Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: Kein Ton durch Virus

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 05.04.2021, 20:02   #1
Phillip93
 
Kein Ton durch Virus - Standard

Kein Ton durch Virus



Hallo Trojaner-Board!
Da meine Kaspersky Lizenz abgelaufen war, war der Schutz deaktiviert. Ich habe das Programm deinstalliert und Avira Security installiert. Es war 1 Tag kein Antivirus-Programm installiert und ich habe mir durch eine Pornoseite oder sowas ähnliches einen Virus eingefangen. Es funktioniert kein Ton und die Schrift in PDF-Dokumenten wird leicht anders.

Ich hoffe ihr könnt mir helfen!

Phillip

Alt 05.04.2021, 22:18   #2
M-K-D-B
/// TB-Ausbilder
 
Kein Ton durch Virus - Standard

Kein Ton durch Virus







Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.



Bitte beachte unsere Regeln und Hinweise für Hilfesuchende:
Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?


Nur mit diesen Informationen können wir helfen. Vielen Dank für deine Mitarbeit!
__________________

__________________

Alt 06.04.2021, 16:59   #3
Phillip93
 
Kein Ton durch Virus - Standard

FRST.txt und Addition.txt



Vielen Dank für die Hilfsbereitschaft!
Was ich noch vergessen hatte, zu erwähnen.
Code:
ATTFilter
sfc /scannow
         
funktioniert auch nicht mehr, wie noch vor ein paar Monaten.
Ich war mir nicht sicher ob FRST.txt und Additions.txt hier oder bei "Log-Analyse und Auswertung" posten soll, also habe kopiere ich den Text in beide Sub-Foren.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021
Ran by Phillip (administrator) on DESKTOP-E3LPO85 (LENOVO 80SG) (06-04-2021 16:40:37)
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip
Platform: Windows 10 Pro Version 20H2 19042.906 (X64) Language: German (Germany) -> English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Driver Booster\8.3.0\DriverBooster.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2009.30067.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [AusweisApp2] => C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe [2405504 2020-11-30] (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23927096 2021-03-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [BitTorrent] => C:\Users\Phillip\AppData\Roaming\BitTorrent\BitTorrent.exe [2135080 2021-03-24] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [Opera Browser Assistant] => C:\Users\Phillip\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3900056 2021-03-23] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Run: [] => [X]
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\MountPoints2: {0bbd7085-7842-11eb-a07d-918a616b63b7} - "D:\autorun.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-03] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\89.1.22.71\Installer\chrmstp.exe [2021-04-01] (Brave Software, Inc. -> Brave Software, Inc.)
IFEO\FoxitReaderUpdateService.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\FoxitUpdater.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\maintenanceservice.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\SendCrashReport.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\ServiceMiniNotice.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\TrackReview.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
Startup: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2021-04-06]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-02-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AEBE8EF-4B94-4561-8332-538661ACEA32} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080824 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {17578569-94A6-420E-9F32-D22B4EB6C36C} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {1BFB017E-8A90-4FE1-9474-E3CE946080A2} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-04-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {1DDEC5B1-C3AE-44AE-99C4-C7B5C8981A08} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080824 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {254C7783-ACBC-43D4-AEF7-973945C37238} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114024 2021-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BC518DE-A155-404D-AF66-64C89E7FE410} - System32\Tasks\Opera scheduled Autoupdate 1615734086 => C:\Users\Phillip\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-03-23] (Opera Software AS -> Opera Software)
Task: {37D59D82-6612-43EF-9403-13445AC47DD4} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\8.3.0\AutoUpdate.exe [2268432 2020-12-23] (IObit Information Technology -> IObit)
Task: {39D7E8BC-14DE-4634-845F-33CB40492A5A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Task: {414A76FC-619F-4527-BF81-C1CB726333D2} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {496637FA-D488-46E6-BF5F-36DC172EE9A3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114024 2021-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {509F75B2-301F-450D-8BE9-EFF3A754DE9B} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\8.3.0\Scheduler.exe [152848 2020-12-23] (IObit Information Technology -> IObit)
Task: {51F15BF9-B85C-42E5-A150-F3C9528AD04C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-12] (Google LLC -> Google LLC)
Task: {67177BCC-906F-4AA7-981C-88EC90870321} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [234200 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {72A22043-F166-4B72-838D-3A245030132F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-12] (Google LLC -> Google LLC)
Task: {76633BC2-1C40-417A-A386-239151D4B11C} - System32\Tasks\Driver Booster SkipUAC (Phillip) => C:\Program Files (x86)\IObit\Driver Booster\8.3.0\DriverBooster.exe [8152016 2021-02-01] (IObit Information Technology -> IObit)
Task: {77174391-3024-4F89-BA06-C9775F647EDB} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {800726F7-A3B7-4E08-A88D-020C4FD0DB03} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [642544 2021-03-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {A32D4BB0-0578-4210-85B9-37FC89CFD05C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B618B26C-F35C-4ECA-BAD4-2480438206EF} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {DB824803-62B4-4EA6-BCCA-3680C78356F7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {DDAB4885-1EE2-4ACE-836B-7A19A0D0AA44} - System32\Tasks\Opera scheduled assistant Autoupdate 1615734101 => C:\Users\Phillip\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-03-23] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Phillip\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {DE87C263-38FA-4712-8628-650725C71390} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E0FA14AA-B11A-4CCD-A020-7DE75791C2C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1D15529-FBB7-4654-BE41-4E740BF78203} - System32\Tasks\Uninstaller_SkipUac_Phillip => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [6701784 2021-03-18] (IObit Information Technology -> IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{dc8435fd-0db0-4c70-8eb9-1e02e3130ac5}: [DhcpNameServer] 172.20.10.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
DownloadDir: C:\Users\Phillip\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-06]
Edge DownloadDir: C:\Users\Phillip\Desktop
Edge Notifications: Default -> hxxps://mail.google.com; hxxps://www.tvspielfilm.de; hxxps://www.youtube.com
Edge HomePage: Default -> hxxps://www.bing.com/?cc=de
Edge DefaultSearchURL: Default -> hxxps://www.youporn.com/bundles/youpornwebfront/images/manifest-icons/android-icon-36x36.png
Edge Extension: (YouPorn) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aldhaifpedancjeeimgomgjakoglmbjl [2021-03-24]
Edge Extension: (AdGuard AdBlocker) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2021-04-02]
Edge Extension: (Google Maps) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mnhkaebcjjhencmpkapnbdaogjamfbcj [2021-04-05]
Edge Extension: (I don't care about cookies) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oholpbloipjbbhlhohaebmieiiieioal [2021-03-14]
Edge Extension: (AdBlocker Ultimate) - C:\Users\Phillip\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pciakllldcajllepkbbihkmfkikheffb [2021-03-14]
Edge HKU\S-1-5-21-1307152980-782841198-2650162068-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 9wxop1so.default
FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\9wxop1so.default [2021-02-07]
FF user.js: detected! => C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\9wxop1so.default\user.js [2021-03-30]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\9wxop1so.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2020-07-28]
FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552 [2021-04-04]
FF user.js: detected! => C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552\user.js [2021-03-30]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2020-07-28]
FF Extension: (Video DownloadHelper) - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\jqnvf0o5.default-release-1612355754552\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-03-25]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default [2021-04-05]
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.de/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-10]
CHR Extension: (Chrome Media Router) - C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-10]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\Phillip\AppData\Roaming\Opera Software\Opera Stable [2021-04-05]
OPR Notifications: Opera Stable -> hxxps://www.accuweather.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Phillip\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-03-14]

Brave:
=======
BRA Profile: C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-04-04]
BRA Extension: (Kaspersky Protection) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-04-03]
BRA Extension: (Avira Password Manager) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-04-01]
BRA Extension: (Avira Safe Shopping) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-03-31]
BRA Extension: (Avira Browser Safety) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-03-31]
BRA Extension: (Malwarebytes Browser Guard) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-04]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-03-31]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-04-04]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-03-31]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-03-31]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2021-04-04]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Phillip\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-03-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [385568 2021-03-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [247232 2021-03-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-31] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8990072 2021-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\ElevationService.exe [913408 2020-07-31] () [File not signed]
S4 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [158992 2020-10-19] (IObit Information Technology -> IObit)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S4 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262312 2021-01-27] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 kpm_launch_service; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40496 2020-06-03] (IObit Information Technology -> IObit)
S3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [46008 2020-07-21] (IObit Information Technology -> IObit)
S3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46008 2020-06-03] (IObit Information Technology -> IObit)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [209744 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [942576 2020-03-26] (Intel(R) Intel_ICG -> Intel(R) Corporation)
S3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2021-04-03] (CPUID -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [161288 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2016-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Mobile Communications)
R3 GoodixTouchDriver; C:\WINDOWS\System32\drivers\GoodixTouchDriver.sys [113312 2015-12-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 iaisp; C:\WINDOWS\System32\drivers\iaisp64.sys [38896 2020-03-26] (Intel(R) Intel_ICG -> Intel(R) Corporation)
R3 iaspie; C:\WINDOWS\System32\drivers\iaspie.sys [72872 2020-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [114304 2020-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [105064 2020-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [733680 2021-04-04] (Intel(R) OWR -> )
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit)
R3 ov5648; C:\WINDOWS\System32\drivers\ov5648.sys [140576 2016-08-15] (WDKTestCert huizhou1,130864188504416365 -> Intel(R) Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [109568 2015-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R3 rtii2sac64; C:\WINDOWS\System32\drivers\rtii2sac.sys [490976 2021-04-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [757736 2020-03-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [7889408 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2016-07-22] (Microsoft Windows Hardware Compatibility Publisher -> MobileTop)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2016-07-22] (MCCI Corporation -> MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2016-07-22] (MCCI Corporation -> MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2016-07-22] (MCCI Corporation -> MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2016-07-22] (MCCI Corporation -> MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2016-07-22] (MCCI Corporation -> MCCI Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2016-07-22] (MCCI Corporation -> MCCI Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-03-22] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [420072 2021-03-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-22] (Microsoft Windows -> Microsoft Corporation)
S1 eamonm; system32\DRIVERS\eamonm.sys [X]
S1 ehdrv; \SystemRoot\system32\DRIVERS\ehdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-06 16:40 - 2021-04-06 16:43 - 000034379 _____ C:\Users\Phillip\Desktop\FRST.txt
2021-04-06 16:39 - 2021-04-06 16:41 - 000000000 ____D C:\FRST
2021-04-06 16:38 - 2021-04-06 16:47 - 010991113 _____ C:\Users\Phillip\Desktop\Bild_-_06_April_2021.pdf
2021-04-06 16:34 - 2021-04-06 16:35 - 002298368 _____ (Farbar) C:\Users\Phillip\Desktop\FRST64.exe
2021-04-05 12:57 - 2021-04-05 12:57 - 000002560 _____ C:\WINDOWS\system32\Drivers\202145_12572178_CheckPoint_Dump.txt
2021-04-05 12:57 - 2021-04-05 12:57 - 000000256 _____ C:\WINDOWS\system32\Drivers\202145_12572178_SHIM_Dump.txt
2021-04-05 12:57 - 2021-04-05 12:57 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-04-04 22:31 - 2021-04-04 22:31 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_223142656_CheckPoint_Dump.txt
2021-04-04 22:31 - 2021-04-04 22:31 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_223142990_SHIM_Dump.txt
2021-04-04 20:18 - 2021-04-04 20:18 - 000001159 _____ C:\Users\Phillip\Desktop\Sky Ticket.lnk
2021-04-04 20:13 - 2021-04-04 20:14 - 049922752 _____ (Sky Ticket ) C:\Users\Phillip\Desktop\SkyTicket-Windows.exe
2021-04-04 19:53 - 2021-04-04 19:53 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-04 16:50 - 2021-04-04 16:50 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\RenPy
2021-04-04 16:47 - 2021-04-04 16:54 - 000000000 ____D C:\Program Files (x86)\Milfy_City_0.5c_Compressed
2021-04-04 16:37 - 2021-04-04 16:37 - 000000000 ____D C:\Users\Phillip\Desktop\Milfy_City_0.5c_Compressed
2021-04-04 16:21 - 2021-04-04 16:38 - 000000000 ____D C:\Users\Phillip\AppData\LocalLow\BitTorrent
2021-04-04 16:21 - 2021-04-04 16:21 - 000001126 _____ C:\Users\Phillip\Desktop\Milfy_City_0.5c_Compressed.zip.1.torrent
2021-04-04 14:36 - 2021-04-04 14:36 - 003244992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2021-04-04 14:36 - 2021-04-04 14:36 - 003137376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkMic64.dll
2021-04-04 14:36 - 2021-04-04 14:36 - 002783528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkMcp64.dll
2021-04-04 14:36 - 2021-04-04 14:36 - 000949956 _____ C:\WINDOWS\system32\Drivers\realtek_fw_sst.bin
2021-04-04 14:36 - 2021-04-04 14:36 - 000733680 _____ C:\WINDOWS\system32\Drivers\isstrtc.sys
2021-04-04 14:36 - 2021-04-04 14:36 - 000588032 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2021-04-04 14:36 - 2021-04-04 14:36 - 000168208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2021-04-04 14:36 - 2021-04-04 14:36 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_143648643_CheckPoint_Dump.txt
2021-04-04 14:36 - 2021-04-04 14:36 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_143648643_SHIM_Dump.txt
2021-04-04 14:09 - 2021-04-04 14:09 - 000490976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtii2sac.sys
2021-04-04 13:53 - 2021-04-04 13:53 - 000003708 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2021-04-04 13:50 - 2021-04-04 13:50 - 000003374 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray
2021-04-04 13:49 - 2021-03-25 18:05 - 000209744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2021-04-04 13:49 - 2021-02-09 19:03 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2021-04-04 13:49 - 2019-06-07 15:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2021-04-04 13:49 - 2019-03-20 19:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2021-04-04 13:49 - 2019-03-20 19:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2021-04-04 13:49 - 2019-03-20 19:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2021-04-04 13:49 - 2019-03-20 19:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys
2021-04-04 13:43 - 2021-04-04 13:43 - 000003780 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate
2021-04-04 13:43 - 2021-04-04 13:43 - 000000000 ____D C:\Users\Public\Speedup Sessions
2021-04-04 13:42 - 2021-04-04 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-04-04 13:28 - 2021-04-04 13:28 - 000000193 _____ C:\WINDOWS\1KKkUSW9SJ5yL50z9zRsypjr4JdgqbOKl@e=download
2021-04-04 12:56 - 2021-04-04 12:56 - 000003238 _____ C:\WINDOWS\nl.exe
2021-04-04 12:56 - 2021-04-04 12:56 - 000003231 _____ C:\WINDOWS\sb.bat
2021-04-04 12:55 - 2021-04-04 12:55 - 000000000 ____D C:\WINDOWS\w
2021-04-04 12:55 - 2021-04-04 12:55 - 000000000 ____D C:\WINDOWS\c
2021-04-04 12:50 - 2021-04-04 12:50 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_125032523_CheckPoint_Dump.txt
2021-04-04 12:50 - 2021-04-04 12:50 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_125032523_SHIM_Dump.txt
2021-04-04 12:33 - 2021-04-04 12:33 - 000002560 _____ C:\WINDOWS\system32\Drivers\202144_123310887_CheckPoint_Dump.txt
2021-04-04 12:33 - 2021-04-04 12:33 - 000000256 _____ C:\WINDOWS\system32\Drivers\202144_123310887_SHIM_Dump.txt
2021-04-04 11:49 - 2021-04-04 12:06 - 098813504 _____ C:\Users\Phillip\Desktop\Z6969.rar
2021-04-04 11:49 - 2021-04-04 11:49 - 000002968 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Phillip
2021-04-04 11:48 - 2021-04-04 11:48 - 000001438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2021-04-04 11:48 - 2021-04-04 11:48 - 000001426 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2021-04-04 11:48 - 2021-04-04 11:48 - 000001426 _____ C:\ProgramData\Desktop\IObit Uninstaller.lnk
2021-04-04 11:48 - 2021-04-04 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2021-04-04 11:39 - 2021-04-04 11:58 - 023544087 _____ C:\Users\Phillip\Desktop\Bild_Am_Sonntag_-_04_April_2021.pdf
2021-04-03 20:57 - 2021-04-03 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2021-04-03 20:34 - 2021-04-03 20:34 - 000000000 ____D C:\Users\Phillip\AppData\Local\mbam
2021-04-03 20:15 - 2021-04-03 20:15 - 002084016 _____ (Malwarebytes) C:\Users\Phillip\Desktop\MBSetup.exe
2021-04-03 19:12 - 2021-04-03 19:15 - 000000000 ____D C:\Users\Phillip\Desktop\KASPERSKY 2021
2021-04-03 19:08 - 2021-04-03 19:08 - 028539004 _____ C:\Users\Phillip\Desktop\KASPERSKY 2021.rar
2021-04-03 18:52 - 2021-04-04 05:09 - 000000000 ____D C:\Users\Phillip\AppData\Local\CrashDumps
2021-04-03 18:25 - 2021-04-04 11:46 - 000003932 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1615734101
2021-04-03 18:25 - 2021-04-04 11:46 - 000003674 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1615734086
2021-04-03 18:25 - 2021-04-03 18:25 - 000001405 _____ C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-04-03 18:05 - 2021-04-03 18:15 - 012440623 _____ C:\Users\Phillip\Desktop\Bild_-_03_April_2021.pdf
2021-04-03 17:58 - 2021-04-04 11:54 - 000000000 ____D C:\Users\Phillip\AppData\Local\Kaspersky Lab
2021-04-03 17:54 - 2021-04-03 17:54 - 000002560 _____ C:\WINDOWS\system32\Drivers\202143_175415263_CheckPoint_Dump.txt
2021-04-03 17:54 - 2021-04-03 17:54 - 000000256 _____ C:\WINDOWS\system32\Drivers\202143_175415263_SHIM_Dump.txt
2021-04-03 17:40 - 2021-04-03 17:40 - 000002560 _____ C:\WINDOWS\system32\Drivers\202143_174043823_CheckPoint_Dump.txt
2021-04-03 17:40 - 2021-04-03 17:40 - 000000256 _____ C:\WINDOWS\system32\Drivers\202143_174043823_SHIM_Dump.txt
2021-04-03 13:51 - 2021-04-04 12:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-04-03 13:46 - 2021-04-03 19:26 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2021-04-03 13:25 - 2021-04-03 13:26 - 000000000 ____D C:\Users\Phillip\Desktop\CCleaner Professional Plus 5.75 Multilingual + Serial Keys [SadeemPC]
2021-04-02 18:48 - 2021-04-02 18:48 - 000002560 _____ C:\WINDOWS\system32\Drivers\202142_184842363_CheckPoint_Dump.txt
2021-04-02 18:48 - 2021-04-02 18:48 - 000000256 _____ C:\WINDOWS\system32\Drivers\202142_184842363_SHIM_Dump.txt
2021-04-02 18:28 - 2021-04-02 18:41 - 015392284 _____ C:\Users\Phillip\Desktop\Bild_-_01_April_2021.pdf
2021-04-02 16:42 - 2021-04-02 16:43 - 015481295 _____ C:\Users\Phillip\Desktop\Amazon_App.apk
2021-04-01 15:44 - 2021-04-01 15:44 - 005074997 _____ C:\Users\Phillip\Desktop\J. K. Rowling - Harry Potter and the Order of the Phoenix.pdf
2021-04-01 10:18 - 2021-04-01 10:18 - 000002560 _____ C:\WINDOWS\system32\Drivers\202141_101816596_CheckPoint_Dump.txt
2021-04-01 10:18 - 2021-04-01 10:18 - 000000256 _____ C:\WINDOWS\system32\Drivers\202141_101816628_SHIM_Dump.txt
2021-03-31 18:41 - 2021-03-31 18:41 - 000001138 _____ C:\Users\Phillip\Desktop\The Tales Of Beedle The Bard.lnk
2021-03-31 15:17 - 2021-03-31 15:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-03-31 03:29 - 2021-03-31 03:29 - 000010241 _____ C:\Users\Phillip\Desktop\Brown, Dan.1.torrent
2021-03-31 03:29 - 2021-03-31 03:29 - 000000000 ____D C:\Users\Phillip\Desktop\Brown, Dan
2021-03-31 03:23 - 2021-03-31 03:25 - 000000000 ____D C:\Users\Phillip\Desktop\Stephen King eBooks Collection Epub+Mobi
2021-03-31 03:23 - 2021-03-31 03:23 - 000031090 _____ C:\Users\Phillip\Desktop\Stephen King eBooks Collection Epub+Mobi.1.torrent
2021-03-31 03:22 - 2021-03-31 03:27 - 000000000 ____D C:\Users\Phillip\Desktop\J R R Tolkien (Complete Works - Epubs) 1937 to 2018
2021-03-31 03:22 - 2021-03-31 03:22 - 000024306 _____ C:\Users\Phillip\Desktop\J R R Tolkien (Complete Works - Epubs) 1937 to 2018.1.torrent
2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\The Subtle Art of Not Giving a Fck - A Counterintuitive Approach to Living a Good Life (2016) (Epub) Gooner
2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\The Complete Book of Home Organization - 200+ Tips and Projects
2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\KMS_VL_ALL Activator CMD Windows and Office - August 2019
2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\IELTS Advantage - Reading + Writing Skills - by Jeremy Taylor , Jon Wright,by Richard Brown , Lewis Richards - Mantesh
2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\Barely Legal - February 2021
2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\Artistic Nudes By Various Photographers
2021-03-31 03:10 - 2021-03-31 03:10 - 000012246 _____ C:\Users\Phillip\Desktop\IELTS Advantage - Reading + Writing Skills - by Jeremy Taylor , Jon Wright,by Richard Brown , Lewis Richards - Mantesh.torrent
2021-03-31 03:00 - 2020-09-16 23:58 - 042345058 ____R C:\Users\Phillip\Desktop\Harry Potter and the Cursed Child - J.K. Rowling.exe
2021-03-31 03:00 - 2020-09-16 23:35 - 002538652 _____ C:\Users\Phillip\Desktop\Harry Potter and the Cursed Child - J.K. Rowling.pdf
2021-03-31 02:55 - 2021-03-31 02:55 - 007675697 _____ C:\Users\Phillip\Desktop\The Tales Of Beedle The Bard.pdf
2021-03-31 02:53 - 2021-03-31 02:53 - 000850164 _____ C:\Users\Phillip\Desktop\J_K_Rowling_Quidditch_Through_the_Ages.pdf
2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\The Ickabog by J.K. Rowling EPUB
2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\J.K. Rowling - Harry Potter
2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\J. K. Rowling - The Casual Vacancy (ePub mobi)
2021-03-31 02:39 - 2021-03-31 02:39 - 000000000 ____D C:\Users\Phillip\Desktop\J. K. Rowling - Harry Potter Series All ebooks
2021-03-31 02:39 - 2021-03-31 02:26 - 003360816 ____R C:\Users\Phillip\Desktop\J.K. Rowling - Fantastic Beasts & Where to Find Them.pdf
2021-03-31 02:01 - 2021-04-01 23:09 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-03-31 02:01 - 2021-04-01 23:09 - 000002325 _____ C:\Users\Public\Desktop\Brave.lnk
2021-03-31 02:01 - 2021-04-01 23:09 - 000002325 _____ C:\ProgramData\Desktop\Brave.lnk
2021-03-31 02:00 - 2021-03-31 02:00 - 000000000 ____D C:\Program Files\BraveSoftware
2021-03-31 01:58 - 2021-04-04 11:46 - 000003426 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-03-31 01:58 - 2021-04-04 11:46 - 000003202 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-03-31 01:57 - 2021-03-31 02:01 - 000000000 ____D C:\Users\Phillip\AppData\Local\BraveSoftware
2021-03-31 01:57 - 2021-03-31 01:58 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-03-31 01:57 - 2021-03-31 01:57 - 001242992 _____ (BraveSoftware Inc.) C:\Users\Phillip\Desktop\BraveBrowserSetup.exe
2021-03-31 01:41 - 2021-03-31 01:41 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021331_1411697_CheckPoint_Dump.txt
2021-03-31 01:41 - 2021-03-31 01:41 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021331_1411697_SHIM_Dump.txt
2021-03-31 01:40 - 2021-04-04 22:34 - 001019904 _____ C:\WINDOWS\system32\config\DEFAULT
2021-03-31 01:40 - 2021-04-04 22:34 - 000057344 _____ C:\WINDOWS\system32\config\SECURITY
2021-03-31 01:40 - 2021-04-04 22:31 - 000073728 _____ C:\WINDOWS\system32\config\SAM
2021-03-31 01:40 - 2021-03-31 01:40 - 098181120 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2021-03-31 01:40 - 2021-03-31 01:40 - 098181120 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag
2021-03-31 01:40 - 2021-03-31 01:40 - 001019904 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2021-03-31 01:40 - 2021-03-31 01:40 - 000073728 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2021-03-31 01:40 - 2021-03-31 01:40 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2021-03-31 01:40 - 2021-03-31 01:40 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021331_1402190_CheckPoint_Dump.txt
2021-03-31 01:40 - 2021-03-31 01:40 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021331_1402190_SHIM_Dump.txt
2021-03-31 01:40 - 2021-03-31 01:40 - 000000000 ____H C:\asc_rdflag
2021-03-30 21:16 - 2021-04-04 13:54 - 000000000 ____D C:\Users\Public\Security Sessions
2021-03-30 21:12 - 2021-03-30 21:12 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2021-03-30 21:02 - 2021-03-30 21:17 - 000000000 ____D C:\Users\Phillip\AppData\Local\Avira
2021-03-30 21:01 - 2021-03-30 21:01 - 098111488 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2021-03-30 21:01 - 2021-03-30 21:01 - 001019904 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2021-03-30 21:01 - 2021-03-30 21:01 - 000073728 _____ C:\WINDOWS\system32\config\SAM.iobit
2021-03-30 21:01 - 2021-03-30 21:01 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2021-03-30 20:55 - 2021-04-04 13:52 - 000000000 ____D C:\Program Files (x86)\Avira
2021-03-30 20:54 - 2021-04-04 13:52 - 000000000 ____D C:\ProgramData\Avira
2021-03-30 13:51 - 2021-03-30 13:51 - 000000000 ____D C:\Users\Phillip\Desktop\convertPdfTo_ae9b65f78ded003c4905e5d001991627
2021-03-30 13:11 - 2021-03-30 13:11 - 000122572 _____ C:\Users\Phillip\Desktop\Persönliche Darlegung der Gewissensentscheidung.pdf
2021-03-30 12:39 - 2021-03-30 12:39 - 000135352 _____ C:\Users\Phillip\Desktop\Lebenslauf von Phillip Kramer.pdf
2021-03-30 11:55 - 2021-03-30 11:55 - 000110370 _____ C:\Users\Phillip\Desktop\Antragsschreiben mit Berufung auf Art. 4 Abs. 3 GG.pdf
2021-03-29 14:47 - 2021-03-29 14:49 - 009981907 _____ C:\Users\Phillip\Desktop\bild29032021.pdf
2021-03-29 14:45 - 2021-03-29 15:01 - 016807722 _____ C:\Users\Phillip\Desktop\Bild_-_29_März_2021.pdf
2021-03-28 13:57 - 2021-03-28 13:57 - 000000000 ____D C:\Users\Phillip\Desktop\Bil280321
2021-03-27 18:51 - 2021-03-27 20:32 - 000000000 ____D C:\Users\Phillip\Desktop\Kuchen backen
2021-03-27 16:23 - 2021-03-27 16:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-27 12:17 - 2021-03-27 12:17 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021327_11179683_CheckPoint_Dump.txt
2021-03-27 12:17 - 2021-03-27 12:17 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021327_11179699_SHIM_Dump.txt
2021-03-15 16:35 - 2021-03-15 16:35 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021315_153529610_CheckPoint_Dump.txt
2021-03-15 16:35 - 2021-03-15 16:35 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021315_153529610_SHIM_Dump.txt
2021-03-14 23:23 - 2021-03-14 23:23 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-03-14 23:22 - 2021-03-14 23:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-14 23:20 - 2021-03-14 23:20 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-14 23:20 - 2021-03-14 23:20 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-14 23:19 - 2021-03-14 23:19 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-14 23:18 - 2021-03-14 23:18 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-14 23:17 - 2021-03-14 23:17 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-14 23:17 - 2021-03-14 23:17 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-14 23:15 - 2021-03-14 23:15 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-14 23:15 - 2021-03-14 23:15 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-14 23:15 - 2021-03-14 23:15 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-14 20:25 - 2021-03-30 20:07 - 000000000 ____D C:\Users\Phillip\Desktop\Desktop (nicht löschen)
2021-03-14 17:02 - 2021-03-14 17:02 - 000000000 ____D C:\Users\Phillip\AppData\Local\Opera Software
2021-03-14 14:36 - 2021-03-14 14:36 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021314_133631582_CheckPoint_Dump.txt
2021-03-14 14:36 - 2021-03-14 14:36 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021314_133631582_SHIM_Dump.txt
2021-03-14 14:05 - 2021-03-14 14:54 - 000002648 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-03-14 12:57 - 2021-03-14 12:57 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Opera Software
2021-03-12 14:30 - 2021-03-12 14:30 - 000000000 ____D C:\Users\Phillip\AppData\Local\Foxit Reader
2021-03-12 14:22 - 2021-03-12 14:44 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Foxit Scanner Images
2021-03-12 14:15 - 2021-03-12 14:15 - 001560064 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrWia09b.dll
2021-03-12 14:15 - 2021-03-12 14:15 - 000050176 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrUsi09a.dll
2021-03-12 13:59 - 2021-04-05 15:36 - 000000419 _____ C:\WINDOWS\BRWMARK.INI
2021-03-10 18:55 - 2021-03-10 18:55 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021310_175540780_CheckPoint_Dump.txt
2021-03-10 18:55 - 2021-03-10 18:55 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021310_175540780_SHIM_Dump.txt
2021-03-10 11:48 - 2021-03-10 11:48 - 000002560 _____ C:\WINDOWS\system32\Drivers\2021310_104820619_CheckPoint_Dump.txt
2021-03-10 11:48 - 2021-03-10 11:48 - 000000256 _____ C:\WINDOWS\system32\Drivers\2021310_104820651_SHIM_Dump.txt
2021-03-08 23:20 - 2021-03-08 23:20 - 000002560 _____ C:\WINDOWS\system32\Drivers\202138_222028780_CheckPoint_Dump.txt
2021-03-08 23:20 - 2021-03-08 23:20 - 000000256 _____ C:\WINDOWS\system32\Drivers\202138_222028780_SHIM_Dump.txt
2021-03-08 21:27 - 2021-03-08 21:33 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\bigoLive
2021-03-08 20:55 - 2021-03-08 20:58 - 000000000 ____D C:\Users\Phillip\AppData\Local\WhatsApp
2021-03-07 15:48 - 2021-03-07 15:48 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS Remote Play.lnk
2021-03-07 15:48 - 2021-03-07 15:48 - 000000000 ____D C:\Program Files (x86)\Sony
2021-03-07 12:12 - 2021-03-07 12:12 - 000002560 _____ C:\WINDOWS\system32\Drivers\202137_111238480_CheckPoint_Dump.txt
2021-03-07 12:12 - 2021-03-07 12:12 - 000000256 _____ C:\WINDOWS\system32\Drivers\202137_111238496_SHIM_Dump.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-06 16:11 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-06 15:27 - 2021-01-12 17:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-05 19:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-05 19:54 - 2020-12-12 18:57 - 000000000 ____D C:\Users\Phillip\AppData\Local\Packages
2021-04-05 19:53 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-05 15:36 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-05 13:05 - 2021-01-12 17:54 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-05 13:05 - 2019-12-07 16:51 - 000746440 _____ C:\WINDOWS\system32\perfh007.dat
2021-04-05 13:05 - 2019-12-07 16:51 - 000150810 _____ C:\WINDOWS\system32\perfc007.dat
2021-04-05 12:58 - 2020-12-12 18:57 - 000000000 __SHD C:\Users\Phillip\IntelGraphicsProfiles
2021-04-05 12:57 - 2021-01-12 18:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-05 12:57 - 2021-01-12 17:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-05 12:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-04 22:34 - 2019-12-07 11:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-04-04 22:32 - 2021-01-31 20:09 - 000441816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-04 22:29 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-04 22:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-04 22:26 - 2021-02-06 21:52 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\NOW TV Player
2021-04-04 20:18 - 2021-02-06 21:51 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Ticket
2021-04-04 20:17 - 2021-02-06 21:51 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Sky Ticket
2021-04-04 20:04 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-04 19:50 - 2021-01-12 17:42 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-04 16:38 - 2021-01-10 09:38 - 000000000 ____D C:\Users\Phillip\.btfs
2021-04-04 16:38 - 2021-01-10 09:35 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\BitTorrent
2021-04-04 16:21 - 2021-02-02 16:57 - 000000000 ____D C:\Users\Phillip\AppData\Local\BitTorrentHelper
2021-04-04 13:51 - 2020-12-23 20:25 - 000000000 ____D C:\Users\Phillip\AppData\Local\PlaceholderTileLogoFolder
2021-04-04 13:50 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-04 13:49 - 2021-01-13 21:54 - 000002236 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-04-04 13:49 - 2021-01-13 21:54 - 000000000 ____D C:\Program Files\CCleaner
2021-04-04 13:41 - 2021-01-13 22:32 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-04 12:49 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-04 12:42 - 2021-02-26 16:38 - 000000000 ____D C:\Program Files (x86)\Rosetta Stone
2021-04-04 12:40 - 2021-02-02 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2021-04-04 12:33 - 2021-01-14 19:20 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-04 11:49 - 2021-01-13 16:26 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\IObit
2021-04-04 11:47 - 2021-01-13 16:29 - 000000000 ____D C:\Program Files (x86)\IObit
2021-04-03 20:34 - 2021-01-10 17:28 - 000000000 ____D C:\Users\Phillip\AppData\LocalLow\Mozilla
2021-04-03 20:34 - 2021-01-10 17:28 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-03 20:17 - 2021-01-12 15:45 - 000000000 ____D C:\Program Files\Common Files\AV
2021-04-03 18:27 - 2021-02-12 15:22 - 000002321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-03 14:53 - 2021-01-14 22:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-04-03 14:08 - 2021-02-10 23:21 - 000000000 ____D C:\Users\Phillip\dwhelper
2021-04-03 02:50 - 2021-01-09 19:58 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-02 17:41 - 2021-01-03 16:44 - 000000000 ____D C:\Users\Phillip\AppData\Local\ElevatedDiagnostics
2021-04-02 13:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-02 12:48 - 2021-01-12 17:44 - 000000000 ____D C:\Users\Phillip
2021-04-01 18:22 - 2021-01-12 12:18 - 000000000 ____D C:\Users\Phillip\AppData\Local\D3DSCache
2021-03-31 01:55 - 2021-01-15 12:13 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2021-03-31 01:41 - 2021-02-03 14:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-30 21:25 - 2019-12-07 16:53 - 000000000 ____D C:\WINDOWS\OCR
2021-03-30 20:33 - 2021-02-06 11:57 - 000000000 ____D C:\Users\Phillip\AppData\Local\Mozilla Thunderbird
2021-03-27 16:23 - 2021-02-03 14:35 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-27 12:32 - 2021-01-13 16:30 - 000000000 ____D C:\ProgramData\ProductData
2021-03-24 18:30 - 2021-02-13 20:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-03-24 15:24 - 2021-01-11 20:29 - 000000000 ____D C:\Users\Phillip\AppData\Local\JDownloader 2.0
2021-03-24 15:18 - 2021-01-11 20:36 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2021-03-22 15:15 - 2020-12-12 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-22 15:05 - 2020-12-27 15:46 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-03-15 16:32 - 2019-12-07 16:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-15 16:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-14 20:38 - 2021-01-09 19:41 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-03-14 14:53 - 2021-02-26 17:30 - 000003254 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-14 14:53 - 2021-02-12 15:21 - 000003618 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-14 14:53 - 2021-02-12 15:21 - 000003394 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-14 14:53 - 2021-01-18 14:28 - 000003494 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e8fa71357fd0
2021-03-14 14:53 - 2021-01-12 18:06 - 000003688 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-12 17:19 - 2021-01-13 15:16 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\WhatsApp
2021-03-10 12:15 - 2021-01-01 15:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 12:01 - 2021-01-01 15:39 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-08 20:58 - 2021-01-13 15:16 - 000000000 ____D C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2021-03-08 20:58 - 2021-01-13 15:14 - 000000000 ____D C:\Users\Phillip\AppData\Local\SquirrelTemp

==================== Files in the root of some directories ========

2021-02-10 21:50 - 2021-02-10 21:50 - 000013000 _____ () C:\Users\Phillip\AppData\Roaming\Comma Separated Values.CAL
2021-04-04 13:22 - 2021-04-04 13:22 - 000135069 _____ () C:\Users\Phillip\AppData\Roaming\TNod-10963.log
2021-02-04 18:41 - 2021-02-04 18:41 - 000000000 _____ () C:\Users\Phillip\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by Phillip (06-04-2021 16:48:49)
Running from C:\Users\Phillip\Desktop
Windows 10 Pro Version 20H2 19042.906 (X64) (2021-01-12 16:07:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1307152980-782841198-2650162068-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1307152980-782841198-2650162068-503 - Limited - Disabled)
Gast (S-1-5-21-1307152980-782841198-2650162068-501 - Limited - Disabled)
Phillip (S-1-5-21-1307152980-782841198-2650162068-1001 - Administrator - Enabled) => C:\Users\Phillip
WDAGUtilityAccount (S-1-5-21-1307152980-782841198-2650162068-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky Total Security (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 14.2.0 - IObit)
AusweisApp2 (HKLM-x32\...\{F3E22721-7F7E-472F-BBBA-6B5572E15A58}) (Version: 1.22.0 - Governikus GmbH & Co. KG)
Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2103.2082 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.2.28955 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.46.16549 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version:  - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden
BitTorrent (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\BitTorrent) (Version: 7.10.5.45967 - BitTorrent Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.22.71 - Die Brave-Autoren)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Driver Booster 8 (HKLM-x32\...\Driver Booster_is1) (Version: 8.3.0 - IObit)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5166 - Intel Corporation)
IObit Uninstaller 10 (HKLM-x32\...\IObitUninstall) (Version: 10.4.0.12 - IObit)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.13801.20360 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 87.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 87.0 (x86 en-US)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 85.0 - Mozilla)
Mozilla Thunderbird 78.7.1 (x86 de) (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Mozilla Thunderbird 78.7.1 (x86 de)) (Version: 78.7.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20360 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 75.0.3969.93 (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\Opera 75.0.3969.93) (Version: 75.0.3969.93 - Opera Software)
PS Remote Play (HKLM-x32\...\{E536EB8F-03EF-4EBA-B3FF-C5A544604841}) (Version: 4.0.0.09240 - Ihr Firmenname)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Sky Go 21.1.2.0 (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\com.bskyb.skygoplayer_is1) (Version: 21.1.2.0 - Sky)
Sky Ticket 8.3.0.0 (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\com.bskyb.skyticket_is1) (Version: 8.3.0.0 - Sky Ticket)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20113.5 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20113.5 - Samsung Electronics Co., Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
WhatsApp (HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\WhatsApp) (Version: 2.2106.10 - WhatsApp)
Wondershare Dr.Fone (Version 11.0.9) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 11.0.9.412 - Wondershare Technology Co.,Ltd.)

Packages:
=========
Google Maps -> C:\Program Files\WindowsApps\www.google.com-D64B4CD1_1.0.0.0_neutral__2ffpm8sm5xkm2 [2021-04-05] (www.google.com)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2021-02-02] (Apple Inc.) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-02-07] (Microsoft Corporation) [MS Ad]
YouPorn -> C:\Program Files\WindowsApps\www.youporn.com-A4D02D72_1.0.0.0_neutral__kqrg6ysfhm7aw [2021-03-24] (www.youporn.com)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2020-12-24] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2020-12-24] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2020-12-24] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2021-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.2\x64\shellex.dll -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-01-13 23:46 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-02-13 21:38 - 2021-02-13 21:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Client\AppVIsvSubsystems32.dll
2021-02-13 21:39 - 2021-02-13 21:39 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2021-02-13 21:39 - 2021-02-13 21:39 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=U220DHP&pc=U220
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2020-12-24] (IObit Information Technology -> IObit)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-12-12 18:08 - 2021-03-24 17:29 - 000001091 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 16.217.0.0
127.0.0.1 rosettastone.com
127.0.0.1 launch.rosettastone.com
127.0.0.1 amp.rosettastone.com
127.0.0.1 resources.rosettastone.com
127.0.0.1 updates.rosettastone.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1307152980-782841198-2650162068-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "AusweisApp2"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "kpm.exe"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1307152980-782841198-2650162068-1001\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{CD1AFE80-23C7-4855-9A71-E5B0E8263F43}] => (Allow) C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [UDP Query User{E59E6A11-1D0B-4F48-B65E-5020567B9BA2}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc)
FirewallRules: [TCP Query User{2C52D78D-E30B-4F53-B0FF-E3EB5E7FD478}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc)
FirewallRules: [{CBEB928E-8713-421A-98D5-7E5652A63273}] => (Allow) C:\Users\Phillip\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{91497513-6D76-44B3-96D3-880B83E4CFAF}] => (Allow) C:\Users\Phillip\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{06AB54E3-554E-47CB-A342-396E710A44BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{189C3A8B-D9E3-4CAF-A742-8B788EDE4673}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B2D9A89A-4033-4A5E-A807-7416367A17C4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68853000-CBFE-48EE-804A-380DAE9FD62F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A2E9938-E69D-4D4F-B104-A4EC2B2C2189}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F76D715C-9F81-42D8-95CD-D6B3D78CFB89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D6BD67F1-DD16-466E-9547-F2EB2EC58511}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{07A3C0D8-D001-46AF-9833-BE1C1A892C0F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1D25FEA-3D1C-491C-ADC4-A702B45793D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7DB00ED5-0BAD-48A1-B738-62FFD06EF4F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3B020F23-6484-4178-84B0-37AB742341DB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1F866C13-2D1F-4EB1-A8BB-E2396C209FBE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3EF0E2D3-1BB0-4AB0-A825-9005C1A967A8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13FA26B1-62B5-4BDA-911B-F04A889E4C5B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1070EC36-58F1-4374-AEA3-E41365B77D21}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D279502E-207A-453B-BE1C-9063D89A9136}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C7438E5E-363B-4049-85A9-35F28BAF72D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{241F23CF-7289-4874-9315-ECE058BA0669}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C0C1E09-F4BC-41C9-AA5F-3C0EAD9F01F5}] => (Allow) C:\Program Files (x86)\Sony\PS Remote Play\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive Entertainment Inc.)
FirewallRules: [TCP Query User{1DE9CCA3-64D5-45B8-853B-6CF14CAAD3AE}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc)
FirewallRules: [UDP Query User{1B4ACEF2-0A22-4CA7-A309-13418CD69822}C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe] => (Allow) C:\users\phillip\appdata\roaming\bittorrent\btfs\btfs.exe (Bittorrent, Inc. -> BitTorrent, Inc)
FirewallRules: [{77891BA2-795F-41F4-9FE9-0ACB40F12688}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{2E9A7CF9-FE7A-40E3-8326-7A7297CBC4AD}] => (Allow) C:\Users\Phillip\AppData\Local\Programs\Opera\75.0.3969.93\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{38D6FCC7-C642-4ABD-8B5D-17A10D83801E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{66AA99E8-B735-44A2-AF6A-1A48C0A4A319}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{3DC330A5-21FD-4908-99AE-534275856E31}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{5AE8F5D5-C72C-4E90-BFB6-778CAF26D2AA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

05-04-2021 19:12:16 Geplanter Prüfpunkt

==================== Faulty Device Manager Devices ============

Name: Camera Sensor OV2680
Description: Camera Sensor OV2680
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: OV2680 Camera Sensor
Service: ov2680
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Kaspersky Security Data Escort Adapter #2
Description: Kaspersky Security Data Escort Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Kaspersky Security Data Escort Provider
Service: kltap
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/05/2021 07:12:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/04/2021 07:05:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/04/2021 01:54:16 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (04/04/2021 01:16:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.19041.546, time stamp: 0x5da7ab91
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80131623
Fault offset: 0x00007ff7a96525ad
Faulting process id: 0x17a8
Faulting application start time: 0x01d72943e2c427d1
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: unknown
Report Id: 60e4107d-99ff-400b-b512-c3cbfe7bb64a
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/04/2021 01:16:01 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Unerwartete Anbieterausnahme:
 System.IO.FileLoadException: 
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
   at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
   at System.Environment.FailFast(System.String)
   at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (04/04/2021 01:15:56 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (04/04/2021 01:15:56 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (04/04/2021 01:15:56 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003


System errors:
=============
Error: (04/05/2021 01:41:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (04/05/2021 12:57:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (04/04/2021 10:32:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (04/04/2021 10:27:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E3LPO85)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (04/04/2021 07:26:31 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/04/2021 02:14:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (04/04/2021 01:46:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/04/2021 12:51:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126


Windows Defender:
================
Date: 2021-04-04 13:36:47
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Ymacco.AAA5&threatid=274880&enterprise=0
Name: Program:Win32/Ymacco.AAA5
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\eav_nt32.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: 
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0
Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 13:32:46
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0
Name: Trojan:Win32/Bomitag.C!rfn
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-E3LPO85\Phillip
Prozessname: C:\Windows\System32\cmd.exe
Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0
Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 13:32:20
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0
Name: Trojan:Win32/Bomitag.C!rfn
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-E3LPO85\Phillip
Prozessname: C:\Windows\System32\cmd.exe
Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0
Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 13:32:13
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0
Name: Trojan:Win32/Bomitag.C!rfn
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-E3LPO85\Phillip
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0
Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 13:32:03
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bomitag.C!rfn&threatid=2147745925&enterprise=0
Name: Trojan:Win32/Bomitag.C!rfn
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable.zip; file:_C:\Users\Phillip\Desktop\ESET NOD32 Antivirus 2021 14.0.22.0 Multi\TNod-1.7.0-Beta-Portable\TNODUP-Portable.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-E3LPO85\Phillip
Prozessname: C:\Windows\System32\cmd.exe
Sicherheitsversion: AV: 1.335.183.0, AS: 1.335.183.0, NIS: 1.335.183.0
Modulversion: AM: 1.1.18000.5, NIS: 1.1.18000.5

CodeIntegrity:
===============
Date: 2021-04-04 13:05:45
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-04-04 06:13:33
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

BIOS: LENOVO 1HCN31WW 06/02/2016
Motherboard: LENOVO Cavalli
Processor: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz
Percentage of memory in use: 81%
Total physical RAM: 1912.2 MB
Available physical RAM: 361.68 MB
Total Virtual: 4819.22 MB
Available Virtual: 683.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:57.64 GB) (Free:5.64 GB) NTFS

\\?\Volume{2828e363-b8b6-4826-a1ae-d7bc943b6061}\ () (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{29f1cd0b-bd27-4372-8d54-aa737819eb4d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 5E390987)

Partition: GPT.

==================== End of Addition.txt =======================
         
--- --- ---
__________________

Alt 06.04.2021, 17:33   #4
M-K-D-B
/// TB-Ausbilder
 
Kein Ton durch Virus - Standard

Kein Ton durch Virus



Zitat:
Was ich noch vergessen hatte, zu erwähnen.
sfc /scannow
funktioniert auch nicht mehr, wie noch vor ein paar Monaten.
Das deutet auf eine Beschädigung des Systems hin.

Du solltest deine privaten Daten extern sichern und eine saubere Neuinstallation (Anleitung siehe Link) durchführen. Das ist das einzig sinnvolle hier.

Software wie Avira, Kaspersky, Iobit und CCleaner zukünftig bitte weglassen.

Empfehlungen für die Zeit nach der Neuinstallation findest du hier:
Maßnahmen zum Absichern des Systems.


Ich verschiebe nach Windows, da das System beschädigt ist, eine Malware-Analyse und ggf. Bereinigung ist in so einem Fall nicht zielführend.

Alt 06.04.2021, 18:53   #5
Yatagan
 
Kein Ton durch Virus - Standard

Kein Ton durch Virus



Zitat:
2021-03-31 03:15 - 2021-03-31 03:15 - 000000000 ____D C:\Users\Phillip\Desktop\KMS_VL_ALL Activator CMD Windows and Office - August 2019
Alter Schwede, du torrentest da haufenweise Warez und Cracks runter und wunderst dich, dass dein System abschmiert?! Nicht dein Ernst...

Viel Spaß bei der Neuinstallation. Der Support endet hier.

__________________
Beste Grüße, Yatagan
---
sapere aude

Alt 06.04.2021, 19:04   #6
felix1
/// Helfer-Team
 
Kein Ton durch Virus - Standard

Kein Ton durch Virus



Ob sich hier noch eine Neuinstallation lohnt, wage ich zu bezweifeln:
BIOS: LENOVO 1HCN31WW 06/02/2016

Motherboard: LENOVO Cavalli

Processor: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz

Percentage of memory in use: 81%

Total physical RAM: 1912.2 MB
HD von ca. 60 GB

Da haben auch viele Linux-Distris ihre Probleme. Zumal, ohne dass ich jetzt mal nachgesehen habe, das Gerät nicht erweiterbar sein dürfte.


Korrektur:
Speicher sollte erweiterbar sein, gleiches gilt für die speicherkarte
Aber ob sich das bei der CPU noch lohnt?
__________________
--> Kein Ton durch Virus

Geändert von felix1 (06.04.2021 um 19:16 Uhr)

 

Themen zu Kein Ton durch Virus
abgelaufen, avira, deinstalliert, funktionier, funktioniert, hoffe, kaspersky, kein ton, leicht, lizenz, programm, schrift, schutz, security, troja, trojaner-board, virus, ähnliches



Ähnliche Themen: Kein Ton durch Virus


  1. Kein Zugriff auf System32-Anwendungen nach Entfernen von Adware durch AVS
    Plagegeister aller Art und deren Bekämpfung - 10.07.2017 (18)
  2. CPU durch SVChost.exe überlastet - vorher nahezu kein Boot möglich
    Log-Analyse und Auswertung - 14.02.2016 (6)
  3. 100% CPU Last durch svchost.exe - kein Virenfund
    Plagegeister aller Art und deren Bekämpfung - 09.11.2015 (13)
  4. Kein Internetzugriff, nur durch Browser.
    Plagegeister aller Art und deren Bekämpfung - 09.04.2015 (7)
  5. Windows 7: Kein Internetzugang durch Proxy-Einstellungen
    Plagegeister aller Art und deren Bekämpfung - 05.03.2015 (13)
  6. Kein Browser läuft mehr durch Adware
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (21)
  7. nach Befall durch BKA Virus Entfernung durch Fachhandel Jetzt startet Windows sicherheitsdienst nicht mehr
    Log-Analyse und Auswertung - 05.06.2014 (14)
  8. Kein Internet mehr / vermutlich durch falsche Anwendung von Combofix
    Alles rund um Windows - 11.09.2013 (6)
  9. Kein update kein net farmwork etc Virus?
    Alles rund um Windows - 08.07.2013 (8)
  10. Shell wird immer zurückgesetzt, kein Login, kein Abgesicherter Modus | Virus OTL Log
    Log-Analyse und Auswertung - 29.12.2012 (0)
  11. BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (40)
  12. GVU/BKA Malware auf XP - Kein Rescue Disk möglich durch Festplattenverschlüsselung
    Log-Analyse und Auswertung - 09.07.2012 (1)
  13. Kein Ton durch Virus?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2011 (3)
  14. Hilfe - iexplore.exe und kein sound mehr. Kein Virus? Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (114)
  15. kein XP start mehr möglich - durch unbekannten trojaner?!
    Plagegeister aller Art und deren Bekämpfung - 17.01.2010 (1)
  16. Kein Festplattenzugriff durch Recycler Problem
    Plagegeister aller Art und deren Bekämpfung - 18.03.2009 (3)
  17. Kein Autoplay bei CD/DVD Laufwerk durch Combofix
    Plagegeister aller Art und deren Bekämpfung - 25.01.2009 (13)

Zum Thema Kein Ton durch Virus - Hallo Trojaner-Board! Da meine Kaspersky Lizenz abgelaufen war, war der Schutz deaktiviert. Ich habe das Programm deinstalliert und Avira Security installiert. Es war 1 Tag kein Antivirus-Programm installiert und ich - Kein Ton durch Virus...
Archiv
Du betrachtest: Kein Ton durch Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.