32 - 2020-11-25 19:32 - 000534713 _____ C:\Users\robin\Downloads\CrazyCalloutsV0_5_8_3.rar
2020-11-25 19:30 - 2020-11-25 19:31 - 371037941 _____ C:\Users\robin\Downloads\bc2d73-Deutsche Verkehrsschilder V0.4 [BETA].zip
2020-11-25 19:28 - 2020-11-25 19:28 - 001554789 _____ C:\Users\robin\Downloads\Arrest Manager 7.11.0.0 by Albo1125 _ RPH0.51orhigher.zip
2020-11-25 19:24 - 2020-11-25 19:24 - 010286272 _____ C:\Users\robin\Downloads\RAGEPluginHook_1_81_1410_16064_Release.zip
2020-11-25 19:24 - 2020-11-25 19:24 - 001288926 _____ C:\Users\robin\Downloads\ScriptHookV_1.0.2060.1.zip
2020-11-25 19:22 - 2020-11-25 19:22 - 007299303 _____ C:\Users\robin\Downloads\Wilderness Callouts v0.6.0.zip
2020-11-25 19:21 - 2020-11-25 19:21 - 029066455 _____ C:\Users\robin\Downloads\Assorted_Callouts_1.2.0.0_by_Albo1125___RPH_0.51orhigher.zip
2020-11-25 19:20 - 2020-11-25 19:20 - 009401375 _____ C:\Users\robin\Downloads\Traffic_Policer_6_16.0.0_by_Albo1125___MinRPH_0.51.zip
2020-11-25 19:16 - 2020-11-25 19:16 - 021830783 _____ C:\Users\robin\Downloads\Coastal_Callouts_2.0_PLUGIN.zip
2020-11-25 17:56 - 2020-11-25 17:56 - 023009544 _____ C:\Users\robin\Downloads\f2c5df-Custom Visuals v3.4.0.rar
2020-11-25 17:52 - 2020-11-25 17:52 - 008799593 _____ C:\Users\robin\Downloads\2a837c-Polizei Uniform.rar
2020-11-25 17:38 - 2020-11-25 17:38 - 008897076 _____ C:\Users\robin\Downloads\d833ae-DLK BF Dresden.rar
2020-11-25 17:37 - 2020-11-25 17:37 - 035978767 _____ C:\Users\robin\Downloads\8a45c6-TopMods M.B. Sprinter Facelift RTW TIGIS V1.0.0.7z
2020-11-25 17:34 - 2020-11-25 17:34 - 045854390 _____ C:\Users\robin\Downloads\d06237-TopMods VW T5 Passat B8 Polizei V1.0 ©.rar
2020-11-25 17:34 - 2020-11-25 17:34 - 033462697 _____ C:\Users\robin\Downloads\ca970a-Mercedes Benz V250 Pol. BWL - by German-Mods.rar
2020-11-25 17:33 - 2020-11-25 17:33 - 040292427 _____ C:\Users\robin\Downloads\ddf7d7-TopMods VW Tiguan Polizei LSA V1.0 ©.7z
2020-11-25 17:27 - 2020-11-25 17:27 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\OpenIV
2020-11-25 17:25 - 2020-11-25 17:25 - 004753184 _____ C:\Users\robin\Downloads\ELS V1.05.rar
2020-11-25 17:24 - 2020-12-04 21:55 - 000000000 ____D C:\Users\robin\AppData\Local\New Technology Studio
2020-11-25 17:23 - 2020-11-25 17:23 - 004620288 _____ (New Technology Studio) C:\Users\robin\Downloads\ovisetup.exe
2020-11-25 16:13 - 2020-11-25 16:13 - 065920530 _____ (G17 Media) C:\Users\robin\Downloads\lspdfr_048_setup(1).exe
2020-11-25 15:45 - 2020-11-25 15:47 - 000000000 ____D C:\Program Files (x86)\LSPD First Response
2020-11-25 15:44 - 2020-11-25 15:44 - 065920530 _____ (G17 Media) C:\Users\robin\Downloads\lspdfr_048_setup.exe
2020-11-23 12:07 - 2020-11-23 12:07 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2020-11-23 12:07 - 2020-11-23 12:07 - 000000650 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2020-11-23 12:07 - 2020-11-23 12:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2020-11-23 12:07 - 2020-11-23 12:07 - 000000000 ____D C:\Program Files\LGHUB
2020-11-21 18:35 - 2020-11-21 18:35 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-11-21 13:27 - 2020-11-22 12:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-19 19:44 - 2020-12-05 06:27 - 000000000 ____D C:\Users\robin\AppData\Local\Spotify
2020-11-19 19:44 - 2020-12-05 06:26 - 000000000 ____D C:\Users\robin\AppData\Roaming\Spotify
2020-11-19 19:44 - 2020-11-19 19:44 - 000892232 _____ (Spotify Ltd) C:\Users\robin\Downloads\SpotifySetup.exe
2020-11-19 19:44 - 2020-11-19 19:44 - 000001836 _____ C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2020-11-19 18:40 - 2020-11-19 20:00 - 000442368 _____ C:\Users\robin\OneDrive\Dokumente\Mitglieder Datenbank.accdb
2020-11-19 18:10 - 2020-11-19 18:39 - 000991232 _____ C:\Users\robin\OneDrive\Dokumente\Database1.accdb
2020-11-18 19:28 - 2020-11-28 19:56 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Rechnungen
2020-11-18 17:11 - 2020-11-18 17:11 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime
2020-11-17 18:12 - 2020-11-17 18:12 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Neuer Ordner
2020-11-17 17:10 - 2020-11-17 17:10 - 000022235 _____ C:\Users\robin\Downloads\FS19_additionalFieldInfo(1).zip
2020-11-17 17:09 - 2020-11-17 17:09 - 000022235 _____ C:\Users\robin\Downloads\FS19_additionalFieldInfo.zip
2020-11-16 18:43 - 2020-11-16 18:43 - 000117427 _____ C:\Users\robin\Downloads\TSX_EnhancedVehicle(1).zip
2020-11-16 13:23 - 2020-11-16 13:23 - 000117427 _____ C:\Users\robin\Downloads\TSX_EnhancedVehicle.zip
2020-11-15 19:55 - 2020-11-15 20:09 - 000000000 ____D C:\Users\robin\AppData\Roaming\Deckboard
2020-11-15 19:55 - 2020-11-15 20:07 - 000000000 ____D C:\Users\robin\deckboard
2020-11-15 19:55 - 2020-11-15 19:55 - 000000000 ____D C:\Users\robin\AppData\Local\deckboard-updater
2020-11-15 19:49 - 2020-11-15 19:53 - 135104859 _____ (Riva Farabi) C:\Users\robin\Downloads\Deckboard-Setup-1.9.80.exe
2020-11-15 19:18 - 2020-11-15 19:19 - 000000000 ____D C:\Users\robin\AppData\Local\Macro Deck
2020-11-15 19:18 - 2020-11-15 19:18 - 000000000 ____D C:\Users\robin\AppData\Local\Geckofx
2020-11-15 19:18 - 2020-11-15 19:18 - 000000000 ____D C:\Users\robin\.android
2020-11-15 19:18 - 2020-11-15 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Deck
2020-11-15 19:18 - 2020-11-15 19:18 - 000000000 ____D C:\Program Files (x86)\Macro Deck
2020-11-15 19:17 - 2020-11-15 19:17 - 032875928 _____ (SuchByte ) C:\Users\robin\Downloads\Macro Deck Server Installer.exe
2020-11-15 18:24 - 2020-11-15 18:24 - 000000000 ____D C:\Users\robin\AppData\Local\Aviata
2020-11-15 15:45 - 2020-11-15 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox PowerENGAGE
2020-11-15 15:45 - 2020-11-15 15:45 - 000000000 ____D C:\ProgramData\Aviata
2020-11-15 15:45 - 2020-11-15 15:45 - 000000000 ____D C:\Program Files (x86)\Xerox PowerENGAGE
2020-11-15 15:41 - 2020-11-15 18:23 - 000000000 ____D C:\Windows\system32\Tasks\Xerox
2020-11-15 15:40 - 2020-11-15 15:40 - 029969840 _____ C:\Users\robin\Downloads\XeroxSmartStart_1.4.28.0_V4.exe
2020-11-15 15:40 - 2020-11-15 15:40 - 000005022 _____ C:\Windows\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed
2020-11-15 15:40 - 2020-11-15 15:40 - 000004270 _____ C:\Windows\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon
2020-11-15 15:40 - 2020-11-15 15:40 - 000004048 _____ C:\Windows\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh
2020-11-15 15:40 - 2020-11-15 15:40 - 000000000 ____D C:\ProgramData\Xerox
2020-11-15 15:40 - 2020-11-15 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox
2020-11-15 15:40 - 2020-11-15 15:40 - 000000000 ____D C:\Program Files\Xerox
2020-11-15 11:25 - 2020-11-15 11:25 - 044863899 _____ C:\Users\robin\Downloads\Lemken_Smaragd9.zip
2020-11-15 11:24 - 2020-11-15 11:25 - 053847126 _____ C:\Users\robin\Downloads\ClassScorpion7055.zip
2020-11-15 11:24 - 2020-11-15 11:24 - 071678009 _____ C:\Users\robin\Downloads\nhcom095.zip
2020-11-15 11:23 - 2020-11-15 11:23 - 291941955 _____ C:\Users\robin\Downloads\ClaasDiscoPack.zip
2020-11-15 11:23 - 2020-11-15 11:23 - 106922790 _____ C:\Users\robin\Downloads\ClaasLiner2700.zip
2020-11-14 21:55 - 2020-11-14 21:55 - 061540698 _____ C:\Users\robin\Downloads\claas_axion940_display_0.5.1_unzip.zip
2020-11-14 15:50 - 2020-11-14 15:51 - 000000076 _____ C:\Users\robin\Downloads\hrrtl_live_sachsen_mp3_web.m3u
2020-11-14 14:02 - 2020-11-14 14:02 - 000000000 ____D C:\Users\robin\AppData\Roaming\app.MainJavaFXApp
2020-11-14 14:00 - 2020-11-14 14:01 - 000000000 ____D C:\Users\robin\AppData\Roaming\TouchPortal
2020-11-14 13:45 - 2020-11-14 13:47 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2020-11-14 13:45 - 2020-11-14 13:47 - 000000000 ____D C:\Users\robin\AppData\Roaming\Notepad++
2020-11-14 13:45 - 2020-11-14 13:47 - 000000000 ____D C:\Program Files (x86)\Notepad++
2020-11-14 13:43 - 2020-11-16 19:26 - 000180245 _____ C:\Users\robin\Downloads\FS19_VehicleControlAddon.zip
2020-11-14 13:39 - 2020-12-04 21:56 - 000000000 ____D C:\Program Files (x86)\Touch Portal
2020-11-14 13:38 - 2020-11-14 13:38 - 100556640 _____ (Touch Portal VoF ) C:\Users\robin\Downloads\TouchPortal_Setup.exe
2020-11-14 13:07 - 2020-11-14 13:54 - 000040960 _____ C:\Users\robin\AppData\Roaming\cookies.sqlite
2020-11-13 21:25 - 2020-11-13 21:25 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-13 21:25 - 2020-11-13 21:25 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-11-13 21:25 - 2020-11-13 21:25 - 000197632 _____ C:\Windows\system32\IHDS.dll
2020-11-13 21:25 - 2020-11-13 21:25 - 000152576 _____ C:\Windows\system32\EoAExperiences.exe
2020-11-13 21:25 - 2020-11-13 21:25 - 000009265 _____ C:\Windows\system32\DrtmAuthTxt.wim
2020-11-13 13:39 - 2020-11-13 13:39 - 000025160 _____ C:\Users\robin\Downloads\FS19_1TidyShop_UsedEquipment.zip
2020-11-13 13:39 - 2020-11-13 13:39 - 000016266 _____ C:\Users\robin\Downloads\FS19_NoAutomaticRefuel.zip
2020-11-13 13:38 - 2020-11-13 13:47 - 025963078 _____ C:\Users\robin\Downloads\FS19_NewHolland_T7AC.zip
2020-11-13 13:38 - 2020-11-13 13:45 - 014433576 _____ C:\Users\robin\Downloads\FS19_IforWilliamsTT3621.zip
2020-11-13 13:38 - 2020-11-13 13:42 - 007228999 _____ C:\Users\robin\Downloads\FS19_LivestockTrailerAddon.zip
2020-11-13 13:38 - 2020-11-13 13:39 - 047333832 _____ C:\Users\robin\Downloads\FS19_NovagTForce640.zip
2020-11-13 13:38 - 2020-11-13 13:38 - 000016189 _____ C:\Users\robin\Downloads\FS19_AutoIndicatorStopMod.zip
2020-11-13 13:35 - 2020-11-13 14:00 - 006137701 _____ C:\Users\robin\Downloads\FS19_EDGE_Multi_Selling_Station.zip
2020-11-13 13:35 - 2020-11-13 13:36 - 001454864 _____ C:\Users\robin\Downloads\FS19_Double_walled_fuel_tank.zip
2020-11-13 12:53 - 2020-11-13 14:00 - 393216000 _____ C:\Users\robin\Downloads\Accident.part1.rar.part
2020-11-13 12:53 - 2020-11-13 12:53 - 000000000 _____ C:\Users\robin\Downloads\Accident.part1.rar
2020-11-11 14:06 - 2020-11-11 14:06 - 000000000 ___HD C:\$WinREAgent
2020-11-10 15:58 - 2020-11-07 23:28 - 001769688 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-11-10 15:58 - 2020-11-07 23:28 - 001769688 _____ C:\Windows\system32\vulkaninfo.exe
2020-11-10 15:58 - 2020-11-07 23:28 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-11-10 15:58 - 2020-11-07 23:28 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-11-10 15:58 - 2020-11-07 23:28 - 001054944 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-11-10 15:58 - 2020-11-07 23:28 - 001054944 _____ C:\Windows\system32\vulkan-1.dll
2020-11-10 15:58 - 2020-11-07 23:28 - 000917728 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-11-10 15:58 - 2020-11-07 23:28 - 000917728 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-11-10 15:58 - 2020-11-07 23:28 - 000455408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-11-10 15:58 - 2020-11-07 23:28 - 000349936 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-11-10 15:58 - 2020-11-07 23:26 - 000816368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2020-11-10 15:58 - 2020-11-07 23:26 - 000674712 _____ C:\Windows\system32\nvofapi64.dll
2020-11-10 15:58 - 2020-11-07 23:26 - 000543128 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 007707544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 006858992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 004175256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 002509720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 002096880 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 001731824 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6445730.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 001585560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 001506032 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 001482992 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6445730.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 001159920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 000813464 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-11-10 15:58 - 2020-11-07 23:25 - 000556440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-11-10 15:58 - 2020-11-07 23:20 - 005976296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-11-08 23:19 - 2020-11-08 23:19 - 000234928 _____ C:\Windows\system32\spacedeskSrvLibConnectorUsb.dll
2020-11-08 10:59 - 2020-11-08 10:59 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Custom Office Templates
2020-11-07 19:59 - 2020-11-07 19:59 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Notruf 112
2020-11-07 13:20 - 2020-11-07 13:32 - 000000000 ____D C:\Users\robin\AppData\Roaming\CitizenFX
2020-11-07 13:03 - 2020-11-25 15:40 - 000000000 ____D C:\Users\robin\AppData\Local\DigitalEntitlements
2020-11-07 13:02 - 2020-11-25 15:39 - 000000000 ____D C:\Users\robin\AppData\Local\FiveM
2020-11-07 13:02 - 2020-11-07 13:02 - 006656224 _____ (Cfx.re) C:\Users\robin\Downloads\FiveM.exe
2020-11-07 13:02 - 2020-11-07 13:02 - 000002124 _____ C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
2020-11-06 21:35 - 2020-11-06 21:35 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Notruf 112 Demo
2020-11-06 21:35 - 2020-11-06 21:35 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Firefighter
2020-11-06 21:29 - 2020-11-06 21:29 - 000001579 _____ C:\Users\robin\Downloads\notruf_112_die_feuerwehr_simulation_kostenlos_downloaden.zip
2020-11-06 21:29 - 2020-11-06 21:29 - 000000000 ____D C:\Users\robin\Downloads\notruf_112_die_feuerwehr_simulation_kostenlos_downloaden
2020-11-06 21:26 - 2020-11-06 21:26 - 000000000 ____D C:\Users\robin\AppData\LocalLow\Aerosoft
2020-11-06 21:08 - 2020-11-06 21:25 - 1113901956 _____ C:\Users\robin\Downloads\notruf_112___emergency_call_112.rar
2020-11-06 20:52 - 2020-11-06 21:08 - 1887436800 _____ C:\Users\robin\Downloads\Forza.Horizon.4.Ultimate.Edition.part03.rar.part
2020-11-06 20:52 - 2020-11-06 20:52 - 000000000 _____ C:\Users\robin\Downloads\Forza.Horizon.4.Ultimate.Edition.part03.rar
2020-11-06 20:34 - 2020-11-06 20:34 - 000000000 ____D C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StellwerkSim.de
2020-11-06 20:34 - 2020-11-06 20:34 - 000000000 ____D C:\Users\robin\AppData\Local\Sun
2020-11-06 20:33 - 2020-11-06 20:33 - 083364488 _____ (Oracle Corporation) C:\Users\robin\Downloads\jre-8u271-windows-x64.exe
2020-11-06 20:33 - 2020-11-06 20:33 - 000192168 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2020-11-06 20:33 - 2020-11-06 20:33 - 000000000 ____D C:\Users\robin\AppData\Roaming\Sun
2020-11-06 20:33 - 2020-11-06 20:33 - 000000000 ____D C:\Users\robin\AppData\LocalLow\Sun
2020-11-06 20:33 - 2020-11-06 20:33 - 000000000 ____D C:\ProgramData\Oracle
2020-11-06 20:33 - 2020-11-06 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-11-06 20:33 - 2020-11-06 20:33 - 000000000 ____D C:\Program Files\Java
2020-11-06 20:32 - 2020-11-06 20:32 - 001307256 _____ (Oracle Corporation) C:\Users\robin\Downloads\JavaUninstallTool.exe
2020-11-06 20:32 - 2020-11-06 20:32 - 000002074 _____ C:\Users\robin\Downloads\sts-vorte.jnlp
2020-11-06 19:21 - 2020-11-06 19:38 - 1073741824 _____ C:\Users\robin\Downloads\Forza.Horizon.4.Ultimate.Edition.part02.rar
2020-11-06 18:02 - 2020-11-06 18:02 - 000000637 _____ C:\Users\robin\OneDrive\Dokumente\steam_api6421.ini
2020-11-06 17:22 - 2020-11-06 17:31 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Games
2020-11-06 17:20 - 2020-11-06 17:38 - 1073741824 _____ C:\Users\robin\Downloads\Forza.Horizon.4.Ultimate.Edition.part01.rar
2020-11-06 14:22 - 2020-11-06 14:22 - 835900194 _____ C:\Users\robin\Downloads\Lotus.Simulator.zip
2020-11-06 14:22 - 2020-11-06 14:22 - 000000000 ____D C:\Users\robin\AppData\Roaming\EMPRESS
2020-11-06 14:18 - 2020-11-06 14:18 - 000000000 ____D C:\Users\robin\Downloads\planet_zoo
2020-11-06 13:04 - 2020-11-06 13:05 - 368939391 _____ C:\Users\robin\Downloads\planet_zoo.part3.rar
2020-11-06 12:25 - 2020-11-06 12:38 - 1073741824 _____ C:\Users\robin\Downloads\planet_zoo.part2.rar
2020-11-05 19:11 - 2020-11-05 19:29 - 1073741824 _____ C:\Users\robin\Downloads\planet_zoo.part1.rar
2020-11-05 18:43 - 2020-11-05 18:47 - 1275597282 _____ C:\Users\robin\Downloads\fishing__north_atlantic.part3.rar
2020-11-05 18:34 - 2020-11-05 18:34 - 000000233 _____ C:\Users\robin\Downloads\discord_backup_codes.txt
2020-11-05 18:21 - 2020-11-05 18:38 - 1073741824 _____ C:\Users\robin\Downloads\fishing__north_atlantic.part2.rar
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-12-05 06:33 - 2020-10-23 22:30 - 001632020 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-05 06:33 - 2019-12-07 15:51 - 000705894 _____ C:\Windows\system32\perfh007.dat
2020-12-05 06:33 - 2019-12-07 15:51 - 000142188 _____ C:\Windows\system32\perfc007.dat
2020-12-05 06:33 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2020-12-05 06:28 - 2020-10-24 09:44 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-05 06:28 - 2020-10-24 09:15 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-05 06:27 - 2020-10-24 10:01 - 000000000 ____D C:\Users\robin\AppData\Roaming\LGHUB
2020-12-05 06:27 - 2020-10-24 10:01 - 000000000 ____D C:\Users\robin\AppData\Local\LGHUB
2020-12-05 06:27 - 2020-10-24 09:15 - 000000000 ____D C:\Users\robin\AppData\LocalLow\Mozilla
2020-12-05 06:26 - 2020-09-27 08:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-05 06:26 - 2020-09-27 06:33 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-05 06:26 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-05 06:26 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2020-12-05 06:20 - 2020-09-27 06:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-05 06:20 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2020-12-04 21:57 - 2020-11-02 16:31 - 000000000 ____D C:\Users\robin\AppData\Local\CrashDumps
2020-12-04 21:55 - 2020-11-02 18:48 - 000000000 ____D C:\Users\robin\AppData\Local\TeamSpeak 3 Client
2020-12-04 20:50 - 2020-11-02 16:02 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Euro Truck Simulator 2
2020-12-04 12:23 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2020-12-03 12:34 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-02 20:53 - 2020-10-24 09:21 - 000000000 ____D C:\Users\robin\AppData\Roaming\discord
2020-12-02 18:36 - 2020-10-24 15:19 - 000000000 ____D C:\Users\robin\AppData\Local\PlaceholderTileLogoFolder
2020-12-02 18:33 - 2020-10-23 22:28 - 000000000 ____D C:\Users\robin
2020-12-02 17:40 - 2020-10-23 22:29 - 000000000 ____D C:\Users\robin\AppData\Local\Packages
2020-12-02 17:39 - 2020-09-27 08:37 - 000000000 ____D C:\ProgramData\Packages
2020-12-02 16:40 - 2020-10-28 13:41 - 000000000 ____D C:\Program Files\Cheat Engine 7.1
2020-12-02 16:36 - 2020-10-24 09:27 - 000000000 ____D C:\ProgramData\ReviverSoft
2020-12-02 16:36 - 2020-10-24 09:27 - 000000000 ____D C:\Program Files\ReviverSoft
2020-12-02 16:16 - 2020-10-24 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
2020-12-02 16:12 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-12-02 14:40 - 2020-11-02 16:02 - 000000000 ____D C:\ProgramData\TruckersMP
2020-12-02 14:19 - 2020-09-27 08:36 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-02 14:08 - 2020-10-24 10:41 - 000000000 ____D C:\Users\robin\AppData\Local\D3DSCache
2020-11-30 15:16 - 2020-11-02 16:02 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\ETS2MP
2020-11-30 15:03 - 2020-10-24 15:31 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\Schule
2020-11-30 13:05 - 2020-10-24 12:20 - 000000000 ____D C:\Users\robin\AppData\Local\ElevatedDiagnostics
2020-11-28 19:44 - 2020-09-27 08:35 - 000003700 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-28 19:44 - 2020-09-27 08:35 - 000003576 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 12:38 - 2020-10-25 17:17 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-11-27 12:38 - 2020-10-25 17:15 - 000000000 ____D C:\Program Files\Rockstar Games
2020-11-24 17:38 - 2020-10-26 22:37 - 000000000 ____D C:\Users\robin\AppData\Roaming\vlc
2020-11-22 12:22 - 2020-10-24 09:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-21 18:35 - 2020-10-24 09:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-17 17:35 - 2020-10-24 12:41 - 000000000 ____D C:\Windows\system32\MRT
2020-11-17 17:34 - 2020-10-24 12:41 - 133736600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-11-16 18:52 - 2020-11-03 19:47 - 068267401 _____ C:\Users\robin\Downloads\savegame20(2).zip
2020-11-16 16:52 - 2020-10-24 13:17 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\My Games
2020-11-15 15:40 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\MsDtc
2020-11-14 13:17 - 2020-11-03 19:47 - 067003772 _____ C:\Users\robin\Downloads\savegame20.zip
2020-11-13 22:57 - 2020-09-27 06:33 - 000439216 _____ C:\Windows\system32\FNTCACHE.DAT
2020-11-13 22:57 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-11-13 22:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2020-11-13 21:27 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2020-11-13 21:27 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2020-11-13 21:25 - 2020-09-27 08:35 - 002876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-11-13 12:42 - 2020-10-24 12:50 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-10 16:18 - 2020-11-04 19:28 - 000000000 ____D C:\Users\robin\OneDrive\Dokumente\BeamNG.drive
2020-11-07 23:25 - 2020-10-24 10:14 - 000656112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-11-07 23:20 - 2020-10-24 10:14 - 007005008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-11-07 19:59 - 2020-10-24 10:01 - 000000000 ____D C:\ProgramData\Package Cache
2020-11-07 05:01 - 2020-10-24 10:14 - 000058620 _____ C:\Windows\system32\nvinfo.pb
2020-11-07 01:10 - 2020-10-24 10:15 - 005510968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 002636264 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 000992232 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 000194360 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 000122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2020-11-07 01:10 - 2020-10-24 10:15 - 000083256 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2020-11-06 14:24 - 2020-11-02 19:27 - 000000000 ____D C:\Users\robin\AppData\Roaming\WhatsApp
2020-11-06 12:05 - 2020-11-02 19:26 - 000000000 ____D C:\Users\robin\AppData\Local\WhatsApp
2020-11-06 12:05 - 2020-10-24 09:21 - 000000000 ____D C:\Users\robin\AppData\Local\SquirrelTemp
2020-11-06 12:05 - 2020-09-27 08:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2020-11-14 13:07 - 2020-11-14 13:54 - 000040960 _____ () C:\Users\robin\AppData\Roaming\cookies.sqlite
2020-12-01 19:22 - 2020-12-01 19:22 - 000001547 _____ () C:\Users\robin\AppData\Local\recently-used.xbel
2020-11-27 13:33 - 2020-11-27 13:33 - 000007605 _____ () C:\Users\robin\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
05.12.2020, 14:35
| #15 |
| /// TB-Ausbilder | Windows PC laut Telekom mit gootkit infiziert Gootkit ist weg, wir entfernen noch Reste der Adware und kontrollieren abschließend. Schritt 1
Schritt 2 Führe RogueKiller Anti-Malware gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 3
Bitte poste mit deiner nächsten Antwort:
|
|
| Themen zu Windows PC laut Telekom mit gootkit infiziert |
| administrator, adobe, bonjour, defender, email, euro, firefox, geforce, generic, google, homepage, internet, mozilla, nvcontainer, nvcontainer.exe, nvidia, port, programm, prozesse, realtek, registry, rundll, scan, sigcheck, software, teamspeak, updates, windows |
Linear-Darstellung
